Set Up Cisco CMX Connect

Configure ACLs on Cisco WLC

  1. From the Cisco WLC Web UI, click Security->Access Control Lists->Access Control Lists>New.
  2. In the Access Control List Name field, enter a name, and click Apply.
  3. has two IP addresses, which can be obtained by pinging ( and in the below figure).  Configure Source and Destination, Permit ACLS for both IP addresses, as shown below.

Configure Cisco WLC (8.3 and later)

  1. From the Cisco WLC Web UI, click Security->RADIUS->DNS.

  2. In the URL String Name field, enter and click Add.


Configure WLAN

  1. From the Cisco WLC Web UI, click WLANs and create/configure a WLAN of your choice.
  2. Click Security>Layer 2 and select None. 
  3. Click Security>Layer 3 and configure the following:
    • Select Web Policy from Layer 3 Security drop-down list.
    • Select Passthrough.
    • From the Preauthentication ACL drop-down list, select the ACL configured in the previous steps.
    • Enable Over-ride Global Config.
    • From the Web Auth Type drop-down list, select External(Re-direct to external server).
    • In the URL text field, enter, where TLD is the unique string you login to admin UI with your account credentials.

Configure FlexConnect on Cisco WLC

  1. Configure FlexConnect ACL referring to the link.
  2. In Step 3 of the previous task (Configure WLAN), select the configured ACL from the WebAuth Flex ACL drop-down list.
  3. Select None from the Preauthentication ACL IPv4 and IPv6 drop-down list.

Client Certificate Warning

From the Cisco WLC Web UI, select Management>HTTP-HTTPS>WebAuth SecureWEb.  If this option is enabled, you need to upload a proper certification to the Cisco WLC to avoid a certificate warnings on client. To avoid these certificate warnings, disable this option.

Configure Custom Portal

    1. Log in to Cisco CMX.
    2. Choose CONNECT & ENGAGE > Library > Templates.
    3. Select any template of your choice, for this document we will be selecting the “Registration Form” template.
    4. Enter the name of your Portal.
    5. After entering the portal name you will be shown a page as seen below
    6. Click on Logo or Image to be shown as part of your portal login page by clicking on Choose Image button.
    7. Browse and upload an image from your local system.
    8. Click on Terms & Conditions section to edit the content.
    9. Click Save button after editing the template.
    10. Click the Connect Experiences tab.
    11. Under “Custom Portals” > “Click to assign portal”.
    12. Select the portal created from the drop-down list.
    13. Connect a client to the SSID and try to open
    14. You will be redirected to the portal page created for registration.
    15. Upon entering the name, your email address, and agreeing to the terms & conditions, click the SUBMIT button. At this point, the client device will be redirected to


  • Avatar
    Kyle Mills


    Edited by Kyle Mills
  • Avatar
    Serena Harris


    Edited by Serena Harris
  • Avatar
    Ali Yassine

    Good Document!

    If i have a Guest SSID using a Third party WebServer with an SSL certificate for Web Auth. Also, WebAuth SecureWeb is enabled. what can i do to have another SSID using CMX for Web Auth without having the certificate error Pop up everytime a guest associate to the second guest SSID?

Please sign in to leave a comment.