Meraki

Community

Unauthorized Users on the Wifi

JoyBigBay
New here
‎Oct 11 2024 9:35 AM
‎Oct 11 2024 9:35 AM

Unauthorized Users on the Wifi

Public School Setup. We have authorized users for certain SSID's we don't want students using. Splash page pops up to log in with their credentials. I thought if the users weren't authenticated they couldn't go any further and get online. Our students are going around that somehow and still connecting to the internet. Did I miss something on the setup, or is this not an effective method to keeping them off? Suggestions?

0 Kudos
8 Replies 8
double_virgule
Getting noticed
‎Oct 11 2024 10:34 AM
‎Oct 11 2024 10:34 AM

What are you using to manage identities? 

Are you sure they're bypassing it? Did they find an identity that works and are sharing it? 

 

There is no more motivated group of hackers than teens with limited cell service and a locked internet connection. 😀

0 Kudos
In response to double_virgule
JoyBigBay
New here
‎Oct 11 2024 11:12 AM
‎Oct 11 2024 11:12 AM

Exactly we have zero cell service in our building. I created "users" with their email address and a generated password for staff members. Small school, total staff is only around 30. I can see all the authorized users identified by their credentials as clients connected to the WiFi. Then we have unauthorized users connected (students). I know they are connected because as I go through, disconnect them and change their policy to block that SSID the complaints start rolling through. It seemed to stump them for the first week or so and then they started showing up again as connected. If only they put this much effort into actual school work

0 Kudos
double_virgule
Getting noticed
‎Oct 11 2024 11:20 AM
‎Oct 11 2024 11:20 AM

So let me make sure I understand your setup: 

You have a SSID set up with a splash page with Meraki Cloud Authentication set up with a username/password set for specific users? 

 

double_virgule_0-1728670585056.png

 

Are you trying to track traffic by user? Is there a reason you're using username/password instead of a shared secret WPA2 password? Do you have a WPA2 password set as well? 


Can you share some screenshots (with passwords concealed, of course) of the SSID settings? 

 

0 Kudos
In response to double_virgule
JoyBigBay
New here
‎Oct 11 2024 11:28 AM
‎Oct 11 2024 11:28 AM

The SSID also has a shared secret password and the splash authentication page. Having the user authenticate with the splash page makes it easier for me identify the phone, if it is not an authenticated user I block it. The splash page is the same as you attached, Sign-on with Meraki Cloud Authentication.........

0 Kudos
In response to JoyBigBay
double_virgule
Getting noticed
‎Oct 11 2024 11:37 AM
‎Oct 11 2024 11:37 AM

And you have all these settings set? 

double_virgule_0-1728671819414.png



Mloraditch
A model citizen
‎Oct 11 2024 11:23 AM
‎Oct 11 2024 11:23 AM

Make sure you have block all access until sign on is complete selected under advanced, captive portal strength. Without that everything but port 80 is allowed, which would make it rather easy to use the internet. 

JoyBigBay
New here
‎Oct 11 2024 12:01 PM
‎Oct 11 2024 12:01 PM

Got it. I think it was that ONE unchecked box. Thanks for all your help.

In response to JoyBigBay
double_virgule
Getting noticed
‎Oct 11 2024 12:05 PM
‎Oct 11 2024 12:05 PM

Great! Hope it works for you, and glad to help. 😁

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.