Limited AP broadcast SSID in same network policy?

  • 1
  • Question
  • Updated 11 months ago
  • Answered
I want to have on a campus, selected APs broadcast an open guest SSID, which I can enable or disable for large user special "events" (Job Fair, Science Fair).  We don't allow students BYOD access so when the event is on, I don't want the entire campus to have this temporary guest network.

In reviewing posts it seems this is best done by having 2 network policies.  SCHOOL and SCHOOL-EVENT lets call them, where the "event" policy would have the open guest network added and I'd apply to the specific APs where the "event" is happening.  Some of the posts were a bit old, is there a better way at this time, using tags perhaps?  I don't consider this too burdensome to reprogram a few APs once or twice a year, however.

And using 2 network policies within the same campus, if I roam on one of my radius SSIDs in the campus, will I transition well when I cross the network policy border from the regular portion of the campus to the "event" area: to APs broadcasting that extra guest network?

Thanks.
Photo of City of Westfield Emergency Management

Posted 4 years ago

  • 1
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
You could also put the ssid in your normal policy, then enable/disable the ssid from the device management pane in "SSID Allocation."

Best,
BJ  
Ah, so leave the SSID off on all APs for that campus, and enable it on specific APs.  So the SSID is technically active, but in effect unreachable.  This also would negate my roaming concern as well.  I'm still curious however, is roaming related to SSID or network policy if anyone knows?  Thanks.
(Edited)
Ok, that work as well.  But the trouble with that I think is since the setting is buried, it would be hard to notice if the net is on or off by AP looking at the hivemanager (you have to into menus).  I'm thinking of using the different network profile method as long as there are no roaming issues.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
As long as the APs in both network policies are employing the same Hive (which they would do by default) then there is no roaming issue.  APs in the same hive with the same SSID but different network policies would share their roaming cache.
Photo of Terence Fleming ThinkWireless

Terence Fleming ThinkWireless, Champ

  • 79 Posts
  • 27 Reply Likes
BJ's suggestion is likely to be the easiest to implement if you only have a one or two APs that you want the Event SSID to appear on, although you do run the risk of accidentally turning on the SSID and not being aware of it..

The different network profile method is the "recommended approach" that Aerohive use in training (when I did my training, anyway).   You can apply the SCHOOL-EVENT policy permanently to the selected group of APs, and then when you have an event, turn on the SSID within that policy and then the Configuration wizard will help you to apply the configuration change to just that group of APs.

Meanwhile, provided the other SSIDs are identical between the policies (which they will be if you create the EVENT policy by cloning the existing policy) AND the APs are all in the same "Hive", then there will be no issues roaming between an AP on one policy and another AP on a different policy with the same SSID.  
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Feature request @Aerohive: Link SSID availability to device classifier tags (and topology maps etc).

E.g. by adding a restriction to an SSID to broadcast it only on those devices that have a specific tag configured (or are linked to a specific topology map etc.).
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Got it.
Photo of Ronald Moore

Ronald Moore

  • 16 Posts
  • 5 Reply Likes
3 years and still no "Device Classification/Assignment rules" for SSID's? We be nice to assign a SSID based on location just like we can with profiles and vlans. In our case that would be a Guest access SSID. Then I could use a single to policy to rule them all. 
Ok, thanks everyone.  All my schools have the same SSIDs in their network policy, so I believe I will create an "event" policy which I can apply to specific APs at any campus.  Since the monitor/configure displays do not have a column for SSIDs or # of SSIDs I could see an enabled broadcast setting getting missed, buried down in the menus.  I'm in hivemanager daily, but my colleagues are not and I could see a setting get forgotten.
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
You can certainly do it however you prefer. For the sake of accuracy, to monitor SSIDs you can add the SSID tab to client monitoring or better yet, run scheduled reports on client usage for your event ssid.