Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Content Zone
indent3
locationtop

What do I need?

Before you configure this appliance, you will need a RADIUS Server license. You can reach out to support@nexudus.com to obtain one.

 

  1. Once you have the license, paste it in Space Settings > Integrations > Radius




  2. Save the settings and then click on "Manage Radius Servers".
  3. Click on "Add Radius Server" and give it a meaningful name and a description. Choose the correct appliance vendor




  4. Once the server is created you can access its details to get the IP addresses, port numbers and secrets to used in the configuration of the appliance below.

 

Info
Each license comes with two geographically redundant servers for RADIUS Authentication and RADIUS Accounting. We will create these as close as possible to your physical location based on the data-centers we have available.

How to configure the appliance?

  1. Log in the Cisco WLC Web-Browser interface and go to Advanced Settings



  2. Go to Security -> Access Control Lists and add two new ACL rules permitting connections to the captive portal:

    • Source: Any, Destination: 107.178.250.42 netmask 255.255.255.255, protocol TCP, Dest port 443, Action: Permit
    • Source 107.178.250.42 netmask 255.255.255.255, Destination: Any, protocol TCP, Source port 443, Action: Permit

      You may also want to add the following IPs to your rules:

      XYZ.spaces.nexudus.com (XYZ is the subdomain of your account as found in System > Spaces > your space name > Web Address.)
      107.78.250.42/32
      216.239.32.0/19
      64.233.160.0/19
      72.14.192.0/18
      209.85.128.0/17
      66.102.0.0/20
      74.125.0.0/16
      64.18.0.0/20
      207.126.144.0/20
      173.194.0.0/16








  3. Go to Security -> Web Auth -> Web Login Page and change Web Authentication Type to External (redirect to external server). Add the External Webauth URL. The URL here should be "http://XYZ.spaces.nexudus.com/en/splash". XYZ is the subdomain of your account as found in System > Spaces > your space name > Web Address.

    This page looks by default like this:




  4. Go to Security -> RADIUS -> Authentication, add new RADIUS Authentication Servers and enter IP Address, Port and Shared Secret from the details of the Radius Server provided when you created the Radius Server above.






  5. Go to Security -> RADIUS -> Accounting, add new RADIUS Accounting Servers and enter IP Address, Port and Shared Secret from the details of the Radius Server provided when you created the Radius Server above.




  6. Go to WLANs, select existing or create new WLAN and open WLAN settings page.





  7. Click on the Security tab, Layer 2 and set Layer 2 Security to None



  8. Click on the Layer 3 tab and set Layer 3 Security to Web Policy, select the Authentication radio button and select your new ACL for Preauthentication ACL





  9. Click on the AAA Servers tab and select IronWifi RADIUS authentication and accounting servers. You can also set Interim Interval to 180 seconds or higher.



  10. Finally, click on the Save Configuration link to save and apply new settings

...