Meraki Community

Snika

We are using Active directory combined with Splash page.
I must use open authentication to use Splash pages.
Open authentication does not allow the use of WPA encryption between the PC client and the AP.
Is this a security vulnerability?
What steps do we need to take to ensure that we meet the requirements of wireless security?

alemabrahao

It is not necessarily a security risk, as despite being an "open" network you will be requiring authentication. Of course, you won't have encryption, which is exactly why this is a type of network most suitable for Guest users.

https://documentation.meraki.com/MR/MR_Splash_Page/Integrating_Active_Directory_with_Sign-On_Splash_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

ConnorL

Whilst your wireless traffic isn't encrypted, the HTTPS session between your client and the Splash Page server is.

If the SSID is primarily for employees/staff/trusted users, I would leverage 802.1X RADIUS instead. Yes the user won't get a pretty splash page, but it would then ensure the wireless traffic is encrypted.

PhilipDAth

You can use a PSK when using AD splash page authentication.

You could also get adventurous if you have WiFi6 APs and try our OWE encryption.
https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/WPA3_Encryption_and_Configuratio...

Meraki Community

Security vulnerability of open authentication when using Splash page?

Security vulnerability of open authentication when using Splash page?