Submit a Request

Support Center

This page explains the configuration of the Cisco Wireless LAN Controller to work with redBorder Captive Portal.

Cisco WLC configuration

Log in to the Cisco WLC Web-Browser interface and go to Advanced Settings.

01.png

Go to Security -> Access Control Lists and add a new ACL: redBorder-Auth.

02.png

Add two rules to redBorder-Auth permitting connections to the Captive Portal. 

Use the IP of your redBorder Manager, on this example the manager ip is 10.1.203.3:

  • Source: Any, Destination: 10.1.203.3 netmask 255.255.255.255, protocol TCP, Dest port 443, Action: Permit
  • Source 10.1.203.3 netmask 255.255.255.255, Destination: Any, protocol TCP, Source port 443, Action: Permit

03.png

Go to Security -> Web Auth -> Web Login Page and change Web Authentication Type to External (redirect to an external server). Add the External Webauth URL which is the Splash page URL from your Captive Portal in redBorder: https://<manager-ip >/captive_portal_sessions/new

13.png

Go to Security -> RADIUS -> Authentication, add new RADIUS Authentication Servers and enter IP Address, Port and Shared Secret (the secret will need to match with the one that you configure in the sensor on redBorder Manager),  (on this example the redBorder manager IP is 10.1.203.3):

14.png

15.png

Go to Security -> RADIUS -> Accounting, add new RADIUS Accounting Servers and enter IP Address, Port and Shared Secret from your redBorder Manager ip.

mceclip0.png

mceclip1.png

Go to WLANs, select existing or create new WLAN and open WLAN settings page

08.png

09.png

Click on the Security tab, Layer 2 and set Layer 2 Security to None

10.png

Click on the Layer 3 tab and set Layer 3 Security to Web Policy, select the Authentication radio button and select your new ACL for Pre-authentication ACL.

11.png

Click on the AAA Servers tab and select redBorder RADIUS authentication and accounting servers. You can also set an Interim Interval to 180 seconds or higher.

17.png

Click on the Save Configuration link to save and apply new settings.

Finally, change the default virtual controller IP address from 1.1.1.1 to some other IP address for example 192.0.2.2 and install a valid SSL certificate on your controller to prevent warning messages displayed to your clients.

 

What is Next?

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk