Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Cisco OSU - Odyssys® Support

Cisco WLC Hotspot 2.0 R1
Configuration Guide
Disclaimer
THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN (“MATERIAL”) IS PROVIDED FOR GENERAL
INFORMATION PURPOSES ONLY. GLOBAL REACH AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, WITH REGARD TO THE MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE MATERIAL IS ERRORFREE, ACCURATE OR RELIABLE. GLOBAL REACH RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES TO THE MATERIAL
AT ANY TIME.
Limitation of Liability
IN NO EVENT SHALL GLOBAL REACH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL
DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY THIRD PARTY,
WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE MATERIAL.
VERSION 1.0 PUBLISHED MAY 2015
Page 2 of 16
Global Reach Technology Ltd
Commercial in Confidence
SETTING UP ODYSSYS FOR HOTSPOT 2.0
1. Within your Internet browser, navigate to http://manager.odyssys.net
2. Login to Odyssys, using your Customer ID, Username and Password
3. Using the navigation panel on the left hand side of the Odyssys Dashboard, select "Captive Portals" then "Captive
Portals" and finally "Create Captive Portal"
4. Enter the following details to create a new Captive Portal
Name: <Name of your Captive Portal>
Description: <Description of your Captive Portal>
RADIUS Shared Secret: <Either keep the current shared secret or create your own>
Hardware Vendor: Cisco
Page 3 of 16
Global Reach Technology Ltd
Commercial in Confidence
Click "Create" to save the settings and complete initial setup of the Captive Portal for Hotspot 2.0 Online Sign-Up
5. Click on your newly created Hotspot, select “Auth Providers” and then “Add Provider”
6. Enter the below settings to create Hotspot 2.0 provider
Authentication Provider: Hotspot 2.0 Registration
Group Name: <Group name of your choice>
Realm: <This will be provided to you in your welcome pack>
Leave the rest of the settings default
Click “Add Provider” when complete
Page 4 of 16
Global Reach Technology Ltd
Commercial in Confidence
9. Click the arrow button on “One Time Sign-Up” and click “Delete Provider” to remove this Auth Provider
8. Click the “General Info” tab for details on your Hotspot 2.0 settings required for your controller
Page 5 of 16
Global Reach Technology Ltd
Commercial in Confidence
SETTING UP THE CISCO WLC FOR HOTSPOT 2.0
1. Login to the Cisco WLC Controller
2. Click on the "Security" tab from the top menu and select "AAA" then "RADIUS" and finally "Authentication" from the
Security menu located on the left-hand side of the SECURITY window.
3. Select "New" from the upper right corner of the RADIUS Authentication Servers window.
Page 6 of 16
Global Reach Technology Ltd
Commercial in Confidence
4. Enter the RADIUS Authentications settings listed below from the Captive Portal section of Odyssys.
Server IP Address
Shared Secret
Confirm Shared Secret
Port Number
Click "Apply" once completed
5. Repeat steps 3 and 4 again for the Secondary RADIUS Server IP addresses remembering to click "Apply" when
complete to save the settings.
6. Still within the SECURITY tab and menu, select "Accounting" in the RADIUS sub-menu and then click "New" located in
the upper right corner of the RADIUS Accounting Servers window.
Page 7 of 16
Global Reach Technology Ltd
Commercial in Confidence
7. Enter in the RADIUS Accounting settings listed below from the Captive Portal section of Odyssys:
Server IP Address - this is the same as the Authentication Server IP addresses
Shared Secret
Confirmed Shared Secret
Port Number - this is different to the Authentication Port Number
Click "Apply" when complete to save the settings
8. Repeat steps 6 and 7 for the Secondary RADIUS Server IP address remembering to click "Apply" when complete to save
settings.
9. Still within the SECURITY tab and menu, select "Access Control Lists" and then "Access Control Lists" from the submenu.
10. Click on "New..." in the upper right corner of the Access Control Lists window.
Page 8 of 16
Global Reach Technology Ltd
Commercial in Confidence
11. Enter the name of the 'Pre-Auth-for-External-Web' in the Access Control List Name box and click "Apply" to save the
settings.
12. Click the "Pre-Auth-for-External-Web" link to edit the Access Control Lists.
13. Select on the "Add New Rule" option in the top right of the Access Control Lists window.
Page 9 of 16
Global Reach Technology Ltd
Commercial in Confidence
14. Complete the highlighted fields with the information provided below, creating a new rule for each sequence number.
The fields that need to be modified are "Sequence", "Source", "Destination" and "Action". The "Protocol", "DSCP" and
"Direction" fields should be left as default.
