Marketing Charts

CMX Connect & Engage

CCNP Wireless Nov 9, 2025

Another guest portal option. It has a portal builder and can integrate with social media logins

Enhanced by location intelligence

  • When clients connect to the guest WLAN, they will be redirected to a portal hosted by the CMX server.
  • Intended to gather data about the guest, not to authenticate them
  • Clients can be sent to different portals based on their location zone
  • Clients can have rate limiting on their session and be sent to a specified URL after entering their information
  • Policy can only be set at the site level, with the option to keep the highest bandwidth if the client is roaming between sites
CMX Connect & Engage Tab
CMX Connect & Engage Tab
Connect Experiences per Zone
Connect Experiences per Zone
Portal Customisation
Portal Customisation
CMX Policy
CMX Policy
CMX General Settings
CMX General Settings

Debugging tools can be used to delete a device for testing purposes

Debugging tools
Debugging tools

Configuration Option 1

  • Configure the WLAN to use external passthrough on Layer 3
  • External URL: https://[CMX Server]/visitor/login
  • Use a pre-auth ACL to allow access to the portal and DNS
  • This option does not support rate limiting
WLC pre-auth ACL
WLC pre-auth ACL
WLAN Layer 3 Passthrough settings
WLAN Layer 3 Passthrough settings

Use the show client detail Command to check the status of the client.

WEBAUTH_REQD: client has connected to the WLAN but has not completed the portal.

WEBAUTH_REQD
WEBAUTH_REQD
Client has completed the portal
Client has completed the portal

Configuration Option 2

  • Enable MAC Filtering in Layer 2
  • Enable on MAC failure in Layer 3 with an external URL
  • External URL: https://[CMX Server]/visitor/login
  • Use a pre-auth ACL to allow access to the portal and DNS
  • Configure the CMX server to be the RADIUS server for the WLAN
  • Enable AAA override to support rate limiting
  • Configure FreeRADIUS on the CMX server to support this

Clients that have allready completed the portal and are registered in CMX will not see the portal again untill their MAC is purged from CMX.

WLC Adding CMX as a RADIUS server
WLC Adding CMX as a RADIUS server
Layer 2 MAC Filtering
Layer 2 MAC Filtering
AAA Servers
AAA Servers
Layer 3 On MAC Filter Failure
Layer 3 On MAC Filter Failure
Allow AA Override
Allow AA Override

Enabling FreeRADIUS on the CMX Server.

SSH into the CMX Server
su -l
freeradius-conf
Option 1 - Configure FreeRADIUS
cmxadmin + ssh password
Enter the WLC IP (Usually the management interface)
Enter the RADIUS secret
Option 9 - Restart FreeRADIUS
FreeRADIUS Configuration Menu
FreeRADIUS Configuration Menu
  1. New client connects to the Guest WLAN
  2. WLC sends a request to FreeRADIUS using the client's MAC address
  3. FreeRADIUS replies with Reject
  4. Client is redirected to the portal, and network access is restricted by pre-auth ACL
  5. Once the client completes the portal, the WLC sends a new request to FreeRADIUS
  6. FreeRADIUS now has the MAC addresses and replies with Accept, and the rate limit policy
  7. Client is now authenticated on the WLAN

Tags

Craig Garnham

Recommended for you