This page explains the configuration of the Cisco Wireless LAN Controller to work with IronWifi Captive Portal.
IronWiFi Console Configuration
- Log into the IronWiFi console or register for free
- Create a new network
- After that, create a new captive portal, with vendor Cisco WLC
Access Point Configuration
-
Log in to the Cisco WLC Web-Browser interface and go to Advanced Settings.
-
Go to Security -> Access Control Lists and add two new ACL rules permitting connections to the Captive Portal. Get the Captive Portal IP address from your Captive Portal settings -> Walled Garden -> IronWiFi
ACL Rule n. 1
- Source - Any
- Destination - 107.178.250.42
- Netmask - 255.255.255.255
- Protocol - TCP
- Source port - Any
- Dest port - 443
- Action - Permit
ACL Rule n. 2
- Source - 107.178.250.42
- Destination - Any
- Netmask - 255.255.255.255
- Protocol - TCP
- Source port - 443
- Dest port - Any
- Action - Permit
- Go to Security -> Web Auth -> Web Login Page and configure with:
- Web Authentication Type - External (redirect to external server)
- Redirect URL after login - Empty
- External Webauth URL - get this value from the IronWiFi console
- Go to Security -> RADIUS -> Authentication, add new RADIUS Authentication Servers and use the following values:
- Server Address -get this value from the IronWiFi console
- Shared Secret Format - ASCII
- Shared Secret -get this value from the IronWiFi console
- Confirm Shared Secret -get this value from the IronWiFi console
- Key wrap - Disabled
- Port Number- get this value from the IronWiFi console
- Server Status - Enabled
- Support for RFC 3576 - Disabled
- Server Timeout - 5 seconds
- Network User - Enabled
- Management - Enabled
- Management Retransmit Timeout - 2 seconds
- IPSec - Disabled
- Go to Security -> RADIUS -> Accounting, add new RADIUS Accounting Servers and configure with:
- Server Address - get this value from the IronWiFi console
- Shared Secret Format - ASCII
- Shared Secret - get this value from the IronWiFi console
- Confirm Shared Secret - get this value from the IronWiFi console
- Port Number- get this value from the IronWiFi console
- Server Status - Enabled
- Server Timeout - 5 seconds
- Network User - Enabled
- Go to WLANs, select existing or create new WLAN and open WLAN settings page. Click on the Security tab, Layer 2 and set:
- Click on the Layer 3 tab and configure with:
- Layer 3 Security - Web Policy (Authentication)
- Preauthentication ACL - IPv4 - IronWiFi-Auth
- Click on the AAA Servers tab and select IronWiFi RADIUS authentication and accounting servers. You can also set an Interim Interval to 180 seconds or higher.
Radius Servers
- Authetication Servers - Enabled
- Server 1 - IP: get this value from the IronWiFi console , Port: get this value from the IronWiFi console
- Accounting Servers - Enabled
- Server 1 - IP: get this value from the IronWiFi console , Port: get this value from the IronWiFi console
Radius Server Accounting
- Interim Update - Enabled
- Interim Interval - 180
Click on the Save Configuration link to save and apply new settings.
Finally, change the default virtual controller IP address from 1.1.1.1 to some other IP address and install a valid SSL certificate on your controller to prevent warning messages displayed to your clients.
! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !