cancel
Showing results for 
Search instead for 
Did you mean: 

VPN bypassing passwords

david_delucia
New Contributor
We are a school and today I was informed that our kids are connecting to our staff SSID which requires authentication to Active Directory by using a VPN on their phone.  My ? is why is it allowing the traffic to flow without a password. Any ideas
3 REPLIES 3

craig_burchfiel
New Contributor III
My question would be is why your APs are broadcasting the SSID anyway. check to make sure you're hitting your Radius server properly. also, you should have a Guest WiFi set up for the kids gives you total control to what they look up. 

max_o_driscoll
Valued Contributor
If students log in to laptops on a pupil SSID then what is it that stops them using other SSIDs with those accounts?

On school devices you have made them users and locked down with group policy, but on their phones they'll be admins.

Or they have compromised a staff account (either observing or guessing or cracking a password).

Ideally find a kid and let them show off how easy it is to do and let them show you their technique. In my experience they love showing off to a techie.

Just random thoughts.

jakob_peterh_ns
Contributor II
If the SSID needs a logon, then you see the username in the device list.
Find devices that are not supposed to be on the staff net and see what accounts they are using.

If it’s their own, your setup is wrong