Leaving for a meeting so can't explain, but on the 5.0 code train : http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080956185.shtml
<http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080956185.shtml>Splash Page Web redirect is a feature introduced with Wireless LAN Controller Version 5.0. With this feature, the user is redirected to a particular web page after 802.1x authentication has completed. The redirect occurs when the user opens a browser (configured with a default home page) or tries to access a URL. After the redirect to the web page is complete, the user has full access to the network. On Mon, Jun 29, 2009 at 11:10 AM, Williams, Mr. Michael < [email protected]> wrote: > Mike, > > > > My Security Officer requires us to have a Banner page for wireless login > ins, even for the one that will use 802.1 (WPA/WPA2). We haven’t set up > our RADIUS device for VLAN assignments as of yet, we are still discussing > how we will implement that down the road. We are moving away from the > Bluesocket and plan on placing a WISM into production come fall. I did do > some more reading and believe that I will need a separate SSID that is set > up for MAC filtering/authentication (to control who can use this SSID) to > allow facility/staff mobile devices to access the network after they > authenticate. I am just not sure I am going about it the right way. > > > > Mike > > > > *v/r* > > * * > > *Michael M. Williams* > > Network Systems Analyst > > Information Technology Services > > Tarleton State University > > Box T-0220 > > Stephenville, TX > > Tel: (254) 968-1850 > > Fax: (254) 968-9393 > > [email protected] > > > > > > > > > > > > > > > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > [email protected]] *On Behalf Of *Mike King > *Sent:* Monday, June 29, 2009 9:28 AM > *To:* [email protected] > *Subject:* Re: [WIRELESS-LAN] Mobile device authentication > > > > Mike, > > > > I'm not sure what your goal is.... > > are you offering the webpage bypass for devices that cannot display the > page (Mobile devices/cellphones), or are you just offering ANY faculty and > staff device the option of bypassing the webpage? (IE laptops) > > > > but I can offer this: > > > > You can have 1 SSID performing 802.1x. That SSID can put users on > different VLANs based on group membership. You could theorectially have > faculty and staff dropped on a different VLAN that does not even terminate > on the bluesocket device, and students put on a 2nd VLAN that does terminate > on the bluesocket device. > > > > My point would be, with 802.1x and WPA2, you would not need a > web-authentication portal, since you will always know what user is > associated based on the RADIUS logs / WCS Display. I wouldn't even think > that you would need to have the students on the the bluesocket. > > > > Now, if you use the bluesocket for anything more than as a authentication > gateway > (remediation, access control, etc.... ) then this might not apply so much to > you. > > On Fri, Jun 26, 2009 at 5:03 PM, Williams, Mr. Michael < > [email protected]> wrote: > > > > We are currently in the process of setting up our WISM and WCS server and > plan on putting it into production in the fall. We also have 86 autonomous > APs which will be converted over to Light AP. We currently have a > Bluesocket device which is used as an authentication gateway. Bluesocket > allows me to store MAC address (mostly IPhones) for facility and staff > member which allows them to bypass the web login page. I would like to > continue this using the WISM and WCS. We currently do not use encryption on > our network, but plan on enforcing WPA/WPA2 (using Cisco RADIUS SE) for all > SSIDs, except for our visitors and other guests. > > > > We would like to continue using web authentication bypass for facility > and staff but require them to use WPA/WPA2 and their domain credentials. The > question I have is as follows. How can I accomplish this? Do I need to > create a separate SSID that restricts access via ones MAC? Or is there > another method that would work? > > > > Thanks > > > > Mike > > > > > > *v/r* > > * * > > *Michael M. Williams* > > Network Systems Analyst > > Information Technology Services > > Tarleton State University > > Box T-0220 > > Stephenville, TX > > Tel: (254) 968-1850 > > Fax: (254) 968-9393 > > [email protected] > > > > > > > > > > > > > > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
