Cisco WLC with External Captive Portal

This page explains configuration of Cisco Wireless Lan Controller to work with IronWifi Captive Portal.

IronWifi Console configuration

  1. Log in to the IronWifi Console
  2. From the menu, go to Network -> Captive Portals -> New Captive Portal
  3. Fill in Name, select Network, select Cisco WLC as Vendor and add at least one Authentication Provider

Cisco WLC configuration

  1. Log in the Cisco WLC Web-Browser interface and go to Advanced Settings

 

cisco_wlc_intro_1


 

2. Go to Security -> Access Control Lists and add two new ACL rules permitting connections to the Captive Portal. Get the Captive Portal IP address from your Captive Portal settings -> Walled Garden -> IronWifi

  • Source: Any, Destination: 107.178.250.42 netmask 255.255.255.255, protocol TCP, Dest port 443, Action: Permit
  • Source 107.178.250.42 netmask 255.255.255.255, Destination: Any, protocol TCP, Source port 443, Action: Permit

 

cisco_wlc_acl_1cisco_wlc_acl_2


 

3. Go to Security -> Web Auth -> Web Login Page and change Web Authentication Type to External (redirect to external server). Add the External Webauth URL. This is the Splash page URL from your Captive Portal in IronWifi Console

cisco_wlc_external_webauth


 

4. Go to Security -> RADIUS -> Authentication, add new RADIUS Authentication Servers and enter IP Address, Port and Shared Secret from your Captive Portal in IronWifi Console -> Controller Configuration -> RADIUS for splash page

cisco_wlc_radius_1cisco_wlc_radius_2


 

5. Go to Security -> RADIUS -> Accounting, add new RADIUS Accounting Servers and enter IP Address, Port and Shared Secret from your Captive Portal in IronWifi Console -> Controller Configuration -> RADIUS for splash page

 

cisco_wlc_radius_4cisco_wlc_radius_3


 

6. Go to WLANs, select existing or create new WLAN and open WLAN settings page

cisco_wlc_1

cisco_wlc_2


 

7. Click on the Security tab, Layer 2 and set Layer 2 Security to None

cisco_wlc_3


 

8. Click on the Layer 3 tab and set Layer 3 Security to Web Policy, select the Authentication radio button and select your new ACL for Preauthentication ACL.

cisco_wlc_4


 

9. Click on the AAA Servers tab and select IronWifi RADIUS authentication and accounting servers. You can also set Interim Interval to 180 seconds or higher.

cisco_wlc_5


 

10. Finally, click on the Save Configuration link to save and apply new settings.