Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
0
Replies

using splash page with 802.1x ( layer 2 + layer 3 )

atifali.zaidi1
Level 1
Level 1

‎06-01-2017 02:17 AM - edited ‎07-05-2021 07:08 AM

Hello Experts , I have the following requirement

I have an SSID enabled in my environment which is 802.1x enabled , and using Microsoft NPS servers as AAA servers.

now this SSID would be getting replaced , and it needs to be converted into internet only SSID . which means that we would like to anchor this SSID to an anchor controller placed in an DMZ .

the user gets authenticated first using 802.1x using Microsoft NPS , and then he/she should get a splash page stating that this SSID is internet only and they should be using a new SSID ( we will mention the name of the SSID in that message).

it is a strict requirement that the users shall get authenticated to the NPS server first .

so the foreign controller that I have is a 5520 and the anchor controller is a 5508 ( if this testing succeeds , then we will have a 5520 as an anchor ).

I was reading the configuration guide for 5520 and saw the following

Splash Page Web Redirect

If you enable splash page web redirect, the user is redirected to a particular web page after 802.1X authentication

has completed successfully. After the redirect, the user has full access to the network. You can specify the

redirect page on your RADIUS server and the corresponding ACL to allow access to this server in

"url-redirect-acl". If the RADIUS server returns the Cisco AV-pair “url-redirect,” then the user is redirected

to the specified URL upon opening a browser. The client is considered fully authorized at this point and is

allowed to pass traffic, even if the RADIUS server does not return a “url-redirect.”

The splash page web redirect feature is available only for WLANs that are configured for 802.1X or

WPA+WPA2 Layer 2 security with 802.1x key management. Preshared key management is not supported

with any Layer 2 security method.

Note :Suppose there are backend applications running on the wireless clients and they use HTTP or HTTPS port

for their communication. If the applications start communicating before the actual web page is opened, the

redirect functionality does not work with web passthrough.

After you configure the RADIUS server, you can then configure the splash page web redirect on the controller

using either the controller GUI or CLI.

so can somebody explain , how can i accomplish this ?

what changes would i need on the controller ( i guess an acl to direct the users to NPS server IP address) and what changes are needed on the NPS ?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card