Open a web browser and log in to your Cisco Catalyst web interface. At the top right, click the Settings icons and enable the Expert mode.
Click Configuration > Security > Web Auth on the left. Click in to the global profile and configure with:
Click Apply to save. Next, click the Add button. Configure with:
Click Apply to Device to save. Next, click in to the profile you just created and configure with:
On the General tab:
On the Advanced tab:
Click Apply to save. Next, click on Configuration > Security > AAA on the left. Select the Servers / Groups tab click Add. Configure with:
Click Apply to Device to save. Next, click Add again and configure with:
Click Apply to Device to save. On the Server Groups sub tab, click Add. Configure with:
Click Apply to Device to save. Next, click on the AAA Method List tab. Click Add and configure with:
Click Apply to Device to save. Next, click the Accounting sub nav menu on the left and click Add. Configure with:
Click Apply to Device to save. Next, click the AAA Advanced tab and then the Show Advanced Settings >>> option. Configure both Accounting and Authentication with:
Click Apply to Device to save. Next, click Configuration > Tags & Policies > WLANs on the left. Click Add or edit an existing WLAN and configure with:
On the General tab:
On the Security > Layer 2 tab:
On the Security > Layer 3 tab, click Show Advanced Settings >>> and configure with:
Click Apply to Device to save. Next, click Configuration > Security > URL Filters. Click Add and add all required domains.
Click Apply to save. Next, click Configuration > Tags & Profiles > Policy on the left. Click Add, leaving all settings at default apart from the following:
On the General tab:
On the Access Policies tab:
On the Advanced tab:
Click Apply to Device to save. Next, click Configuration > Tags & Profiles > Tags on the left. Click Addand configure with:
Click Apply to Device to save. Finally, click Administration > Management > HTTP/HTTPS/Netconf on the left. Configure with:
The final step is to ensure that secure webauth is disabled in order for the authentication to succeed. You will need to login to the CLI of the controller and once in configuration (enable) mode, run the following commands:
parameter-map type webauth global
webauth-http-enable
secure-webauth-disable
The configuration is now complete.
Be sure to click on Save Configuration at the top right of the page to ensure your changes are persisted on reboot.