- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
captive portal authentication with radius (local)
We are making a design to authenticate guest users via captive portal. The guest account has been created by de sponsor portal of Cisco ISE.
Unfortunately, the captive portal is hosted in the cloud and authentication(validation) of the connected user is done via Radius (port 1812). The radius packet is traversing over the internet from Meraki cloud to our internal Cisco ISE nodes, but this is unsafe.
Do somebody has a implementation which maybe is convenient for us too?
^Rob
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @RobHuijser ,
Radius only encrypts the password section of the packet. Other information, such as username, authorized services, and accounting, can be captured by a third party. the best recommendation is to deploy the authentication server on-premises or over a VPN than putting it out on the Internet. Many cloud hosters like AWS, Azure, and Google provide IPsec VPN services, it is worth to establish a VPN tunnel to secure the packets.
Otherwise, you can leverage something like TACACS which will encrypt the entire packet, unlike Radius.
Cheers!
Raj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @RobHuijser ,
Radius only encrypts the password section of the packet. Other information, such as username, authorized services, and accounting, can be captured by a third party. the best recommendation is to deploy the authentication server on-premises or over a VPN than putting it out on the Internet. Many cloud hosters like AWS, Azure, and Google provide IPsec VPN services, it is worth to establish a VPN tunnel to secure the packets.
Otherwise, you can leverage something like TACACS which will encrypt the entire packet, unlike Radius.
Cheers!
Raj
