Bienvenido a Soporte Purple

Cisco WLC (AireOS)

  • Actualización

Important Note

We no longer recommend WLC code below v8.2.100.0. Please ensure you are using v8.2.100.0 or higher (v8.7 or higher if using FlexConnect).

Additionally, if you are using Guest Anchor, please contact support as additional steps will be required.

Logging in

Start by logging into your Cisco WLC web interface.

RADIUS

Click Security at the top and then AAA > Radius Authentication on the left menu. Set the below setting then click Apply:

Auth Called Station ID Type: AP MAC Address:SSID

Click New at the top right and configure with:

Server IP Address: *insert radius_server_ip here*
Shared Secret Format: ASCII
Shared Secret: *insert radius_secret here*
Confirm Shared Secret: as above
Port: 1812
Server Status: Enabled
Network User: No
Management: No

Click Apply to save. Click New again and configure with:

Server IP Address: *insert radius_server2_ip here*
Shared Secret Format: ASCII
Shared Secret: *insert radius_secret here*
Confirm Shared Secret: as above
Port: 1812
Server Status: Enabled
Network User: No
Management: No

Click Apply to save. Click Radius Accounting on the left menu. Set the below setting then click Apply:

Acct Called Station ID Type: AP MAC Address:SSID

Click New at the top right and configure with:

Server IP Address: *insert radius_server_ip here*
Shared Secret Format: ASCII
Shared Secret: *insert radius_secret here*
Confirm Shared Secret: as above
Port: 1813
Server Status: Enabled
Network User: No
Management: No

Click Apply to save. Click New again and configure with:

Server IP Address: *insert radius_server2_ip here*
Shared Secret Format: ASCII
Shared Secret: *insert radius_secret here*
Confirm Shared Secret: as above
Port: 1813
Server Status: Enabled
Network User: No
Management: No

Click Apply to save.

ACLs

Click Access Control Lists (or FlexConnect ACLs if you use FlexConnect) on the left and then New at the top right. Configure with:

Access Control List Name: Guest WiFi
ACL Type: IPv4

Click Apply to save.

URL Configuration

If you are using local AP's (not FlexConnect mode):

To the right of the ACL you just created, hover the blue arrow and click Add-Remove URL. In the URL String Name box add the required domains one at a time. Please refer to this list.

OR if you are using FlexConnect mode:

Click into the ACL you just created, then click Add Rule > URL rule at the top right. In the URL box add the required domains one at a time, ensuring you set the Action to Permit each time. Please refer to this list.

Click Web Auth > Web Login Page on the left and configure with:

Redirect URL after login: leave blank

Click Apply to save.

WLAN

Click WLANs at the top and then WLANs on the left. Click Create New > Go at the top right (or edit an existing WLAN if you have one already). If creating a new WLAN, configure with:

Type: WLAN
Profile Name: Guest Wi-Fi
SSID: Guest Wi-Fi (or whatever you wish)

Click Apply to save. Next, click the SSID profile to edit the settings.

On the General tab:

Status: Enabled
Broadcast SSID: Enabled
SSID: Guest Wi-Fi (or whatever you wish)

On the Security > Layer 2 tab:

Layer 2 Security: None

On the Security > Layer 3 tab:

Layer 3 Security: Web Policy
Authentication: Enabled
Pre-authentication ACL (if Local): Guest Wi-Fi
WebAuth FlexACL (if FlexConnect): Guest Wi-Fi
Override Global Config: Enable
Web Auth type: External (Re-direct to external server)
Redirect URL: *insert access_url here*

On the Security > AAA Servers tab:

Authentication Servers: Enabled
Server 1: IP: *insert radius_server_ip here*, Port: 1812
Server 2: IP: *insert radius_server2_ip here*, Port: 1812
Accounting Servers: Enabled
Server 1: IP: *insert radius_server_ip here*, Port: 1813
Server 2: IP: *insert radius_server2_ip here*, Port: 1813
Interim Update: Enabled - Interim Interval: 600
Authentication priority order for web-auth user (Not Used): LOCAL, LDAP
Authentication priority order for web-auth user (Order Used For Authentication): RADIUS

On the Advanced tab:

Allow AAA Overide: Enabled
Enable Session Timeout: Enabled
Session Timeout (secs): 43200

Click Apply to save. Next, click Management at the top then HTTP-HTTPS on the left. Configure with:

WebAuth SecureWeb: Disabled
HTTPS Redirection: Disabled

Note: It is important that the virtual IP address is changed from the default 1.1.1.1 to avoid issues.

Click Controller at the top then Interfaces on the left. Configure with:

IP Address: 192.0.2.1

Click Apply to save.

Finally, be sure to click Save Configuration at the top right.

Configuration Complete

The configuration is now complete.

Important Notes

You will need to reboot your controller for all the features to work.

When adding the AP MAC address(es) into the portal remember to use the Base Radio MAC

Compartir en línea
¿Fue útil este artículo?
Usuarios a los que les pareció útil: 1 de 1