12-29-2010 11:55 AM - edited 07-03-2021 07:36 PM
Trying to configure the guest access however I'm not liking the web authentication features that are available, I must be missing something. Here is what I want to accomplish:
1- Users connect to the wireless network using WPA 2 (Which I have configured and works fine)
2- Next users try to go online and get presented with the Captive Portal page (Which also works ok)
3- I want users to now input their First Name, Last Name, Phone Number and E Mail, click submit and then go online
4- So far the only thing I have noticed is under "Layer 3 Security" where I can check the box for "Input E Mail" but can I customize that more requesting more information from the user to input before going online?
5- Also will the WLC record that information so we have a record of who logged in and such....?
Solved! Go to Solution.
12-30-2010 07:26 AM
Hi Mohammad,
For such a requirement, you may wanna look into the Self Service and Auto Login page of the NAC Guest Server:
http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html#wp1094277
In this way the user should be able to create its own credentials and to have them sent via SMS to the phone number he specifies.
As a general good practice, I'd suggest a proof of concept lab setup to verify that products are covering exactly what you'd like to implement ;-)
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-30-2010 05:57 AM
Hi Mohammad,
Configuring the web authentication with all the authentication fields that you are mentioning cannot be done with the 5508 on its own.
To base your web authentication on something more than username/passoword (or just email), you would need to use an external web authentication server that could authenticate your users based on different parameters.
Also, the Cisco NAC Guest Server might be something you could consider for additional web authentication features:
http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps5707/ps8418/ps6128/product_data_sheet0900aecd806e98c9.html
For what concerns the records of your logged in users (present and past), a scalable solution would be through Radius accounting towards a Radius server (also available in the NAC Guest Server).
Hope this helps,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-30-2010 06:26 AM
Thank you for the reply I checked out the product link you specified but there are two problems with that 1- Cost ofcourse 2-It still requires some one to manually create the guest accounts. I deployed another product at my old job and the captive portal had an option where we created a simple page that required user to input those fields, we simply uploaded that page on the Management device and that is it.
So even if I use an external server which I haven no problem using I'm trying to figure out how to pass the provisioning of that user back to WLC so it will send them out on the net once they hit submit?
12-30-2010 06:50 AM
Thank you Mohammad,
The login page from the external web server takes the user credentials and sends them back to the internal WLC web server.
These are then either checked against either an internal database, or they are used to authenticate the user through an external Radius server (that could eventually check the credentials against an external database).
The key point to keep in mind is that we can authenticate a user only based on two parameters: user name and password.
It is not possible to authenticate a user based on his first name, family name, email, address, etc. because this would require a specific database.
By relying on user name and password only, we are able to check the user's credentials against many types of external databases (checked by the Radius server), such as LDAP, AD, etc.
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-30-2010 06:56 AM
That makes sense but we want the deployment to be secure yet automated so when guests need to connect they can just connect yet if we need to find out who connected we can easily find out. For instance if I require a user to input the email only they can just type in anything they like such as "none@none.com". We need something more reliable and solid. I found a pretty good product called Aptilo which has multiple ways to register and one of them is via SMS. Which sounds good because this way they can't provide us with the fake number if they need to use the internet they will have to provide the real number and then access code will be sent to them. However I am not sure how much that product costs I am going to check into that.
Another link I found was using Microsofts WPS deployment I'm checking into that too as we already have a Microsoft Infrastructure in place, but if you can think of any other product especially open source that would be great.
12-30-2010 07:02 AM
Sure Mohammad,
If you'd like guest credentials to be sent to the user via SMS, then the Cisco NAC Guest Server can do that too:
Regards,
Fede
12-30-2010 07:08 AM
Thank you now that is perfect, however it still requires some one to manually enter the info and then email it to the guest user, do you know if this can be automated so the guest user can go through the process on his own?
12-30-2010 07:26 AM
Hi Mohammad,
For such a requirement, you may wanna look into the Self Service and Auto Login page of the NAC Guest Server:
http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html#wp1094277
In this way the user should be able to create its own credentials and to have them sent via SMS to the phone number he specifies.
As a general good practice, I'd suggest a proof of concept lab setup to verify that products are covering exactly what you'd like to implement ;-)
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-30-2010 07:31 AM
Oh that is perfect exactly what I am looking for. Now I just gotta find out how much it costs. Thank you for your time and help.
12-30-2010 10:56 AM
Glad that this helped you Mohammad.
Feel free to ping us back in case you need other clarification on wireless or NAC in the future ;-)
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
12-30-2010 11:04 AM
Absolutely by the way I checked the pricing on the Cisco Guest NAC appliance and it is like around $15K, so I'm looking at a couple of other solutions too.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: