The following instructions outline how to setup a Cisco Catalyst controller for the Marketing WiFi Platform. This guide covers details such as configuring RADIUS, URL Filters, tags and policies profiles and WLANs. This guide assumes that your Cisco Catalyst is already operational and on a live network. Please make sure any firewall rules, web content filters, and other security measures have been configured to interface with the platform.
- Login to your Cisco Catalyst portal
- At the top right, click the Settings icons and enable the Expert mode.
- Click on Configuration > Security > Web Auth on the left, add a profile profile and configure with-
- Parameter-map name: smart_wifi
- Maximum HTTP connections: 200
- Init-State Timeout: 3600
- Type: Webauth
- Click apply to device to save.
- Click on the profile you just created and configure with
- Under General
- Banner type: none
- Turn-on Consent with Email: Disabled
- Captive Bypass Portal: Disabled
- Disable Logout Window: Enabled
- Disable Client Status: Enabled
- Sleeping Client Timeout: 720
- Under Advanced
- Redirect for log-in:
- Redirect on failure: blank
- Redirect Append for AP MAC Address: ap_mac
- Redirect Append for Client Mac Address: client_mac
- Redirect Append for WLAN SSID: wlan_ssid
- Portal IPv4 Address: 1.1.1.1
- Redirect for log-in:
- Click Apply to save.
- Under General
- On the left click on Configuration > Security > AAA. Select the Servers /Groups tab click Add and configure with:
- Name: smartwifi1
- IPv4/IPv6 Server Address:
- Keytype: 0
- Key: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
- Confirm Key: Same as key above
- Auth Port: 1812
- Acct Port: 1813
- Server Timeout: 10
- Retry Count: 3
- Support for CoA: Disabled
- Click Apply to Device to save. Then click Add again and configure with:
- Name: smartwifi2
- IPv4/IPv6 Server Address:
- Keytype: 0
- Key: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
- Confirm Key: Same as key above
- Auth Port: 1812
- Acct Port: 1813
- Server Timeout: 10
- Retry Count: 3
- Support for CoA: Disabled
- Click apply to Device to save.
- Click on the Server Groups tab and click Add. Configure with:
- Name: smartRadius
- Group Type: RADIUS
- MAC-Deliminter: hyphen
- MAC-Filtering: none
- Assigned Servers: smartWiFi1, smartWiFi2
- Click Apply to Device to save.
- Click the AAA Method List. Click add and configure with.
- Method List Name: smart_auth
- Type: login
- Group Type: group
- Assigned Server Groups: smartradius
- Click Apply to Device to save.
- Click the Accounting menu. Click add and configure with
- Method List Name: smart_auth
- Type: identity
- Assigned Server Groups: smartradius
- Click apply to Device to save.
- Click the AAA Advanced tab and then click Show Advanced settings option. Configure both Authentication and Accounting with.
- Call Station ID: ap-macaddress-ssid
- Call Station ID Case: upper
- MAC-Delimiter: hypen
- Username Case: lower
- Username Delimiter: none
- Click Apply to Device to save.
- Next on the left click Configuration > Tags and Policies > Click Add or Edit an existing WLAN and configure with the following:
- General tab
- Profile Name: Smart WiFi
- SSID: Smart WiFi( or whatever you wish)
- Status: Enabled
- Radio Policy: All
- Broadcast: SSID
- Security > Layer 2
- Layer 2 Security Mode: None
- MAC Filtering: Disabled
- Security > Layer 3
- Web Policy: Enabled
- Web Auth Parameter Map: smart_wifi
- Authentication List: smartradius
- On MAC Filter Failure: Disabled
- Splash Web Redirect: Disabled
- IPv4 ACL: Empty
- Apply to Device to Save.
- On the left click Configuration > Security > URL Filters. Click add and configure with:
- List Name: smartfilter
- Type: PRE_AUTH
- Action: PERMIT
- Add the wildcard walled garden entries following Catalyst specifications
- Click Apply to save.
- On the left click Configuration > Security > Wireless AAA Policy. Click create new policy
- Name: For the name use the NASID from the Edit Hotspot page in the Marketing4WiFi dashboard, called SWS/Hotspot/NAS-ID.
- NAS-ID Option 1: AP Location
- Click apply to save.
- On the left click Configuration > Tags & Policies > Policy. Click Add leaving all settings the same apart from the following.
- On the General tab:
- Name: smart_policy
- Status: Enabled
- Access Policies
- URL Filters: smartfilter
- Advanced Tab: scroll down to the AAA Policy section
- Session Timeout:
- Idle Timeout:
- Allow AAA Override: enabled
- Policy Name: Use the Wireless AAA policy created in step 13
- Accounting List: smartRadius
- On the General tab:
- Click Apply to device. Now using the panel to the left select Configuration > Tags & Policies > Tags. Click Add and configure with
- Name: smart_tag
- WLAN Profile: Smart WiFi
- Policy Profile: smart_policy
- The configuration is complete.
- General tab
Troubleshooting Splash page
- If devices are redirected but the page fails to load please ensure the URL Filter has been properly configured and assigned to the access policy.
- If devices load the splash page properly but after pressing connect the splash page is loaded again please ensure the RADIUS secret was correct applied for the Authentication profile
- If an iOS device refuses to open the CNA but other devices are functioning as expected please review this article.
- If Apple devices are not triggering the captive portal assistant but other devices are please see this article on Bypass Apple CNA
- If devices are receiving a SSL Certificate error please see this article regarding Manufacturer SSL