Security

Has anyone installed clearpass for guests in an autonomous AP environment?

yes, but you might want to include some more info or even your actual questions if you want to get a usefull answer.  :smileyhappy:

I posted a specific question a while ago but there were no replies. What means is there for redirecting the guest to the clearpass portal if you have Cisco 1130 APs?.Centralized internet breakout onto the internet from guests at retail sites.

Sorry, no experience with Cisco APs. 

Have you checked http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/107458-wga-faq.html and http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70users.html#wp1075664 

They are for controllers, Autonomous APs run without controllers.

appologies, I somehow ended up there searching for the AP you mentioned. As I already sais, no experience with those APs but it all boils down to whether or not they support external captive portals..

Hopefully somebody else will be able to help you.

in cases like this the big question is if you can configure the AP for web authentication to an external URL. this has little to do with clearpass itself, that comes into play once you are able to redirect the client to it.

i did a quick google search and couldn't find anything, so it might be this won't be possible.

Sadly we haven't found a way round this. I image a program of upgrading the hardware over a period of time to Instants is what the customer will end up doing. If we do figure out a way round this I will update the post.

As far as I can tell this isn't really a viable option when using the 1130 AP in autonomous mode. I can find some Cisco autonomous AP's that have this built-in functionality, but those run IOS 15.x.

Only functionality that seems to be close in the 12.x is ip redirect:

http://www.cisco.com/c/en/us/td/docs/wireless/technology/ip-redirect/technical/reference/ipredir.html

I have no idea how to get it to stop redirecting tho.. 

Some other references

https://supportforums.cisco.com/discussion/11103646/captive-portal

- Old, but same issue you're having.. No solution there either

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/116897-configure-technology-00.html

- For IOS 15.x autonomous AP's

And lastly - someone says this might be possible using some man-in-the-middle software:

https://supportforums.cisco.com/discussion/11825651/autonomous-ap-web-authentication

Might not work for the 1130's but I'm certainly going to get the latest code for a 2602 we have here and test this. I will update the post when I've done this. Thanks for the info.