Cisco WLC

How to Configure your Cisco WLC system with Aiwifi

Prerequisites

This article applies to all WiFi Cisco controllers. The configuration procedure has been performed and tested for the version 7.4.121.0
Minimum compatibility 7.4.121.0
To correctly integrate a Cisco controller with the Solution, it is necessary that the controller:

  • is connected to the Internet
  • is reachable on the network
  • correctly assigns IP addresses to access points
  • has both the management port and service port correctly set

To ensure proper user experience, you have to upload a trusted certificate into the controller.


RADIUS server for the authentication

To correctly set up the accounting, you must click the SecurityRADIUSAuthentication menu. To display or edit the details for an existing RADIUS server you must click the corresponding Server Index.



Otherwise, to create a new RADIUS server, it is necessary to select New... . You have to configure he following parameters:

Call Station ID Type: AP MAC Address
MAC DelimiterColon
Server Address3.135.4.246
Shared Secret: (Aiwifi will provide a shared secret)
Port1812



You can also configure a secondary RADIUS server. Please check these data in the paragraph called Parameters for the Solution, at the end of this page.

RADIUS server for the accounting

To correctly set up the accounting, you must click the SecurityRADIUSAccounting menu. To display or edit the details for an existing RADIUS server you must click the corresponding Server Index.



Otherwise, to create a new RADIUS server, it is necessary to select New... . You have to configure the following parameters:

MAC DelimiterColon
Server Address3.135.4.246
Shared Secret: (Aiwifi will provide a shared secret)
Port1813



You can also configure a secondary RADIUS server. Please check the data in the paragraph called Parameters for the Solution, at the end of this article.

Splash Page configuration

To configure the Splash Page, it is necessary to click the SecurityWeb AuthWeb Login page.

Set the following values:

  • Web Authentication Type: External (Redirect to external server)
  • Redirect URL after login: https://captive.aiwifi.io
  • External Webauth URL: https://captive.aiwifi.io
  • Web Server IP Address: (to be provided by Aiwifi)

Access Control List

An Access Control List (ACL) is a set of rules used to limit access to a particular interface.
You can set your ACL by clicking Security in the main toolbar and then Access Control List in the left sidebar.
In this case, it is necessary to set two access lists, Outbound and Inbound.



Through this feature, it is possible to configure the walled garden. The following articles are available:

General Data information


On Cisco WLC (firmware above 8.2.100) when NOT using FlexConnect, it is possible to use DNS-based ACLs. First, create your ACL and then click on Add-Remove URL to set your domains.


cisco6b.png




Authorizing an access point

You must allow an access point to perform traffic according to the policies just configured. To do that you must click SecurityAAAAP Policies and perform the following steps:

  • Click Add to access the Add AP to Authorization List area.
  • In the MAC address input field, enter the MAC address of the access point.


Configuring WLANs

You can view WLANs currently configured by accessing the WLANs section in the web interface.
To display or edit the details for an existing WLAN you must click the corresponding WLAN ID. To create a new WLAN, it is necessary to select Create New and then click the Go button, as shown below.



By accessing the SecurityAAA Servers, it is possible to set RADIUS Servers previously created, for the authentication and accounting phases.



In the same section, please make sure that the list called Authentication priority order for web-auth user has "RADIUS" set as the only item.


cisco9b.png


By accessing the WLANAdvanced section, it is necessary to enable the Allow AAA Override option.



Configuring FlexConnect

By the same WLANAdvanced section, it is necessary to enable the FlexConnect Local Switching option.



Then you must access the Wireless menu and click on each AP where we intend to apply ACLs. Here you must click External WebAuthentication ACLs.

Then, please choose the ACL in the WebAuth ACL drop-down menu for the particular WLAN Id.
Similarly, for Web Policy ACLs (for example, the Conditional Redirect or Splash Page Redirect), you have to select an option for the FlexConnect ACLs, under WebPolicies.

You can also apply ACLs at the FlexConnect Group level. To do this, please enter the WLAN-ACL mapping tab in the FlexConnect Groups configuration. Then, choose the WLAN Id and the ACLs you intend to apply and click Add. That allows defining ACLs for a group of APs.

Similarly, for WebPolicy ACLs (for example, the Conditional Redirect or Splash Page Redirect), you must select the WebPolicies tab.

You can also apply Web Authentication and Web Pass-through Flex ACLs to the WLAN. To do this, it is necessary to choose the ACL from the WebAuth FlexACL drop-down menu under the Layer 3 tab in WLANSecurity.


Allowing free access to the CDN

You have to add some rules to load resources from the CDN
The domains to add for this purpose are:


Rule #1:
Action
: Permit
Source IP/Mask: [IP ADDRESS OF OUR SERVER - TO BE PROVIDED BY AIWIFI] /255.255.255.255
Destination IP/Mask: 0.0.0.0/0.0.0.0
Protocol: Any
Source Port: Any
Dest Port: 80
DSCP: Any
Direction: Outbound


Rule #2:
Action
: Permit
Source IP/Mask: [IP ADDRESS OF OUR SERVER - TO BE PROVIDED BY AIWIFI] /255.255.255.255
Destination IP/Mask: 0.0.0.0/0.0.0.0
Protocol: Any
Source Port: Any
Dest Port: 80
DSCP: Any
Direction: Inbound


If you have any trouble with the configuration or latency on the captive portal, please reach out to our support team.


HTTP/HTTPS Configuration

Go to ManagementHTTP-HTTPS and enable the WebAuth SecureWeb option.

cisco15.png


 

Entering the device details into Aiwifi Dashboard


For CiscoWireless access points in the "Controller - AP" architecture, Aiwifi only requires the MAC address.  Follow the instructions on the article Add a new Access Point to add your new Access Point to Aiwifi.