fbpx

Help Center

Cisco (WLC Managed)
Purpose

This guide shows how to setup a Cisco WLC based WiFi network for SpotOn.

 

Prerequisites

Your Cisco APs should already be integrated with WLC. It is recommended to update your device firmwares to the latest available version. This setup has been tested on Cisco WLC v8.5.140.0.

 

Network Setup

The first step in integrating SpotOn is to setup AAA. Under the Security section go to RADIUS and then select Authentication. Click on New to add a new RADIUS Server:
 

IP Address: 94.124.94.160
Port Number: 1812
Shared Secret: [email protected]

 
1 radius auth - Cisco (WLC Managed)

Click Apply to save settings. Similarly, under RADIUS -> Accounting add a new accounting server with these settings:
 

IP Address: 94.124.94.160
Port Number: 1813
Shared Secret: [email protected]

 
Click Apply to save settings. Go to Access Control Lists and add a new IPv4 Access Control List (or a new FlexConnect ACL if you’re using FlexConnect) and name it guest_preauth:

2 acl - Cisco (WLC Managed)

Hover your mouse’s pointer on the blue arrow and select Add-Remove URL:

4 acl - Cisco (WLC Managed)

Add all the URLs given below one by one to it:
 

spotonwifi.com
facebook.com
facebook.net
akamaihd.net
fbcdn.net
atdmt.com
fbsbx.com
google.com
googleapis.com
gstatic.com
ajax.cloudflare.com 
placehold.it
placeholdit.imgix.net 
amp.cloudflare.com 
twitter.com
twimg.com
abs.twitter.com
instagram.com

 
5 url - Cisco (WLC Managed)

Go to Web Auth and select Web Login Page. Select External as the Web Authentication Type and enter the External Webauth URL:
 

https://portal.spotonwifi.com/auth/vendor/[YOUR CUSTOM ID]/cisco_wlc

 
Note: SpotOn support can provide you your CUSTOM ID.

6 web auth - Cisco (WLC Managed)

Click Apply to save. Now go to WLANs and open your WLAN profile. Go to Security -> L3 Security and select Web Policy in “Layer 3 Security”. In “Preauthentication ACL” select guest_preauth. Check “Override Global Config”, select External as “Web Auth Type” and enter your Redirect URL:

7 security - Cisco (WLC Managed)

Click Apply to save settings.

Go to AAA Servers tab and enable Authentication and Accounting Servers like this:

aaa123 - Cisco (WLC Managed)

Set the Authentication priority like this:

9 order 1 - Cisco (WLC Managed)

Go to Advanced tab and check Allow AAA Override option:

10 aaa - Cisco (WLC Managed)

Click Apply to save settings.

In the Management tab select HTTP-HTTPS and configure the following settings:

111 http - Cisco (WLC Managed)

Click Apply to save settings. The configuration is now complete.

Can't find your answer?