Filter
Top Products
11-23
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-29225-01
Chapter 11 Configuring Authentication Types
Guest Access Management
Guest access is allowed through these methods:
• Web Authentication (secured)
• Web Pass-through
Web Authentication (secured)
Web authentication is a Layer 3 security feature that enables the Autonomous AP to block IP traffic
(except DHCP & DNS-related packets) until the guest provides a valid username and password.
In web authentication, a separate username and password must be defined for each guest. Using the
username and password, the guest is authenticated either by the local radius server or an external
RADIUS server.
Perform these steps to enable web authentication:
Step 1 Browse to the Secuirty page on the access point GUI.
Step 2 Select SSID Manager.
Step 3 Check the Web Authentication check box.
Beginning in privileged EXEC mode, use these commands to enable web authentication:
• To enable web authentication under SSID. The Network Security Type is set to none because only
open authentication is supported in web authentication.
–
ap(config)# dot11 ssid guestssid
–
ap(config-ssid)# web-auth
–
ap(config-ssid)# authentication open
–
ap(config-ssid)# exit
• To enable web authentication:
–
ap(config)# ip admission name Web_auth proxy http
–
ap(config)# interface dot11Radio 0
–
ap(config-if)# ip admission Web_auth
Web Pass-through
Web Pass-through is similar to Web Authentication. However, the guest is not required to provide
authentication details.
In Web Pass-through, guests are redirected to the usage policy page when they use the Internet for the
first time. When the policy is accepted, access is granted. The access point redirects the guest to the
policy page.
Perform these steps to enable web authentication:
Step 1 Browse to the Secuirty page on the access point GUI.
Step 2 Select SSID Manager.
Step 3 Check the Web Pass check box.