My school runs our WiFi network on Aruba Controllers, some of the access points are Aruba-branded and is managed. Others are D-Link branded, and need configuration one by one if needed.
We run our authentication on Captive Portal now, and is now seeing quite some slow down, we have integration with Active Directory. But it's strictly just for login and password information, and our record is small, so we can migrate to another directory or database server anytime.
Our options are limited, as there are no lots of options out there as I know of.
So, here's two ways to go. One is to stick with Captive Portal and possibly start inspecting where the slow down is. Another is to migrate out database to possibly AD with Radius and use that as our Radius server for WPA2-Enterprise.
One of my concern is overall session and bandwidth, as we have a single 3600 controller, and a little about 1500 potential users (hopefully), with WPA2-Enterprise, they will be online all the time.
Which is more preferable in a educational environment?
Best Answer
RADIUS is faster (typically), doesn't rely on the device having a browser and allowing itself to be hijacked by the captive portal, and is generally much cleaner (you get to eliminate the web server and other logic around the portal). The only time it's not preferred is when every user doesn't have an individual username and password, in my opinion.
If the controller is capable of handling the current user load with unprotected traffic it's not a bad bet that it would be able to handle encrypting it too, though it wouldn't be a bad plan to check the designed user maximum for your particular controller.