Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

authenticating users who access the LAN

We have a Cisco 1200 Aironet and would like to challange anyone accessing our network for their credentials (perhaps like a wireless hotspot)? The users will only have access to the internet so security is not a concern for us.

How can we do this without having to make changes to the client PC?

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: authenticating users who access the LAN

Search around for "captive portal."

Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do).

This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.

Good Luck

Scott

6 REPLIES
Green

Re: authenticating users who access the LAN

Search around for "captive portal."

Cisco's captive portal (stand-alone) is BBSM, there are several "open" solutions, one of which is "nocat" (which runs on *nix, I think most of the open solutions do).

This is a web page that pops up when the client first accesses the network, and requires some action (like an acknowledgement of no liability on the bandwidth supplier) must be taken.

Good Luck

Scott

New Member

Re: authenticating users who access the LAN

Thanks. I settled on pfSense from www.pfsense.org. They have done an excellent job with this project and have it well documented. It runs on FreeBSD and uses CARP for load blanacing and redundancy. Also, they say that it will run on a 486 with 16 Mb of RAM.

Definitely worth a look for anyone looking for a captive portal that is built around a nice firewall.

Re: authenticating users who access the LAN

We use it too. If there is no need for any auth (which it can do too) It makes for an excellent splash page portal. Our purpose is to redirect guest browsers to our acceptible usage policy page and then allow them out to the world.

*BSD, linux & other iptables based firewalls are not as nice to multiple vpn connections from behind, so we use a pair of pixes for nonbrowser traffic. The wifi guest network lives behind a router with route policies that direct ports 80,443 & 8000 (portal access) to the pfsense server and all the rest to the PIX

Pfsense can run in a failover setup via carp

It works like a champ for us.

New Member

Re: authenticating users who access the LAN

The cleanest way, in my opinion to do this is to use Cisco ACS. It ties right into AD. I would also combine this with a locked down vlan on the WAP

New Member

Re: authenticating users who access the LAN

Yep, the pfSense captive portal allows for RADIUS authentication so you can use the Cisco ACS Secure Server. I am not a fan of tying it to AD though.

New Member

Re: authenticating users who access the LAN

Just curious about not linking ACS to AD...

Why?

246
Views
0
Helpful
6
Replies
CreatePlease to create content