Using hotspot services on an open SSID to provision mobile devices.

  • 1
  • Question
  • Updated 4 years ago
Hello,

We have a client who want to deploy AirWatch MDM. In order to get the provisioning files to the Mobile devices, would I be correct in setting up a Hotspot services on an open SSID that pushes the user to the AirWatch page?

I've set this up in-house with a test Hotspot services that pushes clients to our OWA page. I can login successfully and entering any URL in to the browser pushes the client back to the OWA page.

Running an IP scan gives responses from every IP on the subnet from the Hotspot. Can this be further locked down to only allow communication between the client and the OWA server? I've added the subnet in to restricted subnets (10.0.1.0/24) but I still get a ping response.
Photo of Matt

Matt

  • 25 Posts
  • 7 Reply Likes

Posted 4 years ago

  • 1
Photo of Matt

Matt

  • 25 Posts
  • 7 Reply Likes
Turns out Wireless Client Isolation is configurable under the Hotspot, rather than in the WLAN area.
The other recommended setting is to run the provisioning side of things in an isolated VLAN.
Photo of Michael Brado

Michael Brado, Official Rep

  • 1893 Posts
  • 269 Reply Likes
You should be able to use an 802.1x WLAN, configured with a RADIUS server using AD as the backend. Then, it appears that Air-Watch MDM runs over another layer of client/server communications when the authenticated client runs some agent.

Ruckus has not tested and does not guarantee that "AirWatch MDM" will work.

I cannot give any advice or suggestion for your HotSpot approach.