Internet Access Splash Page for guest users

colin.lynch · ‎12-21-2004

I need a solution, where I can provide a wireless LAN with Internet access for guests. No client configuration can take place i.e Proxy settings.

A splash page of terms and conditions needs to automatically pop up and if accepted Intenet Access can occur. I will be using 802.1x authentication for corporate users but guests will drop into this "Guest VLAN" I have looked at the BBSM but it seems excessive for this solution which will not be charged.

My question is: is there anyway of setting an AP or the like to automatically give a splash page to a guest user to accept the Internet usage policy. If not which is the best way of doing this?

Thanks in advance

Colin Lynch

dewman03 · ‎12-21-2004

I have though of a way to do this as well, and this is what i have come up with.You need 3 vlans

1 vlan will be open with no wep and broadcasting the ssid. This will allow anyone to connect. On this vlan have a DHCP and DNS server. Then, im not exactly how to do this on the dns server, redirect all http requests to a server you run, that servers up up a registration web page. This means that a person would have to try and use a web browser to see the splash screen. Also, im not sure exactly how you would set up your dns server, i hope would would not need an alais for every possible commen web page, and that you can redirect ALL traffic to a specific host. Anyway,

another VLAN excrypeted for your corp users

another vlan that provides a proper dns server, so that users can browse the internet

Well, im not sure if this could even work, I would like some imput too.

o-ziltener · ‎12-22-2004

perhaps "ip redirection" in IOS 12.3(2)JA feature could work for you.

best regards

Oliver

scottmac · ‎12-22-2004

Check out "nocat.net" (no www).

I believe they offer an open source "captive portal" (nocatauth) that will do what you're looking for (authenticate at the splash screen).

If you Google on "Free Captive Portal" there are a few pages of possibilities.

Good Luck

Scott

sorvarit · ‎06-17-2005

Check out ZoneCD at www.publicip.net.

A free bootable linux hotspot solution. You need a pc with two nics and 128Mb ram minimum. We currently use an old Compaq with a PIII500mhz cpu.

ZoneCD includes nocat, squid, dansguardian, splashscreen etc. You can customize total bandwith for your guestnet and also limit bandwith, time and download for each user.

We use this solution on a single vlan and ssid to almost 60 AP1231 in our corporate network. Have tweaked the dhcpscope to give around 500 adresses.

Orjan

jmagnusson · ‎12-22-2004

Be careful with open access...on a production network.

* Wireless is shared medium - would you want some guest user chewing up bandwidth causing issues with production users ? NO

* Without a gateway device or access rules in place these users will spread viruses on your network

kwonza · ‎12-23-2004

We are also looking at a similar soultion. A gateway is definitely a must. We have looked at both BBSM and Bluesocket. Bluesocket, I must say offers all these features plus more. We are also looking at a Cisco Pix solution to offer this service to customers in the HealthCare industry. You must also consider having a NDA at your splash screen since you will not be proxying any content.

kwonza · ‎12-23-2004

We are also looking at a similar solution. A gateway is definitely a must. We have looked at both BBSM and Bluesocket. Bluesocket, I must say offers all these features plus more. We are also looking at a Cisco Pix solution to offer this service to customers in the HealthCare industry. You must also consider having a NDA at your splash screen since you will not be proxying any content.

colin.lynch · ‎12-24-2004

This will be a designated guest VLAN all 802.1x successfully authenticated users will be assigned to a seperate production VLAN, firewalled from the guest VLAN.

The required coutersey captive portal solution is only for visitors to that company. So yes I will have a gateway of some sort to automatically redirect the guests to the T&C's splash page.

It just seemed excessive to put in a BBSM or Service Selection Gateway (SSG) Solution in just for a splash page. The BBSM and SSG are more for public access and metered chargeable service.

I have had a look into using IP redirection, but it is seemingly ,looking like I will go with the BBSM.

There are many shareware captive portal apps, but these would require a server which would in turn need to be hardened and the fact that this is a high profile site a Cisco solution is highly desired.

Thanks for all your input

Colin

mghcisco · ‎03-05-2005

Remember too, that a legitmate employee with a laptop could be plugged into and authenticated to the wired network and have a wireless card also connected to the guest Internet, thus, exposing your network and data to security issues.

d.beaver · ‎03-07-2005

We built a wireless network for a hospital with 3 VLAN's, one being a guest VLAN and encountered several issues, one being what was just described. The biggest however was guests playing online games and using up important bandwidth. Bluesocket at least lets you throttle each users bandwidth so you can give guest users 128K max and that's all they'll ever get. It will also allow you to create that splash page you need for guests.

kejeusa · ‎06-14-2005

i'm in the same boat right now.. having to authenticate public users via a captive portal. just to have them sign off on user agreement.

any help from someone that has got it working would be great

jmagnusson · ‎06-14-2005

Have you looked at Cisco Clean Access _ in band solution ?

kejeusa · ‎06-14-2005

this is first i've heard about it. have you deployed this yourself and what where some of the requirements and incorporation processes

kwonza · ‎06-15-2005

We looked at both Cisco BBSM (going away), and Clean Access. We decided on Bluesocket (10k for WG2100). Since we have WLAN's everywhere and will be providing free wifi for guest, this was the better solution for us. This appliance can do 1x as well as VPN pass-through. I haven't seen any configs with an AP for a splash screen.