Cisco Enterprise Controller Configuration

The following instructions outline how to setup a Cisco Wireless LAN Controller for the Smart WIFi Platform.  Please make sure any firewall rules, web content filters, and other security measures have been configured to interface with the Smart WiFi Platform.

  1. Login to the WLC
  2. Using the top navigation menu, click on Security
  3. Using the menu to the left, open AAA > RADIUS > Authentication
    1. Auth Call Station ID Type: AP MAC Address
    2. Press New and configure a Authentication server using the settings below
      • Server IP Address: You will be provided this
      • Shared Secret Format: ASCII
      • Shared Secret: You will be provided this
      • Confirm Secret: same as above
      • Port: 1812
      • Server Status: Enabled
      • Network User: unchecked
      • Management: unchecked
      • IPSec: unchecked
      • Click Apply
    3. Press New and configure another Authentication server using the settings below
      • Server IP Address: You will be provided this
      • Shared Secret Format: ASCII
      • Shared Secret: You will be provided this
      • Confirm Secret: same as above
      • Port: 1812
      • Server Status: Enabled
      • Network User: unchecked
      • Management: unchecked
      • IPSec: unchecked
      • Click Apply
    4. Click Apply
  4. Using the menu to the left, open AAA > RADIUS > Accounting
    1. Acct Call Station ID Type: AP MAC Address
    2. Press New and configure a Accounting server using the settings below
      • Server IP Address: You will be provided this
      • Shared Secret Format: ASCII
      • Shared Secret: You will be provided this
      • Confirm Secret: same as above
      • Port: 1813
      • Server Status: Enabled
      • Network User: unchecked
      • IPSec: unchecked
      • Click Apply
    3. Press New and configure another Authentication server using the settings below
      • Server IP Address: You will be provided this
      • Shared Secret Format: ASCII
      • Shared Secret: You will be provided this
      • Confirm Secret: same as above
      • Port: 1813
      • Server Status: Enabled
      • Network User: unchecked
      • IPSec: unchecked
      • Click Apply
  5. Using the menu to the left, open Access Control Lists > Access Control Lists  (or FlexConnect ACLs if you’re using FlexConnect)
    1. Press New and configure with
      • Access Control List Name: SmartWiFi
      • ACL Type: IPv4
      • Click Apply
    2. Hover over the blue arrow of the ACL you created and click Add-Remove URL.
    3. Use the URL String Name field to add the whitelist entries one at a time.
      Flex Connect mode

      If using a FlexConnect ACL, click into the ACL created then click Add Rule > URL rule. Use the URL box to add the whitelist entries with the Action set to Permit for all of them.

      Whitelist Entries

      Adjustments to the entries below may be required based on your hardware. Only the Smart  WiFi Platform entries are required. If you wish to support Social Media logins or utilize Payment Processors, you must add the entries for each product you plan to support.

      add your splash domain
      assets.smartwifiplatform.com
      crl3.digicert.com
      crl4.digicert.com
      sr.symbc.com
      assets.ads4wifi.com
      ads.ads4wifi.com
      facebook.com
      facebook.net
      developer.facebook.com
      fbcdn.net
      doubleclick.net
      connect.facebook.net
      twitter.com
      twimg.com
      abs.twitter.com
      linkedin.com
      licdn.com
      l-msedge.net
      js.authorize.net
      api.authorize.net
      api2.authorize.net
      js.authorize.net.cdn.cloudflare.net
      jstest.authorize.net
      apitest.authorize.net
      js.stripe.com
      m.stripe.com
      m.stripe.network
      api.stripe.com
      stripensrq.global.ssl.fastly.net
      wepay.com
      static.wepay.com
      js-agent.newrelic.com
      bam.nr-data.net
      ssl.google-analytics.com
      stage.wepay.com
      stage-static.wepay.com
      www.gstatic.com
      www.google-analytics.com
      play.google.com
      pay.google.com
      pci-connect.squareup.com
      connect.squareup.com
      js.squareup.com
      nd.squarecdn.com
      connect.squareupsandbox.com
      js.squareupsandbox.com
      pic-connect.squareupsandbox.com
      paypal.com
      www.paypal.com
      www.sandbox.paypal.com
      www.paypalobjects.com
  6. Using the menu to the left, Web Auth > Web Login Page
    • Redirect URL after login: leave this blank
    • Click Apply
  7. Using the top navigation menu, click on Management
  8. Using the menu to the left, open HTTP-HTTPS
    • WebAuth SecureWeb: Disabled
    • Click Apply
  9. Using the top navigation menu, click on Controller
  10. Using the menu to the left, open Interfaces
    • Click on the virtual interface
    • Change the interface IP Address from 1.1.1.1 to 192.0.2.1
    • Click Apply
  11. Using the top navigation menu, click on WLANs
  12. Create a new WLAN using the Create New > Go option at the top right or edit your existing WLAN
    1. WLAN General settings-
      • Status: Enabled
      • Broadcast SSID: Enabled
      • NAS-ID: You will be provided this
    2. Security > Layer 2-
      • Layer 2 Security: None
    3. Security > Layer 3-
      • Layer 3 Security: Web Policy
      • Authentication: Enabled
      • Pre-Authentication ACL: Select the IPv4 or FlexConnect ACL called SmartWiFi
      • Sleeping Client: Enabled
      • Sleeping Client Timeout: 12
      • Override Global Config: Enable
      • Web Auth type: External
      • Redirect URL: You will be provided this
    4. Security > AAA Servers-
      • Authentication Server: Enabled
      • Server 1: Select the Authentication server created in step 3.2
      • Server 2: Select the Authentication server created in step 3.3
      • Accounting Servers: Enabled
      • Server 1: Select the Accounting server created in step 4.2
      • Server 2: Select the Accounting server created in step 4.3
      • Authentication priority order for web-auth user
        1. Not Used: LOCAL & LDAP
        2. Order Used for Authentication: RADIUS
    5. Advanced-
      1. Allow AAA Override: Enabled
      2. Enable Session Timeout: Enabled
      3. Session Timeout(secs): 43200
    6. Click Apply
  13. Using the top navigation menu, click on Save Configuration and press OK
  14. Reboot the WLC for all the changes to take affect
  15. The configuration is complete

Disclaimer on hardware configuration guides in the KB:

v8.2.100.0

v8.7 or higher if using FlexConnect

LIMITED HARDWARE SUPPORT: Hardware manufacturers frequently make changes to firmware, controllers and GUI’s. The information below may be out of date or images may be different and is to be used as a general reference guide. We do offer additional limited support to help with trouble-shooting and we highly recommend that you have a hardware support agreement and/or access to a hardware support engineering representative from the manufacturer.

Updated on March 30, 2023

Was this article helpful?

Related Articles