Cisco Catalyst

Compatibility

The below instruction pertains to Cisco Catalyst 9800-CL Wireless Controller

Social WiFi has been tested and is proven to work on the following configurations:

Cisco Catalyst 9800-CL set up on KVM

versions up to 17.3.4c

Cisco AIR-CAP3702I-E-K9

versions compatibile with the Controller (installs as the AP provisions)

Accessing the device’s administration panel

Configure the controller

Go to Configuration -> Security -> Web Auth.

Click in to the global profile and make sure that the "Virtual IPv4 Address" is set as 192.0.2.1.

Press Apply.

Now, Add a new profile by clicking the Add button.

Parameter-map name

sw_webauth

Maximum HTTP connections

200

Init-State Timeout

3600

Type

webauth

Press Apply to Device.

After you've created the profile, click on it and configure as follows:

On the General tab:

Banner Type

None

Captive Bypass Portal

Leave unchecked

Disable Success Window

Enabled

Disable Logout Window

Enabled

Sleeping Client Status

Enabled

Sleeping Client Timeout

720

On the Advanced tab:

Redirect for log-in

https://login.socialwifi.com/

Redirect On-Success

https://login.socialwifi.com/redirect/

Redirect On-Failure

https://login.socialwifi.com/

Redirect Append for AP MAC Address

ap_mac

Redirect Append for Client MAC Address

client_mac

Redirect Append for WLAN SSID

wlan_ssid

Portal IPV4 Address

35.190.70.141

Click Update & Apply.

Go to Configuration -> Security -> AAA.

In the Servers / Groups and next Servers tab click +Add.

Name*

sw_radius

Server Address*

35.205.62.147

PAC Key

Leave unchecked

Key Type

Clear Text

Key

*Radius Secret available in Access Points tab of the Social WiFi Panel*

Confirm Key

as above

Auth Port

31812

Acct Port

31813

Server Timeout

Retry Count

Support for CoA

Enabled

Press Apply to Device.

Go the Server Groups tab and press +Add.

Name

guest_radius

Group Type

RADIUS

MAC-Delimiter

hyphen

MAC-Filtering

none

Dead-Time (mins)

Leave default (5)

Assigned Servers

sw_radius

Source Interface VLAN ID

none

Press Apply to Device.

Next, go to the AAA Method List tab. Make sure that1 Authentication is selected and press +Add. On the General tab:

Method List Name

guest_auth

Type

Group Type

group

Assigned Server Groups

guest_radius

Press Apply to Device.

Switch to the Accounting tab on the left and click +Add.

Method List Name

guest_acct

Type

identity

Assigned Server Groups

guest_radius

Press Apply to Device.

Now, go to the AAA Advanced tab. Make sure you're in "Global Config" and press Show Advanced Settings >>>. You should see "Radius Attributes" drop down. Configure as follows:

Accounting

Call Station ID

ap-macaddress-ssid

Call Station ID Case

upper

MAC-Delimiter

hyphen

Username Case

lower

Username Delimiter

none

Authentication

Call Station ID

ap-macaddress-ssid

Call Station ID Case

upper

MAC-Delimiter

hyphen

Press Apply to Device.

Now, go to the Configuration -> Security -> URL Filters. Click +Add.

List Name

guest_url_filter

Type

PRE_AUTH

Action

PERMIT

URLs

*.fbcdn.net
*.licdn.com
*.twimg.com
*.ytimg.com
twitter.com
facebook.com
linkedin.com
sw-login.com
*.youtube.com
yt3.ggpht.com
*.facebook.com
*.linkedin.com
api.twitter.com
apis.google.com
ssl.gstatic.com
*.googleapis.com
fonts.google.com
*.googlevideo.com
accounts.google.*
fonts.gstatic.com
accounts.youtube.com
connect.facebook.net
login.socialwifi.com
www.googleadservices.com
www.googletagmanager.com
googleads.g.doubleclick.net

Press Apply to Device.

Go to the Configuration -> Tags & Policies -> WLANs. Click +Add or edit an existing WLAN.

On the General tab:

Profile Name

*your profile name*

SSID

*your SSID name*

Status

Enabled

Radio Policy

All

Broadcast SSID

Enabled

Go to the Security - Layer2 tab and set the Layer 2 Security Mode as "None" and MAC Filtering as Disabled. Leave rest as default.

In the Security - Layer 3 tab, click Show Advanced Settings >>> and configure as follows:

Web Policy

Enabled

Web Auth Parameter Map

sw_webauth

Authentication List

guest_auth

On Mac Filter Failure

Disabled

Splash Web Redirect

Disabled

Press Apply to Device or Update & Apply to Device.

Now, go to Configuration -> Tags & Profiles -> Policy and press +Add. Leave all settings at default apart from the following:

On the General tab:

Name*

guest_policy

Status

Enabled

On the Access Policies tab:

URL Filters - "guest_url_filter"

On the Advanced tab:

Session Timeout

43200

Idle Timeout

3600

Allow AAA Override

Enabled

Accounting List

guest_acct

Click Apply to Device to save.

Next, go to Configuration > Tags & Profiles > Tags. Click +Add.

Name

admi

WLAN Profile

*your WiFi name*

Policy Profile

guest_policy

Click Apply to Device to save.

Go to Administration > Management > HTTP/HTTPS/Netconf and make sure that HTTP and HTTPS Access are Enabled.

Now you need to disable secure webauth. You can do it from the controllers CLI. Please run these commands:

enable
configure terminal
parameter-map type webauth global
webauth-http-enable
secure-webauth-disable

Go to Configuration -> Wireless → Access Points.
Copy the MAC addresses of the Access Points you would like to add to Social WiFi platform. You will have to change the format (from "xxxx.xxxx.xxxx" to "xx:xx:xx:xx:xx:xx")
Go to the Social WiFi Panel.
Choose the place to which you would like to add the device.
In the “Access Points” tab, press “Add” (upper right corner), paste the MAC address you copied into the form (adding a name is optional) and click “Create”.