Normally when i'm configuring guest access for customers who dont want to go putting an anchor WLC in the DMZ first I ensure the guest VLAN is locked down and then go ahead and create a guest WLAN with Layer 3 Web authentication and use LobbyAdmin to hand out guest accounts from WCS or the WLC.
My question is this ... do you think this is secure enough? As the over the air traffic is unencrypted is it possible for someone to sniff the guest user-name & password and gain unauthorized access to the guest network.
Is it possible to encrypt over the air traffic dynamically without having to set a static pre shared key aswell as using layer 3 authentication?
Just curious more than anything.