Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3005
Views
0
Helpful
2
Replies

Support for Captive Portal?

Go to solution
MCentrick2010
Level 1
Level 1

‎05-27-2010 07:55 AM - edited ‎03-06-2019 11:17 AM

I am trying to provide a captive portal with the support of some Cisco box.

The requirements are:

- "Unauthorized" source IP addresses on certain interfaces are redirected to an external node.

- There is an interface to change the status of an IP address, such as using Cisco.

- It is possible to define a walled-garden: destination IPs whose traffic is always allowed.

This seems to be supported by the SSG feature (service selection gateway), but I find information that it is end-of-life:

http://cisco.biz/en/US/docs/ios/ssg/configuration/guide/ssg_eol_15m.html

The replacement is ISG but it is supported only on high-end (7600 +) if it should support more than 8,000 subscribers.

So, can any one confirm SSG is EoL and there is no lighter feature than ISG?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rick Arps
Level 4
Level 4

‎05-27-2010 09:58 AM

We use an asa 5510 to do a captive portal for our guest wireless network.  The page isn't customizable, but it get's the job done.  You just need to add an AAA rule under the Firewall section in the ASDM.  You can have it require AAA based on source/destination and service.

Hope this helps

Rick

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rick Arps
Level 4
Level 4

‎05-27-2010 09:58 AM

We use an asa 5510 to do a captive portal for our guest wireless network.  The page isn't customizable, but it get's the job done.  You just need to add an AAA rule under the Firewall section in the ASDM.  You can have it require AAA based on source/destination and service.

Hope this helps

Rick

0 Helpful

Go to solution
MCentrick2010
Level 1
Level 1
In response to Rick Arps

‎06-02-2010 08:46 AM

Thanks for the suggestion.

In my case, user experience is essential, we definately need to show a customized login page hosted in an external node.

Without hands-on knowledge on Cisco ASA, trying to be creative, I wonder if the following is possible:

1) Define the external login page as always allowed, not requiring authentication.

2) Redirect unauthenticated traffic to the host of the login page.

3) Within my login page, trigger a POST towards the Cisco ASA login page and this in turn a Radius, causing authentication to succeed.

It is point 2) that I am afraid is not possible.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card