This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Ruckus Wireless
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Just enough WLAN guest security or too little ?

dtsblake_588878
Contributor II

‎09-05-2013 11:05 AM

The following works for our guests but is it secure enough?

1. Configure / Guest / Authentication >> No onboarding, No authentication, Yes >>> Show terms of use
2. Configure / WLAN /
>>> WLAN Usages / Type = Guest Access
>>> Authentication Options / Method = Open
>>> Encryption Options / Method = WPA2
>>> Encryption Options / Algorithm = AES
>>> Encryption Options / Passphrase = "123fake456"
>>> Options / Wireless Client Isolation = Full

From their computing device my guests and employees find the appropriate WLAN (mentioned above) in the wireless network choices, attempt to connect, they enter the passphrase, they accept the TOU and then they connect.

This WLAN setup works for most of my users...should I be afraid?
9 REPLIES 9

keith_redfield
Valued Contributor II

‎09-06-2013 11:28 AM

You can do that, but for that case it's even easier to just keep using a shared secret. The problem with using persistent credentials of any kind that are shared among multiple users is that over time they are bound to leak to people you hadn't intended.
0 Kudos

dtsblake_588878
Contributor II

‎09-06-2013 12:42 PM

Keith:

Sorry to wear you down on this topic but you are the first RuckusWireless techie that I could understand most of the time. < Insert rant here... I have opened over ten online cases so I do have ruck-tech-less case experience.**end rant>

"...shared secret..." I know what that means in the "Radius and VPN vernacular" but are you referring to the ">>> Encryption Options / Passphrase = "123fake456" statement from my original question? Does "shared secret" equal "Passphrase" in the context of your previous response?

Yes, I understand about your warning me about "unintended "leak" consequences" but generating temporary "guest passes" for impatient adult students with BYOD me-mentality at a graduate school is something I must weigh against maximum security. I can isolate their encrypted access to controlled vlans which should meet all requirements on all our sides of this issue.

Thanks much.
0 Kudos

keith_redfield
Valued Contributor II

‎09-06-2013 02:17 PM

lol - I am mostly going back to those same techs to get your answers - I had the managerial lobotomy many years ago.

Yes - shared secret==passphrase. If you are not concerned about un-approved access to the network then these are fine.

dtsblake_588878
Contributor II

‎09-07-2013 05:51 AM

Please define "un-approved access ."

A "user" would need to know the passphrase to access the WLAN, would they not?

I am running WPA2/AES so it is not like the "bad buy" can easily un-encrypt the passphrase and user transmissions, or am I missing something big?

Thanks
0 Kudos

keith_redfield
Valued Contributor II

‎09-07-2013 09:26 AM

Right - I'm not talking about hacking - just let's say Joe Student shares the passphrase...on Facebook.
Copyright © 2026 Khoros, LLC