This page explains the configuration of the Cisco Wireless LAN Controller to work with redBorder Captive Portal.
Cisco WLC configuration
Log in to the Cisco WLC Web-Browser interface and go to Advanced Settings.
Go to Security -> Access Control Lists and add a new ACL: redBorder-Auth.
Add two rules to redBorder-Auth permitting connections to the Captive Portal.
Use the IP of your redBorder Manager, on this example the manager ip is 10.1.203.3:
- Source: Any, Destination: 10.1.203.3 netmask 255.255.255.255, protocol TCP, Dest port 443, Action: Permit
- Source 10.1.203.3 netmask 255.255.255.255, Destination: Any, protocol TCP, Source port 443, Action: Permit
Go to Security -> Web Auth -> Web Login Page and change Web Authentication Type to External (redirect to an external server). Add the External Webauth URL which is the Splash page URL from your Captive Portal in redBorder: https://<manager-ip >/captive_portal_sessions/new
Go to Security -> RADIUS -> Authentication, add new RADIUS Authentication Servers and enter IP Address, Port and Shared Secret (the secret will need to match with the one that you configure in the sensor on redBorder Manager), (on this example the redBorder manager IP is 10.1.203.3):
Go to Security -> RADIUS -> Accounting, add new RADIUS Accounting Servers and enter IP Address, Port and Shared Secret from your redBorder Manager ip.
Go to WLANs, select existing or create new WLAN and open WLAN settings page
Click on the Security tab, Layer 2 and set Layer 2 Security to None
Click on the Layer 3 tab and set Layer 3 Security to Web Policy, select the Authentication radio button and select your new ACL for Pre-authentication ACL.
Click on the AAA Servers tab and select redBorder RADIUS authentication and accounting servers. You can also set an Interim Interval to 180 seconds or higher.
Click on the Save Configuration link to save and apply new settings.
Finally, change the default virtual controller IP address from 22.214.171.124 to some other IP address for example 192.0.2.2 and install a valid SSL certificate on your controller to prevent warning messages displayed to your clients.
What is Next?
Please sign in to leave a comment.