How to configure 802.1x for guest wireless access?

willsmith1701 · ‎09-08-2016

We are running into problems with captive portal guest access not working because of HSTS now being enforced by browsers. I keep reading that using 802.1x is the solution, but I can't figure out how to set that up for guests. We do not need guest users to log in, we just want them to be presented with an acceptable use policy that must be agreed to before being allowed on the guest network. How can this be configured with 802.1x? Our controllers are 5508's and 5520's running 8.0.110.0 and 8.2.111.0. We have a Windows 2012 radius server for company owned equipment and AD user 802.1x authentications. How can 802.1x and radius be leveraged for guest access without requiring user login?

Sandeep Choudhary · ‎09-08-2016

I think you need web-passthrough to allow guest user to click and direct to access internet:

Here is the config guide:

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/107474-web-pass-config.html

*** From here you can download the custom webauth html page:

https://software.cisco.com/download/release.html?mdfid=282600534&softwareid=282791507&release=1.0.2&relind=AVAILABLE&rellifecycle=&reltype=latest

Regards

Dont forget to rate helpful posts

willsmith1701 · ‎09-08-2016

Sandeep,

Thanks for replying, but web-passthrough is the current configuration that has stopped working because of the browsers strict enforcement of HSTS. The redirect causes a certificate mismatch which the current browsers no longer allow the user to override and continue on to the captive portal page.