https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589307#M13212 <HTML><HEAD></HEAD><BODY><P>Search around for "captive portal." </P><P></P><P>Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do). </P><P></P><P>This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.</P><P></P><P>Good Luck</P><P></P><P>Scott</P><P></P></BODY></HTML> Fri, 11 Aug 2006 22:29:21 GMT scottmac 2006-08-11T22:29:21Z https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589306#M13211 <P>We have a Cisco 1200 Aironet and would like to challange anyone accessing our network for their credentials (perhaps like a wireless hotspot)? The users will only have access to the internet so security is not a concern for us. </P><P></P><P>How can we do this without having to make changes to the client PC? </P> Sun, 04 Jul 2021 19:50:24 GMT https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589306#M13211 j.langton 2021-07-04T19:50:24Z https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589307#M13212 <HTML><HEAD></HEAD><BODY><P>Search around for "captive portal." </P><P></P><P>Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do). </P><P></P><P>This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.</P><P></P><P>Good Luck</P><P></P><P>Scott</P><P></P></BODY></HTML> Fri, 11 Aug 2006 22:29:21 GMT https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589307#M13212 scottmac 2006-08-11T22:29:21Z https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589308#M13213 <HTML><HEAD></HEAD><BODY><P>Thanks. I settled on pfSense from <A class="jive-link-custom" href="http://www.pfsense.org." target="_blank">www.pfsense.org.</A> They have done an excellent job with this project and have it well documented. It runs on FreeBSD and uses CARP for load blanacing and redundancy. Also, they say that it will run on a 486 with 16 Mb of RAM. </P><P></P><P>Definitely worth a look for anyone looking for a captive portal that is built around a nice firewall.</P></BODY></HTML> Mon, 28 Aug 2006 20:30:00 GMT https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589308#M13213 j.langton 2006-08-28T20:30:00Z https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589309#M13214 <HTML><HEAD></HEAD><BODY><P>The cleanest way, in my opinion to do this is to use Cisco ACS. It ties right into AD. I would also combine this with a locked down vlan on the WAP</P></BODY></HTML> Mon, 28 Aug 2006 22:41:30 GMT https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589309#M13214 jwjohansen 2006-08-28T22:41:30Z https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589310#M13215 <HTML><HEAD></HEAD><BODY><P>Yep, the pfSense captive portal allows for RADIUS authentication so you can use the Cisco ACS Secure Server. I am not a fan of tying it to AD though.</P></BODY></HTML> Tue, 29 Aug 2006 12:23:43 GMT https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589310#M13215 j.langton 2006-08-29T12:23:43Z https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589311#M13216 <HTML><HEAD></HEAD><BODY><P>Just curious about not linking ACS to AD...</P><P></P><P>Why?</P></BODY></HTML> Tue, 29 Aug 2006 16:04:56 GMT https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589311#M13216 jwjohansen 2006-08-29T16:04:56Z https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589312#M13217 <HTML><HEAD></HEAD><BODY><P>We use it too. If there is no need for any auth (which it can do too) It makes for an excellent splash page portal. Our purpose is to redirect guest browsers to our acceptible usage policy page and then allow them out to the world. </P><P>*BSD, linux &amp; other iptables based firewalls are not as nice to multiple vpn connections from behind, so we use a pair of pixes for nonbrowser traffic. The wifi guest network lives behind a router with route policies that direct ports 80,443 &amp; 8000 (portal access) to the pfsense server and all the rest to the PIX</P><P>Pfsense can run in a failover setup via carp</P><P>It works like a champ for us. </P></BODY></HTML> Thu, 31 Aug 2006 13:10:27 GMT https://community.cisco.com/t5/wireless/authenticating-users-who-access-the-lan/m-p/589312#M13217 ericgarnel 2006-08-31T13:10:27Z