Cisco Enterprise Controller Configuration

The following instructions outline how to setup a Cisco Enterprise Level device for the Smart WiFi Platform. Additional Cisco options may need to be enabled before you’re able to configure completely.

Step 1) Radius

Click Security on the top navigation panel, then click the AAA tab on the left.

  • Security Tab – AAA – Radius Authentication
    Auth Called station ID type- AP MAC Address: SSID

Add the following server information for RADIUS Authentication for Splash Page:
Host 1: 52.23.46.139
Port: 1812
Secret:  (We will supply this to you)
Host 2: 52.207.192.243
Port: 1812
Secret:  (We will supply this to you)

Create the Radius Authentication Server 1

Create the Radius Authentication Server 2

  • Security Tab – AAA – Radius Accounting
    Acct Called station ID type- AP MAC Address: SSID

Add the following server information for RADIUS Accounting for Splash Page:
Host 1: 52.23.46.139
Port: 1813
Secret:  (We will supply this to you)
Host 2: 52.207.192.243
Port: 1813
Secret:  (We will supply this to you)

Radius Accounting Server 1

Radius Accounting Server 2

Step 2) WebAuth and Access Control List

Click on the Security tab on the Top navigation Bar.

  • Security Tab – Web Auth – Web Login Page
  1. Redirect URL after login: (We will supply this to you)
  2. External Webauth URL: (We will supply this to you)
  • Security Tab – Access Control List – Access Control List
  1. Create a new IPv4 ACL.
  2. Click the name of the new ACL. Hover your cursor over the blue drop-down arrow, choose Add-Remove URL from the drop-down list to open the URL List page.
  3. Enter all of the default walled garden entries into the ACL.

Step 3) WLAN

Click on WLANs on the top navigation bar then click the WLANs tab to the left. Create a new WLAN. (If you have an existing WLAN intended for use for Guest WiFi you can edit that WLAN)

  • WLAN – General Tab

Profile Name: SmartWiFi (Or whatever you would like)
SSID: SmartWiFi (Or whatever you would like)
Status: Enabled
Broadcast SSID: Enabled
NAS-ID: (We will supply this to you)

  • WLAN – Security – Layer 3 Tab

Layer 3 Security: Web Policy
Authentication: Enable
Pre-Authentication ACL: Use the ACL we created earlier.
Override Global Config: Enable
Web Auth Type: External(Re-direct to an external server)
Redirect URL: (We will supply this to you)

  • WLAN – Security – AAA Servers Tab

Authentication Servers: Enable
Server 1: 52.23.46.139 -Port:1812
Server 2: 52.207.192.243 -Port: 1812
Accounting Servers: Enable
Server 1: 52.23.46.139 -Port:1813
Server 2: 52.207.192.243 -Port: 1813
Interim Update: Enabled
Interim Interval: 900
Authentication priority order for web-auth user-
Not used: LOCAL, LDAP
Order used for Authentication: RADIUS

  • WLAN – Advanced Tab

Allow AAA Override: Enable
Enable Session Timeout: Enabled
Session Timeout: 43200

Step 4) HTTPS and Secure Webauth

Please see this Cisco article on WebAuthentication and certificates. The following steps need to be completed if you have not put your own certificate on the webauth page and assigned a DNS host name for the virtual interface.

      1. Management Tab – HTTP-HTTPS
      2. WebAuth SecureWeb: Disabled

Disclaimer on hardware configuration guides in the KB:

v8.2

FlexConnect 8.7

LIMITED HARDWARE SUPPORT: Hardware manufacturers frequently make changes to firmware, controllers and GUI’s. The information below may be out of date or images may be different and is to be used as a general reference guide. We do offer additional limited support to help with trouble-shooting and we highly recommend that you have a hardware support agreement and/or access to a hardware support engineering representative from the manufacturer.

Updated on January 11, 2022

Was this article helpful?

Related Articles