I am trying to provide a captive portal with the support of some Cisco box.
The requirements are:
- "Unauthorized" source IP addresses on certain interfaces are redirected to an external node.
- There is an interface to change the status of an IP address, such as using Cisco.
- It is possible to define a walled-garden: destination IPs whose traffic is always allowed.
This seems to be supported by the SSG feature (service selection gateway), but I find information that it is end-of-life:
The replacement is ISG but it is supported only on high-end (7600 +) if it should support more than 8,000 subscribers.
So, can any one confirm SSG is EoL and there is no lighter feature than ISG?
We use an asa 5510 to do a captive portal for our guest wireless network. The page isn't customizable, but it get's the job done. You just need to add an AAA rule under the Firewall section in the ASDM. You can have it require AAA based on source/destination and service.
Hope this helps