My issue is that I do have guests.  What I am trying to prevent, is students bringing in a personal device and connecting to the wifi.  We supply each student with a device that is managed, and on a SSID that is distributed by the management software.  I want to provide a SSID for adults.  Staff have personal devices, and there are guests that come and go.   A LDAP solution would make managing guests a nightmare.   A Meraki account solution would be very similar, and possible impersonation?   I am hoping to manage the solution through the portal.  As someone connects, I can see their presence, and establish an allow.     The students are such a moving target, I am trying to prevent alot of repeated attention.  I need to not rely on an email request from a random address.  We have a tech person in each building, and I make the requests be in person through her.  Then I can allow.  Else we have issues.  I did just have a shared password on a staff SSID, but the teachers give it to the students when they whine.   I'm thinking RADIUS is the best blocking, and easiest whitelisting?  While preventing any accounts needed..??   Open to other strategies, just need to ensure their is an ease of use, and no opportunity for student access. ... View more

But shouldn't each new device connecting to this SSID be given this policy, as all OS's were selected?  That's essentially what my original question was trying to ask..  Why do some devices show up with a normal policy instead of the custom one, when I configured for all known OS's and Other OS too... ... View more

The LDAP solution does not allow for a guest speaker to come in.. they don't have ldap accounts.  I would prefer to whitelist them.   As for the security, the default policy is set to blocked for all OS's.. I've added a pick to the original post.   The issue is, some connections are not getting the default policy as configured in the picture above.. some get a "normal" policy, with no block. ... View more