Wireless authentication for non-owned laptops VLAN/network
Ive a question regarding what type of wireless authentication i should be using for a purple network of purely non-school owned laptops/devices. These are primarily staff laptops, but not bought by or maintained by the school and therefore we've created a "if you want to use YOUR laptop with OUR internet (for teaching purposes) and access our external services" network so to speak.
I am trying to decide what is "better" across security and ease of setup.
We can use for example a radius server for authentication which provides excellent factors of discrimination (IE AD user groups access, TOD), or simply use WPA and a passphrase.
I know the radius route is more robust and feature rich, however it does involve alot of steps on the client end which i fear/know will confuse and deter staff from using the network. Like i said, they are not school owned or maintained so things like config via GPO are out of the question.
On the other hand the WPA/Psk is easy(er) to get online. Simple as that.
Can anyone comment as to which way you suggest i go with this? Or know of another type of rollout configs i am not sure about? Possible scripting?
Thanks for the 2 cents guys and gals.