iOS Network Failover (Primary to Secondary)

GregB
New Contributor

Hello,

I was wondering if anyone out there has run into an issue where they are working with networking issues on iPads and want to make/ push policy changes but the device is unable to connect to the wifi to get the new update?

Is there a way to set a secondary wireless network to auto connect should the primary be unreachable?

I was thinking this could be a "troubleshooting only" network that would be turned on when the main goes down.

 

What are you doing in your environment to have:

1) iPads auto connect to the wifi
2) Prevent the wifi menu from being enabled so employees cannot switch to other networks
3) In the event you need to reach devices that have gone offline

 

I am trying to eliminate putting all of my eggs in one basket and touching 300 iPads at 10 locations.

Any insight is greatly appreciated,

Greg

2 ACCEPTED SOLUTIONS

user-dIrrpGXxza
Contributor

We have a fallback network, protected with PSK only, with limited Internet access, that is automatically provisioned as a configuration policy. However, it's set to manually connect (meaning no auto-connect), so the user needs to take action and just connect to the fallback network in case of connectivity issues. Our main network needs certificates to authenticate, but this could also be done with two different PSK networks.

 

Note that if both profiles are set to automatically connect, which network that's chosen by the device can be unreliable.

View solution in original post

Furthermore more details regarding your questions, sorry: @GregB 

We put the onus on the network team to ensure wifi is up and running. I had a failover SSID set on one of our primary use case builds but the nurses kept switching back and forth and this caused interruptions, unneeded ones. 

So, now we have a single SSID.  What I did from the console was allow our iPhones to connect/pair to AC2. In the event of an issue on one or more, we can add a profile get them back on the network and wash our hands. 

This also helps with support. but it can be tedious for support techs and did require me to train. 

Our single SSID is managed so our end-users see only one. I prefer to not do it this way but the greater good won out. 

Like I said with a single managed SSID if things go wrong is it, in our case, the network team's job to look at the MAC address and AP connection history for the device, or it could be a hardware issue. BUT we have had very few issues with this from an MDM side. 

P.S we are always polite to the network team and help when we can, of course 🙂 

Thank you. 

 

 
 
 

View solution in original post

5 REPLIES 5

dvasquez
Valued Contributor

Hello.

Yes, you could make a second Wi-Fi profile and push it but if the device is not connected to the network based on your comments and possibly your restrictions, i.e you managing the networks for this device. So, I recommend removing it from management, getting it back to square one, and reconnecting it to wi-fi then next push/create another network profile to the device. 

So, yes it can be done but not if the device is not connected to any network currently and the network is being managed, single network. Might be a little work but test with one and go for it. 

Xavier

But 

user-dIrrpGXxza
Contributor

We have a fallback network, protected with PSK only, with limited Internet access, that is automatically provisioned as a configuration policy. However, it's set to manually connect (meaning no auto-connect), so the user needs to take action and just connect to the fallback network in case of connectivity issues. Our main network needs certificates to authenticate, but this could also be done with two different PSK networks.

 

Note that if both profiles are set to automatically connect, which network that's chosen by the device can be unreliable.

Furthermore more details regarding your questions, sorry: @GregB 

We put the onus on the network team to ensure wifi is up and running. I had a failover SSID set on one of our primary use case builds but the nurses kept switching back and forth and this caused interruptions, unneeded ones. 

So, now we have a single SSID.  What I did from the console was allow our iPhones to connect/pair to AC2. In the event of an issue on one or more, we can add a profile get them back on the network and wash our hands. 

This also helps with support. but it can be tedious for support techs and did require me to train. 

Our single SSID is managed so our end-users see only one. I prefer to not do it this way but the greater good won out. 

Like I said with a single managed SSID if things go wrong is it, in our case, the network team's job to look at the MAC address and AP connection history for the device, or it could be a hardware issue. BUT we have had very few issues with this from an MDM side. 

P.S we are always polite to the network team and help when we can, of course 🙂 

Thank you. 

 

 
 
 

GregB
New Contributor

Thank you both for your replies, they have helped my team a lot!

We are going to use the 5g as our single main network, and leave the ability to see other networks turned on.

From here the open wifi network will not accept the POS ipads (MAC address filter) so they stay on the 5g should users want to try and mess with things.

If troubleshooting needs to happen, we will turn on the "troubleshooting network" and have the employees connect to it for us (PSK built into config profile).

Once troubleshooting is complete, turn off "troubleshooting network" and have employees forget the troubleshooting network to have iPads auto-connect to 5g once again 😄

dvasquez
Valued Contributor

That is super nice to have a troubleshooting network and the use of PSK will make it easier.

Good luck!