+ All Categories
Home > Documents > Cisco WLC v8.0.120.0 - CoA setup guide

Cisco WLC v8.0.120.0 - CoA setup guide

Date post: 19-Oct-2021
Category:
Upload: others
View: 10 times
Download: 0 times
Share this document with a friend
15
Cisco WLC (For Version 8.0.120.0) CoA Setup Guide
Transcript
Page 1: Cisco WLC v8.0.120.0 - CoA setup guide

CiscoWLC(ForVersion8.0.120.0)CoASetupGuide

Page 2: Cisco WLC v8.0.120.0 - CoA setup guide

Page2of15

GlobalReachTechnologyLtdCommercialinConfidence

DisclaimerTHISDOCUMENTATIONANDALLINFORMATIONCONTAINEDHEREIN(“MATERIAL”)ISPROVIDEDFORGENERALINFORMATIONPURPOSESONLY.GLOBALREACHANDITSLICENSORSMAKENOWARRANTYOFANYKIND,EXPRESSORIMPLIED,WITHREGARDTOTHEMATERIAL,INCLUDING,BUTNOTLIMITEDTO,THEIMPLIEDWARRANTIESOFMERCHANTABILITY,NON-INFRINGEMENTANDFITNESSFORAPARTICULARPURPOSE,ORTHATTHEMATERIALISERROR-FREE,ACCURATEORRELIABLE.GLOBALREACHRESERVESTHERIGHTTOMAKECHANGESORUPDATESTOTHEMATERIALATANYTIME.LimitationofLiabilityINNOEVENTSHALLGLOBALREACHBELIABLEFORANYDIRECT,INDIRECT,INCIDENTAL,SPECIALORCONSEQUENTIALDAMAGES,ORDAMAGESFORLOSSOFPROFITS,REVENUE,DATAORUSE,INCURREDBYYOUORANYTHIRDPARTY,WHETHERINANACTIONINCONTRACTORTORT,ARISINGFROMYOURACCESSTO,ORUSEOF,THEMATERIAL.VERSION1.0PUBLISHEDDECEMBER2015

Page 3: Cisco WLC v8.0.120.0 - CoA setup guide

Page3of15

GlobalReachTechnologyLtdCommercialinConfidence

IMPORTANT-BEFOREYOUSTARTBeforeattemptingtointegrateyourhardwarecontrollerintoOdyssys,pleaseensurethatALLofthefollowingrequirementsareinplace;• YouhaveacontrollerinstalledinanenvironmentwherecompatibleAccessPointsareconfiguredtoworkwiththecontroller,i.e-DNS,DHCPoptionsconfiguredcorrectlyYourclientenvironmentisconfiguredtoallownetworkclientsto;• AssociatetoanAccessPoint• ObtainanIPaddress• AccesstotheinternetThefollowingcomponentsarerequiredtobeconfiguredandworkinginyourenvironmentbeforeattemptingintegrationwithOdyssys;• DHCPServer• DNSServer• FirewallNATPLEASENOTE-Thisisatechnicaldocumentandassuch,integrationofyourhardwarewithOdyssysshouldonlybehandledbytrainedindividuals.

TECHNOTEOdyssysdoesnotusestandardRADIUSports,thereforepleasemakesureyouallowtheportsinyourfirewall,definedinyourmanager.odyssys.netCaptivePortalsettings.

Page 4: Cisco WLC v8.0.120.0 - CoA setup guide

Page4of15

GlobalReachTechnologyLtdCommercialinConfidence

GETTINGSTARTEDWITHODYSSYSBeforeyouattempttoconfigureyourCiscoWirelessLANController(WLC)forusewithCoAauthenticationandOdyssys,youwillfirstneedtocreateyourowncaptiveportal.1. First,navigatetohttps://manager.odyssys.netandloginusingyourassignedCustomerID,usernameand

password.2. SelectCaptivePortals>CaptivePortalsfromtheleft-handmenuandclickCreateCaptivePortal.

Youshouldcompletetheformasfollows:Name:Anarbitrarynameforyourcaptiveportal.RADIUSSharedSecret:EitherkeeptheautomaticallygeneratedsharedsecretorcreateyourownHardwareVendor:SetthistoCiscoWLCPreAuthACL–ThismustmatchtheAccessControlList(ACL)youcreateinyourCiscoWLANcontroller(step10)ClickCreatetoconfirm.

Page 5: Cisco WLC v8.0.120.0 - CoA setup guide

Page5of15

GlobalReachTechnologyLtdCommercialinConfidence

3. SelecttheCaptivePortalyouhavejustcreatedtoviewit’sdetailsundertheGeneralInfotab.

Page 6: Cisco WLC v8.0.120.0 - CoA setup guide

Page6of15

GlobalReachTechnologyLtdCommercialinConfidence

CONFIGURINGODYSSYSWITHINTHECiscoWLCAAARADIUSConfiguration1. LogintotheCiscoWLC.2. ClickontheSecuritytabfromthetopmenuandselectAAAthenRADIUSandthenAuthenticationfromthe

menulocatedontheleft-handsideofthepage,andthenselectNewfromtheupperrightcorneroftheRADIUSAuthenticationServerspage.

TECHNOTE:EnsuretheyourAuthCalledStationIDTypeissettoAPMACAddress:SSIDandyourMACdelimiterissettoHyphen.

3. ClicktheNew…button,andentertheAuthenticationRADIUSsettingsobtainedfromOdyssys(undertheGeneralInfotaboftheCaptivePortalyoucreatedearlier)Themandatoryfieldsareasfollows:ServerIPAdress:IPaddressofOdyssysPrimaryRADIUSServerSharedSecret:SharedSecretPasswordConfirmedSharedSecret:SharedSecretPasswordPortNumber:RADIUSAuthenticationportSupportforRFC3576:SelectEnabledfromthedropdown.ClicktheApplybuttononcecomplete.

4. Repeatsteps2and3againfortheSecondaryRADIUSServerIPaddresses,rememberingtoclick"Apply"whencompletetosavethesettings.

Page 7: Cisco WLC v8.0.120.0 - CoA setup guide

Page7of15

GlobalReachTechnologyLtdCommercialinConfidence

5. StillwithintheSECURITYtabandmenu,select"Accounting"intheRADIUSsub-menuandthenclick"New"locatedintheupperrightcorneroftheRADIUSAccountingServerswindow.

TECHNOTE:EnsuretheyourAcctCalledStationIDTypeissettoAPMACAddress:SSIDandyourMACdelimiterissettoHyphen.

6. EnterintheRADIUSAccountingsettingslistedbelowfromtheCaptivePortalsectionofOdyssys:ServerIPAdress:IPaddressofOdyssysPrimaryRADIUSServerSharedSecret:SharedSecretPasswordConfirmedSharedSecret:SharedSecretPasswordPortNumber:RADIUSAccountingport(thisisdifferenttotheAuthenticationPortNumber)ClicktheApplybuttononcecomplete

7. Repeatsteps5and6fortheSecondaryRADIUSServerIPaddressrememberingtoclick"Apply"whencompletetosave.

Page 8: Cisco WLC v8.0.120.0 - CoA setup guide

Page8of15

GlobalReachTechnologyLtdCommercialinConfidence

AccessControlListConfiguration

8. StillwithintheSECURITYtabandmenu,select"AccessControlLists"andthen"AccessControlLists"fromthesub-menu.

9. Clickon"New..."intheupperrightcorneroftheAccessControlListswindow.

10. EnterthenameofthePreAuthenticationAccessControlListandclickApplytosavethesettings.RememberthismustexactlymatchthePreAuthACLvaluesetinOdyssysinstep2ofthisguide.

11. ClicktheACLyouhavejustcreatedandclicktheAddNewRulebutton.

Page 9: Cisco WLC v8.0.120.0 - CoA setup guide

Page9of15

GlobalReachTechnologyLtdCommercialinConfidence

12. Completethehighlightedfieldswiththeinformationprovidedbelow,creatinganewruleforeachsequencenumber.

The fields that need to bemodified are "Sequence", "Source", "Destination" and "Action". The "Protocol","DSCP"and"Direction"fieldsshouldbeleftasdefault.Sequence:1Source:IP54.246.95.205Mask255.255.255.255Destination:AnyAction:PermitSequence:2Source:AnyDestination:IP54.246.95.205255.255.255.255Action:PermitSequence:3Source:IP54.243.42.241Mask255.255.255.255Destination:AnyAction:PermitSequence:4Source:AnyDestination:IP54.243.42.241Mask255.255.255.255Action:PermitSequence:5Source:AnyDestination:IP54.247.108.6Mask255.255.255.255Action:PermitSequence:6Source:IP54.247.108.6Mask255.255.255.255Destination:AnyAction:PermitBelowishowtheAccessControlListwilllookafteralloftheabovesettingshavebeenentered.

Page 10: Cisco WLC v8.0.120.0 - CoA setup guide

Page10of15

GlobalReachTechnologyLtdCommercialinConfidence

WLANConfiguration13. SelecttheWLANstabfromthetopmenu,selectCreateNewfromthedropdownlistintheupperrightofthe

page,andclickGo.

14. EnteraProfileNameandtheSSIDthatwillbebroadcast(thesecanbethesame).TheProfileNameisusedforadministrativepurposesandtheSSIDwillbetheWi-Finameusersconnectto.ClickApplywhencompletetosavethesettings.

15. SelecttheSecuritytabunderthesettingsforyourWLANandapplythefollowingsettings.Layer2Layer2Security:NoneMacFiltering:TickthecheckboxLayer3Layer3Security:NoneAAAServersRADIUSServers:TicktheEnabledcheckboxforbothAuthenticationandAccountingServers.ThenfromtheServer1andServer2dropdownboxesselectthePrimary&SecondaryAuthenticaitonandAccountingserversconfiguredinsteps3–7ofthisguide.RADIUSServerAccounting:TicktheInterimUpdatecheckboxandsetanInterimIntervalof180.AuthenticationPriorityorderforweb-authuser:MovebothLocalandLDAPintothetheNotUsedbox,leavingonlyRADIUSattheusedauthenitcationtype.

Page 11: Cisco WLC v8.0.120.0 - CoA setup guide

Page11of15

GlobalReachTechnologyLtdCommercialinConfidence

16. SelecttheAdvancedtabunderthesettingsforyourWLANandapplythefollowingsettings.NACNacState:SelectRadiusNACfromthedropdown.

17. ClickApplytosaveyoursettings.ThenreturntotheGeneraltabtoenableyourSSIDnowthatconfigurationis

complete.

Page 12: Cisco WLC v8.0.120.0 - CoA setup guide

Page12of15

GlobalReachTechnologyLtdCommercialinConfidence

ACCESSCONTROLLISTADDRESSESOdyssys54.246.95.20554.243.42.241Twitterapi.twitter.com*.twimg.comGoogle74.125.29.8474.125.226.24374.125.228.1074.125.228.7474.125.228.111130.111.19.240173.194.74.95Facebook*.facebook.com*.akamaihd.net*.fbcdn.netconnect.facebook.comLinkedIn8.247.88.22523.202.203.12064.94.107.57138.108.7.20216.52.242.80216.52.242.86PayPalExpressCheckout173.0.82.77/3292.122.246.85/3266.117.29.34/32216.113.188.89/3266.235.147.113/32IfyouwishtodisableApple'sCaptiveAssistantpleaseaddthefollowingtoyourwalledgardenwww.apple.comwww.airport.uswww.ibook.infowww.thinkdifferent.uswww.itools.infowww.appleiphonecell.comcaptive.apple.com

Page 13: Cisco WLC v8.0.120.0 - CoA setup guide

Page13of15

GlobalReachTechnologyLtdCommercialinConfidence

FREQUENTLYASKEDQUESTIONS

Q.Iwanttoadddifferentauthenticationprovidertypes,howdoIdothis?A.PleaseseeourOdyssysAuthenticationguideforfurtherinformation.

Q.IneedmoreinformationonhowtosetupOdyssysA.PleaseseeourOdyssyssetupguide.

Page 14: Cisco WLC v8.0.120.0 - CoA setup guide

Page14of15

GlobalReachTechnologyLtdCommercialinConfidence

GLOSSARY

ACL-AccessControlListAAA-Authentication,Authorization,andAccountingDHCP-DynamicHostConfigurationProtocolDNS-DomainNameServiceNAT-NetworkAddressTranslationPORT-Aprocess-specificoranapplication-specificsoftwareconstructservingasacommunicationendpoint,whichisusedbytheTransportLayerprotocolsofInternetProtocolsuite,suchasUserDiagramProtocol(UDP)andTransmissionControlProtocol(TCP)RADIUS-RemoteAuthenticationDialInUserService(RADIUS)SHAREDSECRET-AsinglepasswordsharedbetweentwodevicesSSID-ServiceSetIdentifier-AuniqueidentifierforyourWi-FiserviceWLAN-WirelessLocalAreaNetworkWLC-WirelessLocalAreaNetworkController

Page 15: Cisco WLC v8.0.120.0 - CoA setup guide

GlobalReachTechnologyLtdCravenHouse,121KingswayLondonWC2B6PAT+44(0)[email protected]©GlobalReachTechnologyLimitedAllrightsreserved.GlobalReachandtheGlobalReachlogoareregisteredtrademarks.


Recommended