Tested versions:
Model | Type | Firmware version | Description |
---|---|---|---|
5508 2504 | controller | AirOS version 7.6.120.0 | |
5520 | controller | AirOS version 8.2.100.0 | (bandwidth per client) |
This solution for 5500 Series is similar to 2500 Series. Therefore, this manual does not contain a detailed step-by-step guide for a complete setup. Only the settings needed for SOCIFI are described below.
Webpage authentication |
To redirect to external web portal uses the following commands:
config custom-web ext-webauth-url http://connect-ip.socifi.com config custom-web webauth-type external |
Note: The ext-webauth-url has been changed from http://connect.socifi.com to http://connect-ip.socifi.com
... and switch of PopUp logout window (this cannot be done via web interface)
config custom-web logout-popup disable |
RADIUS |
You must set Auth and Acc part in the basic settings of authentication thru radius server. For European radius servers use following IP addresses:
Priority | IP | DNS name |
---|---|---|
primary | 52.209.184.212 | rad-1-euw-1.socifi.com |
secondary | 52.50.155.202 | rad-2-euw-1.socifi.com |
Auth settings provide:
config radius auth add 1 52.209.184.212 1812 ascii socifi config radius auth retransmit-timeout 1 2 config radius auth network 1 enable config radius auth management 1 enable config radius auth mac-delimiter colon config radius auth enable 1 config radius auth add 2 52.50.155.202 1812 ascii socifi config radius auth retransmit-timeout 2 2 config radius auth network 2 enable config radius auth management 2 enable config radius auth mac-delimiter colon config radius auth enable 2 |
... and Acc settings provide:
config radius acct add 1 52.209.184.212 1813 ascii socifi config radius acct retransmit-timeout 1 2 config radius acct network 1 enable config radius acct mac-delimiter colon config radius acct enable 1 config radius acct add 2 52.50.155.202 1813 ascii socifi config radius acct retransmit-timeout 2 2 config radius acct network 2 enable config radius acct mac-delimiter colon config radius acct enable 2 |
Wireless - WLAN |
Wi-Fi settings is regular, the only exception is to turn off all WEP and WAP authentication. Wi-Fi is set as "Open" without any key and any authentication.
Authentication is added via external WEP portal, RADIUS and preACL as follows (example for WLANID=1):
config wlan security web-passthrough acl 1 preACL_permit config wlan security web-auth acl 1 preACL_permit config wlan security web-auth server-precedence 1 local radius ldap config wlan security web-auth enable 1 config wlan radius_server auth add 1 1 config wlan radius_server overwrite-interface enable 1 config wlan radius_server acct add 1 1 config wlan radius_server acct interim-update enable 1 config wlan radius_server acct interim-update 600 1 |
"Allow AAA Override" has to be enabled in the "Advanced" tab. This will enable Bandwidth Limit Management.
For the WLC identification in the log system must be set NAS-ID on General page:
The MAC address can be found on the page "CONTROLLER / Inventory" as "Burned-in MAC Address" The value This value consists of "Cisco" and "MAC Address" fields. The values have to be separated by the underline. Example: "Cisco_64:D8:14:DB:09:C0".
Interface - virtual address |
You need to check the Virtual address IP settings. The address can be any, shall be used for re-verification.
Example:
config interface address virtual 10.0.3.1 |
Network management - web-auth secure |
In the end, you need to forbid SSL version virtual web login page
config network web-auth secureweb disable |
You need to reboot the device to make sure all changes take effect. Without the reboot, the WLC will not work properly. |
You will need to add MAC addresses of the controller and all AP's.
To add this equipment, please select Cisco Wireless Control System as the hardware type when adding a new hotspot. For devices with AirOS version 8.5. and higher, please select Cisco Wireless Control System 8.5 |