WiFi-based check-in: Cisco WLC

Setup

Before you configure the controller make sure you have set up your RADIUS server and have purchased a license.

Configuring the Cisco WLC controller

To configure Access Control rules for the WLC controller

  1. Log in the Cisco WLC web browser interface and go to Advanced Settings by clicking the configuration icon on top of the screen.

  2. Go to Security>Access Control Lists and add two new ACL rules to allow connections to the captive portal:

    • Source IP: any; Destination IP: 107.178.250.42, Mask: 255.255.255.255; Protocol: TCP; Dest Port: 443, Action: Permit.

    • Source IP: 107.178.250.42, Mask: 255.255.255.255; Destination IP: any; Protocol: TCP; Source Port: 443; Action: Permit.

  3. You may also want to add the following IPs to your rules:

    • XYZ.spaces.nexudus.com, where XYZ is the default domain name you can find in Settings>Webiste>General on your Nexudus account.

    • 107.178.250.42/32

    • 216.239.32.0/19

    • 64.233.160.0/19

    • 72.14.192.0/18

    • 209.85.128.0/17

    • 66.102.0.0/20

    • 74.125.0.0/16

    • 64.18.0.0/20

    • 207.126.144.0/20

    • 173.194.0.0/16

Configuring RADIUS Authentication

Go to Security > Web Auth > Web Login Page and change Web Authentication Type to External (redirect to external server). Add the External Webauth URL. The URL here should be http://XYZ.spaces.nexudus.com/en/splash. XYZ is the default domain name you can find in Settings > Webiste > General on your Nexudus account.

Go to Security > AAA > RADIUS>Authentication, add a new RADIUS Authentication server and enter the following:

  • IP address in the Server Address(Ipv4/Ipv6) text box.

  • In the Shared Secret text box, the Shared Secret from the details of the RADIUS server that you received when you created the server.

  • Your RADIUS ports in the Port Number text box.

Configuring RADIUS Accounting

Go to Security > AAA > RADIUS > Accounting, add a new RADIUS Accounting server and enter the following:

  • IP address in the Server Address(Ipv4/Ipv6) text box.

  • In the Shared Secret text box, the Shared Secret from the details of the RADIUS server that you received when you created the server.

  • Your RADIUS ports in the Port Number text box.

Configuring WLAN

Go to WLANs, select existing or create a new WLAN and then open the WLAN settings.

Click Security>Layer 2 and set Layer 2 Security to None.

Click Layer 3, select Web Policy from the Layer 3 Security drop-down list and then select Authentication. Select your new ACL from the Preauthentication ACL drop-down list.

Click AAA Servers and select RADIUS authentication and accounting servers. You can also set Interim Interval to 180 seconds or higher. To save and apply new settings, click Save Configuration.

Number

Description

1

Authentication and Accounting Servers

2

Interim Interval

3

Save Configuration

PreviousWiFi-based check-in: Cisco MerakiNextWiFi-based check-in: Ruckus Cloud

Last updated