WIRELESS IOS AUTONOMOUS + Guest to internet + authenticated via a web page.

Unanswered Question
Sep 20th, 2009
User Badges:

Hi to all,


need to configure with:


- AUTONOMOUS IOS AP (NOT use a wireless controller)

- CISCO IOS router 2811


a guest wireless network that only has access to the internet through a vlan WITH HTTP/S GUEST AUTHENTICATION WEB PAGE ?




I know:


"web authorization isn't native to the access point. It is a web authorization portal that is on the WLC."


"Cisco IT example: At present we use GRE tunnels for guest traffic which was a part of legacy guest networking solution we had at Cisco for several years. GRE tunnels get terminated at one the DMZ routers. Each request for a guest connection to the Internet gets authenticated over https by either a Cisco Building BroadBand Services Manager (BBSM) or a Cisco NAC Appliance. Guests get provided with an access code in advance as we use a web based portal/application to produce those. Also we support guest connections for both wireless and wired clients from some switch ports. "



I am looking for any suggestions (are there any feature on CISCO IOS ROUTER for "HTTP/S GUEST AUTHENTICATION WEB PAGE").


Thanks.

Roberto Taccon



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Lucien Avramov Sun, 09/20/2009 - 09:22
User Badges:
  • Red, 2250 points or more

Look at the authentication proxy feature of IOS.


This can prompt on an HTTP page for a username and password and that will come from the router.


Then the router will proxy this to a radius server.


http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authen_prxy_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054809



ROBERTO TACCON Sun, 09/20/2009 - 09:53
User Badges:

Thanks for the information.


- Is the auth proxy feaure available also on the IOS Autonomous AP ?


- It's possible to configure the local AAA feature (without using an external AAA server) on the router IOS ? and on the AP IOS ?


- Are there any tech. docs about it ?


Regards.


Roberto Taccon


Lucien Avramov Sun, 09/20/2009 - 19:39
User Badges:
  • Red, 2250 points or more

If the router with auth proxy is the one providing the ip address on the client connecting to the autonomous AP, it may be an option.

Local AAA will not work with auth proxy as then there you are no longer in a scenario where the router is proxy.


You could get a WLC526 (small controller) to get the web auth, or a free radius server (many out there) that will run on a linux server and then use the http proxy feature.


I personally recommend you to get a WLC, in the long run you will benefit of many more features and you will be able to very easily add other access points.


The WLC526 is the smaller one:

http://www.cisco.com/en/US/docs/wireless/controller/526/1.5/configuration/guide/2_add_contr.html

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode