SSID Profile's by Site or Global?

  • 1
  • Praise
  • Updated 2 years ago
Our current Aerohive environment is setup in nine physical locations.  We have separate Network Policies for each location, but we select the same SSID Profile across all sites and use the device classifications to assign the correct VLAN.

My question is...Best Practices....should we be creating a separate SSID Profile for each location (broadcasting the same SSID Name) or stick to one?  The single SSID Profile has worked and seemed like a single place to make changes, but we are about to add 50+ more AP's and I want to make sure we are following best practices with them.

Thank you.
Photo of Smitty

Smitty

  • 37 Posts
  • 3 Reply Likes

Posted 2 years ago

  • 1
Photo of Dillan Horn

Dillan Horn

  • 8 Posts
  • 0 Reply Likes

I'm not sure of best practice from Aerohive but this capability is one of the benefits to their policy management.

We have 30+ locations with 100s of AP's using the same SSID profile.

I have found this works great %99 of the time, if there are scenarios where we need to do a "phased" change then the site being change will get a new SSID policy so we do not have to update all APs.

This happened when deploying captive web portal, at the pilot sites we create a separate SSID profile with the CWP enabled. Once testing was complete we changed the single shared SSID profile for all the sites.

Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
My experience with your scenario has been to limit the number of SSIDs, thus utilizing the same SSIDs as often as possible. We then utilize device tagging, usually based upon Topology Maps, in the different facilities if necessary. This has helped us insomuch that when users travel between facilities, they only have the single SSID profile on their devices, no need for additional configuration or confusion.

Best,
BJ
Photo of David Coleman

David Coleman, Official Rep

  • 209 Posts
  • 164 Reply Likes
I guess my question is why do you have separate Network Policies? You could get by with a single Network Policy.  To answer your question, as long as all of your SSID settings are the same... the best practice would be to reuse the same SSID profile and save yourself the work of creating multiple objects.  Also, great to hear that you are using device classification for your VLANs
Photo of Smitty

Smitty

  • 37 Posts
  • 3 Reply Likes
We are using separate network policies for we can have a few unique SSID's per location.  We have two primary SSID's at all locations XXX-Corp and XXX-Guest.  The XXX-Corp uses RADIUS and User Profiles to differentiate between Company Issued Devices and BYOD.  At a couple of locations, we have setup 'special' SSID's for projects that involve multiple companies bringing their own equipment, then we setup a custom firewall rule for that SSID to only allow them access to things such as our printers and the Internet.  We don't do it very often. 

The other reason was under Additional Settings for the Network Policy, we needed to set the NTP Server time zone.  Without that, our local RADIUS server was not authenticating properly and we are in four different time zones.

Thanks.
(Edited)
Photo of Dan Mellem

Dan Mellem

  • 52 Posts
  • 1 Reply Like
We have two SSIDs at every site. One of them uses RADIUS and is the same for all sites, so it's applied to each network policy. The second has rules that are specific to each site (but has the same SSID), so each gets a different SSID. In the certification training they recommend minimizing SSIDs and network policies, but I'd recommend creating a network policy for every site unless you're certain that no site will need something special, and then add/clone SSIDs as necessary and apply to the sites.
Photo of David Coleman

David Coleman, Official Rep

  • 209 Posts
  • 164 Reply Likes
OK.... then you will need multiple network policies with that scenario.  We currently do not have a method assigning SSIDs by Device Classification.  It is a often requested feature.  By the way, HiveManager NG has a way to assign Time Zones based on Topology Maps
Photo of Smitty

Smitty

  • 37 Posts
  • 3 Reply Likes
I am still really fuzzy on the upgrade path from HMVA 6.6r3 to HiveManager NG.  I admit, at first I wasn't paying much attention because I have an on-premise controller and a bunch of AP370's.  Now I have been trying to understand how you go from one to the other.

Thanks for the replies.