Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
5
Helpful
3
Replies

WIRELESS IOS AUTONOMOUS + Guest to internet + authenticated via a web page.

ROBERTO TACCON
Level 4
Level 4

‎09-20-2009 09:04 AM - edited ‎07-03-2021 06:04 PM

Hi to all,

need to configure with:

- AUTONOMOUS IOS AP (NOT use a wireless controller)

- CISCO IOS router 2811

a guest wireless network that only has access to the internet through a vlan WITH HTTP/S GUEST AUTHENTICATION WEB PAGE ?

I know:

"web authorization isn't native to the access point. It is a web authorization portal that is on the WLC."

"Cisco IT example: At present we use GRE tunnels for guest traffic which was a part of legacy guest networking solution we had at Cisco for several years. GRE tunnels get terminated at one the DMZ routers. Each request for a guest connection to the Internet gets authenticated over https by either a Cisco Building BroadBand Services Manager (BBSM) or a Cisco NAC Appliance. Guests get provided with an access code in advance as we use a web based portal/application to produce those. Also we support guest connections for both wireless and wired clients from some switch ports. "

I am looking for any suggestions (are there any feature on CISCO IOS ROUTER for "HTTP/S GUEST AUTHENTICATION WEB PAGE").

Thanks.

Roberto Taccon

Labels:
0 Helpful
3 Replies 3

Lucien Avramov
Level 10
Level 10

‎09-20-2009 09:22 AM

Look at the authentication proxy feature of IOS.

This can prompt on an HTTP page for a username and password and that will come from the router.

Then the router will proxy this to a radius server.

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_authen_prxy_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1054809

ROBERTO TACCON
Level 4
Level 4
In response to Lucien Avramov

‎09-20-2009 09:53 AM

Thanks for the information.

- Is the auth proxy feaure available also on the IOS Autonomous AP ?

- It's possible to configure the local AAA feature (without using an external AAA server) on the router IOS ? and on the AP IOS ?

- Are there any tech. docs about it ?

Regards.

Roberto Taccon

0 Helpful

Lucien Avramov
Level 10
Level 10
In response to ROBERTO TACCON

‎09-20-2009 07:39 PM

If the router with auth proxy is the one providing the ip address on the client connecting to the autonomous AP, it may be an option.

Local AAA will not work with auth proxy as then there you are no longer in a scenario where the router is proxy.

You could get a WLC526 (small controller) to get the web auth, or a free radius server (many out there) that will run on a linux server and then use the http proxy feature.

I personally recommend you to get a WLC, in the long run you will benefit of many more features and you will be able to very easily add other access points.

The WLC526 is the smaller one:

http://www.cisco.com/en/US/docs/wireless/controller/526/1.5/configuration/guide/2_add_contr.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card