Sequence: 1
Source: IP 54.246.95.205 Mask 255.255.255.255
Destination: Any
Action: Permit
Sequence: 2
Source: Any
Destination: IP 54.246.95.205 255.255.255.255
Action: Permit
Sequence: 3
Source: IP 54.243.42.241 Mask 255.255.255.255
Destination: Any
Action: Permit
Sequence: 4
Source: Any
Destination: IP 54.243.42.241 Mask 255.255.255.255
Action: Permit
Sequence: 5
Source: Any
Destination: IP 54.247.108.6 Mask 255.255.255.255
Action: Permit
Sequence: 6
Source: IP 54.247.108.6 Mask 255.255.255.255
Destination: Any
Action: Permit
Below is how the Access Control List will look after all of the above settings have been entered.
Page 10 of 16
Global Reach Technology Ltd
Commercial in Confidence
SETTING UP THE ONLINE SIGN-UP SSID
15. Select the "WLANs" tab from the top menu bar and select "Create New" from the drop down list in the upper right of
the WLANs window and click "Go". This is for the Online Sign-Up SSID.
16. Enter a Profile Name and the SSID that will be broadcast (these can be the same). The Profile Name is used for
administrative purposes and the SSID will be the Wi-Fi name users connect to.
Click "Apply" when complete to save the settings.
17. Select the "Security" tab within the WLANs page, then
Select “Layer 2” and from the Layer 2 Security option drop down select “None”
Select "Layer 3" and apply the following settings
Layer 3 Security: Web Policy
Radio button: Authentication
Pre-authentication ACL: Pre-Auth-for-External-Web
Over-ride Global Config: Enable
Web Auth Type: External (redirect to External server)
URL: Online Sign-Up URL from Odyssys (please remember to add http: in front of the web address)
Click "Apply" when complete to save settings
Page 11 of 16
Global Reach Technology Ltd
Commercial in Confidence
19. Select "WLANs" from the top menu, then select on the "WLAN ID". From the "General" tab, tick the "Status - Enabled"
box and click "Apply" to begin broadcasting the SSID.
SETTING UP SECURE HOTSPOT 2.0 SSID
20. Select the "WLANs" tab from the top menu bar and select "Create New" from the drop down list in the upper right of
the WLANs window and click "Go". This is for the secure Hotspot 2.0 SSID.
21. Enter a Profile Name and the SSID that will be broadcast (these can be the same). The Profile Name is used for
administrative purposes and the SSID will be the Wi-Fi name users connect to.
22. Select the "Security" tab within the WLANs page and then select the "AAA Servers" option.
Check both the "Authentication Servers" and "Accounting Servers" tick boxes
Choose the Primary (Server 1) and Secondary (Server 2) RADIUS Servers for both Authentication and Accounting
Page 12 of 16
Global Reach Technology Ltd
Commercial in Confidence
TECH NOTE
The port numbers for Authentication and Accounting are different so make sure you apply them to the
relevant fields. If you are unsure, check Odyssys to identify the appropriate ports for Authentication or
Accounting.
Enable the "Interim Update" and set the "Interim Interval" to 180.
Scroll down and move "LOCAL" and "LDAP" Servers to the left using the arrow buttons
Click "Apply" when complete to save the settings.
23. Click the WLANs tab again, hover over the blue button on your newly created WLAN and select “802.11u”.
Page 13 of 16
Global Reach Technology Ltd
Commercial in Confidence
24. Tick the 802.11u Status box and click “Apply”
Enter in the below settings
Network Type: Personal Device Network
HESSID: <SSID of one of your AP’s>
IPv4 Type: Single NATed private
Domain Name: odyssys.net (Click Add once information has been entered)
Realm: <This will be issued to you as part of your welcome pack> (Click Add once information has been entered)
Click “Apply” once completed
25. Click the WLANs tab, hover over the blue button of your WLAN again and select “Hotspot 2.0”.
26. Tick the “Hotspot2 Enable” check box and click “Apply”.
Page 14 of 16
Global Reach Technology Ltd
Commercial in Confidence
27. Select "WLANs" from the top menu, then select on the "WLAN ID". From the "General" tab, tick the "Status - Enabled"
box and click "Apply" to begin broadcasting the SSID.
Page 15 of 16
Global Reach Technology Ltd
Commercial in Confidence
Global Reach Technology Ltd
Craven House, 121 Kingsway
London WC2B 6PA
T +44 (0) 20 7831 5630
info@globalreachtech.com
Copyright © Global Reach Technology Limited
All rights reserved.
Global Reach and the Global Reach logo
are registered trademarks.
Related documents
Registration
Registration
Graduate Site Engineer
Graduate Site Engineer
No Company Name Main Product Details of Products Homepage
No Company Name Main Product Details of Products Homepage
N3FJP_FieldDaySoftwareTutorial
N3FJP_FieldDaySoftwareTutorial
Trainee Managers – Scotland & South England Euroforest Ltd is the
Trainee Managers – Scotland & South England Euroforest Ltd is the
The-McOnie-Agency-U.K
The-McOnie-Agency-U.K
Download