Configuring Captive Portal
Captive Portal allows the users who have authenticated successfully to be directed to a specified web page (portal) before they can access the Internet. The users will be directed to a specified web authentication login page to authenticate, and then be directed to the specified web portal after login.
1. Click Wireless > Captive Portal or Networking > Captive Portal.
The Captive Portal window opens.
2. In the Captive Portal area, enter the following information:
• Enable Captive Portal: Click On to enable the Captive Portal feature, or click Off to disable it.
• Apply On: Choose the SSID, VLAN, or DMZ interface on which to apply the Captive Portal settings.
NOTE: Only one interface can be set for Captive Portal access at a time.
• Web Authentication Type: Choose one of the following methods for web authentication. The security appliance can authenticate the users by using the local database and external AAA server (such as RADIUS, AD, and LDAP). The authentication method is derived from the user authentication settings that you specified in the Users > User Authentication page.
– Internal: Uses the default HotSpot Login page to authenticate the users. The username and password are required to login.
– Internal, no auth with accept button: Allows the users to access the network without entering the username and password. If you choose this option, click the Acceptbutton on the default HotSpot Login page to access the network without authentication.
– External: Uses a custom HotSpot Login page on the specified external web server to authenticate the users. The username and password are required to login.
– External, no auth with accept button: Allows the users to access the wireless network without entering the username and password. If you choose this option, click the Accept button on the custom HotSpot Login page to access the wireless network without authentication.
• Redirected URL After Login: Choose one of the following options:
– Redirect Client to Customer URL: Directs the users to a particular URL (such as the URL for your company) after they logged in. If you choose this option, enter the desired URL in the field, including http:// or https://.
– Redirect Client to Original URL: Directs the users to the original URL.
For example, if you select Internal for authentication and the web portal is set as http://www.ABcompanyC.com. When a wireless user tries to access an external website such as http://www.google.com, the default HotSpot Login page opens.
Enter the username and password and click Login. After the wireless user logged in, the user is directed to the web portal http://www.ABcompanyC.com). The online time for the logged wireless user is displayed in the title bar of the login page. Click Logout to log out.
• Session Timeout: Enter the timeout value in minutes that the wireless session can remain connected. The session will be terminated and the client needs to re-authenticate over the session timeout. A value of zero (0) indicates that the users can log in and keep connected as long as they want to. The default value is 60 minutes.
• Idle Timeout: Enter the timeout value in minutes that the wireless session can remain idle. An idle session will be terminated over the idle timeout. The default value is 5 minutes.
3. Depending on the selected web authentication method, specify the following information in the Configuration area:
• If you chose Internal or Internal, no auth with accept button as the web authentication method, you can customize the following information on the default HotSpot Login page:
– Logo File: You can import an image, such as your corporate logo, to display on the login page. Click Browse to locate and select an image file from your local PC and then click Upload. To delete the loaded file, click Delete.
– Background File: You can import an image to display as the background for the login page. Click Browse to locate and select an image file (jpg, gif, or png) from your local PC and then click Upload. To delete the loaded file, click Delete.
NOTE: When uploading a file, select a bmp, jpg, gif, or png file of 200KB or less. The Current Logo File field displays the filename of the file that is in use, or Default if no file has been uploaded for this purpose.
– Cisco Logo: If you want to hide the Cisco logo that appears on the login page, choose Hide. Otherwise, choose Show.
– Headline: If you want to create your own headline on the login page, enter the desired text in this field.
– Message: If you want to create your own message on the login page, enter the desired text in this field.
• If you chose External or External, no auth with accept button as the web authentication method, enter the following information:
– Authentication Web Server: Enter the full URL of the external web server (including https://), for example https://172.24.10.10/cgi-bin/PortalLogin.cgi.
– Authentication Web Key: Enter the key used to protect the username and password that the external web server sends to the security appliance for authentication.
4. In the Advanced Settings > Monitored HTTP Ports area, specify the ports to monitor HTTP requests. HTTP requests through the monitored HTTP ports will be directed to the specified web page (portal).
NOTE: Captive Portal only monitors HTTPS requests through the port 443.
a. To add a monitored HTTP port, click Add. The Port Configuration - Add/Edit window opens.
b. Enter the port number in the Port field.
c. Click OK to save your settings.
5. In the Advanced Settings > Open Domains area, specify the IP address or domain name for the websites that you want to open. The users can access these websites directly without authentication.
a. To add an open domain, click Add. The Domain Configuration - Add/Edit window opens.
b. Enter the IP address or domain name in the Domain field.
c. Click OK to save your settings.
6. Click Save to apply your settings.
No comments:
Post a Comment
Itanong mo, Sagot Agad