Important
RADIUS
Log in to your ME web interface and click the "Switch to Expert View" button at the top right.
On the left, click Management > Admin Accounts and then the RADIUS header. Configure with:
| Authentication Call Station ID Type: | AP MAC Address:SSID |
| Authentication MAC Delimiter: | Hyphen |
| Accounting Call Station ID Type: | AP MAC Address:SSID |
| Accounting MAC Delimiter: | Hyphen |
Click Apply. Next, click Add RADIUS Authentication Server. Configure with:
| State: | Enabled |
| Server IP Address: | *insert radius_server_ip here* |
| Shared Secret: | *insert radius_secret here* |
| Confirm Shared Secret: | as above |
| Port Number: | 1812 |
Click Apply to Save. Next, click Add RADIUS Authentication Server again. Configure with:
| State: | Enabled |
| Server IP Address: | *insert radius_server2_ip here* |
| Shared Secret: | *insert radius_secret here* |
| Confirm Shared Secret: | as above |
| Port Number: | 1812 |
Click Apply to Save. Next, click Add RADIUS Accounting Server. Configure with:
| State: | Enabled |
| Server IP Address: | *insert radius_server_ip here* |
| Shared Secret: | *insert radius_secret here* |
| Confirm Shared Secret: | as above |
| Port Number: | 1813 |
Click Apply to Save. Next, click Add RADIUS Accounting Server again. Configure with:
| State: | Enabled |
| Server IP Address: | *insert radius_server2_ip here* |
| Shared Secret: | *insert radius_secret here* |
| Confirm Shared Secret: | as above |
| Port Number: | 1813 |
Wireless Settings
Click Wireless Settings > WLANs. Click Add New and configure with:
On the General tab:
| Profile Name: | Guest WiFi |
| SSID: | Guest WiFi (or whatever you wish) |
| Admin State: | Enabled |
| Radio Policy: | ALL |
| Broadcast SSID: | Yes |
On the WLAN Security tab:
| Guest Network: | Yes |
| Captive Network Assistant: | Yes |
| Captive Portal: | External Splash page |
| Captive Portal URL: | *insert access_url here* |
| Access Type: | RADIUS |
Under the RADIUS Server header, click Add RADIUS Authentication Server and select the first server IP you previously added. Click Apply. Next, click Add RADIUS Authentication Server again and select the second server IP you previously added. Click Apply.
Next, click Add RADIUS Accounting Server and select the first server IP you previously added. Click Apply. Next, click Add RADIUS Accounting Server again and select the second server IP you previously added. Click Apply.
Under the Pre Auth ACLs header, click Add URL Rules and configure with:
| URL: | *insert domain here* |
| Action: | Permit |
Please refer to this list for the required domains.
Under the Advanced tab:
| Allow AAA Override: | Yes |
Click Apply to Save config. At the top right, be sure to click the Save Configuration button to avoid losing changes.
SSH Configuration
Finally, you'll need to SSH or console to the ME AP and type the following commands in "enable" mode:
config network web-auth https-redirect disableconfig network web-auth secureweb disable
Additionally, we need to prevent users from trying to log in to the ME GUI via RADIUS. Provided you have only added the two RADIUS servers above and don't have any others configured, run the following commands:
config radius auth management 1 disableconfig radius auth management 2 disable
After applying the commands above you will need to reboot the controller. Type the below commands:
save configreset system
The ME AP will now reboot and be ready for use.