ā01-12-2020 08:58 PM
I would ideally like to have 3 SSID's set up. The first will be for all division owned wireless devices, which I would like to have connect automatically, likely by MAC Authentication. The second SSID will be for all AD Users to connect via AD Authentication. The third SSID would be for all school division guests/visitors.
Here are the questions I have.
1 - If I configure MAC Authentication on one SSID, will our division owned wireless devices connect automatically if the SSID is hidden or will some form of user intervention still be required to connect? We have several mobile labs (laptop carts) that we would like to make sure are connected to the network whenever powered on to make sure we can remote into them if necessary, but also want to make sure that any and all updates we push out are being installed. even when not in use.
2 - What would be the most efficient method to allow guests to connect to our network while being able to identify users, monitor and track user network/internet activity? I would like to ensure staff and students are not connecting to this guest SSID so access will be limited to guests only. One method I considered is creating local AD users, where these usernames and passwords are left with the secretary in each school for convenience purposes, but I am wondering if there is a better way. My understanding is I can set it up so that a staff member has to "sponsor" a user to connect, but I am not sure how secure this is as I believe there are some staff members who would allow students to use their email addresses for this. Some staff members have already given out the current password to students. This is one of the reasons why we are looking to switch to a more secure network configuration.
Thank you for any assistance with this.
ā01-15-2020 03:47 PM
Sam,
Would you have a link to the Employee Approval with Self Registration set up for HiveManager Classic? Or will the instructions be the same as NG?
ā01-13-2020 07:29 PM
I don't think we have a way of routing requests based on location to certain approvers, but if guests are checking in at the front desk, you could leave instructions for connecting to the wifi with a particular email specified at each location. When the guest registers, they'll be asked to provide an email address for approval, and the instructions at the front desk could indicate what email address they should use.
If you'd like to see that feature added to a later release, I'd encourage you to file a feature request with your sales engineer so we can start developing a way to indicate a specific approver per site.
ā01-13-2020 06:49 PM
Thanks again Sam. One last (I hope) question...... In regards to teh self-registration........
Seeing as we have some 10 or 11 locations (subnets) in our network, would it be possible to have all guest connection requests be directed to a specif user/approver depending on the subnet they are attempting to connect to?
As an example, I would like to designate the secretary at each school to be the one to approve or deny connection requests, but only for guests in their respective schools. That way, when guests arrive at the school office, the secretary can give directions for connecting to the wireless network.
ā01-13-2020 04:34 PM
It depends a little on the client device, but most client types will attempt to connect to the last SSID they were connected to when restarted, so as long as the device isn't reset completely and doesn't connect to a different network, it should still automatically re-join the correct SSID.
ā01-13-2020 04:29 PM
That makes sense. Thanks again Sam.
just one more question......
If we decide to go with MAC Authentication, which now seems to be the best option, will user intervention be needed each time a device is powered on or restarted? We donāt anticipate any of our division owned equipment to leave our schools or joining other wireless networks.