Configuring Cisco 3850 WLC

Configuring Cisco WLC using Web GUI

You can configure CISCO WLC 3850 by performing the steps as stated below:

  1. Create a RADIUS server.
  2. Create a Radius Server Group and map with the newly created RADIUS server
  3. Create an Authentication list and map with the newly created Radius Server Group.
  4. Create an Accounting list and map with the newly created Radius Server Group.
  5. Create an Authorization list and map with the newly created Radius Server Group.
  6. Create a Webauth Parameter Map
  7. Create an Access List
  8. Create a Sequence Number
  9. Create a Wireless SSID

To configure the CISCO WLC 3850:

  1. Login to CISCO WLC. The CISCO Wireless Controller home page appears.
  2. From the Configuration, drop-down list select Security. The options under the Security section are displayed.
  3. Select AAA > Radius > Servers to create a Radius server. The Radius Server screen appears.
  4. Click New to create a Radius server.
  5. Enter relevant details and click Apply at the right top corner of the page. A new RADIUS server is created.
  6. Select AAA > Server Groups > Radius to create a Radius Server Group. The Radius Server Groups screen appears.
  7. Click New the Radius Server Group > New screen appears.
  8. Enter a name in the Name field. From the Available Servers box select the server which you have created in step 5 and click the button to move it to the Assigned Servers box.
  9. Click Apply to save the Radius Server Group.
  10. Select AAA > Method List > Authentication to create an Authentication list.
    The Authentication screen appears.
  11. Click New. The Authentication > New screen appears.
  12. Enter the details in the fields as follows:
    • In the Method List Name field enter webauth_radius
    • For Type, select login
    • For Group Type select group
    • Select the ‘wirelessradius’ server group that you have created earlier from the Available Server Groups box and click to move it to the Assigned Server Groups box.
  13. Click Apply to save the Authentication.
  14. Select AAA > Method List > Accounting to create an Accounting list. The Accounting screen appears.
  15. Click New to create an Accounting list. The Accounting > New screen appears.
  16. Enter the details in the fields as follows:
    • In the Method List Name field enter webauth_radius.
    • For Type, select network.
    • Select the ‘wirelessradius’ server group that you have created earlier from the Available Server Groups box and click to move it to the Assigned Server Groups box.
    • Click Apply to save the Accounting list.
  17. Select AAA > Method Lists > Authorization to create an Authorization list. The Authorization screen appears.
  18. Click New to create an Authorization list. The New screen appears.
  19. Enter the details in the fields as follows:
    • In the Method List Name field enter webauth_radius.
    • For Type, select network.
    • For Group Type select group.
    • Select the ‘wirelessradius’ server group that you have created earlier from the Available Server Groups box and click to move it to the Assigned Server Groups box.
  20. Click Apply to save the Authorization list.
  21. Select Web Auth > Webauth Parameter Map to create a Webauth Parameter Map. The Webauth Parameter Map screen appears.
  22. Click New to create a Webauth Parameter Map. The Webauth Parameter Map > New screen appears.
  23. Enter the details in the fields as follows:
    • In the Parameter – map name field enter vt_web.
    • In Maximum HTTP connections (1-200) enter 30.
    • In Init-State Timeout (60-3932100 in seconds) enter 120.
    • In Fin-Wait Timeout (1-2147483647 in millisecond) enter 3000.
    • In Redirect for login field enter https://10.204.89.165/guest - This is the IPS URL to which a guest is redirected when tried to access a website.
    • In Portal IPv4 address enter 10.204.89.165.
  24. Click Apply to save the Webauth Parameter Map.

    A default Webauth Parameter Map is created a shown in the following figure.

  25. Select ACL > Access Control List to create an Access Control List. The Access Control Lists screen appears.
  26. Click Add New. The New Access List screen appears.
  27. In the Name field enter REDIRECT-ACL, and then click Apply at the right top corner. The New Sequence Number screen appears.
  28. Enter relevant details and click Apply. Allow traffic to the Ivanti Policy server IP address - 10.204.89.165.
  29. On the main menu select Configuration > Wireless to create a Wireless SSID. The WLANs screen appears.
  30. Click New. The WLANs > Create New screen appears.
  31. Click Apply. The WLAN is created and displayed in WLANs screen.
  32. Click the WLAN to configure. The General tab options of the WLAN appears.
  33. Select the options as shown in figure and then click Apply to save the configurations.
  34. Click the Security tab. The options under Security > Layer2 appears.
  35. Select the options as shown in figure and then click Apply to save the configurations.
  36. Click Layer3 The options under Layer3 appears.
  37. Select the options:
  38. For Webauth Authentication List select ‘webauth_radius’ which you have created earlier.
  39. For Preauthentication IPv4 ACL select ‘REDIRECT-ACL’ which you have created earlier.
  40. Click Apply to save the configurations.
  41. Click AAA Server.

    The options under AAA Server appears.

  42. From the Accounting Method drop-down list select ‘webauth_radius’ which you have created earlier. Click Apply to save the configurations.
  43. Click Advanced.

    The options under Advanced appears.

  44. Select the check box Allow AAA Override, so that radius attribute sent from IPS can be applied. Select other options as shown in the above figure and then click Apply to save the configurations.