Cisco Systems 15.2(2)JA Universal Remote User Manual


 
11-25
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter 11 Configuring Authentication Types
Guest Access Management
Guest access is allowed for a maximum of twent-four days and a minimum of five minutes.
Beginning in privileged EXEC mode, use this command to delete a guest user:
ap# clear dot11 guest-user Gues-1
Beginning in privileged EXEC mode, use this command to display guest users:
ap# show dot11 guest-users
Customized Guest Access page
The guest access page can be customized to display a custom logo or other images. The guest login page
can be edited and loaded into flash. It is mandatory to load the login page, success page, and expired and
failure pages when we choose Customized Webauth.
Perform these steps to customize the login page, success page, expired and failure page:
Step 1 Browse to the Guest Management Services page on the access point in the GUI.
Step 2 Select Webauth Login.
Step 3 Browse and upload these pages from your local server:
Success Page
Failure Page
Expired page
Step 4 Select the file transfer method : FTP or TFTP.
Step 5 Enter the Username.
Step 6 Enter the Password.
Step 7 Enter the Allowed-In ACL Name and the Allowed-Out ACL Name.
Step 8 Click Close Window to save your changes.
Beginning in privileged EXEC mode, use these commands to load all the edited files to flash:
ap(config)# ip auth-proxy proxy http login page file flash:web_login.html
ap(config)# ip auth-proxy proxy http success page file flash:web_success.html
ap(config)# ip auth-proxy proxy http failure page file flash:web_fail.html
ap(config)# ip auth-proxy proxy http login expired page file flash:web_logout.html
Some ACL commands are also required to complete customizing of the guest access page. Beginning in
privileged EXEC mode, use these ACL commands:
ap(config)# dot11 webauth allowed incoming webauth_acl_in outgoing webaut_acl_out
ap(config)# ip access-list extended webauth_acl_in
ap(config-ext-nacl)# permit tcp any host 40.40.5.10 eq www
ap(config-ext-nacl)# permit tcp any host 40.40.5.10 eq 443
ap(config-ext-nacl)# permit tcp any host 40.40.5.10 eq 443
ap(config-ext-nacl)# exit
ap(config)# ip access-list extended webauth_acl_out
ap(config-ext-nacl)# permit tcp any host 40.40.5.10 eq www