Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Does Anyone Know of a good Captive Portal solution

It doesn't have to be too sophisticated and I'm willing to put a few to several thousand dollars into it if needed.  I'm in the process of designing and implementing a new guest wireless network.  I have a 2504 Cisco WLC with 75 AP licenses.  I need to find a solution that'll redirect clients to a captive portal page to authenticate then allow me to see who's connected (hostname, IP, MAC, date/time, etc.) and if possible, but not necessary, allow me to block by IP, MAC, and/or device.  Thanks!

Regards,

Terence

14 REPLIES

Does Anyone Know of a good Captive Portal solution

Have you looked at the Cisco WLC captive portal on the WLC ? It redirects to itself or a 3rd party server.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Does Anyone Know of a good Captive Portal solution

I have but I'm not sure if it gives me some of the admin items I'm looking for.  Would it allow me to see the IP, MAC, hostname, etc. from the WLCs GUI?  Would I also be able to force a client to enter an email address?

Does Anyone Know of a good Captive Portal solution

yes you can see the IP, mac and user and the page can be setup to have them enter an email address.  But for the tracking of that information you would need to setup and scrape syslog to get it.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Does Anyone Know of a good Captive Portal solution

That's one thing I don't want to have to do is look through syslog messages to locate that information.  I would like to have a single pane to view all my connected clients who went through the portal, see their info, and be able to block based on any violation of our Internt usage policy.

New Member

Hi Terence,

Hi Terence,

Would you please share some info about how you set up the WLC and packet fence to make it work? I'm facing a similar situation. 

Thank you so much for the help.

New Member

resourceproit,

resourceproit,

In the WLC, you need to create an ACL that allows traffic coming to and from the packetfence server as well as an ip any any.  This will be applied to the WLAN profile. The ACL would look something like this:

Inbound - permit ip any <packetfence ip>/32

Outbound - permit ip <packetfence ip>/32 any

Any Direction - permit ip any any

In the WLAN profile, you'll use layer 3 security instead of layer 2.  I'm using the Passthrough Web Policy where I chose the ACL I created for preauthentication for IPv4.  Check the over-ride global config, choose external for the web auth type, then paste in the URL for the captive portal registration page.

I think this is all I needed to do on the WLC.  As for the PacketFence server, I paid Inverse Support to install and configure the server so I know it was done right.  Their support by the way is excellent!  $5000/year and they'll give you 4 hours I believe of support time to get the server installed, configured, and tested.  It only took 2 hours for ours.

Hope this helps,

Terence

New Member

Hi Terence,

Hi Terence,

It's very helpful. Thanks a lot.

Does Anyone Know of a good Captive Portal solution

Yes, you can capture email, you will see the IP and mac address. Hostname can be found in the dhcp server you use. I think the newer wlc code will show it..

Here is an example

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Does Anyone Know of a good Captive Portal solution

I have a few customers that use the Nomadix solution and they seem to like it. One does credit cards (pay for service) while the other uses it just because its a standalone 'guest' box.

http://www.nomadix.com

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Does Anyone Know of a good Captive Portal solution

ok great!  I'll take a look at it.

Thanks!

Does Anyone Know of a good Captive Portal solution

Here is the comment about email collection:

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml

Q. Is it possible to skip the guest user authentication and display only the web page disclaimer option?

A. Yes. Another configuration option of wireless guest access is to bypass user authentication altogether and allow open access. However, there might be a need to present an acceptable-use policy and disclaimer page to guests before granting access. In order to do this, a guest WLAN can be configured for web policy passthrough. In this scenario, a guest user is redirected to a web portal page which contains disclaimer information. In order to enable identification of the guest user, passthrough mode also has an option for a user to enter an email address before connecting.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Does Anyone Know of a good Captive Portal solution

I'd take a look at bluecoat.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Does Anyone Know of a good Captive Portal solution

Hello everyone,

I wanted to make sure I got back to you once I found a solution.  I decided to go with PacketFence by Inverse.  I was able to get a box up and running with the help of their support and it looks like it's going to turn out great!  So far, my tests on the wired and wireless network seems to provide us what we're looking for (guest registration of their device and info such as email & phone number in case we need to reach a user for troubleshooting or violations).

New Member

Give this a try:

Give this a try:

http://www.patronsoft.com

http://www.patronsoft.com/firstspot/download_trial.html

Free Trial Software.

Price won't kill your budget either.

1695
Views
0
Helpful
14
Replies
CreatePlease to create content