Cisco WLC

Access Point Instructions for Cisco WLC

This page explains the configuration of the Cisco Wireless LAN Controller to work with IronWifi Captive Portal.

IronWiFi Console Configuration

  1. Log into the IronWiFi console or register for free
  2. Create a new network
  3. After that, create a new captive portal, with vendor Cisco WLC

Access Point Configuration

  1. Log in to the Cisco WLC Web-Browser interface and go to Advanced Settings.

  2. Go to Security -> Access Control Lists and add two new ACL rules permitting connections to the Captive Portal. Get the Captive Portal IP address from your Captive Portal settings -> Walled Garden -> IronWiFi

ACL Rule n. 1

  • Source - Any
  • Destination - 107.178.250.42
  • Netmask - 255.255.255.255
  • Protocol - TCP
  • Source port - Any
  • Dest port - 443
  • Action - Permit

ACL Rule n. 2

  • Source - 107.178.250.42
  • Destination - Any
  • Netmask - 255.255.255.255
  • Protocol - TCP
  • Source port - 443
  • Dest port - Any
  • Action - Permit
  1. Go to Security -> Web Auth -> Web Login Page and configure with:
  • Web Authentication Type - External (redirect to external server)
  • Redirect URL after login - Empty
  • External Webauth URL - get this value from the IronWiFi console
  1. Go to Security -> RADIUS -> Authentication, add new RADIUS Authentication Servers and use the following values:
  • Server Address -get this value from the IronWiFi console
  • Shared Secret Format - ASCII
  • Shared Secret -get this value from the IronWiFi console
  • Confirm Shared Secret -get this value from the IronWiFi console
  • Key wrap - Disabled
  • Port Number- get this value from the IronWiFi console
  • Server Status - Enabled
  • Support for RFC 3576 - Disabled
  • Server Timeout - 5 seconds
  • Network User - Enabled
  • Management - Enabled
  • Management Retransmit Timeout - 2 seconds
  • IPSec - Disabled
  1. Go to Security -> RADIUS -> Accounting, add new RADIUS Accounting Servers and configure with:
  • Server Address - get this value from the IronWiFi console
  • Shared Secret Format - ASCII
  • Shared Secret - get this value from the IronWiFi console
  • Confirm Shared Secret - get this value from the IronWiFi console
  • Port Number- get this value from the IronWiFi console
  • Server Status - Enabled
  • Server Timeout - 5 seconds
  • Network User - Enabled
  1. Go to WLANs, select existing or create new WLAN and open WLAN settings page. Click on the Security tab, Layer 2 and set:
  • Layer 2 Security - None
  1. Click on the Layer 3 tab and configure with:
  • Layer 3 Security - Web Policy (Authentication)
  • Preauthentication ACL - IPv4 - IronWiFi-Auth
  1. Click on the AAA Servers tab and select IronWiFi RADIUS authentication and accounting servers. You can also set an Interim Interval to 180 seconds or higher.

Radius Servers

  • Authetication Servers - Enabled
  • Server 1 - IP: get this value from the IronWiFi console , Port: get this value from the IronWiFi console
  • Accounting Servers - Enabled
  • Server 1 - IP: get this value from the IronWiFi console , Port: get this value from the IronWiFi console

Radius Server Accounting

  • Interim Update - Enabled
  • Interim Interval - 180

Click on the Save Configuration link to save and apply new settings.

Finally, change the default virtual controller IP address from 1.1.1.1 to some other IP address and install a valid SSL certificate on your controller to prevent warning messages displayed to your clients.

! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !