WiFi in Schools - Are you guys running PSK or 802.1x for your district devices?

Long story short, I just took over as the network admin for a district, where they currently have the following:

  • Main district network - 802.1x (although currently any user, including students can authenticate)

  • Special Ed network - PSK (legacy network that was never retired because it was easier to deploy machines with PSK)

  • Student network - 802.1x (segregated, but currently pointless since students can/are using the main district network)

  • Guest network - PSK (segregated but the password is posted in the office)

They're using Aerohive's cloud platform, so I don't have much flexibility without the ability to tunnel traffic to an on-prem controller. I'd like to have 2-3 networks, an 802.1x network for only staff and district devices, a segregated 802.1x network for students, and a segregated and more restrictive PSK/open guest network.

What do you run in your school? What have you found to be the easiest way to deploy staff Windows laptops, iPads, Chromebooks, Android tablets, etc. to an 802.1x enviornment?

 

https://discord.software/ https://omegle.onl/ vshare

1 Like

We have just setup 802.1x with NPS for OU groups for a private school we migrated from Aerohive.

We have a total of 12 SSID's which also include machine-based authentication from connecting the laptops to the domain and guest access.

Depends on the level of control you require over the network.

The biggest issue I found with NPS and LDAP based authentication was the only way to diagnose issues was to packet capture from the wireless access points as I could not test the binding in the setup page. 

We are also using the cloud controller. Initially we started with the on premises controller but setting up the SSL certs and keeping everything up to date was time consuming for the IT department. So far the wireless is out performing Aerohive in both authentication and throughput.

The easiest way to authenticate depends on the way the school works for this deployment using the username and passwords from NPS was the easiest way to manage and get students to authenticate with BYOD devices.