Cisco WLC


This page explains the configuration of the Cisco Wireless LAN Controller to work with IronWifi Captive Portal.

Cisco WLC configuration

Log in to the Cisco WLC Web-Browser interface and go to Advanced Settings.

firstScreenshot

Go to Security -> Access Control Lists and add two new ACL rules permitting connections to the Captive Portal. Get the Captive Portal IP address from your Captive Portal settings -> Walled Garden -> IronWifi

  • Source: Any, Destination: 107.178.250.42 netmask 255.255.255.255, protocol TCP, Dest port 443, Action: Permit
  • Source 107.178.250.42 netmask 255.255.255.255, Destination: Any, protocol TCP, Source port 443, Action: Permit

secondScreenshot

thirdScreenshot

Go to Security -> Web Auth -> Web Login Page and change Web Authentication Type to External (redirect to an external server). Add the External Webauth URL which is the Splash page URL from your Captive Portal in IronWifi Console

fourthScreenshot

Go to Security -> RADIUS -> Authentication, add new RADIUS Authentication Servers and enter IP Address, Port and Shared Secret from your Captive Portal in IronWifi Console -> Controller Configuration -> RADIUS for the splash page

fifthScreenshot

sixthScreenshot

Go to Security -> RADIUS -> Accounting, add new RADIUS Accounting Servers and enter IP Address, Port and Shared Secret from your Captive Portal in IronWifi Console -> Controller Configuration -> RADIUS for the splash page

seventhScreenshot

Go to WLANs, select existing or create new WLAN and open WLAN settings page

eighthScreenshot

ninthScreenshot

Click on the Security tab, Layer 2 and set Layer 2 Security to None

tenthScreenshot

Click on the Layer 3 tab and set Layer 3 Security to Web Policy, select the Authentication radio button and select your new ACL for Pre-authentication ACL.

eleventhScreenshot

Click on the AAA Servers tab and select IronWifi RADIUS authentication and accounting servers. You can also set an Interim Interval to 180 seconds or higher.

twelfthScreenshot

Click on the Save Configuration link to save and apply new settings.

Finally, change the default virtual controller IP address from 1.1.1.1 to some other IP address and install a valid SSL certificate on your controller to prevent warning messages displayed to your clients.

If you have a question that needs an answer, please contact support. Otherwise, please open an issue in our GitHub! Thanks for helping us improve our docs!

See a mistake? Edit this page