top of page

KIWIRE DOCUMENTATION

Device & Controller Setup Guide - Cisco WLC Configuration for Kiwire

A. Cisco WLC with Flex Connect AP Configuration Step 1 – Change RADIUS authentication settings.

  • Go to SECURITY > RADIUS > Authentication

  • Set Auth Called Station ID Type to AP MAC Address:SSID

  • Set MAC Delimiter to Hyphen

  • Take note that the Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address which will be needed later

Step 2 – Edit the server with the following settings:

  • Set Shared Secret Format to ASCII

  • Set Shared Secret code to be the same key with Kiwire NAS

  • Confirm Shared Secret code in the next input box and proceed

  • Set Server Status to Enabled

  • Set Support for CoA to Enabled


Step 3 – Configure RADIUS accounting server.

  • Go to SECURITY > RADIUS > Accounting

  • Set Acct Called Station ID Type to System MAC Address

  • Set MAC Delimiter to Hyphen


Step 4 – Edit the RADIUS accounting server with the following settings:

  • The Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address

  • Set Shared Secret Format to ASCII

  • Set Shared Secret code to be the same key with Kiwire NAS

  • Confirm Shared Secret code in the next input box and proceed

  • Set Server Status to Enabled



Step 6 – Add access control rules for inbound server.

  • Locate Source input row select IP Address

  • Fill in the input field with the Kiwire IP Address and Netmask

  • Set Destination to Any

  • Set Protocol to Any

  • Set DSCP to Any

  • Set Direction to Inbound

  • Set Action to Permit

Step 7 – Add access control rules for outbound server.

  • Locate Source input row select Any from the dropdown option

  • Fill in the input field with the Kiwire IP Address and Netmask

  • Set Destination to IP Address from the dropdown option

  • Set Protocol to Any from the dropdown option

  • Set DSCP to Any from the dropdown option

  • Set Direction to Outbound from the dropdown option

  • Set Action to Permit from the dropdown option


Step 8 – Configure the web login page.

  • Go to SECURITY > Web Auth > Web Login Page

  • Set Web Authentication Type to External (Redirect to external server)

  • Set External Webauth URL to http://kiwire-ip/user/cisco_login.php in the input box

Step 9 – Go to WLANs > WLANs


Step 10 – Edit the CISCO_Kiwire WLAN with the following settings:

  • Select General category tab on the right menu

  • Set Profile Name to your desired profile name in the input box

  • Set SSID to a SSID name you had created

  • Set Status to Enabled

  • Set Interface/Interface Group(G) to either option based on your captive portal interface

  • Set NAS-ID to your Cisco WLC MAC address


Step 11 – Go to WLANs > Security > Layer 3

  • Set Layer 3 Security to Web Policy

  • Select Authentication from the list of radio buttons below

  • Set Preauthentication ACL to choose ACL for IPv4 and WebAuth FlexACL

Step 12 – Go to WLANs > Security > AAA Servers

  • At the Authentication Servers column select Kiwire server and place a checkmark on enabled

  • At the Accounting Servers column select Kiwire server and place a checkmark on enabled

  • Place a checkmark on Interim Update to enable and set desired time

  • Locate Authentication priority order for web-auth user section and set to user: RADIUS


B. Kiwire ConfigurationStep 1 – Add a new NAS.

  • Go to Devices > NAS

  • Set Device Type to Cisco WLC

  • Set NAS Identifier to the Cisco WLC MAC address

  • Set IP Address to the Cisco WLC MAC address

  • Set the Shared Secret Key to the same Cisco WLC shared key configured earlier

  • Set COA Port to 1700


Step 2 – Configuration is now complete.

Comments


Commenting has been turned off.
Related Post
bottom of page