Wireless Access

We're using a captive portal profile for our staff and students. They authenticate to a directory via LDAP. Things are working well in our test enviroment but I am wondering if we can add a WEP key in order to encrypyt the data being sent from the client to the AP. My thinking is: users would only have to enter this WEP key once and it would be saved in the wireless profile on their devices. Once it saved, they would only have to enter their LDAP creds via the CP page. 

 

Is this possible?

Yes, but I would highly recommend using WPA2-PSK instead. WEP should not be used anymore except special cases with legacy equipment.

Also keep in mind that with shared key encryption, users can decrypt each others traffic. I would strongly recommend looking at using 802.1X instead.

Ok, thanks Tim. 

 

I'm using WPA2-PSK now but I am not prompted to enter my username and password - no CP. 

 

 

Did you set the initial role to your captive portal logon role?

Sent from Nine

ah...thank you. It's working now. 

 

As for traffic being decrpyted...is there anything in "stateful firewall" that would make a difference? I see "deny inter user traffic" for example?

nope nothing, that option is to prevent users from talking to each other on the same SSID.