Association requirements - Open (no encryption)

Jisaacs
New here

Association requirements - Open (no encryption)

We have our access points set to use "open" method for network association followed with a splash page configured to AD authentication.  My question is that "open" also has no encryption.  What is is place to prevent any users from capturing AD traffic or is the splash page just proxying the AD login process and kerberos is protecting the AD authentication stream.

 

Thanks,

 

J

4 REPLIES 4
BrechtSchamp
Kind of a big deal

The https encryption of the splash page should prevent against sniffing.

 

See the Note on this page:

https://documentation.meraki.com/MR/Splash_Page/Splash_Page_Traffic_Flow_and_Troubleshooting

RobOwen
Conversationalist

HTTPS is the answer

harrys
Here to help

Even though HTTPS is the solution, I highly recommend to avoid open networks as there might be other non-encrypted traffic which can be easily captured.

BrechtSchamp
Kind of a big deal

Also, WPA3 will have OWE (Opportunistic Wireless Encryption) for exactly this reason.

 

https://meraki.cisco.com/blog/2018/03/wi-fi-standards-on-the-move-again/

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels