Policy Plan Authorization over Cloud (AAA over Cloud)

As a customer of the CMX Cloud service, you are provided access to a permanently hosted AAA server that can be configured on your Cisco WLC. 


  • Ensure that your firewall permits traffic to and from the UDP port number 1812 and the hosted IP address

         You will need to provide Cisco the following information in order to get provisioned properly.

  1. Your public facing IP that your WLC is sending traffic from. We need this information in order to whitelist your public facing IP address for the WLC in our firewalls.
  2. Your CMX tenant ID, tenant ID can be found in the welcome email you received from CMX Cloud.
  3. Your CMX authentication token, again this information can be found in the welcome email from CMX Cloud.
  4. Shared Secret to be used with the AAA authentication. Provide something unique.
  5. A list of one or more AP Mac Addresses that you will be using with the service. We will need the Base Radio MAC addresses for the APs.

Step 1: Configuring the Policy Plan Authorization from Your Cisco WLC

  1. In the Cisco WLC Web UI, choose Security > Authentication.
  2. Click New at the top right corner to add a new RADIUS Authentication server.
  3. In the Server IP Address field, enter  This is the permanent RADIUS server IP address that Cisco hosts as a part of CMX Cloud service.
  4. In the Shared Secret field, enter the Shared Secret you provided to Cisco support.
  5. Enter the same Shared Secret value in the Confirmed Shared Secret field. The RADIUS Authentication Servers window is displayed, showing the IP address has been added. 
  6. From the Auth Called Station ID Type drop-down list, select the AP MAC Address
  7. Ensure the MAC Delimiter is set to Colon

  8.  Choose WLANs > Security > AAA Servers, choose from the Server X drop-down list (where X is the number), and then click Apply to add the RADIUS Authentications server to your WLAN. 


Step 2: Create a WLAN With Proper Settings

  1. Create a WLAN
  2. Under Security for Layer 2 make sure MAC Filtering is checked.
  3. For Layer 3 Security make sure to choose On MAC Filter failure
  4. Under Advanced make sure Allow AAA Override is checked.

Step 3: Configuring the Policy Plan Authorization from Your CMX Cloud Console

  1. From the Cisco CMX Dashboard, choose CONNECT&ENGAGE > Policy Plans > New Policy Plans.
  2. Enter your policy details, and then click Create.


Please sign in to leave a comment.