Skip to main content

129 Messages

 • 

1.6K Points

Thu, Sep 5, 2013 6:05 PM

Just enough WLAN guest security or too little ?

The following works for our guests but is it secure enough?

1. Configure / Guest / Authentication >> No onboarding, No authentication, Yes >>> Show terms of use
2. Configure / WLAN /
>>> WLAN Usages / Type = Guest Access
>>> Authentication Options / Method = Open
>>> Encryption Options / Method = WPA2
>>> Encryption Options / Algorithm = AES
>>> Encryption Options / Passphrase = "123fake456"
>>> Options / Wireless Client Isolation = Full

From their computing device my guests and employees find the appropriate WLAN (mentioned above) in the wireless network choices, attempt to connect, they enter the passphrase, they accept the TOU and then they connect.

This WLAN setup works for most of my users...should I be afraid?

Responses

683 Messages

 • 

11K Points

7 years ago

“Three may keep a secret, if two of them are dead.”
― Benjamin Franklin, Poor Richard's Almanack

See - http://theruckusroom.typepad.com/file...

129 Messages

 • 

1.6K Points

7 years ago

Keith Redfield:

Thanks for the document reference. Can we add DPSK for guests?

P.S. I am a ruckus noob!!!

683 Messages

 • 

11K Points

7 years ago

Ah, I missed the guest requirement. For that you probably want to use Guest Passes - these are often set up in reception for example and handed to guests after they sign in.

https://support.ruckuswireless.com/an...

129 Messages

 • 

1.6K Points

7 years ago

Can more than one client log in a WLAN using the identical ZD local credentials?

If so, are there limits as to how many clients can use the same credentials?

683 Messages

 • 

11K Points

7 years ago

You can do that, but for that case it's even easier to just keep using a shared secret. The problem with using persistent credentials of any kind that are shared among multiple users is that over time they are bound to leak to people you hadn't intended.

129 Messages

 • 

1.6K Points

7 years ago

Keith:

Sorry to wear you down on this topic but you are the first RuckusWireless techie that I could understand most of the time. < Insert rant here... I have opened over ten online cases so I do have ruck-tech-less case experience.**end rant>

"...shared secret..." I know what that means in the "Radius and VPN vernacular" but are you referring to the ">>> Encryption Options / Passphrase = "123fake456" statement from my original question? Does "shared secret" equal "Passphrase" in the context of your previous response?

Yes, I understand about your warning me about "unintended "leak" consequences" but generating temporary "guest passes" for impatient adult students with BYOD me-mentality at a graduate school is something I must weigh against maximum security. I can isolate their encrypted access to controlled vlans which should meet all requirements on all our sides of this issue.

Thanks much.

683 Messages

 • 

11K Points

7 years ago

lol - I am mostly going back to those same techs to get your answers - I had the managerial lobotomy many years ago.

Yes - shared secret==passphrase. If you are not concerned about un-approved access to the network then these are fine.

129 Messages

 • 

1.6K Points

7 years ago

Please define "un-approved access ."

A "user" would need to know the passphrase to access the WLAN, would they not?

I am running WPA2/AES so it is not like the "bad buy" can easily un-encrypt the passphrase and user transmissions, or am I missing something big?

Thanks

683 Messages

 • 

11K Points

7 years ago

Right - I'm not talking about hacking - just let's say Joe Student shares the passphrase...on Facebook.