08-11-2006 02:17 PM - edited 07-04-2021 12:50 PM
We have a Cisco 1200 Aironet and would like to challange anyone accessing our network for their credentials (perhaps like a wireless hotspot)? The users will only have access to the internet so security is not a concern for us.
How can we do this without having to make changes to the client PC?
Solved! Go to Solution.
08-11-2006 03:29 PM
Search around for "captive portal."
Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do).
This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.
Good Luck
Scott
08-11-2006 03:29 PM
Search around for "captive portal."
Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do).
This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.
Good Luck
Scott
08-28-2006 01:30 PM
Thanks. I settled on pfSense from www.pfsense.org. They have done an excellent job with this project and have it well documented. It runs on FreeBSD and uses CARP for load blanacing and redundancy. Also, they say that it will run on a 486 with 16 Mb of RAM.
Definitely worth a look for anyone looking for a captive portal that is built around a nice firewall.
08-31-2006 06:10 AM
We use it too. If there is no need for any auth (which it can do too) It makes for an excellent splash page portal. Our purpose is to redirect guest browsers to our acceptible usage policy page and then allow them out to the world.
*BSD, linux & other iptables based firewalls are not as nice to multiple vpn connections from behind, so we use a pair of pixes for nonbrowser traffic. The wifi guest network lives behind a router with route policies that direct ports 80,443 & 8000 (portal access) to the pfsense server and all the rest to the PIX
Pfsense can run in a failover setup via carp
It works like a champ for us.
08-28-2006 03:41 PM
The cleanest way, in my opinion to do this is to use Cisco ACS. It ties right into AD. I would also combine this with a locked down vlan on the WAP
08-29-2006 05:23 AM
Yep, the pfSense captive portal allows for RADIUS authentication so you can use the Cisco ACS Secure Server. I am not a fan of tying it to AD though.
08-29-2006 09:04 AM
Just curious about not linking ACS to AD...
Why?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide