My issue is that I do have guests. What I am trying to prevent, is students bringing in a personal device and connecting to the wifi. We supply each student with a device that is managed, and on a SSID that is distributed by the management software. I want to provide a SSID for adults. Staff have personal devices, and there are guests that come and go.
A LDAP solution would make managing guests a nightmare.
A Meraki account solution would be very similar, and possible impersonation?
I am hoping to manage the solution through the portal. As someone connects, I can see their presence, and establish an allow.
The students are such a moving target, I am trying to prevent alot of repeated attention. I need to not rely on an email request from a random address. We have a tech person in each building, and I make the requests be in person through her. Then I can allow. Else we have issues. I did just have a shared password on a staff SSID, but the teachers give it to the students when they whine.
I'm thinking RADIUS is the best blocking, and easiest whitelisting? While preventing any accounts needed..??
Open to other strategies, just need to ensure their is an ease of use, and no opportunity for student access.