This article explains how to integrate Proxyclick with Cisco ISE. For a general overview of Proxyclick’s Wi-Fi integrations, please check this article.

Requirements:

  • Proxyclick Enterprise Plan
  • Proxyclick Administrator Access
  • Cisco ISE Administrator Access
  • On-Premise Firewall Administrator Access

1. Getting started with Proxyclick Wi-Fi add-on

To get started with the Proxyclick Wi-Fi add-on go to proxyclick.app.axians-cloud.be and log in with your Proxyclick account. You will be prompted to configure a location.

1.1 General overview

The Proxyclick Guest Wi-Fi add-on has 2 major parts: the Wi-Fi add-on itself and the Wi-Fi Bridges.

The Wi-Fi add-on runs in the Cloud and is available over the web at https://proxyclick.app.axians-cloud.be/

The Wi-Fi Bridges run inside your own network and enable integration between the add-on and your Wi-Fi system. Several options are available.

This diagram shows a visual overview:

2. Location Configuration Guide

There are 2 steps to configuring a location in the Proxyclick Wi-Fi add-on:

  1. Add the desired location in the add-on
  2. Connecting the Proxyclick webhook

2.1 Add the desired location in the add-on

Note: after the first login you are prompted to configure a location, so your desired location may have been added already.

  1. Login to the Proxyclick Wi-Fi add-on at https://proxyclick.app.axians-cloud.be/login
  2. Select “Locations” in the top menu
  3. On the locations page select “Configure location”
  4. Select your desired location from the drop-down list and enter a message to send to visitors (don’t worry, you can always change this afterwards)

  1. Click “Create”
  2. Your location has been added to the Wi-Fi add-on

2.2 Connecting the Proxyclick webhook

  1. Login to the Proxyclick Wi-Fi add-on at https://proxyclick.app.axians-cloud.be/login
  2. Select “Locations” in the top menu
  3. Click the location. You can see the webhook configuration parameters that are used to configure a webhook in Proxyclick.

  1. Open a new browser window and login to Proxyclick at https://app.proxyclick.com/login.
  2. Select “Account & Settings” in the top menu

  1. Select “Webhooks” in the left menu.
  2. Click “Create new webhook”.

  1. Give this webhook a name (eg. Wi-Fi add-on) and enter the information you can find on the location details page in the Wi-Fi add-on (Step 3).
  2. Click “Save”
  3. The Wi-Fi add-on is now connected. You are ready to configure a Wi-Fi Bridge that will integrate with your Wi-Fi system. See the Bridge configuration guides for a list of available options.

 

3. Cisco ISE Bridge Configuration Guide

The Cisco ISE Bridge uses a sponsor user to create guest accounts through Cisco ISE’s ERS API.

Log in to your Cisco ISE administration node to start the configuration.

Step 1: Prepare a sponsor group

  1. Go to Work Centers → Guest Access → Portals & Components → Sponsor Groups
  2. Click ALL_ACCOUNTS (this guide uses the ALL_ACCOUNTS Sponsor Group, but you can configure your own if you want)
  3. Make sure that the checkbox “Access Cisco ISE guest accounts using the programmatic interface (Guest REST API)” is enabled for the Sponsor Group. It can be found at the very bottom of the page in the section “Sponsor Can”
  4. Save the configuration

Step 2: Set up a sponsor user

  1. Go to Administration → Identity Management → Identities → Users
  2. Add a user with the following configuration:
    • Status: Enabled
    • Password Type: Internal Users
    • User Groups contains the Sponsor Group you want to use. This guide uses “ALL_ACCOUNTS”.
  3. Remember the password of the sponsor user, it will be needed later.
  4. Click Submit

Step 3: Create a guest type

  1. Go to Work Centers → Guest Access → Portals & Components → Guest Types
  2. Click “Create”
  3. Give the guest type a clear name and description, for example:
    • Guest type name: Proxyclick Visitors
    • Description: Guest accounts for Proxyclick visitors
  4. Add ALL_ACCOUNTS (or your own Sponsor Group) where it says “These sponsor groups can create this guest type:”
  5. Remember the guest type name, it will be needed later.
  6. Save the configuration

Step 4: Find the Sponsor Portal ID

  1. Go to Work Centers → Guest Access → Portals & Components → Sponsor Portals
  2. Click the Sponsor Portal you want to use
  3. Right click on the Portal test URL link and copy the URL of the portal and paste it somewhere
  4. The Sponsor Portal ID is the last part of the URL after ?portal=…
  5. Remember this ID, it will be needed later

Step 5: Find the Location name

  1. Go to Work Centers → Guest Access → Settings → Guest Locations and SSIDs
  2. Choose a location and remember the Location Name, it will be needed later

Step 6: Enable Cisco ISE ERS APIs

  1. Go to Administration → System → Settings → ERS Settings
  2. Enable ERS for Read/Write
  3. Save the configuration

To test if the sponsor user has access to Cisco ISE’s guest user API, make an HTTP request to https://<ise-admin-console-host>:9060/ers/config/guestuser/versioninfo
The response should look something like this: { “VersionInfo” : { “currentServerVersion” : “2.0”, “supportedVersions” : “2.0”, “link” : … } }

Windows user can user PowerShell:
$sponsoruser = Get-Credential
Invoke-WebRequest -Headers @{“accept”=”application/json”} -Credential $sponsoruser -Uri ‘https://<cisco-ise-host>:9060/ers/config/guestuser/versioninfo’

Linux users can use the curl command:
curl -k -H ‘ACCEPT: application/json’ –user ‘<sponsorusername>:<sponsorpassword>’ ‘https://<cisco-ise-host>:9060/ers/config/guestuser/versioninfo’

Or you can use a tool like Postman:

Step 7: Configure NAT

If you Cisco ISE administration node is behind a firewall you will need to configure NAT in your firewall so that the Axians cloud’s public IP address (82.146.118.60) can access the ISE Policy administration node on port 9060

Step 8: Configure a Cisco ISE Bridge in the Wi-Fi Add-on web application

  1. Login to the Proxyclick Wi-Fi add-on at https://proxyclick.app.axians-cloud.be/login
  2. Select “Wi-Fi Bridges” in the top menu

  1. Click “Add first” (or “Add new” if you already have Bridges configured) and select the location you want to configure the Bridge for
  2. In the next screen, select “Cisco ISE” as Bridge type. The Integration environment ID can be anything when configuring Cisco ISE. We suggest that you pick something clear containing your location name like “cisco-ise-merelbeke”. Click “Create new Wi-Fi Bridge” to continue

  1. The next screen configures the integration itself:
    1. Host: this is the public ip address or domain name that will be mapped by the NAT configuration from step 7
    2. Port: port 9060 is used
    3. Sponsor user name: the name of the sponsor user from step 2
    4. Sponsor user password: the sponsor user’s password
    5. Click the test connection button. If it turns green the ERS API on the administration node can be reached and the sponsor user has access to the guest user API.
    6. Guest type: the Guest Type from step 3
    7. Sponsor Portal Id: the Sponsor Portal ID from step 4
    8. Location: the location name from step 5
    9. Save the configuration

You are now ready to test.

A check-in in Proxyclick should create a new guest user. You can see the users being created by logging into the sponsor portal with the sponsor user.
A check-out in Proxyclick will suspend that user.

 

 

Print Friendly, PDF & Email