cancel
Showing results for 
Search instead for 
Did you mean: 

Can't switch users from open SSID to secured one easily.

sheldon_lefkowi
New Contributor III
This is so odd. 

High school campus. Due to a certificate error on the network over the summer, we had to set up an open SSID for students. Once they reached the network, a new cert would come down and then most machines will automatically switch to our preferred, secured network pushed out by GPO.

That works fine with our Ruckus 7363 AP's. But....anyplace we have a newer 600,we have issues. If I turn off broadcasting the temp SSID, machine go correctly to the regular WLan. No one even connects to the temp SSID! But if I just turn it off completely, (disabling that SSID)  every machine fails and never switches. It's only these newer AP's with this issue. Note the 7363's are using an 1100 ZD; the 600's are on a 1200ZD with newer firmware. 

I can't find a setting on the new ZD that could cause this behavior. Any suggestions?
11 REPLIES 11

mitchell_axtell
Contributor II

Is it possible that the old ZD has the WLAN set to WPA/TKIP, and the new ZD is set to WPA/AES?  Is there any noticeable differences in the config of the WLANs?

sheldon_lefkowi
New Contributor III
Looked over the configs again. Authentication and encryption are identical. I do see that I have "Enable Dynamic VLan" enabled on the new ZD for our regular SSID, but not enabled on the older ZD. I think I was forced to turn that on, if I recall, when doing the setup. What impact does this setting have?

mitchell_axtell
Contributor II

Dynamic VLAN?  Do you have 802.1x enabled on the WLAN?


Dynamic VLAN is a way for the RADIUS server to tell the ZD what VLAN a specific client should be on- so you can have one SSID like "School" and it can assign students to one VLAN, and staff to another (without having multiple SSIDs).  Because of this, it's only usable when paired with 802.1x.

sheldon_lefkowi
New Contributor III

We do use RADIUS so have 802.1x enabled. I do not have any assigned vlans per user, however. VLans are given based on the subnet the AP is on.

We have a device policy that I set up to deny access to IOS machines. When I created it, I was forced to enable DVLan; the GUI will not close without that option turned on. I don't have that policy with my ZD1100.

If this setting is creating this problem, it would make sense that all computers should experience it. Interestingly, only about 10% will not switch as I described above. The rest connect as they should.

Either way, it's puzzling to me that I have to leave on the temp SSID in order for machines to connect to our regular SSID!

I have turned off the temp SSID this evening and removed the device policy and DVLan settings. Will see if that changes things on Tuesday.