Wireless (for ISA550W and ISA570W only)
Configuring a Captive Portal
Cisco ISA500 Series Integrated Security Appliances Administration Guide 223
5
• You may want to associate a VLAN, such as the GUEST VLAN, with a
security zone so that you can configure appropriate security policies. For
example, you can apply URL filtering policies to the zone to prevent access
to certain types of websites.
• A Captive Portal must be associated either with a single SSID or with a
VLAN. If you want to enable a portal for users of multiple SSIDs, you will
need to assign them all to the same VLAN. You can use a pre-configured
VLAN or can create a VLAN for this purpose.
Wireless Setup
For a Captive Portal on the wireless network, you must enable the wireless radio
and at least one SSID before you can enable a Captive Portal. To configure these
settings, use the Wireless > Basic Settings page. .
• Enable the wireless radio.
• Enable the SSID(s) that you want to use for the portal.
• If you created a special VLAN for use with your Captive Portal, assign it to
the SSID(s) that you want to use for the portal.
User Authentication
If you want to require user authentication for your portal, the security appliance
can authenticate the users by using the local database and an external AAA
server (such as RADIUS, AD, and LDAP). The authentication method is derived
from the user authentication settings that you specified in the Users > User
Authentication page. See Configuring User Authentication Settings, page 393.
For the local database option, you need to set up a User Group with the Captive
Portal service enabled, and add the users’ names and passwords. .
Configuring a Captive Portal
You configure this feature separately for the wireless network (Wireless > Captive
Portal ) and for the wired network (Networking > Captive Portal).