Device & Controller Setup Guide - Cisco WLC Configuration for Kiwire

A. Cisco WLC with Flex Connect AP Configuration Step 1 – Change RADIUS authentication settings.

• Go to SECURITY > RADIUS > Authentication

• Set Auth Called Station ID Type to AP MAC Address:SSID

• Set MAC Delimiter to Hyphen

• Take note that the Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address which will be needed later
  

Step 2 – Edit the server with the following settings:

• Set Shared Secret Format to ASCII

• Set Shared Secret code to be the same key with Kiwire NAS

• Confirm Shared Secret code in the next input box and proceed

• Set Server Status to Enabled

• Set Support for CoA to Enabled

Step 3 – Configure RADIUS accounting server.

• Go to SECURITY > RADIUS > Accounting

• Set Acct Called Station ID Type to System MAC Address

• Set MAC Delimiter to Hyphen

Step 4 – Edit the RADIUS accounting server with the following settings:

• The Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address

• Set Shared Secret Format to ASCII

• Set Shared Secret code to be the same key with Kiwire NAS

• Confirm Shared Secret code in the next input box and proceed

• Set Server Status to Enabled

Step 6 – Add access control rules for inbound server.

• Locate Source input row select IP Address

• Fill in the input field with the Kiwire IP Address and Netmask

• Set Destination to Any

• Set Protocol to Any

• Set DSCP to Any

• Set Direction to Inbound

• Set Action to Permit
  

Step 7 – Add access control rules for outbound server.

• Locate Source input row select Any from the dropdown option

• Fill in the input field with the Kiwire IP Address and Netmask

• Set Destination to IP Address from the dropdown option

• Set Protocol to Any from the dropdown option

• Set DSCP to Any from the dropdown option

• Set Direction to Outbound from the dropdown option

• Set Action to Permit from the dropdown option

Step 8 – Configure the web login page.

• Go to SECURITY > Web Auth > Web Login Page

• Set Web Authentication Type to External (Redirect to external server)

• Set External Webauth URL to http://kiwire-ip/user/cisco_login.php in the input box
  

Step 9 – Go to WLANs > WLANs

Step 10 – Edit the CISCO_Kiwire WLAN with the following settings:

• Select General category tab on the right menu

• Set Profile Name to your desired profile name in the input box

• Set SSID to a SSID name you had created

• Set Status to Enabled

• Set Interface/Interface Group(G) to either option based on your captive portal interface

• Set NAS-ID to your Cisco WLC MAC address

Step 11 – Go to WLANs > Security > Layer 3

• Set Layer 3 Security to Web Policy

• Select Authentication from the list of radio buttons below

• Set Preauthentication ACL to choose ACL for IPv4 and WebAuth FlexACL
  

Step 12 – Go to WLANs > Security > AAA Servers

• At the Authentication Servers column select Kiwire server and place a checkmark on enabled

• At the Accounting Servers column select Kiwire server and place a checkmark on enabled

• Place a checkmark on Interim Update to enable and set desired time

• Locate Authentication priority order for web-auth user section and set to user: RADIUS

B. Kiwire ConfigurationStep 1 – Add a new NAS.

• Go to Devices > NAS

• Set Device Type to Cisco WLC

• Set NAS Identifier to the Cisco WLC MAC address

• Set IP Address to the Cisco WLC MAC address

• Set the Shared Secret Key to the same Cisco WLC shared key configured earlier

• Set COA Port to 1700

Step 2 – Configuration is now complete.