I have 3 SSIDs
Private - VLAN101 (Can talk to VLAN100)
Guest - VLAN102 (Can’t talk to anything except internet)
IoT - VLAN103 (Can’t talk to anything except internet)
And another VLAN for servers (VL100), not an SSID.
So, I’ve noticed that people in my household (and next door) are supplying visitors with our ‘private’ password, however, they don’t know the password. I type it into their devices.
They’re getting the password because now on Android phones you can ‘share’ the SSID’s which will print the wireless password in plain text.
How can I keep devices separated into the correct network so people cannot share the password for private SSIDs?
Idea 1: Create a captive portal, one for Guest and one for Private each has their own login. This way I can make the SSID open, but they won’t be able to share the private password as it’s one-time. The issue with this idea is that Unifi only allows you to create a captive portal with 1 accepted password (Named ‘Simple Password’ in Captive Portal). I think this is dumb… but yeah.
Idea 2: I’ve tried to create the captive portals through pfSense however I’ve had a huge issue getting the phones to accept the self-signed cert, my Pixel 2 just does not like it and will refuse it.
Idea 3: MAC-Bind the ‘allowed’ clients to Private, sure, but this requires constant upkeep and management, and I’m not exactly sure how to enforce this in Unifi.
Idea 4: Use Vouchers with no expiry for private. 2 issues with this, this isn’t very userfriendly for guest access where I just want a simple password and isn’t very practical for private since there’s no true-unlimited, just set the expiry to like 999d. I didn’t particularly like this idea.
So, does anyone have a better solution than my above attempts because I’m lost for ideas now?
Thanks and I’d appreciate anyone that’s able to help. I can’t be the only one that’s facing this or a similar issue.