Configure ACLs on Cisco WLC
- From the Cisco WLC Web UI, click Security->Access Control Lists->Access Control Lists>New.
- In the Access Control List Name field, enter a name, and click Apply.
- cmxcisco.com has two IP addresses, which can be obtained by pinging cmxcisco.com (220.127.116.11 and 18.104.22.168 in the below figure). Configure Source and Destination, Permit ACLS for both IP addresses, as shown below.
Configure Cisco WLC (8.3 and later)
- From the Cisco WLC Web UI, click Security->Access-Control Lists->Create-new-> Select Drop down and select Add-remove URL.
- In the URL String Name field, enter cmxcisco.com and click Add.
- The purpose of adding this is URL, is optional means you can either add the hard coded IP's in ACL or use this DNS based URL to setup the connection between WLC controller and CMX Cloud.
- From the Cisco WLC Web UI, click WLANs and create/configure a WLAN of your choice.
- Click Security>Layer 2 and select None.
- Click Security>Layer 3 and configure the following:
- Select Web Policy from Layer 3 Security drop-down list.
- Select Passthrough.
- From the Preauthentication ACL drop-down list, select the ACL configured in the previous steps.
- Enable Over-ride Global Config.
- From the Web Auth Type drop-down list, select External(Re-direct to external server).
- In the URL text field, enter http://TLD.cmxcisco.com/visitor/login, where TLD is the unique string you login to admin UI with your account credentials.
Configure FlexConnect on Cisco WLC
- Configure FlexConnect ACL referring to the link.
- In Step 3 of the previous task (Configure WLAN), select the configured ACL from the WebAuth Flex ACL drop-down list.
- Select None from the Preauthentication ACL IPv4 and IPv6 drop-down list.
Client Certificate WarningFrom the Cisco WLC Web UI, select Management>HTTP-HTTPS>WebAuth SecureWEb. If this option is enabled, you need to upload a proper certification to the Cisco WLC to avoid a certificate warnings on client. To avoid these certificate warnings, disable this option.
Configure Custom Portal
- Log in to Cisco CMX.
- Choose CONNECT & ENGAGE > Library > Templates.
- Select any template of your choice, for this document we will be selecting the “Registration Form” template.
- Enter the name of your Portal.
- After entering the portal name you will be shown a page as seen below
- Click on Logo or Image to be shown as part of your portal login page by clicking on Choose Image button.
- Browse and upload an image from your local system.
- Click on Terms & Conditions section to edit the content.
- Click Save button after editing the template.
- Click the Connect Experiences tab.
- Under “Custom Portals” > “Click to assign portal”.
- Select the portal created from the drop-down list.
- Connect a client to the SSID and try to open cisco.com.
- You will be redirected to the portal page created for registration.
- Upon entering the name, your email address, and agreeing to the terms & conditions, click the SUBMIT button. At this point, the client device will be redirected to cisco.com.