Cisco (WLC managed)

IMPORTANT: Please ensure that your WLC is running one of the two versions below: 

8.0.120.0

8.2.111.0
 
8.2.154.17 (recommended as most up to date version)
 
Note: The following UDP/TCP ports need to be open: 80, 443, 1812, 1813, 3990, 161, 162, and 16113
 

1. Once logged-in to your Cisco WLC interface select 'Advanced' from the top right. 

2.On the top menu, click 'Security

3. From the left side menu 'RADIUS' > 'Authentication'

  • Acct  Call Station ID Type = from the drop-down, choose AP MAC Address
  • Auth  Call Station ID Type = from the drop-down, choose AP MAC Address
  • MAC Delimiter = Hyphen

4.  Once done, in the top right corner, select 'New' and enter the following settings (picture below):

RADIUS Server 1

  • Server IP Address = 52.20.198.151
  • Shared Secret Format = ASCII
  • Shared Secret = *Contact support@getturnstyle.com*
  • Confirm Shared Secret = *Contact support@getturnstyle.com*
  • Port = 1812
  • Server Status = Checked
  • Network User = Unchecked
  • Management = Unchecked

RADIUS Server 2

  • Server IP Address = 52.22.120.222
  • Shared Secret Format = ASCII
  • Shared Secret = *Contact support@getturnstyle.com*
  • Confirm Shared Secret = *Contact support@getturnstyle.com*
  • Port = 1812
  • Server Status = Checked
  • Network User = Unchecked
  • Management = Unchecked

Make sure to click the 'Apply' button to save your changes.

 

When complete, again click 'Apply' to save your changes.

 

5. On the left menu, select 'Access Control Lists' (ACL) and choose 'New'.  Adjust the following settings:

  • Access Control List Name = TurnstyleWiFi
  • ACL Type = IPv4

Save changes by clicking 'Apply'.

6. Select the newly created ACL, you'll need to select 'Add New Rule' and create one with the following information:

  • Sequence = 1 (Increment for subsequent IPs)
  • Source = IP Address
  • IP Address = *insert walled_garden_ip here*
  • Netmask = 255.255.255.255
  • Action = Permit

Walled Garden IPs:

*Note for each IP address two rules will need to be created, one where the IP is the 'Source', one where the IP is the 'Destination'

52.20.198.151

54.88.0.41

54.174.191.118

23.21.71.126

52.23.72.207

52.22.120.222 

52.5.122.40

 

8. From the menu on the left, select 'Web Auth' and set it to the following (picture below):

  • Web Authentication Type = External (Redirect to external server)
  • Redirect URL after login = http://wifi.getturnstyle.com/success
  • External Webauth URL = http://wifi.getturnstyle.com

Save changes by clicking 'Apply'.

9. At the top, click on 'WLANs' and then again on the left side click 'WLANs'.  Choose to 'Create New' and on the right select 'Go', which will create a new profile.  Choose the following settings (picture below):

  • Type = WLAN
  • Profile Name = TurnstyleWiFi
  • SSID = Enter the wireless network name (SSID) you want displayed

Save changes by clicking 'Apply'.

  

 

10. Now that you've created a new SSID profile, you'll need to edit the settings.  

(a) First, under the 'General Tab' enter the following:

  • Status = Enabled
  • Broadcast SSID = Enabled

 

(b) Under the 'Security' tab, click on the 'Layer 2' sub-tab and enter the following settings:

  • Layer 2 Security = None

Under the 'Layer 3' sub-tab enter:

  • Layer 3 Security = Web Policy
  • Authentication = Ticked (Enabled)
  • Pre-authentication ACL
    • IPv4 = TurnstyleWiFi
    • IPv6 = None
    • WebAuth FlexACL = None
  • Sleeping Client = not ticked (Disabled)
  • Over-ride Global Config = Not Ticked (Disabled)

(Note: Like above, if your Access Points are in Flex Connect Mode you will need to use the drop-down box next to "WebAuth FlexACL" to apply the correct policy.)

Under the On the 'AAA Servers' sub-tab enter the following (picture below):

  • Radius Server Overwrite Interface = Not Ticked (Disabled)
  • Authentication Servers = Checked/Enabled
  • Server 1 = IP:52.20.198.151, Port: 1812
  • Server 2 = IP:52.22.120.222, Port 1812
  • Authentication priority order for web-auth user (Not Used) = LOCAL, LDAP
  • Authentication priority order for web-auth user (Order Used For Authentication) = RADIUS (Remove LOCAL and LDAP)

(c) Under the 'Advanced' tab enter the following:

  • Allow AAA Overide = Enabled
  • Enable Session Timeout = Ticked
  • Session Timeout (secs) = 43200

*Note* to use FlexConnect ACL, tick the box beside ‘FlexConnect Local Switching’. This is not the default*

Save changes by clicking 'Apply'.


11.  At the top, select the 'Management Tab' and then on the left side choose the  'HTTP-HTTPS' option. Under 'WebAuth SecureWeb' use the drop down box to select 'Disabled' and save. 

12.  Finally, in the top right click 'Save Configuration' to save all settings.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments