High school campus. Due to a certificate error on the network over the summer, we had to set up an open SSID for students. Once they reached the network, a new cert would come down and then most machines will automatically switch to our preferred, secured network pushed out by GPO.
That works fine with our Ruckus 7363 AP's. But....anyplace we have a newer 600,we have issues. If I turn off broadcasting the temp SSID, machine go correctly to the regular WLan. No one even connects to the temp SSID! But if I just turn it off completely, (disabling that SSID) every machine fails and never switches. It's only these newer AP's with this issue. Note the 7363's are using an 1100 ZD; the 600's are on a 1200ZD with newer firmware.
I can't find a setting on the new ZD that could cause this behavior. Any suggestions?
Dynamic VLAN? Do you have 802.1x enabled on the WLAN?
Dynamic VLAN is a way for the RADIUS server to tell the ZD what VLAN a specific client should be on- so you can have one SSID like "School" and it can assign students to one VLAN, and staff to another (without having multiple SSIDs). Because of this, it's only usable when paired with 802.1x.
We do use RADIUS so have 802.1x enabled. I do not have any assigned vlans per user, however. VLans are given based on the subnet the AP is on.
We have a device policy that I set up to deny access to IOS machines. When I created it, I was forced to enable DVLan; the GUI will not close without that option turned on. I don't have that policy with my ZD1100.
If this setting is creating this problem, it would make sense that all computers should experience it. Interestingly, only about 10% will not switch as I described above. The rest connect as they should.
Either way, it's puzzling to me that I have to leave on the temp SSID in order for machines to connect to our regular SSID!
I have turned off the temp SSID this evening and removed the device policy and DVLan settings. Will see if that changes things on Tuesday.
Updating this post;
I worked with Support for several days. Ultimately, we updated the firmware to the current version and made a few small configuration changes, including removing the temp SSID so that no leftover settings would exist.
This solved the problem I was having and we are now back to normal operations.