Presenting a disclaimer page for PSK WLAN

johncaston_2 · ‎09-16-2015

Hi All,

I have a client replacing their existing WiFi with a Cisco solution. They currently have a guest SSID with a PSK and have an external proxy presenting an AUP disclaimer page that they have to accept before proceeding - they initially want to replicate this on the Cisco WiFi but I'm not sure if it's possible.

(We'll be changing them to CWA at a later stage)

We will be implementing ISE and Prime Infrastructure - just wondering if it could be done with some redirection / change of authority policies but I'm not entirely sure?

Has anyone done something similar before or have any ideas?

Kind regards,

John

Freerk Terpstra · ‎09-26-2015

Yes this is possible.

The most easy way to get this running is to use the webserver within the WLC and configure an layer 2 (the PSK) and layer 3 security policy on the guest SSID. Copy the text from the current AUP page and recreate a new HTML page and upload it to the WLC (in a webauth bundle). Select this HTML page in the layer 3 policy to use it. If you want to use HTTPS for this page you also need to fix a certificate on the WLC, but because there is no authentication going-on I would just use HTTP in this case. Do not forget to check the session and idle timeouts for the guest SSID as well so that users don't have to authenticate every 30 minutes or even less.

In the end is dot1X (also for guest connectivity) the nicest solution but for some customers that is "too complex to manage" and than is this scenario kind of a hybrid solution. At least there is some form of encryption going on but don't forget that from an end-user perspective portals are a "pain in the ass" to handle as well.

Please rate useful posts... :-)