Unauthorized Users on the Wifi

JoyBigBay
New here

Unauthorized Users on the Wifi

Public School Setup. We have authorized users for certain SSID's we don't want students using. Splash page pops up to log in with their credentials. I thought if the users weren't authenticated they couldn't go any further and get online. Our students are going around that somehow and still connecting to the internet. Did I miss something on the setup, or is this not an effective method to keeping them off? Suggestions?

8 Replies 8
double_virgule
Getting noticed

What are you using to manage identities? 

Are you sure they're bypassing it? Did they find an identity that works and are sharing it? 

 

There is no more motivated group of hackers than teens with limited cell service and a locked internet connection. 😀

JoyBigBay
New here

Exactly we have zero cell service in our building. I created "users" with their email address and a generated password for staff members. Small school, total staff is only around 30. I can see all the authorized users identified by their credentials as clients connected to the WiFi. Then we have unauthorized users connected (students). I know they are connected because as I go through, disconnect them and change their policy to block that SSID the complaints start rolling through. It seemed to stump them for the first week or so and then they started showing up again as connected. If only they put this much effort into actual school work

double_virgule
Getting noticed

So let me make sure I understand your setup: 

You have a SSID set up with a splash page with Meraki Cloud Authentication set up with a username/password set for specific users? 

 

double_virgule_0-1728670585056.png

 

Are you trying to track traffic by user? Is there a reason you're using username/password instead of a shared secret WPA2 password? Do you have a WPA2 password set as well? 


Can you share some screenshots (with passwords concealed, of course) of the SSID settings? 

 

JoyBigBay
New here

The SSID also has a shared secret password and the splash authentication page. Having the user authenticate with the splash page makes it easier for me identify the phone, if it is not an authenticated user I block it. The splash page is the same as you attached, Sign-on with Meraki Cloud Authentication.........

double_virgule
Getting noticed

And you have all these settings set? 

double_virgule_0-1728671819414.png



Mloraditch
A model citizen

Make sure you have block all access until sign on is complete selected under advanced, captive portal strength. Without that everything but port 80 is allowed, which would make it rather easy to use the internet. 

JoyBigBay
New here

Got it. I think it was that ONE unchecked box. Thanks for all your help.

double_virgule
Getting noticed

Great! Hope it works for you, and glad to help. 😁

Get notified when there are additional replies to this discussion.