Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1034
Views
0
Helpful
6
Replies

authenticating users who access the LAN

Go to solution
j.langton
Level 1
Level 1

‎08-11-2006 02:17 PM - edited ‎07-04-2021 12:50 PM

We have a Cisco 1200 Aironet and would like to challange anyone accessing our network for their credentials (perhaps like a wireless hotspot)? The users will only have access to the internet so security is not a concern for us.

How can we do this without having to make changes to the client PC?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scottmac
Level 10
Level 10

‎08-11-2006 03:29 PM

Search around for "captive portal."

Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do).

This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.

Good Luck

Scott

View solution in original post

0 Helpful
6 Replies 6

Go to solution
scottmac
Level 10
Level 10

‎08-11-2006 03:29 PM

Search around for "captive portal."

Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do).

This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.

Good Luck

Scott

0 Helpful

Go to solution
j.langton
Level 1
Level 1
In response to scottmac

‎08-28-2006 01:30 PM

Thanks. I settled on pfSense from www.pfsense.org. They have done an excellent job with this project and have it well documented. It runs on FreeBSD and uses CARP for load blanacing and redundancy. Also, they say that it will run on a 486 with 16 Mb of RAM.

Definitely worth a look for anyone looking for a captive portal that is built around a nice firewall.

0 Helpful

Go to solution
ericgarnel
Level 7
Level 7
In response to j.langton

‎08-31-2006 06:10 AM

We use it too. If there is no need for any auth (which it can do too) It makes for an excellent splash page portal. Our purpose is to redirect guest browsers to our acceptible usage policy page and then allow them out to the world.

*BSD, linux & other iptables based firewalls are not as nice to multiple vpn connections from behind, so we use a pair of pixes for nonbrowser traffic. The wifi guest network lives behind a router with route policies that direct ports 80,443 & 8000 (portal access) to the pfsense server and all the rest to the PIX

Pfsense can run in a failover setup via carp

It works like a champ for us.

0 Helpful

Go to solution
jwjohansen
Level 1
Level 1

‎08-28-2006 03:41 PM

The cleanest way, in my opinion to do this is to use Cisco ACS. It ties right into AD. I would also combine this with a locked down vlan on the WAP

0 Helpful

Go to solution
j.langton
Level 1
Level 1
In response to jwjohansen

‎08-29-2006 05:23 AM

Yep, the pfSense captive portal allows for RADIUS authentication so you can use the Cisco ACS Secure Server. I am not a fan of tying it to AD though.

0 Helpful

Go to solution
jwjohansen
Level 1
Level 1
In response to j.langton

‎08-29-2006 09:04 AM

Just curious about not linking ACS to AD...

Why?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card