Professional Documents
Culture Documents
Odyssys Setup Guide Cisco WLC CoA
Odyssys Setup Guide Cisco WLC CoA
CoA
Setup Guide
Disclaimer
THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN (“MATERIAL”) IS PROVIDED FOR GENERAL
INFORMATION PURPOSES ONLY. GLOBAL REACH AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, WITH REGARD TO THE MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE MATERIAL IS
ERROR-FREE, ACCURATE OR RELIABLE. GLOBAL REACH RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES TO
THE MATERIAL AT ANY TIME.
Limitation of Liability
IN NO EVENT SHALL GLOBAL REACH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR
CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR
ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF,
THE MATERIAL.
Page 2 of 15
• You have a controller installed in an environment where compatible Access Points are configured to
work with the controller, i.e - DNS, DHCP options configured correctly
• Obtain an IP address
The following components are required to be configured and working in your environment before attempting
integration with Odyssys;
• DHCP Server
• DNS Server
• Firewall NAT
PLEASE NOTE -
This is a technical document and as such, integration of your hardware with Odyssys should only be handled by
trained individuals.
TECH NOTE
Odyssys does not use standard RADIUS ports, therefore please make sure you allow the ports in your firewall,
defined in your manager.odyssys.net Captive Portal settings.
Page 3 of 15
Before you attempt to configure your Cisco Wireless LAN Controller (WLC) for use with CoA authentication and
Odyssys, you will first need to create your own captive portal.
1. First, navigate to https://manager.odyssys.net and log in using your assigned Customer ID, username and
password.
2. Select Captive Portals > Captive Portals from the left-hand menu and click Create Captive Portal.
Page 4 of 15
Page 5 of 15
TECH NOTE: Ensure the your Auth Called Station ID Type is set to AP MAC Address: SSID and your MAC
delimiter is set to Hyphen.
3. Click the New… button, and enter the Authentication RADIUS settings obtained from Odyssys (under the
General Info tab of the Captive Portal you created earlier) The mandatory fields are as follows:
4. Repeat steps 2 and 3 again for the Secondary RADIUS Server IP addresses, remembering to click "Apply" when
complete to save the settings.
Page 6 of 15
TECH NOTE: Ensure the your Acct Called Station ID Type is set to AP MAC Address: SSID and your MAC
delimiter is set to Hyphen.
6. Enter in the RADIUS Accounting settings listed below from the Captive Portal section of Odyssys:
7. Repeat steps 5 and 6 for the Secondary RADIUS Server IP address remembering to click "Apply" when complete
to save.
Page 7 of 15
8. Still within the SECURITY tab and menu, select "Access Control Lists" and then "Access Control Lists" from the
sub-menu.
9. Click on "New..." in the upper right corner of the Access Control Lists window.
10. Enter the name of the Pre Authentication Access Control List and click Apply to save the settings. Remember
this must exactly match the Pre Auth ACL value set in Odyssys in step 2 of this guide.
11. Click the ACL you have just created and click the Add New Rule button.
Page 8 of 15
The fields that need to be modified are "Sequence", "Source", "Destination" and "Action". The "Protocol",
"DSCP" and "Direction" fields should be left as default.
Sequence: 1
Source: IP 54.246.95.205 Mask 255.255.255.255
Destination: Any
Action: Permit
Sequence: 2
Source: Any
Destination: IP 54.246.95.205 255.255.255.255
Action: Permit
Sequence: 3
Source: IP 54.243.42.241 Mask 255.255.255.255
Destination: Any
Action: Permit
Sequence: 4
Source: Any
Destination: IP 54.243.42.241 Mask 255.255.255.255
Action: Permit
Sequence: 5
Source: Any
Destination: IP 54.247.108.6 Mask 255.255.255.255
Action: Permit
Sequence: 6
Source: IP 54.247.108.6 Mask 255.255.255.255
Destination: Any
Action: Permit
Below is how the Access Control List will look after all of the above settings have been entered.
Page 9 of 15
13. Select the WLANs tab from the top menu, select Create New from the drop down list in the upper right of the
page, and click Go.
14. Enter a Profile Name and the SSID that will be broadcast (these can be the same). The Profile Name is used for
administrative purposes and the SSID will be the Wi-Fi name users connect to. Click Apply when complete to
save the settings.
15. Select the Security tab under the settings for your WLAN and apply the following settings.
Layer 2
Layer 2 Security: None
Mac Filtering: Tick the checkbox
Layer 3
Layer 3 Security: None
AAA Servers
RADIUS Servers: Tick the Enabled checkbox for both Authentication and Accounting Servers. Then from the
Server 1 and Server 2 dropdown boxes select the Primary & Secondary Authenticaiton and Accounting servers
configured in steps 3 – 7 of this guide.
RADIUS Server Accounting: Tick the Interim Update checkbox and set an Interim Interval of 180.
Authentication Priority order for web-auth user: Move both Local and LDAP into the the Not Used box,
leaving only RADIUS at the used authenitcation type.
Page 10 of 15
17. Click Apply to save your settings. Then return to the General tab to enable your SSID now that configuration is
complete.
Page 11 of 15
Twitter
api.twitter.com
*.twimg.com
Google
74.125.29.84
74.125.226.243
74.125.228.10
74.125.228.74
74.125.228.111
130.111.19.240
173.194.74.95
Facebook
*.facebook.com
*.akamaihd.net
*.fbcdn.net
connect.facebook.com
LinkedIn
8.247.88.225
23.202.203.120
64.94.107.57
138.108.7.20
216.52.242.80
216.52.242.86
If you wish to disable Apple's Captive Assistant please add the following to your walled garden
www.apple.com
www.airport.us
www.ibook.info
www.thinkdifferent.us
www.itools.info
www.appleiphonecell.com
captive.apple.com
Page 12 of 15
Page 13 of 15
SSID - Service Set Identifier - A unique identifier for your Wi-Fi service
Page 14 of 15