09-02-2019 07:34 AM
Hi,
We have a client at one site and I have been asked to give them permanent Guest access for the duration of our project.
I want to give them access - with the credentials only being valid to a specific set (ideally) or only that site's APs.
I am running HM VA (previously know as NG) ON PREMISE with a single Policy company wide. I don't want to have to touch all the other APs to disable access / SSIDs etc.
Any ideas on how I can achieve this ?
Cheers
Ian
09-02-2019 11:45 PM
Hi Sam,
Sorry, I should have been clearer - "Client" is a plural (Company). We expect 6 people normally on site so allow 12 devices. They may have their own visiting staff, so MAC address isn't a good option.
They won't want to be micro-managed which is how they will see per person PPSK keys. Our contract to them says we will supply "Internet connection". I'm the one who wants it manageable, not them (until there are issues - then they just want it fixed).
I looked at Private Client Groups but they still span they entire network from what I see - even the "AP based" ones.
Any other thoughts ?
Cheers
Ian
09-02-2019 12:46 PM
You could set up a user profile firewall rule to deny their mac address on the main user profile, create a client classification policy to give users at the site he should be connecting to a different user profile where he isn't denied, and use a location rule to classify them to the right user profile (this requires a map set up for the location with the APs assigned to the correct map, at least for the location he will be connecting to). This guide reviews how to set up a client classification policy: https://thehivecommunity.aerohive.com/s/article/Client-Classification-in-HiveManager