Aironet 1200's and the equivalent of Captive Portal?

Discussion in 'Cisco' started by Rob, Nov 18, 2005.

  1. Rob

    Rob Guest

    I enabled my Cisco 1200's just recently to support two vlan's and two
    SSID's. One is my primary network where users authenticate against
    ACS 3.3 (RADIUS) to my network via TKIP and PEAP authentication.
    Works great.

    I created a second VLAN, with a second SSID and no authentication.
    This is for guests. They route through a separate firewall to the
    Internet and it never touches our corporate network vlan.

    My problem is.... how can I still control access to that VLAN without
    setting up wireless security and having to tell my visitors the key?
    I don't want to be the business of changing that key constantly on the
    AP's.

    Is there a captive portal equivalent that is supported in Cisco
    Aironet's? Is there a way I can control how many "guests" are on my
    AP 1200's at any given time? I thought about getting a better
    head-end firewall that supports that feature, but that still wouldn't
    stop them from associating with the AP's in the first place. I'd love
    to do it at the AP level. I do have Cisco's ACS 3.3 software which I
    use for Corporate user authentication, so if I could leverage that, it
    would be great.

    -Bob
     
    Rob, Nov 18, 2005
    #1
    1. Advertising

  2. Bob,

    All you can do on the AP, really, is to control the max # of guest
    clients that can connect to your guest VLAN on the AP, with the
    "max-associations" command under that SSID.

    As far as a "captive portal" functionality - we don't have that in
    the AP itself ... you can do it via Web Auth using a WLC (such as the
    WLC2006) or by using BBSM ... but those might exceed your intended
    budget ...

    Cheers,

    Aaron

    ---


    ~ I enabled my Cisco 1200's just recently to support two vlan's and two
    ~ SSID's. One is my primary network where users authenticate against
    ~ ACS 3.3 (RADIUS) to my network via TKIP and PEAP authentication.
    ~ Works great.
    ~
    ~ I created a second VLAN, with a second SSID and no authentication.
    ~ This is for guests. They route through a separate firewall to the
    ~ Internet and it never touches our corporate network vlan.
    ~
    ~ My problem is.... how can I still control access to that VLAN without
    ~ setting up wireless security and having to tell my visitors the key?
    ~ I don't want to be the business of changing that key constantly on the
    ~ AP's.
    ~
    ~ Is there a captive portal equivalent that is supported in Cisco
    ~ Aironet's? Is there a way I can control how many "guests" are on my
    ~ AP 1200's at any given time? I thought about getting a better
    ~ head-end firewall that supports that feature, but that still wouldn't
    ~ stop them from associating with the AP's in the first place. I'd love
    ~ to do it at the AP level. I do have Cisco's ACS 3.3 software which I
    ~ use for Corporate user authentication, so if I could leverage that, it
    ~ would be great.
    ~
    ~ -Bob
     
    Aaron Leonard, Nov 18, 2005
    #2
    1. Advertising

  3. Rob

    Rob Guest

    It was a stretch, but thanks for confirming.

    bob




    On Fri, 18 Nov 2005 16:06:45 -0700, Aaron Leonard <>
    wrote:

    >Bob,
    >
    >All you can do on the AP, really, is to control the max # of guest
    >clients that can connect to your guest VLAN on the AP, with the
    >"max-associations" command under that SSID.
    >
    >As far as a "captive portal" functionality - we don't have that in
    >the AP itself ... you can do it via Web Auth using a WLC (such as the
    >WLC2006) or by using BBSM ... but those might exceed your intended
    >budget ...
    >
    >Cheers,
    >
    >Aaron
    >
    >---
    >
    >
    >~ I enabled my Cisco 1200's just recently to support two vlan's and two
    >~ SSID's. One is my primary network where users authenticate against
    >~ ACS 3.3 (RADIUS) to my network via TKIP and PEAP authentication.
    >~ Works great.
    >~
    >~ I created a second VLAN, with a second SSID and no authentication.
    >~ This is for guests. They route through a separate firewall to the
    >~ Internet and it never touches our corporate network vlan.
    >~
    >~ My problem is.... how can I still control access to that VLAN without
    >~ setting up wireless security and having to tell my visitors the key?
    >~ I don't want to be the business of changing that key constantly on the
    >~ AP's.
    >~
    >~ Is there a captive portal equivalent that is supported in Cisco
    >~ Aironet's? Is there a way I can control how many "guests" are on my
    >~ AP 1200's at any given time? I thought about getting a better
    >~ head-end firewall that supports that feature, but that still wouldn't
    >~ stop them from associating with the AP's in the first place. I'd love
    >~ to do it at the AP level. I do have Cisco's ACS 3.3 software which I
    >~ use for Corporate user authentication, so if I could leverage that, it
    >~ would be great.
    >~
    >~ -Bob
     
    Rob, Nov 19, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andre Paetzold

    Aironet 1200 and Aironet 1300 compatible?

    Andre Paetzold, Dec 8, 2004, in forum: Cisco
    Replies:
    2
    Views:
    884
    Andre Paetzold
    Dec 9, 2004
  2. nick

    radius or captive portal?

    nick, Oct 4, 2006, in forum: Computer Security
    Replies:
    0
    Views:
    555
  3. ASAAR

    Captive shark had 'virgin birth'

    ASAAR, May 24, 2007, in forum: Digital Photography
    Replies:
    0
    Views:
    272
    ASAAR
    May 24, 2007
  4. Gordon Henderson

    Captive broadband issues...

    Gordon Henderson, Sep 24, 2008, in forum: UK VOIP
    Replies:
    5
    Views:
    441
  5. (PeteCresswell)

    "Captive Hearts": Bar Code?

    (PeteCresswell), Sep 3, 2012, in forum: DVD Video
    Replies:
    3
    Views:
    925
    (PeteCresswell)
    Sep 4, 2012
Loading...

Share This Page