Configuration for Cisco Catalyst

The following instructions outline how to setup a Cisco Catalyst controller for the Marketing WiFi Platform. This guide covers details such as configuring RADIUS, URL Filters, tags and policies profiles and WLANs. This guide assumes that your Cisco Catalyst is already operational and on a live network. Please make sure any firewall rules, web content filters, and other security measures have been configured to interface with the platform.

Checklist before proceeding with the Cisco Catalyst configuration

HTTP and HTTPS access must be open to the controller for this integration to work.
The BASE RADIO MAC of all APs that will be broadcasting the Guest WiFi signal need to be added as Cisco Enterprise gateways to avoid guests being served a hotspot deactivated message.

Login to your Cisco Catalyst portal
At the top right, click the Settings icons and enable the Expert mode.
Click on Configuration > Security > Web Auth on the left, add a profile profile and configure with-
1. Parameter-map name: smart_wifi
2. Maximum HTTP connections: 200
3. Init-State Timeout: 3600
4. Type: Webauth
5. Click apply to device to save.
Click on the profile you just created and configure with
1. Under General
  1. Banner type: none
  2. Turn-on Consent with Email: Disabled
  3. Captive Bypass Portal: Disabled
  4. Disable Logout Window: Enabled
  5. Disable Client Status: Enabled
  6. Sleeping Client Timeout: 720
2. Under Advanced
  1. Redirect for log-in:
    
    US-A Redirect URL
    https://splash.4wifi.net/hotspotlogin.php?res=success
    You can confirm your platform environment under Operator Customizations.
    If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success
    US-B Redirect URL
    https://splash.4wifi-e2.net/hotspotlogin.php?res=success
    You can confirm your platform environment under Operator Customizations.
    If you have your own branded splash hostname you would use https://splash.yourdomain.com/hotspotlogin.php?res=success
  2. Redirect on failure: blank
  3. Redirect Append for AP MAC Address: ap_mac
  4. Redirect Append for Client Mac Address: client_mac
  5. Redirect Append for WLAN SSID: wlan_ssid
  6. Portal IPv4 Address: 1.1.1.1
3. Click Apply to save.
On the left click on Configuration > Security > AAA. Select the Servers /Groups tab click Add and configure with:
1. Name: smartwifi1
2. IPv4/IPv6 Server Address:
  
  US-A Radius 1 IP
  52.23.46.139
  You can confirm your platform environment under Operator Customizations.
  US-B Radius 1 IP
  3.132.31.3
  You can confirm your platform environment under Operator Customizations.
3. Keytype: 0
4. Key: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
5. Confirm Key: Same as key above
6. Auth Port: 1812
7. Acct Port: 1813
8. Server Timeout: 10
9. Retry Count: 3
10. Support for CoA: Disabled
Click Apply to Device to save. Then click Add again and configure with:
1. Name: smartwifi2
2. IPv4/IPv6 Server Address:
  
