You can confirm your environment under Operator Customizations.
Before configuring your device, please be sure that you have added the Gateway to the Smart WiFi Platform and associated it with a Hotspot.
ADD GATEWAY
ADD HOSPOT
The following instructions outline how to setup a Cisco Enterprise Level device for the Marketing4WIFi Platform. Please make sure any firewall rules, web content filters, and other security measures have been configured to interface with the Smart WiFi Platform.
Step 1) Radius
Click Security on the top navigation panel, then click the AAA tab on the left.
- Security Tab – AAA – Radius Authentication
Add the following server information for RADIUS Authentication for Splash Page: 52.23.46.139 3.132.31.3 52.207.192.243 3.18.137.68
Host 1: Select one
Port: 1812
Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
Host 2: Select one
Port: 1812
Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
Create the Radius Authentication Server 1
Create the Radius Authentication Server 2
- Security Tab – AAA – Radius Accounting
Add the following server information for RADIUS Accounting for Splash Page: 52.23.46.139 3.132.31.3 52.207.192.243 3.18.137.68
Host 1: Select one
Port: 1813
Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
Host 2: Select one
Port: 1813
Secret: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
Radius Accounting Server 1
Radius Accounting Server 2
- AP Policies
Accept Self Signed Certificate(SSC): Enabled
Accept Manufactured Installed Certificate(MIC): Enabled
Step 2) Web Auth and ACL
Click on the Security tab on the Top navigation Bar.
- Security Tab – Web Auth – Web Login Page
Web authentication type: External (Redirect to external server)
Redirect URL after login: Select one
https://splash.4wifi.net/hotspotlogin.php?res=success
If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success
https://splash.4wifi-e2.net/hotspotlogin.php?res=success
If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success
External Webauth URL: Select one
https://splash.4wifi.net/hotspotlogin.php
If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php
https://splash.4wifi-e2.net/hotspotlogin.php
If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php
- Access Control Lists
- Create a new IPv4 ACL.
- Click the name of the new ACL. Hover your cursor over the blue drop-down arrow, choose Add-Remove URL from the drop-down list to open the URL List page.
- Please add all the Default walled garden entries.
If you’re a white label client and you have your own splash domain, be sure to include it in the walled garden.
Step 3) WLAN
Click on WLANs on the top navigation bar then click the WLANs tab to the left. Create a new WLAN. (If you have an existing WLAN intended for use for Guest WiFi you can edit that WLAN)
- WLAN – General Tab
Profile Name: SmartWiFi (Or whatever you would like)
SSID: SmartWiFi (Or whatever you would like)
Status: Enabled
Broadcast SSID: Enabled
NAS-ID: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called SWS/Hotspot/NAS-ID.
- WLAN – Security – Layer 3 Tab
Make sure to apply the appropriate PreAuthentication ACL list created previously in this document.
Layer 3 Security: Web Policy
Authentication: Enable
Pre-Authentication ACL: Use the ACL created earlier.
Override Global Config: Enable
Web Auth Type: External(Re-direct to an external server)
Redirect URL: Select one
https://splash.4wifi.net/hotspotlogin.php?res=success
If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success
https://splash.4wifi-e2.net/hotspotlogin.php?res=success
If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success
- WLAN – Security – AAA Servers Tab
Authentication Servers: Enable 52.23.46.139 3.132.31.3 52.207.192.243 3.18.137.68 52.23.46.139 3.132.31.3 52.207.192.243 3.18.137.68
Server 1: Select one
Server 2: Select one
Accounting Servers: Enable
Server 1: Select one
Server 2: Select one
Interim Update: Enabled
Interim Interval: 900
Authentication priority order for web-auth user-
Not used: LOCAL, LDAP
Order used for Authentication: RADIUS
- WLAN – Advanced Tab
Allow AAA Override: Enable
Enable Session Timeout: Enabled
Session Timeout: 43200
Step 4) HTTPS and Secure Webauth
Please see this Cisco article on WebAuthentication and certificates. The following steps need to be completed if you have not put your own certificate on the webauth page and assigned a DNS host name for the virtual interface.
- Management Tab – HTTP-HTTPS
- WebAuth SecureWeb: Disabled
MAC ADDRESSES
The AP Base Radio MAC addresses need to be added to the dashboard as gateways.
Disclaimer on hardware configuration guides in the KB:
v8.2.100.0
LIMITED HARDWARE SUPPORT: Hardware manufacturers frequently make changes to firmware, controllers and GUI’s. The information below may be out of date or images may be different and is to be used as a general reference guide. We do offer additional limited support to help with trouble-shooting and we highly recommend that you have a hardware support agreement and/or access to a hardware support engineering representative from the manufacturer.
English
Français
Deutsch
Português
Español