Follow these steps to configure the connectivity settings for Captive Portal access. In this configuration, the wireless network allows access only by the wireless users who have authenticated successfully. When attempting to access the Internet, the wireless users will be directed to a specific HotSpot Login page to authenticate, and then will be directed to a specified web portal.
1. Enter the following information:
• SSID: Enter the name of the SSID.
• Broadcast SSID: Check this box to broadcast the SSID in its beacon frames. All wireless devices within range are able to see the SSID when they scan for available networks. Uncheck this box to prevent auto-detection of the SSID. In this case, users must know the SSID to set up a wireless connection to this SSID.
• Station Isolation: Check so that the wireless clients on the same SSID will be unable to see each other.
2. In the Security Settings area, choose the Security Mode and configure the corresponding settings. For complete details on configuring the security mode, see Configuring Wireless Security, page 168.
3. In the Authentication area, the authentication method that is used to authenticate the wireless users is displayed. This setting is derived from the user authentication settings. Go to the Users > User Authentication page to configure the authentication method. For complete details, see Configuring User Authentication Settings, page 325.
4. In the Captive Portal Authentication Type area, specify the web authentication method and configure the corresponding settings:
• Web Authentication Type: Choose one of the following methods:
– Internal: Uses the default HotSpot Login page to authenticate the wireless users. The username and password are required to login.
– Internal, no auth with accept button: Allows the wireless users to access the wireless network without entering the username and password. If you choose this option, click the Accept button on the default HotSpot Login page to access the wireless network without authentication.
– External: Uses a custom HotSpot Login page on an external web server to authenticate the wireless users. The username and password are required to login.
– External, no auth with accept button: Allows the wireless users to access the wireless network without entering the username and password. If you choose this option, click the Accept button on the custom HotSpot Login page to access the wireless network without authentication.
• Redirect URL After Login: Enter the desired URL including http:// or https:// in this field (such as the URL for your company: http://www.cisco.com). If you do not specify the portal (blank field), the wireless users will access the original website directly.
For example, if you select Internal for authentication and the web portal is set as http://www.ABcompanyC.com. Then, when a wireless user tries to access an external website such as http://www.google.com, the default HotSpot Login page appears.
Enter the username and password and click Login. After the wireless user logged in, the user is directed to the web portal (http://www.ABcompanyC.com). The online time for the connected wireless user is displayed in the title bar of the login page. Click Logout to log out.
• Authentication Web Server: If you choose External or External, no auth with accept button as the web authentication method, enter the full URL of the external web server (including https://) in this field, for example https://172.24.10.10/cgi-bin/PortalLogin.cgi.
• Authentication Web Key: If you choose External or External, no auth with accept button as the web authentication method, enter the key used to protect the username and password that the external web server sends to your security appliance for authentication.
• Monitored HTTP Port List: Specify the ports to monitor HTTP requests. HTTP requests through the monitored HTTP ports will be directed to the specified web portal page. To add a monitored HTTP port, click Add. To edit an entry, click the Edit (pencil) icon. To delete an entry, click the Delete (x) icon.
NOTE: Captive Portal only monitors HTTPS requests through the port 443.
5. In the Advanced Settings area, specify the following information:
• VLAN Mapping: Choose the VLAN to which the SSID is mapped. All traffic from the wireless clients that are connected to this SSID will be directed to the selected VLAN.
• User Limit: Specify the maximum number of users that can simultaneously connect to this SSID. Enter a value in the range of 0 to 200. The default value is zero (0), which indicates that there is no limit for this SSID.
NOTE: The maximum number of users that can simultaneously connect to all enabled SSIDs is 200.