Configure Easy Wireless Setup ISE 2.2 Contents

IntroductionPrerequisitesRequirementsComponents UsedBackground InformationEasy Wireless Feature InformationKey BenefitsLimitationsConfigureStep 1. Open Wireless SetupStep 2. Select Guest AccessStep 3. Select Hotspot Setup Step 4. Register Wireless LAN ControllerStep 5. Commit ChangesStep 6. Changes are pushed to WLCStep 7. Configure Wireless NetworkStep 8. Customize PortalVerifyTroubleshoot

Introduction

This document describes how to configure Easy Wireless Setup with Cisco Identity ServicesEngine (ISE) 2.2 for HotSpot Flow.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

ISE●

Guest flows on ISE●

Cisco Wireless LAN Controller (WLC)●

Note: This document assumes that there is full IP connectivity between Wireless LanController, ISE server, Active Directory (AD) and Endpoint. Wireless Setup requires at leasttwo CPU cores and 8 GB of memory on the ISE.

Components Used

The information in this document is based on these software and hardware versions:

ISE 2.2●

WLC 2504 version 8.1.131.0●

The information in this document was created from the devices in a specific lab environment. All ofthe devices used in this document started with a cleared (default) configuration. If your network islive, make sure that you understand the potential impact of any command.

Background Information

Easy Wireless Feature Information

Wireless Setup tool provides an easy way to configure wireless flows for 802.1x, guest, and BringYour Own Device (BYOD) in very short time. It also provides workflows to configure andcustomize each portal for guest and BYOD, where appropriate. These workflows are much simplerthan configuration associated with portal flows in ISE by providing the most commonrecommended settings. Wireless Setup does many steps for you that you would have to doyourself in ISE and on the WLC, so you can quickly create a working environment. You can usethe Wireless Setup created environment to test and develop your flows.

Once the Wireless Setup environment starts to work, you might want to switch to ISE configurationmode, so you can support more advanced configurations.

Key Benefits

One place to configure all security and access settings.●

Intuitive Workflows with visibility for common use cases.●

Quick start with Basic Authentication, Guest and BYOD.●

You do not need to configure WLC/ISE policy.●

For advanced configuration, you can always switch to ISE configuration mode.●

Non-security user to Demo/PoC the solution within 10 mins.●

Friendly Guest Experience, Seamless onboarding, security best practice configuration.●

Easy to manage / easy to setup when you compare with regular ISE flows.●

Limitations

Only AD as external DB supported for authentication.●

Only English Language is Supported. You can configure other language from ISE gui afterfinishing the setup.

●

No Edit/Deletion is supported in midway. You should have all info handy.●

Only Support in Greenfield Device (not existed before)●

Only ISE Super Admin is able to use Wireless Setup.●

Wireless Dot1x setup requires base license & BYOD requires a Plus License.●

Single and Dual SSID is supported in Wireless setup.●

For ISE 2.2, Wireless Setup is Beta Software. Do not use wireless setup for production.●

One instance of wireless setup can be run by one admin at a time.●

Restore / Upgrade does not show wireless setup menu. Only supported for new installations.●

Chrome Browser is recommended. Mozilla Firefox can be used as a backup browser. Internet●

Explorer will not support jpeg, only support png images.Self register works as it has nothing to do with AD. You can have your own internal user.●

Info that has been pushed already cannot be edited or deleted.●

The ISE admin can not configure the ACL through easy wireless wizard.●

Classic Wireless and only local mode are supported. No flex connect support.●

Anchor / Foreign setup is not supported by Easy Wireless setup.●

No previews in Easy Wireless setup.●

Restored configuration does not give you Wireless setup menu.●

Multi AD and WLC are supported but each flow can support  only one.●

Configure

In this document, the focus is on the HotSpot flow configuration. For Guest access, there are threetypes of flows. HotSpot is one of them - typical wi-fi hotspot venues include cafes, libraries,airports, and hotels.

Step 1. Open Wireless Setup

Once you log into the ISE, you can find Wireless Setup Beta in the upper right corner. Click it tostart the wizard. 

Step 2. Select Guest Access

You should see a window with configuration options. Select Guest Access. In order to extend theoptions under Guest Access feature, click on the arrow.

Step 3. Select Hotspot Setup

Select Hotspot setup. That would bring you to a new page.

 Step 4. Register Wireless LAN Controller

Step 5. Commit Changes

By now the WLC is configured, registered and enabled. Click Commit to jump to the next step. 

Step 6. Changes are pushed to WLC

Once you arrive at the commit tab, the changes are pushed down to ISE and Controller and youcannot revert those changes.

Step 7. Configure Wireless Network

Configure your Wireless LAN with a name MyHotSpot. Select interface that should be used onyour wireless controller. After login, you should be redirected to a success page. Click on Add.

Step 8. Customize Portal

Wireless LAN is ready at this point.

Click Next and move to next step that is View and customize your portals:

Here you can work on the customization of portal. That includes modification of colors, textslanguage etc.

In this picture you have a link to portal test URL. That would take you to the HotSpot portal page,

where you can verify the result of customization.

If you click Accept on the AUP page, you should be redirected to Success Page. Click Commit tosave the changes.

If you commit the changes, you move to the last step of this whole process. Click on the tab GoLive.

Verify

Use this section in order to confirm that your configuration works properly.

You have configured the HotSpot portal from ISE via the Easy Wireless Wizard. You can verifyconfiguration and check it in ISE and WLC GUI. As you can see the new WLAN is created by thename MyHotSpot. You can edit the WLAN and check if Mac Filtering, AAA server, Radius NAC,Allow AAA override, ACL and other options are correctly configured.

On the ISE side, navigate to Work Centers > Guest Access > Network Devices to ensure thatyou have the WLC added. Check configuration at Policy Elements > Results > AuthorizationProfiles to see what profiles where added. Check authorization policy as well:

Troubleshoot

This section provides information you can use in order to troubleshoot your configuration.

Set the debug log component wirelesssetuphelper to DEBUG level and look into those files:

show logging application wifisetup/wifisetup_xenia.log

show logging application wifisetup/wifisetup_auth.log

show logging application wifisetup/WLCAgent.INF

Log description:

wifisetup/wifisetup_xenia.log - used for communication with ISE and all other errors areloged here.

●

wifisetup/wifisetup_auth.log - used to see errors for the components trust between eachother, login issues, trust issues.

●

wifisetup/WLCAgent.INFO - used for WLC related issues, but an error should be thrown inxenia.log as well.

●

wifisetup/monit.log●

All other logs are not as relevant, as these would give you the information required if there is anyerror.

Other logs you can look into:

wifisetup/mongodb/mongod.log

wifisetup/vault/vault.log

wifisetup/nginx.access.log

wifisetup/WLCAgent.WARNING

wifisetup/WLCAgent.ISE22P.unknownuser.log.INFO.

wifisetup/WLCAgent.ISE22P.unknownuser.log.WARNING.

wifisetup/certmgmt.log

wifisetup/nginx.error.log