VPN bypassing passwords

  • 1
  • Question
  • Updated 2 months ago
We are a school and today I was informed that our kids are connecting to our staff SSID which requires authentication to Active Directory by using a VPN on their phone.  My ? is why is it allowing the traffic to flow without a password. Any ideas
Photo of David DeLucia

David DeLucia

  • 1 Post
  • 0 Reply Likes

Posted 2 months ago

  • 1
Photo of Craig Burchfiel

Craig Burchfiel

  • 6 Posts
  • 1 Reply Like
My question would be is why your APs are broadcasting the SSID anyway. check to make sure you're hitting your Radius server properly. also, you should have a Guest WiFi set up for the kids gives you total control to what they look up. 
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 343 Posts
  • 87 Reply Likes
If students log in to laptops on a pupil SSID then what is it that stops them using other SSIDs with those accounts?

On school devices you have made them users and locked down with group policy, but on their phones they'll be admins.

Or they have compromised a staff account (either observing or guessing or cracking a password).

Ideally find a kid and let them show off how easy it is to do and let them show you their technique. In my experience they love showing off to a techie.

Just random thoughts.
Photo of Jakob Peterhänsel

Jakob Peterhänsel

  • 61 Posts
  • 20 Reply Likes
If the SSID needs a logon, then you see the username in the device list.
Find devices that are not supposed to be on the staff net and see what accounts they are using.

If it’s their own, your setup is wrong