Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unauthorized Users on the Wifi

JoyBigBay
New here
Friday
Friday

Unauthorized Users on the Wifi

Public School Setup. We have authorized users for certain SSID's we don't want students using. Splash page pops up to log in with their credentials. I thought if the users weren't authenticated they couldn't go any further and get online. Our students are going around that somehow and still connecting to the internet. Did I miss something on the setup, or is this not an effective method to keeping them off? Suggestions?

0 Kudos
Subscribe
8 Replies 8
double_virgule
Here to help
Friday
Friday

What are you using to manage identities? 

Are you sure they're bypassing it? Did they find an identity that works and are sharing it? 

 

There is no more motivated group of hackers than teens with limited cell service and a locked internet connection. 😀

0 Kudos
Subscribe
In response to double_virgule
JoyBigBay
New here
Friday
Friday

Exactly we have zero cell service in our building. I created "users" with their email address and a generated password for staff members. Small school, total staff is only around 30. I can see all the authorized users identified by their credentials as clients connected to the WiFi. Then we have unauthorized users connected (students). I know they are connected because as I go through, disconnect them and change their policy to block that SSID the complaints start rolling through. It seemed to stump them for the first week or so and then they started showing up again as connected. If only they put this much effort into actual school work

0 Kudos
Subscribe
double_virgule
Here to help
Friday
Friday

So let me make sure I understand your setup: 

You have a SSID set up with a splash page with Meraki Cloud Authentication set up with a username/password set for specific users? 

 

double_virgule_0-1728670585056.png

 

Are you trying to track traffic by user? Is there a reason you're using username/password instead of a shared secret WPA2 password? Do you have a WPA2 password set as well? 


Can you share some screenshots (with passwords concealed, of course) of the SSID settings? 

 

0 Kudos
Subscribe
In response to double_virgule
JoyBigBay
New here
Friday
Friday

The SSID also has a shared secret password and the splash authentication page. Having the user authenticate with the splash page makes it easier for me identify the phone, if it is not an authenticated user I block it. The splash page is the same as you attached, Sign-on with Meraki Cloud Authentication.........

0 Kudos
Subscribe
In response to JoyBigBay
double_virgule
Here to help
Friday
Friday

And you have all these settings set? 

double_virgule_0-1728671819414.png



Subscribe
Mloraditch
A model citizen
Friday
Friday

Make sure you have block all access until sign on is complete selected under advanced, captive portal strength. Without that everything but port 80 is allowed, which would make it rather easy to use the internet. 

Subscribe
JoyBigBay
New here
Friday
Friday

Got it. I think it was that ONE unchecked box. Thanks for all your help.

Subscribe
In response to JoyBigBay
double_virgule
Here to help
Friday
Friday

Great! Hope it works for you, and glad to help. 😁

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.