Describes how to configure your Cisco Mobility Express to activate the Cloudi-Fi splash page feature.
Use case
The following sections provide step-by-step instructions for integrating Cisco Mobility Express with Cloudi-Fi.
Prerequisites
Before starting, ensure that you have the following prerequisites:
- Access to Cloudi-Fi's admin console
- Cloudi-Fi Radius IPs and Secret
- Access to the Cisco
1. Get the Cloudi-Fi required URL and Radius Secret
To create a new location in the Cloudi-fi Admin interface if it doesn't already exist, follow these instructions:
Go to the "Location" section in the Cloudi-fi Admin interface.
Create a New Location and enter the required details for the new location:
- Location Name
- Type (Redirect URL)
- Portal template
- Country
Location URL: this URL will be used to configure an External Captive Portal
- Access the Cloudi-Fi administration console
- Select the location
- Click on the menu button for the location
- Select "Copy Splash page URL"
Transform the URL as follows:
Cloudi-Fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spsomething.com
Cisco Mobility Express
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spcisco.com
2. Get Radius information
You will need the Radius information (Server IPs, Secrets, Ports) to set up.
- IPs address of the Radius servers
- Ports: UDP 1812 (Authentication) & 1813 (Accounting)
- The Secret (provided by Cloudi-Fi Support)
You can get the Secret by asking in the Chatbot; Cloudi-fi’s Support team will provide you with the necessary information.
What shared secret is used for the Radius server? (Please save this confidential information securely and do not share it publicly).
3. Radius configuration
Log in to your Mobility Express web interface and enable "Switch to Expert View" at the top right.
On the left-side menu, go to Management Admin Radius and configure as follows:
-
Authentication Call Station ID Type: AP MAC Address: SSID
-
Authentication MAC Delimiter: Hyphen
-
Accounting Call Station ID Type: AP MAC Address: SSID
-
Accounting MAC Delimiter: Hyphen
Click Apply and add Radius Authentication Server:
-
State: Enabled
-
COA: Disabled
-
Server IP Address: Provided by Cloudi-Fi Support
-
Shared Secret: Provided by Cloudi-Fi Support
-
Confirm Shared Secret: as above
-
Port Number: 1812
Click Apply and add the secondary Radius Authentication Server.
4. ACL rule
5. SSID configuration
Go to Wireless Settings WLANs. Click Add new and configure with :
On the General tab :
-
Profile Name: Guest Wi-Fi
-
SSID: Your SSID name
-
Admin State: Enabled
-
Radio Policy: ALL
-
Broadcast SSID: Enabled
On the WLAN Security tab:
-
Guest Network: Enabled
-
Captive Network Assistant: Enabled
-
Radius Compatibility: Cisco ACS
-
Captive Portal: External Splash page
-
Captive Portal URL: Splash page URI copied from the Cloudi-Fi interface
-
Access Type: Radius
Under ACL Name (IPV4), select the Pre-auth profile you've created in step 3.
Under Radius Server, select the Radius Authentication Servers.
On the Advanced tab:
-
Allow AAA Override: Enabled
Troubleshooting
If you’re facing issues with your captive portal, it may have several root causes.
Before beginning, please check that the following Firewall rules are active, as mentioned in the Solution prerequisites section.
if problems persist after configuring, follow these steps and share the following details with the Cloudi-Fi support team:
- Capture a web snapshot from your browser
- Share with the Cloudi-Fi support team
- Provided the URL of the captive portal configured on your Cisco device
- Share any User IDs encountering error pages
Captive portal display issue before or after authentication
The problem may be related to DHCP or DNS.
- Check that your IP address is valid.
- Check that login.cloudi-fi.net is resolved.
Assuming the DNS and IP address function correctly, you still have a captive portal problem.
- You must type http://neverssl.com in your browser to apply the redirection to the portal.
- If the captive portal still does not appear, check the authorizations in "ACL Rule''.
- Follow the path below and check if Cloudi-Fi’s domains or IPs are authorized before authentication.
Error after authentication on the page
Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal. Check if:
- The URL transformed at the beginning is not misconfigured.
- Radius does not receive requests from Cloudi-Fi.
Check the configuration of the Radius server:
- The IP address of Radius
- Radius port (default port 1812)
- The shared password.
Test authentication
To conduct this test, connect to the SSID, then try to authenticate yourself on the captive portal page and check that the authentication process is successful.
If you have any questions, don't hesitate to contact us - How to contact your support?
What’s next?
Please refer to this page for additional details regarding Cisco and Cloudi-Fi configurations.