Method to "bake" wi-fi password into an SSID?

JMY34
Getting noticed

Method to "bake" wi-fi password into an SSID?

Hi! I work at a small school system in the IT department and since it's summer, we're trying to re-tool some processes that there have been issues with. We use a Meraki network that connects all of our school locations, and among others, we have a student wi-fi and a teacher wi-fi connection. The teachers have been prone to writing their wi-fi connection password down on whiteboards and leaving it where students are getting access to it. Some admins are asking us to find a way to integrate the password/credentials right into the SSID. I was thinking of a rough idea where we could set the teacher SSID up with a splash page requiring a one-time login with their credentials, but I think I would need to know ALL their credentials in advance, which might be tricky. Can anyone recommend an alternate method that would work with a (hopeful) minimum of fuss? Thanks in advance.

12 Replies 12
alemabrahao
Kind of a big deal
Kind of a big deal

Take a look at this solution.

 

https://www.splashaccess.com/

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
KarstenI
Kind of a big deal
Kind of a big deal

Are the teacher PCs owned by the school? In this case, an easy solution for this problem would be to configure the WLAN-Settings of the PCs with an MDM like Meraki SM.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
JMY34
Getting noticed

They are! But most teachers have their laptops with them and trying to get them to come in to us before the school year starts would be pretty much impossible. We would have to get hands on all those devices, correct? Thanks.

KarstenI
Kind of a big deal
Kind of a big deal

They could do the enrolment the PCs on their own after being authenticated to your directory. But they would need to cooperate.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
JMY34
Getting noticed

That's something to think about. Thanks!

UKDanJones
Building a reputation

You should also check out wiflex.eu - nicer than splashaccess in my opinion. 

Please feel free to hit that kudos button
JMY34
Getting noticed

Thanks!

PhilipDAth
Kind of a big deal
Kind of a big deal

Do you have Active Directory?  If so, you could authenticate WiFi against that.

 

Do you use AzureAD (Office 365)?  If so, you could use @alemabrahao idea, and authenticate against that. 

 

 

In short, I would find a way to authenticate WiFi against an already existing username/password database you have.

JMY34
Getting noticed

We do use AzureAD. I would love to pursue that, but my director is telling me that not all Teacher laptops have been Azure joined, and the Teachers currently have them out in the wild. So asking/wanting all Teachers to come in for us to get our hands on those laptops would be extremely difficult.

alemabrahao
Kind of a big deal
Kind of a big deal

How about sponsored guest access?

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Sponsored_Guest

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

They don't need to be Azure AD joined for the Splash Access [education] system to work.  What happens is they log into a portal (once) using their Azure AD credentials, and then that portal lets them add their devices to the network.  It is intended to be a self-enrollment system.

https://www.splashaccess.com/portfolio/education/ 

nerdocrat
Here to help

Are you using Meraki MRs? If so, would 802.1x via Meraki sentry wifi work? I have used this with Systems Manager tagging, so only tagged devices are allowed.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels