Configuring Cisco Gateway

Purpose of this document

  • This document should be used in conjunction with CISCO user guide for configuring your CISCO gateways in WiFiLAN. Please refer to WiFiLAN administrator guide and CISCO user guide for detail information.
  • It is assumed that the user has basic knowledge of networking including configuring subnet mask, RADIUS setting, default gateway and DNS configuration.
  • In order to configure CISCO you will need a static IP address, Subnet mask, default gateway and DNS information given to you by your Internet Service Provider. Please keep this information handy while setting up your gateway.
  • Configuring WiFiLan you will need the WAN public IP address, AP MAC address, RADIUS secret, serial number and public IP address of your CISCO gateway.
  • You need an active WiFiLan account. Please contact Wifi-soft sales to create your WiFiLan account.

 

WiFiLan Setup

Add Hotspot:

  1. Open a web browser and type http://w1.wifi-soft.net/wifilan/ and press Enter. Welcome screen of WiFiLan appears.
  2. Click the Hotspot link under Authentication section.
  3. Click the Add New Hotspot tab. The New Hotspot page appears.

Fields and Buttons

Description

Hotspot Plan

Select the plan for the hotspot based on number of concurrent users.

Hotspot Name

Enter the name of the hotspot in the Hotspot Name field.

Address

Enter the address of the location in the Address field.

City

Enter the name of the city of the location in the City field.

State

Select the name of the state from the State drop down list.

Zip Code

Enter the zip code of the location in the Zip Code field.

Latitude

Enter the Latitude of the location in the Latitude field.

Longitude

Enter the Longitude of the location in the Longitude field.

Type

Select the type of location from the Type drop down menu.

Is Paid

Click Is Paid check box if the location is charged.

Auto MAC Register

Select Auto MAC Register check box to enable the auto login feature in WiFiLan.

Submit

Click Submit button to save the changes.


Then, enter the details of the gateway

Fields & Buttons

Description

Device Type

Select Cisco from the Device Type drop down menu.

Public IP Address

Enter Public IP Address of the gateway in the IP Address field. If your broadband connection is having a dynamic IP, please enter the current IP address. WiFiLAN will work even when the IP address changes. In this case, WiFiLAN uses the MAC address or NAS ID of the router to validate the packet.

If you don't know the public IP, connect to your modem and type http://www.whatismyip.org. It will display your current public IP address.

Secret

Enter the RADIUS secret configured in the gateway in the Secret field.

NAS ID

Enter an Unique NAS Identifier for the device in the NAS ID field.

MAC Address

Enter the MAC address of the WAN port in the MAC Address field.

Description

Enter a short description for the device

Once the hotspot is added, WiFiLAN will be ready to start accepting AAA requests from the gateway/controller. When the hotspot is added, WiFiLAN will automatically add a user group for that hotspot. The space in the hotspot name is replaced with underscore for the user group name.

Now you will need to design a captive portal for your hotspot and generate a URL that can be configured in the gateway/controller's settings.

Please refer to the captive portal design guide for steps to design your custom captive portal.

 

CISCO Setup

It is assumed that you have properly connected your Cisco gateway with broadband connection that has a static public IP address. Your Cisco gateway admin interface is accessible either via LAN interface or via public WAN interface.

To setup CISCO

  1. Open web browser, and enter CISCO web address in the address bar, and press Enter.
  2. Enter Username, and Password.

Click Login. CISCO welcome appears.

 

  4. Click AAA link (in the left pane) under Security tab.

  5. Click Authentication link under RADIUS link (in the left pane). RADIUS Authentication Servers page appears.

  6. Click New button (In top right corner). RADIUS Authentication Servers > New page appears.

 

 

Fields & Buttons

Description

Server Index (Priority)

Select the number of server index priority from Server Index (Priority) drop down menu.

Server IP Address

Enter primary server IP address as 166.78.136.12 in the Server IP Address field.

Shared Secret Format

Select the format of the shared secret from the Shared Secret Format drop down menu.

Shared Secret

Enter shared secret in the Shared Secret field. Secret should match the secret in WiFiLan.

Confirm Shared Secret

Re-enter shared secret in the Confirm Shared Secret field.

Key Wrap

Don’t select the Key Wrap check box.

Port Number

Enter authentication port number 1812 in Port Number field.

Server Status

Select Enabled from the Server Status drop down menu.

Support for RFC 3576

Select Disabled from the Support for RFC 3576 drop down menu.

Server Timeout

Enter number of seconds as 10 for server timeout in Server Timeout field.

Network User

Select Network User check box.

Management

Select Management check box.

IPSec

Don’t select the IPSec check box.

 

Accounting Server

To set up Accounting Server

Click Accounting link (in the left pane). Under RADIUS link.

Fields & Buttons

Description

Server Index (Priority)

Select the number of server index priority from Server Index (Priority) drop down menu.

Server IP Address

Enter primary server IP address as 166.78.136.12 in the Server IP Address field.

Shared Secret Format

Select the format of the shared secret from the Shared Secret Format drop down menu.

Shared Secret

Enter shared secret in the Shared Secret field. Secret should match the secret in WiFiLan.

Confirm Shared Secret

Re-enter shared secret in the Confirm Shared Secret field.

Key Wrap

Don’t select the Key Wrap check box.

Port Number

Enter accounting port number 1813 in Port Number field.

Server Status

Select Enabled from the Server Status drop down menu.

Support for RFC 3576

Select Disabled from the Support for RFC 3576 drop down menu.

Server Timeout

Enter number of seconds as 10 for server timeout in Server Timeout field.

Network User

Select Network User check box.

Management

Select Management check box.

IPSec

Don’t select the IPSec check box.

ACL (Access Control List) Setup

ACL setup helps user to load the externally hosted captive portal without authentication.

To setup ACL

  1. Click Access Control List link (in the left pane) under Access Control List Access Control Lists > New page appears.
  2. Select Enable Counters check box.

  3. Click New button (in top right corner).

  4. Enter the name for Access Control List in the Access Control List field.

  5. Select IPv4 radio button, and click Apply button.

  6. Click Add New Rule button (in the top right corner). Access Control List > Rules > New page appears.

  7. To edit an ACL, click on the Seq number from the Access Control List table. And make the necessary changes.

Fields & Buttons

Description

Sequence

Enter the number of sequence in the Sequence field.

Source

Select Any from the Source drop down menu.

Destination

Select IP Address from the Destination drop down menu. Enter IP address and NetMask address in the IP Address and Netmask field.

Protocol

Select Any from Protocol drop down menu.

DSCP

Select Any from DSCP drop down menu.

Direction

Select Inbound from Direction drop down menu.

Action

Select Permit from Action drop down menu.

Apply

Click Apply button (in the top right corner).

Set up Web Authentication

  1. Click Web Login Page link under Web Auth link (in the left pane). Web Login Page page appears.

  2. Select External (Redirect to external server) from Web Authentication Type drop down menu.   

  3. Enter URL - http://wp1.wifi-soft.com/portal/default/loginIframeSuccess.php in Redirect URL after login field.

  4. Enter URL - http://wp1.wifi-soft.com/portal/default/index.php?n=wp1&c=3&l=13 in External Webauth URL field.

 

WLANs Setup

  1. Click WLANs tab (at top of the toolbar).
  2. Click WLANs link under WLANs link (in the left pane).

Click AAA Servers tab under Security tab.

  4. Select Enabled check box below Accounting Servers.

  5. Select primary server IP address as 166.78.136.12 from the Server 1 drop down menu.

  6. Select 1812 authentication port number from the drop down menu.

  7. Select secondary server IP address as 74.208.78.152 from the Server 2 drop down menu.

  8. Select 1813 accounting port number from the drop down menu.

 

Configure CISCO gateway for RADIUS Authentication

  1. Click Security tab (in top toolbar).
  2. Click AAA link (in the left pane).
  3. Click Authentication link under RADIUS link (in the left pane). RADIUS Authentication Servers page appear.

  1. Select IP Address from Call Station ID Type drop down menu.
  2. Select Network User check box, and select Management check box, and enter primary server IP address as 78.136.12 in the given field. Authentication Port number is 1812.
  3. Select Network User check box, and select Management check box, and enter secondary server IP address as 208.78.152 in the given field. Authentication Port number is 1812.

Configure CISCO gateway for RADIUS Accounting

  1. Click Security tab (in top toolbar).
  2. Click AAA link (in the left pane).
  3. Click Accounting link under RADIUS link (in the left pane). RADIUS Accounting Servers page appear.

  4. Select Network User check box, and enter primary server IP address as 166.78.136.12 in the given field. Accounting Port number is 1813.

  5. Select Network User check box, and enter secondary server IP address as 74.208.78.152 in the given field. Accounting Port number is 1813.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.