Cisco 5500 Series
Tested versions:
Model | Type | Firmware version | Description |
---|---|---|---|
5508 2504 | controller | AirOS version 7.6.120.0 | |
5520 | controller | AirOS version 8.2.100.0 | (bandwidth per client) |
This solution for 5500 Series is similar to 2500 Series. Therefore, this manual does not contain a detailed step-by-step guide for a complete setup. Only the settings needed for SOCIFI are described below. Include Page Cisco Systems controllers ACL configuration Cisco Systems controllers ACL configuration
Code Block |
---|
Webpage authentication |
To redirect to external web portal uses the following commands:
Code Block |
---|
config custom-web ext-webauth-url http://connect-ip.socifi.com config custom-web webauth-type external |
Note: The ext-webauth-url has been changed from http://connect.socifi.com to http://connect-ip.socifi.com
... and switch of PopUp logout window (this cannot be done via web interface)
Code Block |
---|
config custom-web logout-popup disable |
Code Block |
---|
RADIUS |
You must set Auth and Acc part in the basic settings of authentication thru radius server. For European radius servers use following IP addresses:
Priority | IP | DNS name |
---|---|---|
primary | 52.209.184.212 | rad-1-euw-1.socifi.com |
secondary | 52.50.155.202 | rad-2-euw-1.socifi.com |
Include Page RADIUS / AAA Settings RADIUS / AAA Settings
Auth settings provide:
Code Block |
---|
config radius auth add 1 52.209.184.212 1812 ascii socifi config radius auth retransmit-timeout 1 2 config radius auth network 1 enable config radius auth management 1 enable config radius auth mac-delimiter colon config radius auth enable 1 config radius auth add 2 52.50.155.202 1812 ascii socifi config radius auth retransmit-timeout 2 2 config radius auth network 2 enable config radius auth management 2 enable config radius auth mac-delimiter colon config radius auth enable 2 |
... and Acc settings provide:
Code Block |
---|
config radius acct add 1 52.209.184.212 1813 ascii socifi config radius acct retransmit-timeout 1 2 config radius acct network 1 enable config radius acct mac-delimiter colon config radius acct enable 1 config radius acct add 2 52.50.155.202 1813 ascii socifi config radius acct retransmit-timeout 2 2 config radius acct network 2 enable config radius acct mac-delimiter colon config radius acct enable 2 |
...
Wi-Fi settings is regular, the only exception is to turn off all WEP and WAP authentication. Wi-Fi is set as "Open" without any key and any authentication.
Authentication is added via external WEP portal, RADIUS and preACL as follows (example for WLANID=1):
Code Block |
---|
config wlan security web-passthrough acl 1 preACL_permit config wlan security web-auth acl 1 preACL_permit config wlan security web-auth server-precedence 1 local radius ldap config wlan security web-auth enable 1 config wlan radius_server auth add 1 1 config wlan radius_server overwrite-interface enable 1 config wlan radius_server acct add 1 1 config wlan radius_server acct interim-update enable 1 config wlan radius_server acct interim-update 600 1 |
...
Code Block |
---|
Network management - web-auth secure |
In the end, you need to forbid SSL version virtual web login page
Code Block |
---|
config network web-auth secureweb disable |
...
Note |
---|
You need to reboot the device to make sure all changes take effect. Without the reboot, the WLC will not work properly. |
Add a new hotspot to SOCIFI Dashboard
You will need to add MAC addresses of the controller and all AP's.
Info |
---|
To add this equipment, please select Cisco Wireless Control System under as the settings hardware type when adding a new hotspot. For devices with AirOS version 8.5. and higher, please select Cisco Wireless Control System 8.5 |
Include Page | ||||
---|---|---|---|---|
|
Related pages
- External Web Authentication with FlexConnect Local Switching Deployment Guide
http://www.cisco.com/c/en/us/support/docs/wireless/flex-7500-series-wireless-controllers/113605-ewa-flex-guide-00.html
- Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/108501-webauth-tshoot.html
...