Cisco Enterprise Controller Configuration

The following instructions outline how to setup a Cisco Wireless LAN Controller for the Marketing4WIFi Platform.  Please make sure any firewall rules, web content filters, and other security measures have been configured to interface with the Smart WiFi Platform.

1. Login to the WLC
2. Using the top navigation menu, click on Security
3. Using the menu to the left, open AAA > RADIUS > Authentication
   1. Auth Call Station ID Type: AP MAC Address
   2. Press New and configure a Authentication server using the settings below
      • Server IP Address: Select one
        US-A Radius 1 IP

        52.23.46.139

        You can confirm your platform environment under Operator Customizations.

        US-B Radius 1 IP

        3.132.31.3

        You can confirm your platform environment under Operator Customizations.

      • Shared Secret Format: ASCII
      • Shared Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
      • Confirm Secret: same as above
      • Port: 1812
      • Server Status: Enabled
      • Network User: unchecked
      • Management: unchecked
      • IPSec: unchecked
      • Click Apply
   3. Press New and configure another Authentication server using the settings below
      • Server IP Address: Select one
        US-A Radius 2 IP

        52.207.192.243

        You can confirm your platform environment under Operator Customizations.

        US-B Radius 2 IP

        3.18.137.68

        You can confirm your platform environment under Operator Customizations.

      • Shared Secret Format: ASCII
      • Shared Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
      • Confirm Secret: same as above
      • Port: 1812
      • Server Status: Enabled
      • Network User: unchecked
      • Management: unchecked
      • IPSec: unchecked
      • Click Apply
   4. Click Apply
4. Using the menu to the left, open AAA > RADIUS > Accounting
   1. Acct Call Station ID Type: AP MAC Address
   2. Press New and configure a Accounting server using the settings below
      • Server IP Address: Select one
        US-A Radius 1 IP

        52.23.46.139

        You can confirm your platform environment under Operator Customizations.

        US-B Radius 1 IP

        3.132.31.3

        You can confirm your platform environment under Operator Customizations.

      • Shared Secret Format: ASCII
      • Shared Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
      • Confirm Secret: same as above
      • Port: 1813
      • Server Status: Enabled
      • Network User: unchecked
      • IPSec: unchecked
      • Click Apply
   3. Press New and configure another Authentication server using the settings below
      • Server IP Address: Select one
        US-A Radius 2 IP

        52.207.192.243

        You can confirm your platform environment under Operator Customizations.

        US-B Radius 2 IP

        3.18.137.68

        You can confirm your platform environment under Operator Customizations.

      • Shared Secret Format: ASCII
      • Shared Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
      • Confirm Secret: same as above
      • Port: 1813
      • Server Status: Enabled
      • Network User: unchecked
      • IPSec: unchecked
      • Click Apply
5. Using the menu to the left, open Access Control Lists > Access Control Lists  (or FlexConnect ACLs if you’re using FlexConnect)
   1. Press New and configure with
      • Access Control List Name: SmartWiFi
      • ACL Type: IPv4
      • Click Apply
   2. Hover over the blue arrow of the ACL you created and click Add-Remove URL.
   3. Use the URL String Name field to add the whitelist entries one at a time.
      
      Flex Connect mode

      If using a FlexConnect ACL, click into the ACL created then click Add Rule > URL rule. Use the URL box to add the whitelist entries with the Action set to Permit for all of them.

      
      
      Whitelist Entries

      Adjustments to the entries below may be required based on your hardware. Only the Marketing 4 WiFi entries are required. If you wish to support Social Media logins or utilize Payment Processors, you must add the entries for each product you plan to support.

      	your_white_label_splash_domain
      	assets.smartwifiplatform.com
      	crl3.digicert.com
      	crl4.digicert.com
      	sr.symbc.com
      	assets.ads4wifi.com
      	ads.ads4wifi.com
      	facebook.com
      	facebook.net
      	developer.facebook.com
      	fbcdn.net
      	doubleclick.net
      	connect.facebook.net
      	twitter.com
      	twimg.com
      	abs.twitter.com
      	linkedin.com
      	licdn.com
      	l-msedge.net
      	js.authorize.net
      	api.authorize.net
      	api2.authorize.net
      	cdn.cloudflare.net
      	pay.google.com
      	payments.google.com
      	play.google.com
      	fonts.gstatic.com
      	fonts.googleapis.com
      	www.gstatic.com
      	jstest.authorize.net
      	apitest.authorize.net
      	js.stripe.com
      	m.stripe.com
      	m.stripe.network
      	api.stripe.com
      	stripensrq.global.ssl.fastly.net
      	wepay.com
      	static.wepay.com
      	js-agent.newrelic.com
      	bam.nr-data.net
      	ssl.google-analytics.com
      	stage.wepay.com
      	stage-static.wepay.com
      	www.gstatic.com
      	www.google-analytics.com
      	play.google.com
      	pay.google.com
      	pci-connect.squareup.com
      	connect.squareup.com
      	js.squareup.com
      	nd.squarecdn.com
      	connect.squareupsandbox.com
      	js.squareupsandbox.com
      	pic-connect.squareupsandbox.com
      	paypal.com
      	www.paypal.com
      	www.sandbox.paypal.com
      	www.paypalobjects.com

6. Using the menu to the left, Web Auth > Web Login Page
   • Redirect URL after login: leave this blank
   • Click Apply
7. Using the top navigation menu, click on Management
8. Using the menu to the left, open HTTP-HTTPS
   • WebAuth SecureWeb: Disabled
   • Click Apply
9. Using the top navigation menu, click on Controller
10. Using the menu to the left, open Interfaces
    • Click on the virtual interface
    • Change the interface IP Address from 1.1.1.1 to 192.0.2.1
    • Click Apply
11. Using the top navigation menu, click on WLANs
12. Create a new WLAN using the Create New > Go option at the top right or edit your existing WLAN
    1. WLAN General settings-
       • Status: Enabled
       • Broadcast SSID: Enabled
       • NAS-ID: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called SWS/Hotspot/NAS-ID.
    2. Security > Layer 2-
       • Layer 2 Security: None
    3. Security > Layer 3-
       • Layer 3 Security: Web Policy
       • Authentication: Enabled
       • Pre-Authentication ACL: Select the IPv4 or FlexConnect ACL called SmartWiFi
       • Sleeping Client: Enabled
       • Sleeping Client Timeout: 12
       • Override Global Config: Enable
       • Web Auth type: External
       • Redirect URL: Select one
         US-A Redirect URL

         https://splash.4wifi.net/hotspotlogin.php?res=success

         You can confirm your platform environment under Operator Customizations.
         

         If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success

         US-B Redirect URL

         https://splash.4wifi-e2.net/hotspotlogin.php?res=success

         You can confirm your platform environment under Operator Customizations.
         

         If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success

    4. Security > AAA Servers-
       • Authentication Server: Enabled
       • Server 1: Select the Authentication server created in step 3.2
       • Server 2: Select the Authentication server created in step 3.3
       • Accounting Servers: Enabled
       • Server 1: Select the Accounting server created in step 4.2
       • Server 2: Select the Accounting server created in step 4.3
       • Authentication priority order for web-auth user
         1. Not Used: LOCAL & LDAP
         2. Order Used for Authentication: RADIUS
    5. Advanced-
       1. Allow AAA Override: Enabled
       2. Enable Session Timeout: Enabled
       3. Session Timeout(secs): 43200
    6. Click Apply
13. Using the top navigation menu, click on Save Configuration and press OK
14. Reboot the WLC for all the changes to take affect
15. The configuration is complete