Cisco 5500 Series
Tested versions:
| Model | Type | Firmware version | Description |
|---|---|---|---|
| 5508 2504 | controller | AirOS version 7.6.120.0 | |
| 5520 | controller | AirOS version 8.2.100.0 | (bandwidth per client) |
This solution for 5500 Series is similar to 2500 Series. Therefore, this manual does not contain a detailed step-by-step guide for a complete setup. Only the settings needed for SOCIFI are described below.Include Page Cisco Systems controllers ACL configuration Cisco Systems controllers ACL configuration
| Code Block |
|---|
Webpage authentication |
To redirect to external web portal uses the following commands:
| Code Block |
|---|
config custom-web ext-webauth-url http://connect-ip.socifi.com config custom-web webauth-type external |
Note: The ext-webauth-url has been changed from http://connect.socifi.com to http://connect-ip.socifi.com
... and switch of PopUp logout window (this cannot be done via web interface)
| Code Block |
|---|
config custom-web logout-popup disable |
| Code Block |
|---|
RADIUS |
You must set Auth and Acc part in the basic settings of authentication thru radius server. For European radius servers use following IP addresses:
| Priority | IP | DNS name |
|---|---|---|
| primary | 52.209.184.212 | rad-1-euw-1.socifi.com |
| secondary | 52.50.155.202 | rad-2-euw-1.socifi.com |
Include Page RADIUS / AAA Settings RADIUS / AAA Settings
Auth settings provide:
| Code Block |
|---|
config radius auth add 1 52.209.184.212 1812 ascii socifi config radius auth retransmit-timeout 1 2 config radius auth network 1 enable config radius auth management 1 enable config radius auth mac-delimiter colon config radius auth enable 1 config radius auth add 2 52.50.155.202 1812 ascii socifi config radius auth retransmit-timeout 2 2 config radius auth network 2 enable config radius auth management 2 enable config radius auth mac-delimiter colon config radius auth enable 2 |
... and Acc settings provide:
| Code Block |
|---|
config radius acct add 1 52.209.184.212 1813 ascii socifi config radius acct retransmit-timeout 1 2 config radius acct network 1 enable config radius acct mac-delimiter colon config radius acct enable 1 config radius acct add 2 52.50.155.202 1813 ascii socifi config radius acct retransmit-timeout 2 2 config radius acct network 2 enable config radius acct mac-delimiter colon config radius acct enable 2 |
...
Wi-Fi settings is regular, the only exception is to turn off all WEP and WAP authentication. Wi-Fi is set as "Open" without any key and any authentication.
Authentication is added via external WEP portal, RADIUS and preACL as follows (example for WLANID=1):
| Code Block |
|---|
config wlan security web-passthrough acl 1 preACL_permit config wlan security web-auth acl 1 preACL_permit config wlan security web-auth server-precedence 1 local radius ldap config wlan security web-auth enable 1 config wlan radius_server auth add 1 1 config wlan radius_server overwrite-interface enable 1 config wlan radius_server acct add 1 1 config wlan radius_server acct interim-update enable 1 config wlan radius_server acct interim-update 600 1 |
"Allow AAA Override" has to be enabled in the "Advanced" tab. This will enable Bandwidth Limit Management.
...
| Code Block |
|---|
Network management - web-auth secure |
In the end, you need to forbid SSL version virtual web login page
| Code Block |
|---|
config network web-auth secureweb disable |
| Note |
|---|
You need to reboot the device to make sure all changes take effect. Without the reboot, the WLC will not work properly. |
Add a new hotspot to SOCIFI Dashboard
...
| Include Page | ||||
|---|---|---|---|---|
|
Related pages
- External Web Authentication with FlexConnect Local Switching Deployment Guide
http://www.cisco.com/c/en/us/support/docs/wireless/flex-7500-series-wireless-controllers/113605-ewa-flex-guide-00.html
- Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/108501-webauth-tshoot.html
...