Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2051
Views
8
Helpful
5
Replies

Captive Portal with WAP321 and ISA550

rootjames1
Level 1
Level 1

‎05-05-2013 06:40 AM

This scenario is for a guest SSID in a waiting room of a therapists office with the guest SSID on a separate VLAN with a captive portal subject to web url filtering.

I have an ISA550 and WAP321.  Both devices are capable of a captive portal.  Currently, I'm able to make the captive portal work on the ISA550 in this configuration, attempts to enable the captive portal on the WAP321 result in only direct access to the internet without the web filtering rules of the ISA550 being honored.  I would prefer to use the captive portal functionality of the WAP321 as it is more robust than the ISA550--able to produce a "fancier" login page.

All firmware is the latest available for both devices.

It seems I have established the VLAN correctly in this setup (but please provide insight).  In all attempts (be it with captive portal on the ISA550 or WAP321), I am getting an IP address of the Guest VLAN #2, in the range of 192.168.25.xxx (as expected).

VLAN Setup

ISA550 Setup:

vlan.jpg         

The WAP321 is plugged into Port 2 (GE2)

WAP321 Setup:

vap.jpg

(I read in another posting that the Guest network needed to be assigned to VAP 0).  It doesn't appear possible to assign the guest VLAN on the ISA550 to anything but VLAN 2).

Here is the setup on the WAP 321 when I'm attempting to use it's captive portal:

1. Local Group

group.jpg

2. Local User

use.png

3. CP Instance

cpinst.png

4. Associate the CP Instance to a VAP(SSID) Interface

instassoc.jpg

5. Create a locale (web Page and map it to a CP Instance)

webportal.jpg

6 Enable Global CP configuration

global.jpg

Expected Results: Clients connecting to the ABLEguest SSID should be presented with the captive portal of the WAP321 and be subject to web filtering

Actual Results:  Clients connecting to the ABLEguest SSID are given an unfiltered connection to the internet with no captive portal.

Is it possible to achieve the "expected results"?

Labels:
0 Helpful
5 Replies 5

jeffrrod
Level 4
Level 4

‎05-21-2013 10:43 AM

Dear James,

Thank you for contacting Cisco Small Business Wireless Community.

I apologize for the delay on your case and I'd like to know you have the latest firmware on your WAP321;

http://software.cisco.com/download/release.html?mdfid=284152656&softwareid=282463166&release=1.0.1.10

Please check on that and let me know.  I'll be looking forward to your reply.

Thank you for your time and patience,

Jeffrey Rodriguez S.
Cisco Customer Support Engineer.

Jeffrey Rodriguez S. .:|:.:|:. Cisco Customer Support Engineer *Please rate the Post so other will know when an answer has been found.
0 Helpful

vvijaysa
Level 1
Level 1

‎06-27-2013 08:15 AM

Hello James,

My name is Vijay. Thank you for using support forum. Please refer to the below link. It has all the articles related to captive portal configuration on WAP321/121.

https://supportforums.cisco.com/docs/DOC-32642

Also, if you captive portal configuration on ISA500 series devices are given here:

https://supportforums.cisco.com/docs/DOC-34209

Please let me know if it didn't help.

Thanks,

Vijay S. Venkitachalam

Sent from Cisco Technical Support iPad App

vvijaysa
Level 1
Level 1

‎07-15-2013 01:14 PM

Hello James,

My name is Vijay. Thank you for using support forum. I have tested your case. I found that Captive Portal will only works on VLAN1 (Management VLAN). I understand that you would like have a separate web filtered network for guest users. You can do that by setting up captive portal on WAP321 for your guest users and a separate SSID password for office users network on ISA550.

Please let me know if you have any questions or require further assistance.

Thanks,

Vijay S. Venkitachalam

Richard Fuller
Level 1
Level 1
In response to vvijaysa

‎07-17-2013 03:31 AM

Exactly, I have exactly the same issues with captive portal. CISCO opened a support case last week and yesterday officially told me that this is not a bug, but by design! Officially, this hardware is not designed to enable captive portal on anything other than default VLAN. It is not impossible to set it up on an isolated guest network, which is where 99% of people would want it!

I recommend that people stay well away from this overpriced piece of crap and buy another brand whose products actually work and which have decent support rather than simply being constantly referred to sections in the user manual which offer no help whatsoever.

Sent from Cisco Technical Support iPad App

0 Helpful

Eric Moyers
Level 7
Level 7
In response to Richard Fuller

‎07-17-2013 07:25 AM

Hello Sir, I have responded to you in your other post. I will post here so that others can see my response as well.

It is correct, that the WAP321 with Captive portal assigned to VAP1 or higher, basically needs to have access to the management vlan for DHCP assignment. However, I believe if you setup like this then you should be able to setup some ACL's to complete what you are trying to do. I am going to try this in our labs.

I have several projects going right now. So please be patient.

Thanks

Eric Moyers    .:|:.:|:.

Cisco Small Business US STAC Advanced Support Engineer

CCNA, CCNA-Wireless

866-606-1866

Mon - Fri 09:00 - 18:00 (UTC - 05:00)

0 Helpful
Customers Also Viewed These Support Documents