Aironet 1200's and the equivalent of Captive Portal?

Discussion in 'Cisco' started by Rob, Nov 18, 2005.

  1. Rob

    Rob Guest

    I enabled my Cisco 1200's just recently to support two vlan's and two
    SSID's. One is my primary network where users authenticate against
    ACS 3.3 (RADIUS) to my network via TKIP and PEAP authentication.
    Works great.

    I created a second VLAN, with a second SSID and no authentication.
    This is for guests. They route through a separate firewall to the
    Internet and it never touches our corporate network vlan.

    My problem is.... how can I still control access to that VLAN without
    setting up wireless security and having to tell my visitors the key?
    I don't want to be the business of changing that key constantly on the
    AP's.

    Is there a captive portal equivalent that is supported in Cisco
    Aironet's? Is there a way I can control how many "guests" are on my
    AP 1200's at any given time? I thought about getting a better
    head-end firewall that supports that feature, but that still wouldn't
    stop them from associating with the AP's in the first place. I'd love
    to do it at the AP level. I do have Cisco's ACS 3.3 software which I
    use for Corporate user authentication, so if I could leverage that, it
    would be great.

    -Bob
     
    Rob, Nov 18, 2005
    #1
    1. Advertisements

  2. Bob,

    All you can do on the AP, really, is to control the max # of guest
    clients that can connect to your guest VLAN on the AP, with the
    "max-associations" command under that SSID.

    As far as a "captive portal" functionality - we don't have that in
    the AP itself ... you can do it via Web Auth using a WLC (such as the
    WLC2006) or by using BBSM ... but those might exceed your intended
    budget ...

    Cheers,

    Aaron

    ---


    ~ I enabled my Cisco 1200's just recently to support two vlan's and two
    ~ SSID's. One is my primary network where users authenticate against
    ~ ACS 3.3 (RADIUS) to my network via TKIP and PEAP authentication.
    ~ Works great.
    ~
    ~ I created a second VLAN, with a second SSID and no authentication.
    ~ This is for guests. They route through a separate firewall to the
    ~ Internet and it never touches our corporate network vlan.
    ~
    ~ My problem is.... how can I still control access to that VLAN without
    ~ setting up wireless security and having to tell my visitors the key?
    ~ I don't want to be the business of changing that key constantly on the
    ~ AP's.
    ~
    ~ Is there a captive portal equivalent that is supported in Cisco
    ~ Aironet's? Is there a way I can control how many "guests" are on my
    ~ AP 1200's at any given time? I thought about getting a better
    ~ head-end firewall that supports that feature, but that still wouldn't
    ~ stop them from associating with the AP's in the first place. I'd love
    ~ to do it at the AP level. I do have Cisco's ACS 3.3 software which I
    ~ use for Corporate user authentication, so if I could leverage that, it
    ~ would be great.
    ~
    ~ -Bob
     
    Aaron Leonard, Nov 18, 2005
    #2
    1. Advertisements

  3. Rob

    Rob Guest

    It was a stretch, but thanks for confirming.

    bob
     
    Rob, Nov 19, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.