Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

captive portal with radius server as authentication server

Jump to Best Answer
This thread has been viewed 0 times
  • 1.  captive portal with radius server as authentication server

    Posted Sep 19, 2018 03:16 PM

    Hello

    I saw this on a client which have a captive portal and has a NPS of windows as a radius server for the users that connect to this network.

     

    As far i understand that wouldnt be 802.1x its just a captive portal that validates with a radius server.

     

    If they are using http for authentication on the on the L3 authentication profile it means that the user and password travel unencrypted right?  i mean on plain text...

     

    Cheers

    Carlos



  • 2.  RE: captive portal with radius server as authentication server
    Best Answer

    Posted Sep 19, 2018 03:18 PM

    Yes.



  • 3.  RE: captive portal with radius server as authentication server

    Posted Sep 20, 2018 03:15 AM

    Please note that the default, and recommended setting for captive portal authentication is over HTTPS with your own public signed certificate. In that case, the password is protected between client and controller/IAP with SSL. Only if you configure the captive portal not to use https, and switch down to http, the user credentials will go in the clear. Between the controller and your RADIUS server, consider the credentials unencrypted as it either is or the used protection is too weak. Make sure that path is more or less trusted when using PAP/CHAP/MSCHAP (non EAP).



  • 4.  RE: captive portal with radius server as authentication server

    Posted Sep 20, 2018 09:53 AM

    No, its over http.  Also they dont have a public certificate.

     

    Ill just propose them 802.1x with EAP TLS, instead of doing mac auth, and that captive portal auth for internal users.  Which i bealive is the best.

     

    Cheers

    Carlos



  • 5.  RE: captive portal with radius server as authentication server

    Posted Sep 19, 2018 03:20 PM

    Thanks it just that i saw that in a client and i wanted to alert them about this, as we didnt configure this controller

     

    Thank you Collin.

     

    Cheers

    Carlos