Go to Cloudi-Fi
All Collections
Deployment
Cisco Catalyst 9800 Integration

Cisco Catalyst 9800 Integration

This article describes how to enable Cloudi-Fi Captive Portal directly and natively in your Cisco Catalyst 9800
Mahfoud avatar
Written by Mahfoud
Updated over a week ago

Summary:

  1. Get Cloudi-Fi required information

  2. WEB Auth configuration

  3. Radius Configuration

  4. WLAN Configuration

  5. Walled Garden and Radius Accounting

  6. Tags & Profiles

1) Get Cloudi-Fi required URL and Radius Secret

Go to your Cloudi-Fi administration interface and get the URL for external authentication

Go to Locations Menu

Click on the menu button of the location and select "Copy Splash page URI"

  • Copy the URI.
    Note: Make sure that the URL contains the following attribute:
    spentityid=spcisco.com

Go to the chat interface and ask for your Radius secret

  • Copy the secret as well

2) WEB Auth configuration

Go to Configuration > Security > Web Auth. Click on Global profile and ensure the below :

  • Virtual IPv4 Address: 192.0.2.1

Click on Add Button and configure as described below :

  • Parameter-map name: guest_wifi

  • Maximum HTTP connections: 200

  • Init-State Timeout: 3600

  • Type: webauth

Apply to device

Click on the object you have created and modify the below

On the General Tab :

  • Banner Type: None

  • Turn-on Consent with Email: Disabled

  • Captive Bypass Portal: Disabled

  • Disable Success Window: Enabled

  • Disable Logout Window: Enabled

  • Sleeping Client Status: Enabled

  • Sleeping Client Timeout: 720

On the Advanced Tab:

  • Redirect for log-in: Splash page URI copied from the Cloudi-Fi interface

  • Redirect On-Success: https://login.cloudi-fi.net/success.php

  • Redirect On-Failure: Splash page URI copied from the Cloudi-Fi interface

  • Redirect Append for AP MAC Address: ap_mac

  • Redirect Append for Client MAC Address: client_mac

  • Redirect Append for WLAN SSID: wlan_ssid

  • Portal IPV4 Address: 178.33.251.41

Apply to Device

3) Radius configuration

Go to Configuration > Security > AAA. Select Servers / Groups and add:

  • Name: Cloudi-Fi-Rad1

  • IPv4 / IPv6 Server Address: Primary IP

  • Key Type: 0

  • Key: Shared Secret

  • Confirm Key: Shared Secret

  • Auth Port: 1812

  • Acct Port: 1813

  • Server Timeout: 10

  • Retry Count: 3

  • Support for CoA: Disabled

Apply to Device

Click Add again and configure :

  • Name: Cloudi-Fi-Rad2

  • IPv4 / IPv6 Server Address: Secondary IP

  • Key Type: 0

  • Key: Shared Secret

  • Confirm Key: Shared Secret

  • Auth Port: 1812

  • Acct Port: 1813

  • Server Timeout: 10

  • Retry Count: 3

  • Support for CoA: Disabled

Apply to Device

On the Servers Groups sub tab, add:

  • Name: Cloudi-Fi_Radius

  • Group Type: RADIUS

  • MAC-Delimiter: hyphen

  • MAC-Filtering: none

  • Assigned Servers: Cloudi-Fi-Rad1, Cloudi-Fi-Rad2

Apply to Device

Click on the AAA Method List tab and add:

  • Method List Name: Cloudi-Fi_Auth

  • Type: login

  • Group Type: group

  • Assigned Server Groups: Cloudi-Fi_Radius

Apply to Device

Click on Accounting sub tab and add:

  • Method List Name: Cloudi-Fi_Acct

  • Type: identity

  • Assigned Server Groups: Cloudi-Fi_Radius

Go to AAA Advanced and click on Advanced Settings. Configure both Accounting and Authentication with:

  • Call Station ID: ap-macaddress-ssid

  • Call Station ID Case: upper

  • MAC-Delimiter: hyphen

  • Username Case: lower

  • Username Delimiter: none

4) WLAN configuration

Go to Configuration > Tags & Policies and add or edit an existing WLAN :

On the General tab:

  • Profile Name: Cloudi-Fi_Guest

  • SSID: YOUR_SSID_NAME

  • Status: Enabled

  • Radio Policy: All

  • Broadcast SSID: Enabled

On Security > Layer 2 tab:

  • Layer 2 Security Mode: None

  • MAC Filtering: Disabled

On Security > Layer 3 tab. Click on Show Advanced Settings :

  • Web Policy - Enabled

  • Web Auth Parameter Map - guest_wifi

  • Authentication List - Cloudi-Fi_Radius

  • On Mac Filter Failure - Disabled

  • Splash Web Redirect - Disabled

  • IPv4 ACL - preauth_v4 or WA-sec-178.33.251.41

Apply to Device

5) Walled Garden and Radius Accounting

Go to Configuration > Security > URL Filters and add :

  • List Name: WalledGarden

  • Type: PRE_AUTH

  • Action: PERMIT

  • URLs:

    • 178.33.251.41

    • login.cloudi-fi.net

    • *.cloudi-fi.net

Apply to device

Go to Configuration > Tags & Profiles > Policy and add

On the General tab:

  • Name: guest_policy

  • Status: Enabled

On the Access Policies tab:

  • URL Filters: WalledGarden

On the Advanced tab:

  • Session Timeout: 43200

  • Idle Timeout: 3600

  • Allow AAA Override: Enabled

  • Accounting List: Cloudi-Fi_Acct

Apply to device

6) Tags & Profiles

Go to Configuration > Tags & Profiles > Tags and Add

  • Name: guest_tag

  • WLAN Profile: Cloudi-Fi_Guest

  • Policy Profile: guest_policy

Apply to Device

Finally, go to Administration > Management > HTTP/HTTPS/Netconf and ensure the below:

  • HTTP Access: Enabled

  • HTTPS Access: Enabled

Make sure to Save the Configuration to ensure your changes are persisted on reboot.

Did this answer your question?