Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Support for Captive Portal?

I am trying to provide a captive portal with the support of some Cisco box.

The requirements are:

- "Unauthorized" source IP addresses on certain interfaces are redirected to an external node.

- There is an interface to change the status of an IP address, such as using Cisco.

- It is possible to define a walled-garden: destination IPs whose traffic is always allowed.

This seems to be supported by the SSG feature (service selection gateway), but I find information that it is end-of-life:

http://cisco.biz/en/US/docs/ios/ssg/configuration/guide/ssg_eol_15m.html

The replacement is ISG but it is supported only on high-end (7600 +) if it should support more than 8,000 subscribers.

So, can any one confirm SSG is EoL and there is no lighter feature than ISG?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Support for Captive Portal?

We use an asa 5510 to do a captive portal for our guest wireless network.  The page isn't customizable, but it get's the job done.  You just need to add an AAA rule under the Firewall section in the ASDM.  You can have it require AAA based on source/destination and service.

Hope this helps

Rick

2 REPLIES
New Member

Re: Support for Captive Portal?

We use an asa 5510 to do a captive portal for our guest wireless network.  The page isn't customizable, but it get's the job done.  You just need to add an AAA rule under the Firewall section in the ASDM.  You can have it require AAA based on source/destination and service.

Hope this helps

Rick

New Member

Re: Support for Captive Portal?

Thanks for the suggestion.

In my case, user experience is essential, we definately need to show a customized login page hosted in an external node.

Without hands-on knowledge on Cisco ASA, trying to be creative, I wonder if the following is possible:

1) Define the external login page as always allowed, not requiring authentication.

2) Redirect unauthenticated traffic to the host of the login page.

3) Within my login page, trigger a POST towards the Cisco ASA login page and this in turn a Radius, causing authentication to succeed.

It is point 2) that I am afraid is not possible.

2475
Views
0
Helpful
2
Replies