Aironet 1200's and the equivalent of Captive Portal?

I enabled my Cisco 1200's just recently to support two vlan's and two SSID's. One is my primary network where users authenticate against ACS 3.3 (RADIUS) to my network via TKIP and PEAP authentication. Works great.

I created a second VLAN, with a second SSID and no authentication. This is for guests. They route through a separate firewall to the Internet and it never touches our corporate network vlan.

My problem is.... how can I still control access to that VLAN without setting up wireless security and having to tell my visitors the key? I don't want to be the business of changing that key constantly on the AP's.

Is there a captive portal equivalent that is supported in Cisco Aironet's? Is there a way I can control how many "guests" are on my AP 1200's at any given time? I thought about getting a better head-end firewall that supports that feature, but that still wouldn't stop them from associating with the AP's in the first place. I'd love to do it at the AP level. I do have Cisco's ACS 3.3 software which I use for Corporate user authentication, so if I could leverage that, it would be great.


Reply to
Loading thread data ...


All you can do on the AP, really, is to control the max # of guest clients that can connect to your guest VLAN on the AP, with the "max-associations" command under that SSID.

As far as a "captive portal" functionality - we don't have that in the AP itself ... you can do it via Web Auth using a WLC (such as the WLC2006) or by using BBSM ... but those might exceed your intended budget ...



Reply to
Aaron Leonard

It was a stretch, but thanks for confirming.


Reply to
Rob Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.