05-27-2010 07:55 AM - edited 03-06-2019 11:17 AM
I am trying to provide a captive portal with the support of some Cisco box.
The requirements are:
- "Unauthorized" source IP addresses on certain interfaces are redirected to an external node.
- There is an interface to change the status of an IP address, such as using Cisco.
- It is possible to define a walled-garden: destination IPs whose traffic is always allowed.
This seems to be supported by the SSG feature (service selection gateway), but I find information that it is end-of-life:
http://cisco.biz/en/US/docs/ios/ssg/configuration/guide/ssg_eol_15m.html
The replacement is ISG but it is supported only on high-end (7600 +) if it should support more than 8,000 subscribers.
So, can any one confirm SSG is EoL and there is no lighter feature than ISG?
Solved! Go to Solution.
05-27-2010 09:58 AM
We use an asa 5510 to do a captive portal for our guest wireless network. The page isn't customizable, but it get's the job done. You just need to add an AAA rule under the Firewall section in the ASDM. You can have it require AAA based on source/destination and service.
Hope this helps
Rick
05-27-2010 09:58 AM
We use an asa 5510 to do a captive portal for our guest wireless network. The page isn't customizable, but it get's the job done. You just need to add an AAA rule under the Firewall section in the ASDM. You can have it require AAA based on source/destination and service.
Hope this helps
Rick
06-02-2010 08:46 AM
Thanks for the suggestion.
In my case, user experience is essential, we definately need to show a customized login page hosted in an external node.
Without hands-on knowledge on Cisco ASA, trying to be creative, I wonder if the following is possible:
1) Define the external login page as always allowed, not requiring authentication.
2) Redirect unauthenticated traffic to the host of the login page.
3) Within my login page, trigger a POST towards the Cisco ASA login page and this in turn a Radius, causing authentication to succeed.
It is point 2) that I am afraid is not possible.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: