Captive Portal
      Back to home
      1. Help Center
      2. Access Point Instructions
      3. Captive Portal

      Cisco Catalyst

      Access Point Instructions for Cisco Catalyst

      IronWiFi Console Configuration

      1. Log into the IronWiFi console or register for free
      2. Create a new network
      3. After that, create a new captive portal, with vendor Cisco catalyst

      Access Point Configuration

      Open a web browser and log in to your Cisco Catalyst web interface. At the top right, click the Settings icons and enable the Expert mode.

      1. Click on Configuration > Security > Web Auth on the left. Click in to the global profile and configure with:
      • Virtual IPv4 Address - 192.0.2.1

      Click Apply to save.

      1. Next, click the Add button. Configure with:
      • Parameter-map name - guest_wifi
      • Maximum HTTP connections - 200
      • Init-State Timeout - 3600
      • Type - webauth

      Click Apply to Device to save.

      1. Next, click in to the profile you just created and configure with:

      On the General tab:

      • Banner Type - None
      • Turn-on Consent with Email - Disabled
      • Captive Bypass Portal - Disabled
      • Disable Success Window - Enabled
      • Disable Logout Window - Enabled
      • Sleeping Client Status - Enabled
      • Sleeping Client Timeout - 720

      On the Advanced tab:

      • Redirect for log-in - get this value from the IronWiFi console
      • Redirect On-Success - get this value from the IronWiFi console
      • Redirect On-Failure - get this value from the IronWiFi console
      • Redirect Append for AP MAC Address - ap_mac
      • Redirect Append for Client MAC Address - client_mac
      • Redirect Append for WLAN SSID - wlan_ssid
      • Portal IPV4 Address - 107.178.250.42

      Click Apply to save.

      1. Next, click on Configuration > Security > AAA on the left. Select the Servers / Groups tab click Add. Configure with:
      • Name - rad1
      • IPv4 / IPv6 Server Address - get this value from the IronWiFi console
      • Key Type - 0
      • Key - get this value from the IronWiFi console
      • Confirm Key - get this value from the IronWiFi console
      • Auth Port - get this value from the IronWiFi console
      • Acct Port - get this value from the IronWiFi console
      • Server Timeout - 10
      • Retry Count - 3
      • Support for CoA - Enabled

      Click Apply to Device to save.

      1. Next, click Add again and configure with:
      • Name - rad2
      • IPv4 / IPv6 Server Address - get this value from the IronWiFi console
      • Key Type - 0
      • Key - get this value from the IronWiFi console
      • Confirm Key - get this value from the IronWiFi console
      • Auth Port - get this value from the IronWiFi console
      • Acct Port - get this value from the IronWiFi console
      • Server Timeout - 10
      • Retry Count - 3
      • Support for CoA - Enabled

      Click Apply to Device to save.

      1. On the Server Groups sub tab, click Add. Configure with:
      • Name - guest_radius
      • Group Type - RADIUS
      • MAC-Delimiter - hyphen
      • MAC-Filtering - none
      • Assigned Servers - rad1, rad2

      Click Apply to Device to save.

      1. Next, click on the AAA Method List tab. Click Add and configure with:
      • Method List Name - guest_auth
      • Type - login
      • Group Type - group
      • Assigned Server Groups - guest_radius

      Click Apply to Device to save.

      1. Next, click the Accounting sub nav menu on the left and click Add. Configure with:
      • Method List Name - guest_acct
      • Type - identity
      • Assigned Server Groups - guest_radius

      Click Apply to Device to save.

      1. Next, click the AAA Advanced tab and then the Show Advanced Settings >>> option. Configure both Accounting and Authentication with:
      • Call Station ID - ap-macaddress-ssid
      • Call Station ID Case - upper
      • MAC-Delimiter - hyphen
      • Username Case - lower
      • Username Delimiter - none

      Click Apply to Device to save.

      1. Next, click Configuration > Tags & Policies > WLANs on the left. Click Add or edit an existing WLAN and configure with:

      On the General tab:

      • Profile Name - Guest WiFi
      • SSID - Guest WiFi (or whatever you wish)
      • Status - Enabled
      • Radio Policy - All
      • Broadcast SSID - Enabled

      On the Security > Layer 2 tab:

      • Layer 2 Security Mode - None
      • MAC Filtering - Disabled

      On the Security > Layer 3 tab, click Show Advanced Settings >>> and configure with:

      • Web Policy - Enabled
      • Web Auth Parameter Map - guest_wifi
      • Authentication List - guest_radius
      • On Mac Filter Failure - Disabled
      • Splash Web Redirect - Disabled
      • IPv4 ACL - preauth_v4

      Click Apply to Device to save.

      1. Next, click Configuration > Security > URL Filters. Click Add and configure with:
      • List Name - guest_url_filter
      • Type - PRE_AUTH
      • Action - PERMIT
      • URLs - 107.178.250.42

      You will also need to include the following domains in the walled garden list if you want to make use of social login.

      Facebook: Twitter Linkedin Instagram
      *.facebook.com *.twitter.com *.linkedin.com *.instagram.com
      *.fbcdn.net *.twimg.com *.licdn.net  
      *.akamaihd.net   *.licdn.com  
      connect.facebook.net   *.licdn.com  

      Click Apply to save.

      Next, click Configuration > Tags & Profiles > Policy on the left.

      1. Click Add, leaving all settings at default apart from the following:

      On the General tab:

      • Name - guest_policy
      • Status - Enabled

      On the Access Policies tab:

      • URL Filters - guest_url_filter

      On the Advanced tab:

      • Session Timeout - 43200
      • Idle Timeout - 3600
      • Allow AAA Override - Enabled
      • Accounting List - guest_acct

      Click Apply to Device to save.

      1. Next, click Configuration > Tags & Profiles > Tags on the left. Click Add and configure with:
      • Name - guest_tag
      • WLAN Profile - Guest WiFi
      • Policy Profile - guest_policy

      Click Apply to Device to save.

      1. Finally, click Administration > Management > HTTP/HTTPS/Netconf on the left. Configure with:
      • HTTP Access - Enabled
      • HTTPS Access - Enabled

      Be sure to click on Save Configuration at the top right of the page to ensure your changes are persisted on reboot.

      The configuration is now complete.

      ! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !