ExtremeCloud IQ

 View Only

 PPSK Best Practices - BYOD vs Company Devices

JeffM's profile image
JeffM posted 01-14-2022 13:51
Just thinking ahead to a summer hardware refresh for our end users.

Is there any guidance from Extreme on PPSK best practices, especially personal devices vs company devices?

My goal...put the user's company device (laptop) on one VLAN while keeping personal devices (phone etc) on a separate VLAN that is walled off from internal resources.

Could that efficiently be accomplished just with a classification rule that catches the company owned MAC addresses and routes them to the company VLAN?

What's the best practice here?

Thanks!

+++Jeff
Chris Sabo's profile image
Chris Sabo
Hi Jeff,

There are a lot of answers, it would be best to know, what is the size of your enterprise? How many users do you have and roughly how many devices would each one user connect to your WLAN?
JeffM's profile image
JeffM
Hi Chris.

Thanks for the response.

Size...just talking 100-200 company owned end user devices. Total Extreme deployment is around 200 AP's.

We use PPSK for all now.

+++Jeff
Jan Reister's profile image
Jan Reister
Hi Jeff, mac addresses are spoofable and often randomized, so even for company managed laptops, using mac addresses as the policy basis has its own problems. I would look into a user based policy instead.
However, in our network we do that with 802.1X, not familiar with PPSK on Extreme CloudIQ.