Active Directory thru ZD Captive Portal vs 802.1x

  • 1
  • Question
  • Updated 1 year ago
  • Answered
  • (Edited)
I'm trying to setup a WLAN for a customer where its employees can connect to the WLAN and authenticate using their Active Directory account. Is it better if I use 802.1x (FreeRADIUS) or just use ZD's built in Captive Portal (Web Authentication)? What are the advantages of using 802.1x? Setting up FreeRADIUS is a bit of a hassle.

By the way, can devices that are not joined to their domain connect to the WLAN either via the two options?
Photo of M

M

  • 30 Posts
  • 3 Reply Likes

Posted 1 year ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2116 Posts
  • 297 Reply Likes
If you use Standard WLAN with 802.1x, you will need RADIUS in front of AD.
You can use ZD's Guest Access type WLAN, with direct AD authenticiation.
Photo of M

M

  • 30 Posts
  • 3 Reply Likes
I configured an open WLAN using Standard type (no encryption) and the option for Web Authentication and Authentication Server are configurable (drop down menu) and our customer successfully authenticated using their AD account. This should be fine, right? Or is this less secure than AD via 802.1x authentication?
(Edited)
Photo of Michael Brado

Michael Brado, Official Rep

  • 2114 Posts
  • 297 Reply Likes
Congratulations, you have AD authenticated access thru our internal web portal.

Using 802.1x with a RADIUS front-end to the AD user/pw db, can exchange some Vendor Specific Attributes,
if you wanted to change VLANs from the one you've setup for this WLAN now, for example.  OTW, you have
a secure authentication required wireless network access solution.
Photo of Robert Lowe

Robert Lowe

  • 162 Posts
  • 31 Reply Likes
Just keep in mind that as you are not using 802.1X or a PSK this data is not encrypted and is the same as using an open hotspot SSID all you're doing is using AD to authenticate.
Photo of M

M

  • 30 Posts
  • 3 Reply Likes
That's what I am concerned right now. I'm already checking FreeRADIUS guides on where to configure AD. I just know where to enter the ZD IP on FreeRADIUS so far.
Photo of M

M

  • 30 Posts
  • 3 Reply Likes
By the way, since this is a first for me (configuring 802.1x as authentication), does encryption apply automatically to the credentials only or the whole frame/data traffic? I don't need to configure anything else on RADIUS but ZD IP and external AAA server like AD? I think I can't use ZD's Captive Portal if on 802.1x, right? I have to provide that separately?