Wi-Fi employee access – Cisco Wireless Controller

In this topic, you will learn how to configure a Cisco Wireless Controller to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Wi-Fi connections.

Cisco Virtual Wireless Controller

This section contains an example configuration for the Cisco Virtual Wireless Controller.

Important: This guide provides general instructions for integrating Portnox Cloud with specific third-party devices. While we aim to provide helpful examples for commonly used models, configurations may vary across manufacturers, models, and environments. As a result, we cannot guarantee that these steps will work in every scenario. For questions or issues related to RADIUS setup – which is an industry standard and not specific to Portnox – or device-specific settings and troubleshooting, we recommend consulting the device manufacturer’s documentation and contacting their support team. While Portnox Support is happy to assist where possible, please note that detailed configuration of third-party devices is typically best handled by the manufacturer.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual profile names, RADIUS server addresses, ports, and keys by replacing the values that are presented as underlined italics.
  1. In the top menu of the Cisco Wireless Controller web interface, click on the SECURITY option

  2. In the left-hand side menu, select the AAA > RADIUS > Authentication options.

  3. In the RADIUS Authentication Servers pane, click on the New... button in the top-right corner.

  4. In the RADIUS Authentication Servers > New pane, enter the details of the Portnox Cloud RADIUS server that you created earlier: the Server IP Address, the authentication Port Number, and the Shared Secret. Set the timeout to 30 seconds. Then, click on the Apply button in the top-right corner.
    Note: The Support for CoA switch should be set to Enable if you want to use the CoA feature and/or the IPSK feature of Portnox Cloud.

  5. If you use two Cloud RADIUS servers in both regions, repeat the above steps for the second RADIUS server.

    The above screenshot shows an example configuration for two Cloud RADIUS region authentication servers. Adjust the IP addresses and port numbers to your tenant configuration.

  6. In the left-hand side menu select AAA > RADIUS > Accounting menu option.

  7. In the RADIUS Accounting Servers pane, click on the New... button in the top-right corner.

  8. In the RADIUS Accounting Servers > New pane, enter the details of the Portnox Cloud RADIUS server that you created earlier: the Server IP Address, the accounting Port Number, and the Shared Secret. Set the timeout to 30 seconds. Then, click on the Apply button in the top-right corner.

  9. If you use two Cloud RADIUS servers in both regions, repeat the above steps for the second RADIUS server.

    The above screenshot shows an example configuration for two Cloud RADIUS region accounting servers. Adjust the IP addresses and port numbers to your tenant configuration.

  10. In the top menu of the Cisco Wireless Controller web interface, click on the WLANs option

  11. In the WLANs pane, select the Create New option from the drop-down menu, and then click on the Go button.

    Note: Instead of creating a new WLAN, you can edit an existing WLAN by clicking on the number in the WLAN ID column.

  12. In the WLANs > New pane, enter the Profile Name and the SSID for the secure SSID that you want to create, and then click on the Apply button in the top-right corner.

  13. In the WLANs > Edit pane, click on the Security tab and select the following options in the Layer 2 tab that is opened by default:

    1. In the Layer 2 Security field, select the WPA2+WPA3 option.
      Note: If you want to use this SSID to connect IoT devices that do not support 802.1x, select the None option and activate the MAC Filtering checkbox instead.
    2. In the Security Type field, select the Enterprise option.
    3. In the Authentication Key Management section, activate the Enable checkbox next to the 802.1X-SHA1 option.
  14. Click on the AAA Servers tab and in the Authentication Servers and Accounting Servers columns, select the relevant servers that you defined earlier. Then, click on the Apply button in the top-right corner.

    Important: If you want to use the IPSK feature of Portnox Cloud, additionally, activate the RADIUS Server Overwrite Interface checkbox.

    The following screenshot shows an example configuration for two Cloud RADIUS servers. Adjust the IP addresses and port numbers to your tenant configuration.

Result: Your Wi-Fi devices can now access the protected Wi-Fi network, using the Portnox Cloud RADIUS servers for authentication.