Cisco Support Community
Community Member

WIRELESS IOS AUTONOMOUS + Guest to internet + authenticated via a web page.

Hi to all,

need to configure with:

- AUTONOMOUS IOS AP (NOT use a wireless controller)

- CISCO IOS router 2811

a guest wireless network that only has access to the internet through a vlan WITH HTTP/S GUEST AUTHENTICATION WEB PAGE ?

I know:

"web authorization isn't native to the access point. It is a web authorization portal that is on the WLC."

"Cisco IT example: At present we use GRE tunnels for guest traffic which was a part of legacy guest networking solution we had at Cisco for several years. GRE tunnels get terminated at one the DMZ routers. Each request for a guest connection to the Internet gets authenticated over https by either a Cisco Building BroadBand Services Manager (BBSM) or a Cisco NAC Appliance. Guests get provided with an access code in advance as we use a web based portal/application to produce those. Also we support guest connections for both wireless and wired clients from some switch ports. "

I am looking for any suggestions (are there any feature on CISCO IOS ROUTER for "HTTP/S GUEST AUTHENTICATION WEB PAGE").


Roberto Taccon


Re: WIRELESS IOS AUTONOMOUS + Guest to internet + authenticated

Look at the authentication proxy feature of IOS.

This can prompt on an HTTP page for a username and password and that will come from the router.

Then the router will proxy this to a radius server.

Community Member

Re: WIRELESS IOS AUTONOMOUS + Guest to internet + authenticated

Thanks for the information.

- Is the auth proxy feaure available also on the IOS Autonomous AP ?

- It's possible to configure the local AAA feature (without using an external AAA server) on the router IOS ? and on the AP IOS ?

- Are there any tech. docs about it ?


Roberto Taccon

Re: WIRELESS IOS AUTONOMOUS + Guest to internet + authenticated

If the router with auth proxy is the one providing the ip address on the client connecting to the autonomous AP, it may be an option.

Local AAA will not work with auth proxy as then there you are no longer in a scenario where the router is proxy.

You could get a WLC526 (small controller) to get the web auth, or a free radius server (many out there) that will run on a linux server and then use the http proxy feature.

I personally recommend you to get a WLC, in the long run you will benefit of many more features and you will be able to very easily add other access points.

The WLC526 is the smaller one:

CreatePlease to create content