cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1034
Views
0
Helpful
6
Replies

authenticating users who access the LAN

j.langton
Level 1
Level 1

We have a Cisco 1200 Aironet and would like to challange anyone accessing our network for their credentials (perhaps like a wireless hotspot)? The users will only have access to the internet so security is not a concern for us.

How can we do this without having to make changes to the client PC?

1 Accepted Solution

Accepted Solutions

scottmac
Level 10
Level 10

Search around for "captive portal."

Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do).

This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.

Good Luck

Scott

View solution in original post

6 Replies 6

scottmac
Level 10
Level 10

Search around for "captive portal."

Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do).

This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.

Good Luck

Scott

Thanks. I settled on pfSense from www.pfsense.org. They have done an excellent job with this project and have it well documented. It runs on FreeBSD and uses CARP for load blanacing and redundancy. Also, they say that it will run on a 486 with 16 Mb of RAM.

Definitely worth a look for anyone looking for a captive portal that is built around a nice firewall.

We use it too. If there is no need for any auth (which it can do too) It makes for an excellent splash page portal. Our purpose is to redirect guest browsers to our acceptible usage policy page and then allow them out to the world.

*BSD, linux & other iptables based firewalls are not as nice to multiple vpn connections from behind, so we use a pair of pixes for nonbrowser traffic. The wifi guest network lives behind a router with route policies that direct ports 80,443 & 8000 (portal access) to the pfsense server and all the rest to the PIX

Pfsense can run in a failover setup via carp

It works like a champ for us.

jwjohansen
Level 1
Level 1

The cleanest way, in my opinion to do this is to use Cisco ACS. It ties right into AD. I would also combine this with a locked down vlan on the WAP

Yep, the pfSense captive portal allows for RADIUS authentication so you can use the Cisco ACS Secure Server. I am not a fan of tying it to AD though.

Just curious about not linking ACS to AD...

Why?

Review Cisco Networking for a $25 gift card