Jaze Access Manager (JAM) can function as an external captive portal and authentication server for Cisco Wireless LAN Controller. The following steps explain the configuration to be done.


On Cisco WLC

  1. Under Security -> RADIUS -> Authentication, add a new server. Enter the Server IP Adress as an interface IP of JAM. Enter a secret key to be shared with JAM. Leave the port number at the default value of 1812. Disable the Network User and Management checkboxes.

  2. Similarly add an Accounting server. Enter the same shared secret as in the previous step. Uncheck Network User checkbox.

  3. Under Security -> Access Control Lists -> Access Control Lists, create a new ACL as below. DNS traffic and traffic to & from the the JAM interface will be permitted. 

  4. Create a WLAN under WLANs. Click Go next to Create New option. Choose the type as WLAN, enter a Profile Name and SSID. 

  5. Under Security tab of the WLAN, set Layer 2 Security to None.

     

  6. Under the Layer 3 tab, check the Web Policy checkbox. Set the Preauthentication ACL to the ACL created in step 3. Enable the Over-ride Global Config checkbox. Set the Web Auth type to External. Enter the URL in the following form - http://<IP address of JAM>:8001. If you choose to, you could map the IP address of JAM to an internal hostname. In this case the URL will be of the form http:://<hostname>:8001 

  7. On the AAA servers, set the Authentication and Accounting servers to the servers created in step 1 and 2 respectively. Enable Interim Accounting and set the Interim Interval to 180. Remove LOCAL and LDAP from the list which specifies the Order Used For Authentication. 

  8. On the Advanced tab, enable "Allow AAA override" and disable "Enable Session Timeout". Click Apply. 

  9. SSH into Cisco WLC and execute the following command - 

    config custom-web logout-popup disable

     

On Jaze Access Manager


Under Secure Authentication click WLAN Controllers. Click on Add Device under "Wireless LAN AP/Controller Device" section in the page.

Give a name for identification, enter the IP address of Cisco WLC and choose the vendor as Cisco. Enter the shared secret which was used in steps 2 and 3 of configuring Cisco WLC. Choose the mode of operation as Cisco and leave the CoA Port at the default value of 3799.