11-17-2016 02:31 AM
I see no mention of this, but is it possible? We use Meraki currently.
Solved! Go to Solution.
11-17-2016 08:59 AM
Hey Sparrowhawk,
Almost definitely. Especially if your APs support RADIUS, LDAP, or supports a captive portal that you can customize. (WebSDK).
Most commonly we see people that express an interest in this not actually moving forward with it for a few reasons:
Can be a poor user experience - easiest to implement is Auto Push with RADIUS, this can cause additional verification prompts via Push when a user wakes up a sleeping laptop, moves to a new AP, changes network configuration, etc. This leads to a user being desensitized to authentication requests and they will end up approving anything and everything.
Wifi isn’t a terribly secure medium, an attacker with physical access has many tools at their disposal to attack wifi networks, even when they are encrypted. Network segmentation and VPNs can be helpful in this regard.
Most APs offer very minimal configurability when using authetnication like RADIUS - hard coded authenticaition timeouts, retry intervals, etc.
All of that being said, I have definitely worked with customers to do exaclty what you propose - maybe some can chime in here and share their experiences.
Cheers
11-17-2016 08:59 AM
Hey Sparrowhawk,
Almost definitely. Especially if your APs support RADIUS, LDAP, or supports a captive portal that you can customize. (WebSDK).
Most commonly we see people that express an interest in this not actually moving forward with it for a few reasons:
Can be a poor user experience - easiest to implement is Auto Push with RADIUS, this can cause additional verification prompts via Push when a user wakes up a sleeping laptop, moves to a new AP, changes network configuration, etc. This leads to a user being desensitized to authentication requests and they will end up approving anything and everything.
Wifi isn’t a terribly secure medium, an attacker with physical access has many tools at their disposal to attack wifi networks, even when they are encrypted. Network segmentation and VPNs can be helpful in this regard.
Most APs offer very minimal configurability when using authetnication like RADIUS - hard coded authenticaition timeouts, retry intervals, etc.
All of that being said, I have definitely worked with customers to do exaclty what you propose - maybe some can chime in here and share their experiences.
Cheers
03-23-2020 08:30 AM
I am looking for the very easiest way to stand up access to our small office WiFi authentication using 2FA. For the lass than 10 people who will be accessing, If I can simply have a wireless access point to deliver the WiFi and then a simple service like DUO to provide the 2FA with using google authenticator, that would be great. I don’t know if the DUO service has a simple directory so we can upload the 10 users max into some sort of list that we control . Simple administration is preferred. We do not need to control any apps or anything… only the access to our WiFi access point
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide