Meraki

Community

Association requirements - Open (no encryption)

Jisaacs
New here
‎Apr 2 2019 11:09 AM
‎Apr 2 2019 11:09 AM

Association requirements - Open (no encryption)

We have our access points set to use "open" method for network association followed with a splash page configured to AD authentication.  My question is that "open" also has no encryption.  What is is place to prevent any users from capturing AD traffic or is the splash page just proxying the AD login process and kerberos is protecting the AD authentication stream.

 

Thanks,

 

J

0 Kudos
4 Replies 4
BrechtSchamp
Kind of a big deal
‎Apr 2 2019 12:00 PM
‎Apr 2 2019 12:00 PM

The https encryption of the splash page should prevent against sniffing.

 

See the Note on this page:

https://documentation.meraki.com/MR/Splash_Page/Splash_Page_Traffic_Flow_and_Troubleshooting

RobOwen
Conversationalist
‎Apr 2 2019 1:07 PM
‎Apr 2 2019 1:07 PM

HTTPS is the answer

0 Kudos
harrys
Here to help
‎Apr 2 2019 2:27 PM
‎Apr 2 2019 2:27 PM

Even though HTTPS is the solution, I highly recommend to avoid open networks as there might be other non-encrypted traffic which can be easily captured.

0 Kudos
In response to harrys
BrechtSchamp
Kind of a big deal
‎Apr 2 2019 9:53 PM
‎Apr 2 2019 9:53 PM

Also, WPA3 will have OWE (Opportunistic Wireless Encryption) for exactly this reason.

 

https://meraki.cisco.com/blog/2018/03/wi-fi-standards-on-the-move-again/

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.