Thank you everyone for replying - all suggestions have given me something to work with Yes @PhilipDAth I really should have mentioned that we're using splash pages here for our guests, ideally I'd like to use prepaid cards as a method of connection (again uses a splash page) which would be ideal for our not so tech friendly guests, last minute guests and convenient for our reception team to hand out a code to guests attending a one off conference. I've set up the prepaid cards and it works, its just the students like to try and see if they can join the guest SSID to try and get web access and in the process taking an IP address (student byod is not allowed at present) In the short term I will look at reducing the dhcp lease time further (thanks @NolanHerring ) to see if that makes a difference and will also see if If I can think of a better may to manage the admin side of using a PSK as this could again free up IP addresses (problem being that the key often seems to get out!)
... View more
Hi Hope the below makes sense, A bit of background first: I work in large school with a differing range of needs for our wireless. Firstly, we have to ensure our students are not able to access certain websites, so by default all Internet access is filtered at a 'student' level. Our school also hosts regular conferences and has a number of guest speakers. We use radius authentication for our domain joined devices which filters the web level access based on the user account i.e. student level access = no social media etc. Staff and Visitor level access allows access to social media, personal email etc. One problem we've been having is providing the right level of filtering to our guests and staff with BYOD. As silly as it sounds, a lot of our visitors expect access to sites that are blocked for students. We've set it up so that if a visitor joins a specific SSID, they will connect to a Vlan that has its IP address range set to allow staff/visitor level web access. We've done this using Bridge Mode and Vlan tagging within Meraki. It really seems to work The problem we're having: We're running out of IP addresses as our students try to join the various SSIDs that are being displayed via their mobile phones. By doing this, although can't can't access the Internet on their phones as they don't have the relevant credentials, they are still taking an IP address form the dhcp pool of the Vlan the SSID is configured to connect to. So we have guests turn up for a conference and we have to quickly try and make space. It can be a losing battle as it seems some have set their phone to auto connect it. Joining the Meraki dhcp works, but it means we can't filter the meraki dhcp range and hence our visitors would have student level access, which is the default filtering setting. Obtaining additional IP addresses isn't going to be an option for us for another year or so. Has anyone experienced this type of scenario? For lack of a technical term, is it possible to configure some kind of 'staging' area the clients can join and then be passed to the relevant Vlan after authentication?
... View more