Bienvenido a Soporte Purple

Cisco Mobility Express

  • Actualización

Important

You are required to use firmware v8.7.102.0 or above in order to continue.

RADIUS

Log in to your ME web interface and click the "Switch to Expert View" button at the top right.

On the left, click Management > Admin Accounts and then the RADIUS header. Configure with:

Authentication Call Station ID Type: AP MAC Address:SSID
Authentication MAC Delimiter: Hyphen
Accounting Call Station ID Type: AP MAC Address:SSID
Accounting MAC Delimiter: Hyphen

Click Apply. Next, click Add RADIUS Authentication Server. Configure with:

State: Enabled
Server IP Address: *insert radius_server_ip here*
Shared Secret: *insert radius_secret here*
Confirm Shared Secret: as above
Port Number: 1812

Click Apply to Save. Next, click Add RADIUS Authentication Server again. Configure with:

State: Enabled
Server IP Address: *insert radius_server2_ip here*
Shared Secret: *insert radius_secret here*
Confirm Shared Secret: as above
Port Number: 1812

Click Apply to Save. Next, click Add RADIUS Accounting Server. Configure with:

State: Enabled
Server IP Address: *insert radius_server_ip here*
Shared Secret: *insert radius_secret here*
Confirm Shared Secret: as above
Port Number: 1813

Click Apply to Save. Next, click Add RADIUS Accounting Server again. Configure with:

State: Enabled
Server IP Address: *insert radius_server2_ip here*
Shared Secret: *insert radius_secret here*
Confirm Shared Secret: as above
Port Number: 1813

Wireless Settings

Click Wireless Settings > WLANs. Click Add New and configure with:

On the General tab:

Profile Name: Guest WiFi
SSID: Guest WiFi (or whatever you wish)
Admin State: Enabled
Radio Policy: ALL
Broadcast SSID: Yes

On the WLAN Security tab:

Guest Network: Yes
Captive Network Assistant: Yes
Captive Portal: External Splash page
Captive Portal URL: *insert access_url here*
Access Type: RADIUS

Under the RADIUS Server header, click Add RADIUS Authentication Server and select the first server IP you previously added. Click Apply. Next, click Add RADIUS Authentication Server again and select the second server IP you previously added. Click Apply.

Next, click Add RADIUS Accounting Server and select the first server IP you previously added. Click Apply. Next, click Add RADIUS Accounting Server again and select the second server IP you previously added. Click Apply.

Under the Pre Auth ACLs header, click Add URL Rules and configure with:

URL: *insert domain here*
Action: Permit

Please refer to this list for the required domains.

Under the Advanced tab:

Allow AAA Override: Yes

Click Apply to Save config. At the top right, be sure to click the Save Configuration button to avoid losing changes.

SSH Configuration

Finally, you'll need to SSH or console to the ME AP and type the following commands in "enable" mode:

config network web-auth https-redirect disable
config network web-auth secureweb disable

Additionally, we need to prevent users from trying to log in to the ME GUI via RADIUS. Provided you have only added the two RADIUS servers above and don't have any others configured, run the following commands:

config radius auth management 1 disable
config radius auth management 2 disable

After applying the commands above you will need to reboot the controller. Type the below commands:

save config
reset system

The ME AP will now reboot and be ready for use.

Important

You need to add all the AP Base MACs to the portal. To see these, type show ap join stats summary all from the SSH or command line.
Compartir en línea
¿Fue útil este artículo?
Usuarios a los que les pareció útil: 0 de 0