The below instruction pertains to Cisco WLCs of 2504 and 5520 series with IOS 8.2.166.0

1. Accessing the device’s administrative panel

Log in to the administrative panel with root permissions and press Advanced.

2. Device configuration

2.1 RADIUS configuration

Security → AAA → Radius → Authentication

  • Auth Called Station ID Type: AP MAC Address
  • MAC Delimiter: Hyphen

Security → AAA → Radius → Authentication → New

  • Server IP Address: 35.205.62.147
  • Shared Secret Format: ASCII
  • Shared Secret: Radius Secret available in Access Points tab of the Social WiFi Panel
  • Confirm Shared Secret: Radius Secret available in Access Points tab of the Social WiFi Panel
  • Port Number: 31812
  • Server Status: Enabled
  • Server Timeout: 5 seconds
  • Network User: Enable – unchecked
  • Management: Enable – unchecked
  • Apply

Security → AAA → Radius → Accounting → New

  • Server IP Address: 35.205.62.147
  • Shared Secret Format: ASCII
  • Shared Secret: Radius Secret available in Access Points tab of the Social WiFi Panel
  • Confirm Shared Secret: Radius Secret available in Access Points tab of the Social WiFi Panel
  • Port Number: 31813
  • Server Status: Enabled
  • Server Timeout: 5 seconds
  • Network User: Enable – unchecked
  • Apply

2.2 DNS Walled Garden Configuration

Security → Access Control Lists → Access Control Lists → New

  • Access Control List Name: sw_walledgarden
  • ACL Type: IPv4
  • Apply

Hover the coursor over the blue icon on the right side of sw_walledgarden text and press “Add/Remove URL”.

Add these entries one by one:

socialwifi.com
sw-login.com
facebook.com
fbcdn.net
twitter.com
twimg.com
linkedin.com
licdn.com
accounts.google.com
accounts.google.*
ssl.gstatic.com
fonts.gstatic.com
fonts.google.com
accounts.youtube.com
googleapis.com
apis.google.com
connect.facebook.net
www.googletagmanager.com
www.googleadservices.com
googleads.g.doubleclick.net

Cisco WLC has a limit of 20 entries for URL ACL and the above list doesn’t include rules for a YouTube widget on the login splash page. If you want to use this widget, please contact us.

2.3 Captive Portal/Hotspot configuration

Security → Web Auth → Web Login Page

Web Authentication Type: External (Redirect to external server)
Redirect URL after login : [leave empty]
External Webauth URL: https://login.socialwifi.com/

Management → HTTP-HTTPS

WebAuth SecureWeb: Disabled
HTTPS Redirection: Disabled

Controller → Interfaces

Make sure that the “virtual” interface’s address is not set to 1.1.1.1 (it used to be the default value). If it is, change it to 192.0.2.1.

2.4 Network settings configuration

WLANs → WLAN ID / Create New → Security

Layer 2

  • Layer 2 Security: None

Layer 3

  • Layer 3 Security: Web Policy

Authentication

  • Preauthentication ACL: IPv4 sw_walledgarden
  • IPv6: None
  • WebAuth FlexAcl: None

AAA Servers

  • Authentication Servers Enabled: Yes
  • Server 1: IP:35.205.62.147, Port:31812
  • Accounting Servers Enabled: Yes
  • Server 1 : IP:35.205.62.147, Port:31813
  • Radius Server Accounting Interim Update: Yes
  • Radius Server Accounting Interim Interval: 600
  • Apply

3. Adding the device to Social WiFi platform

Monitor → Access Points → Radios → 802.11a/n/ac or 802.11b/g/n

  • Copy the MAC addresses of the Access Points you would like to add to Social WiFi platform.
  • Go to the Social WiFi Panel.
  • Choose the place to which you would like to add the device.
  • In the “Access Points” tab, press “Add” (upper right corner), paste the MAC address you copied into the form (adding a name is optional) and click “Create”.

4. Testing the platform!

Tags

Comments are closed