  US-A Radius 2 IP
  52.207.192.243
  You can confirm your platform environment under Operator Customizations.
  US-B Radius 2 IP
  3.18.137.68
  You can confirm your platform environment under Operator Customizations.
3. Keytype: 0
4. Key: Available in the Edit Hotspot page in the Marketing4WiFi dashboard, called RADIUS Secret in the dashboard.
5. Confirm Key: Same as key above
6. Auth Port: 1812
7. Acct Port: 1813
8. Server Timeout: 10
9. Retry Count: 3
10. Support for CoA: Disabled
Click apply to Device to save.
Click on the Server Groups tab and click Add. Configure with:
1. Name: smartRadius
2. Group Type: RADIUS
3. MAC-Deliminter: hyphen
4. MAC-Filtering: none
5. Assigned Servers: smartWiFi1, smartWiFi2
Click Apply to Device to save.
Click the AAA Method List. Click add and configure with.
1. Method List Name: smart_auth
2. Type: login
3. Group Type: group
4. Assigned Server Groups: smartradius
Click Apply to Device to save.
Click the Accounting menu. Click add and configure with
1. Method List Name: smart_auth
2. Type: identity
3. Assigned Server Groups: smartradius
Click apply to Device to save.
Click the AAA Advanced tab and then click Show Advanced settings option. Configure both Authentication and Accounting with.
1. Call Station ID: ap-macaddress-ssid
2. Call Station ID Case: upper
3. MAC-Delimiter: hypen
4. Username Case: lower
5. Username Delimiter: none
Click Apply to Device to save.
Next on the left click Configuration > Tags and Policies > Click Add or Edit an existing WLAN and configure with the following:
1. General tab
  1. Profile Name: Smart WiFi
  2. SSID: Smart WiFi( or whatever you wish)
  3. Status: Enabled
  4. Radio Policy: All
  5. Broadcast: SSID
2. Security > Layer 2
  1. Layer 2 Security Mode: None
  2. MAC Filtering: Disabled
  3. Security > Layer 3
  4. Web Policy: Enabled
  5. Web Auth Parameter Map: smart_wifi
  6. Authentication List: smartradius
  7. On MAC Filter Failure: Disabled
  8. Splash Web Redirect: Disabled
  9. IPv4 ACL: Empty
  10. Apply to Device to Save.
  11. On the left click Configuration > Security > URL Filters. Click add and configure with:
    1. List Name: smartfilter
    2. Type: PRE_AUTH
    3. Action: PERMIT
    4. Add the wildcard walled garden entries following Catalyst specifications
      If you have your own branded splash hostname please be sure to add the domain to the walled garden.
  12. Click Apply to save.
  13. On the left click Configuration > Security > Wireless AAA Policy. Click create new policy
    1. Name: For the name use the NASID from the Edit Hotspot page in the Marketing4WiFi dashboard, called SWS/Hotspot/NAS-ID.
    2. NAS-ID Option 1: AP Location
    3. Click apply to save.
  14. On the left click Configuration > Tags & Policies > Policy. Click Add leaving all settings the same apart from the following.
    1. On the General tab:
      1. Name: smart_policy
      2. Status: Enabled
    2. Access Policies
      1. URL Filters: smartfilter
    3. Advanced Tab: scroll down to the AAA Policy section
      1. Session Timeout:
      2. Idle Timeout:
      3. Allow AAA Override: enabled
      4. Policy Name: Use the Wireless AAA policy created in step 13
      5. Accounting List: smartRadius
  15. Click Apply to device. Now using the panel to the left select Configuration > Tags & Policies > Tags. Click Add and configure with
    1. Name: smart_tag
    2. WLAN Profile: Smart WiFi
    3. Policy Profile: smart_policy
  16. The configuration is complete.

Troubleshooting Splash page

If devices are redirected but the page fails to load please ensure the URL Filter has been properly configured and assigned to the access policy.
If devices load the splash page properly but after pressing connect the splash page is loaded again please ensure the RADIUS secret was correct applied for the Authentication profile
If an iOS device refuses to open the CNA but other devices are functioning as expected please review this article.
If Apple devices are not triggering the captive portal assistant but other devices are please see this article on Bypass Apple CNA
If devices are receiving a SSL Certificate error please see this article regarding Manufacturer SSL

Disclaimer on hardware configuration guides in the KB:

This equipment has been integrated and tested in our labs with the Smart WiFi Platform using the firmware versions below.

Software version 17.03.02a

LIMITED HARDWARE SUPPORT: Hardware manufacturers frequently make changes to firmware, controllers and GUI’s. The information below may be out of date or images may be different and is to be used as a general reference guide. We do offer additional limited support to help with trouble-shooting and we highly recommend that you have a hardware support agreement and/or access to a hardware support engineering representative from the manufacturer.

Updated on May 18, 2023

Was this article helpful?

Yes No

Need Support?

Can't find the answer you're looking for? Don't worry we're here to help!

CONTACT SUPPORT

Troubleshooting Splash page

Was this article helpful?

Related Articles