Skip to main content
RADIUS details and portal URL are region-specific — obtain from Wiacom before starting. Collect the Base Radio MAC address of each AP and send to the Wiacom team before proceeding.

Step 1 — Add the Device to Wiacom

  1. Inventory → Routers → Add New Router
  2. Select Cisco WLC, fill in details (including AP Base Radio MACs), assign a location, click Save

Step 2 — Configure RADIUS for Authentication

SECURITY → AAA → RADIUS → Authentication → New Setup RADIUS Attributes Format:
FieldValue
Auth Called Station ID TypeAP MAC Address
MAC DelimiterHyphen
Create authentication server:
FieldValue
Server Address<RADIUS_SERVER_1>
Port Number1812
Shared Secret FormatASCII
Shared Secret<RADIUS_SHARED_SECRET>

Step 3 — Configure RADIUS for Accounting

SECURITY → AAA → RADIUS → Accounting → New Same format settings as above. Create accounting server:
FieldValue
Server Address<RADIUS_SERVER_1>
Port Number1813
Shared Secret<RADIUS_SHARED_SECRET>

Step 4 — Configure Access Control Lists (Walled Garden)

Create ACLs to permit unauthenticated clients to reach the Wiacom portal and social login providers. For Access Points NOT in FlexConnect mode — use DNS-based ACLs with the following domains: 
Wiacom portal:    *.wiacom.ai
Facebook:         *.facebook.com, *.fbcdn.net, *.akamaihd.net, connect.facebook.net
Instagram:        *.instagram.com
Twitter/X:        *.twitter.com, *.twimg.com
LinkedIn:         *.linkedin.com, *.licdn.net, *.licdn.com
Google:           *.google.com, *.googleapis.com, *.gstatic.com
CDN:              *.akamaitechnologies.com, *.akamaiedge.net, *.akamaized.net, *.amazonaws.com, *.fastly.net
For Access Points in FlexConnect mode — only IP-based ACLs are supported. Use the IP list provided by Wiacom for your region.

Step 5 — Configure Portal Login and WLAN

SECURITY → Web Auth → Web Login page:
  • Redirect URL after login: leave blank
Controller → Interfaces: check the virtual interface IP (adjust to a non-public IP if needed) Management → HTTP-HTTPS:
  • WebAuthSecureWeb: Disabled
  • HTTPS Redirection: Disabled (Reboot may be required)
From CLI (cannot be done via web interface, reboot may be required): 
config custom-web logout-popup disable
config network web-auth captive-bypass
WLANs → Create New → Go:
SectionFieldValue
GeneralSSIDYour guest WiFi name
Security > Layer 2Layer 2 SecurityNone
Security > Layer 3Layer 3 SecurityWeb Policy
AuthenticationEnabled
Pre-authentication ACLYour ACL name
Override Global ConfigEnabled
Web Auth typeExternal (Re-direct to external server)
Redirect URL<PORTAL_URL>
Security > AAAAuthentication ServersEnabled, <RADIUS_SERVER_1> port 1812
Accounting Servers<RADIUS_SERVER_1> port 1813
Interim UpdateEnabled, Interval: 600
Authentication priorityRADIUS
AdvancedAllow AAA OverrideEnabled
Enable Session TimeoutEnabled, 1800 secs

Troubleshooting

Confirm WebAuthSecureWeb and HTTPS Redirection are both disabled. The CLI commands (captive-bypass and logout-popup disable) may require a reboot to take effect.
Verify server address and shared secret match Wiacom values. Confirm the controller can reach the RADIUS server on UDP 1812 and 1813.
FlexConnect mode only supports IP-based ACLs. Contact Wiacom for the current IP list for your region.