So, in short - the guy makes 3 wlans and 3 roles so that each role can connect just to 1 wlan. And then he makes a provisioning hotspot where users authenticate using username and password, and get automatically redirected to their wlan (zero-it activation). Can someone point out to me what are the benefits of this approach compared to not having a provisioning wlan, but instead users connect to their wlan and then autenthicate there using a username/password combination (802.1x using internal database on the controller).
It seems to me that it's just one wlan more (the hotspot) for the same service, but surely I'm wrong.
Using 802.1x with userid/pw and assigned roles is great security, your AAA server can pass back attributes to set lots of things from VLAN to permitted WLANs, etc.
Zero-IT is often used for multiple device access permissions, like your phone and laptop, onto a WPA2-PSK type WLAN and works well for Education and Hospitality deployments. One solution is to use a HotSpot WLAN to redirect clients to the Zero-IT provisioning utility.
This is the powerfull feature. For example you want create ssid for Employee(integrate with Active Directory) & Guest on 1 onboarding portal. The step is create: 1. SSID Employee (integrate with AD or other AAA) 2. SSID Guest (Voucher or Selfservice) 3. SSID Onboarding Portal
With Zero-IT, client connect to the SSID Onboarding portal and choose "Register Device"(Employee) or "Guest Access"(Guest) . The result is Client will automatically redirect to ssid Employee/Guest