Cisco Enterprise Controller Configuration

You can confirm your environment under Operator Customizations.

Before configuring your device, please be sure that you have added the Gateway to the Smart WiFi Platform and associated it with a Hotspot.
ADD GATEWAY
ADD HOSPOT

The following instructions outline how to setup a Cisco Enterprise Level device for the Marketing4WIFi Platform.  Please make sure any firewall rules, web content filters, and other security measures have been configured to interface with the Smart WiFi Platform.

Step 1) Radius

Click Security on the top navigation panel, then click the AAA tab on the left.

  • Security Tab – AAA – Radius Authentication

Add the following server information for RADIUS Authentication for Splash Page:
Host 1: Select one

US-A Radius 1 IP

52.23.46.139

US-B Radius 1 IP

3.132.31.3


Port: 1812
Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
Host 2: Select one
US-A Radius 2 IP

52.207.192.243

US-B Radius 2 IP

3.18.137.68


Port: 1812
Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.

Create the Radius Authentication Server 1

Create the Radius Authentication Server 2

  • Security Tab – AAA – Radius Accounting

Add the following server information for RADIUS Accounting for Splash Page:
Host 1: Select one

US-A Radius 1 IP

52.23.46.139

US-B Radius 1 IP

3.132.31.3


Port: 1813
Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
Host 2: Select one
US-A Radius 2 IP

52.207.192.243

US-B Radius 2 IP

3.18.137.68


Port: 1813
Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.

Radius Accounting Server 1

Radius Accounting Server 2

  • AP Policies

Accept Self Signed Certificate(SSC): Enabled
Accept Manufactured Installed Certificate(MIC): Enabled

Step 2) Web Auth and ACL

Click on the Security tab on the Top navigation Bar.

  • Security Tab – Web Auth – Web Login Page

Web authentication type: External (Redirect to external server)
Redirect URL after login: Select one

US-A Redirect URL

https://splash.4wifi.net/hotspotlogin.php?res=success

If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success

US-B Redirect URL

https://splash.4wifi-e2.net/hotspotlogin.php?res=success

If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success


External Webauth URL: Select one
US-A Splash URL

https://splash.4wifi.net/hotspotlogin.php

If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php

US-B Splash URL

https://splash.4wifi-e2.net/hotspotlogin.php

If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php

  • Access Control Lists
  1. Create a new IPv4 ACL.
  2. Click the name of the new ACL. Hover your cursor over the blue drop-down arrow, choose Add-Remove URL from the drop-down list to open the URL List page.
  3. Please add all the Default walled garden entries.

    If you’re a white label client and you have your own splash domain, be sure to include it in the walled garden.

Step 3) WLAN

Click on WLANs on the top navigation bar then click the WLANs tab to the left. Create a new WLAN. (If you have an existing WLAN intended for use for Guest WiFi you can edit that WLAN)

  • WLAN – General Tab

Profile Name: SmartWiFi (Or whatever you would like)
SSID: SmartWiFi (Or whatever you would like)
Status: Enabled
Broadcast SSID: Enabled
NAS-ID: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called SWS/Hotspot/NAS-ID.

  • WLAN – Security – Layer 3 Tab

Make sure to apply the appropriate PreAuthentication ACL list created previously in this document.

Layer 3 Security: Web Policy
Authentication: Enable
Pre-Authentication ACL: Use the ACL created earlier.
Override Global Config: Enable
Web Auth Type: External(Re-direct to an external server)
Redirect URL: Select one

US-A Redirect URL

https://splash.4wifi.net/hotspotlogin.php?res=success

If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success

US-B Redirect URL

https://splash.4wifi-e2.net/hotspotlogin.php?res=success

If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success

  • WLAN – Security – AAA Servers Tab

Authentication Servers: Enable
Server 1: Select one

US-A Radius 1 IP

52.23.46.139

US-B Radius 1 IP

3.132.31.3

-Port:1812
Server 2: Select one
US-A Radius 2 IP

52.207.192.243

US-B Radius 2 IP

3.18.137.68

-Port: 1812
Accounting Servers: Enable
Server 1: Select one
US-A Radius 1 IP

52.23.46.139

US-B Radius 1 IP

3.132.31.3

-Port:1813
Server 2: Select one
US-A Radius 2 IP

52.207.192.243

US-B Radius 2 IP

3.18.137.68

-Port: 1813
Interim Update: Enabled
Interim Interval: 900
Authentication priority order for web-auth user-
Not used: LOCAL, LDAP
Order used for Authentication: RADIUS

  • WLAN – Advanced Tab

Allow AAA Override: Enable
Enable Session Timeout: Enabled
Session Timeout: 43200

MAC ADDRESSES
The AP Base Radio MAC addresses need to be added to the dashboard as gateways.

Disclaimer on hardware configuration guides in the KB:

v8.2.100.0

LIMITED HARDWARE SUPPORT: Hardware manufacturers frequently make changes to firmware, controllers and GUI’s. The information below may be out of date or images may be different and is to be used as a general reference guide. We do offer additional limited support to help with trouble-shooting and we highly recommend that you have a hardware support agreement and/or access to a hardware support engineering representative from the manufacturer.

Updated on February 10, 2021

Was this article helpful?

Need Support?
Can't find the answer you're looking for? Don't worry we're here to help!
CONTACT SUPPORT