Device & Controller Setup Guide - Cisco WLC Configuration for Kiwire
A. Cisco WLC with Flex Connect AP Configuration Step 1 – Change RADIUS authentication settings.
Go to SECURITY > RADIUS > Authentication
Set Auth Called Station ID Type to AP MAC Address:SSID
Set MAC Delimiter to Hyphen
Take note that the Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address which will be needed later
Step 2 – Edit the server with the following settings:
Set Shared Secret Format to ASCII
Set Shared Secret code to be the same key with Kiwire NAS
Confirm Shared Secret code in the next input box and proceed
Set Server Status to Enabled
Set Support for CoA to Enabled
Step 3 – Configure RADIUS accounting server.
Go to SECURITY > RADIUS > Accounting
Set Acct Called Station ID Type to System MAC Address
Set MAC Delimiter to Hyphen
Step 4 – Edit the RADIUS accounting server with the following settings:
The Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address
Set Shared Secret Format to ASCII
Set Shared Secret code to be the same key with Kiwire NAS
Confirm Shared Secret code in the next input box and proceed
Set Server Status to Enabled
Step 6 – Add access control rules for inbound server.
Locate Source input row select IP Address
Fill in the input field with the Kiwire IP Address and Netmask
Set Destination to Any
Set Protocol to Any
Set DSCP to Any
Set Direction to Inbound
Set Action to Permit
Step 7 – Add access control rules for outbound server.
Locate Source input row select Any from the dropdown option
Fill in the input field with the Kiwire IP Address and Netmask
Set Destination to IP Address from the dropdown option
Set Protocol to Any from the dropdown option
Set DSCP to Any from the dropdown option
Set Direction to Outbound from the dropdown option
Set Action to Permit from the dropdown option
Step 8 – Configure the web login page.
Go to SECURITY > Web Auth > Web Login Page
Set Web Authentication Type to External (Redirect to external server)
Set External Webauth URL to http://kiwire-ip/user/cisco_login.php in the input box
Step 9 – Go to WLANs > WLANs
Step 10 – Edit the CISCO_Kiwire WLAN with the following settings:
Select General category tab on the right menu
Set Profile Name to your desired profile name in the input box
Set SSID to a SSID name you had created
Set Status to Enabled
Set Interface/Interface Group(G) to either option based on your captive portal interface
Set NAS-ID to your Cisco WLC MAC address
Step 11 – Go to WLANs > Security > Layer 3
Set Layer 3 Security to Web Policy
Select Authentication from the list of radio buttons below
Set Preauthentication ACL to choose ACL for IPv4 and WebAuth FlexACL
Step 12 – Go to WLANs > Security > AAA Servers
At the Authentication Servers column select Kiwire server and place a checkmark on enabled
At the Accounting Servers column select Kiwire server and place a checkmark on enabled
Place a checkmark on Interim Update to enable and set desired time
Locate Authentication priority order for web-auth user section and set to user: RADIUS
B. Kiwire ConfigurationStep 1 – Add a new NAS.
Go to Devices > NAS
Set Device Type to Cisco WLC
Set NAS Identifier to the Cisco WLC MAC address
Set IP Address to the Cisco WLC MAC address
Set the Shared Secret Key to the same Cisco WLC shared key configured earlier
Set COA Port to 1700
Step 2 – Configuration is now complete.
Comments