Skip to main content

How to integrate Proxyclick with Cisco ISE (Wi-Fi)

 

Eptura Knowledge Center

How to integrate Proxyclick with Cisco ISE (Wi-Fi)

  1. Last updated
  2. Save as PDF
This article describes how to integrate with Cisco ISE with our guest WiFi integration discontinued as of March 15th, 2020

Requirements:

  • Proxyclick Enterprise Plan

  • Proxyclick Administrator Access

  • Cisco ISE Administrator Access

  • On-Premise Firewall Administrator Access

 

Getting started with Proxyclick Wi-Fi add-on

 

To get started with the Proxyclick Wi-Fi add-on go to proxyclick.app.axians-cloud.be and log in with your Proxyclick account. You will be prompted to configure a location.

 

 

General overview

 

The Proxyclick Guest Wi-Fi add-on has 2 major parts: the Wi-Fi add-on itself and the Wi-Fi Bridges.

 

The Wi-Fi add-on runs in the Cloud and is available over the web at https://proxyclick.app.axians-cloud.be/

 

The Wi-Fi Bridges run inside your own network and enable integration between the add-on and your Wi-Fi system. Several options are available.

 

This diagram shows a visual overview:

 

 

 

 

 

Location Configuration Guide

 

There are 2 steps to configuring a location in the Proxyclick Wi-Fi add-on:

 

  1. Add the desired location in the add-on

  2. Connecting the Proxyclick webhook

 

Add the desired location in the add-on

 

Note: after the first login you are prompted to configure a location, so your desired location may have been added already.

 

  1. Login to the Proxyclick Wi-Fi add-on at https://proxyclick.app.axians-cloud.be/login

  2. Select “Locations” in the top menu

  3. On the locations page select “Configure location”

  4. Select your desired location from the drop-down list and enter a message to send to visitors (don’t worry, you can always change this afterwards)

  1. Click “Create”

  2. Your location has been added to the Wi-Fi add-on

 

Connecting the Proxyclick webhook

 

  1. Login to the Proxyclick Wi-Fi add-on at https://proxyclick.app.axians-cloud.be/login

  2. Select “Locations” in the top menu

  3. Click the location. You can see the webhook configuration parameters that are used to configure a webhook in Proxyclick.

4. Open a new browser window/tab and login to Proxyclick at https://app.proxyclick.com/login.

 

5. Click the Settings icon

6. Select “Integrations” in the left menu.

 

7. Click "Settings" under API and Webhooks

 

 

8. Click Add Webhook

 

 

9. Name your Webhook (eg. Wi-Fi add-on) and enter the information you can find on the location details page in the Axians portal (Step 3 above).

 

 

10. Click “Save”

 

The Wi-Fi add-on is now connected. You are ready to configure the Wi-Fi Bridge that will integrate with your Cisco ISE system.

 

 

 

Cisco ISE Bridge Configuration Guide

 

The Cisco ISE Bridge uses a sponsor user to create guest accounts through Cisco ISE’s ERS API.

 

Log in to your Cisco ISE administration node to start the configuration.

 

 

Step 1: Prepare a sponsor group

 

  1. Go to Work Centers → Guest Access → Portals & Components → Sponsor Groups

  2. Click ALL_ACCOUNTS (this guide uses the ALL_ACCOUNTS Sponsor Group, but you can configure your own if you want)

  3. Make sure that the checkbox “Access Cisco ISE guest accounts using the programmatic interface (Guest REST API)” is enabled for the Sponsor Group. It can be found at the very bottom of the page in the section “Sponsor Can”

  4. Save the configuration

 

Step 2: Set up a sponsor user

 

  1. Go to Administration → Identity Management → Identities → Users

  2. Add a user with the following configuration:Status: EnabledPassword Type: Internal UsersUser Groups contains the Sponsor Group you want to use. This guide uses “ALL_ACCOUNTS”.

  3. Remember the password of the sponsor user, it will be needed later.

  4. Click Submit

 

Step 3: Create a guest type

 

  1. Go to Work Centers → Guest Access → Portals & Components → Guest Types

  2. Click “Create”

  3. Give the guest type a clear name and description, for example:Guest type name: Proxyclick VisitorsDescription: Guest accounts for Proxyclick visitors

  4. Add ALL_ACCOUNTS (or your own Sponsor Group) where it says “These sponsor groups can create this guest type:”

  5. Remember the guest type name, it will be needed later.

  6. Save the configuration

 

Step 4: Find the Sponsor Portal ID

 

  1. Go to Work Centers → Guest Access → Portals & Components → Sponsor Portals

  2. Click the Sponsor Portal you want to use

  3. Right click on the Portal test URL link and copy the URL of the portal and paste it somewhere

  4. The Sponsor Portal ID is the last part of the URL after ?portal=…

  5. Remember this ID, it will be needed later

 

Step 5: Find the Location name

 

  1. Go to Work Centers → Guest Access → Settings → Guest Locations and SSIDs

  2. Choose a location and remember the Location Name, it will be needed later

 

Step 6: Enable Cisco ISE ERS APIs

 

  1. Go to Administration → System → Settings → ERS Settings

  2. Enable ERS for Read/Write

  3. Save the configuration

To test if the sponsor user has access to Cisco ISE’s guest user API, make an HTTP request to https://<ise-admin-console-host>:9060/ers/config/guestuser/versioninfo
The response should look something like this: { “VersionInfo” : { “currentServerVersion” : “2.0”, “supportedVersions” : “2.0”, “link” : … } }

 

Windows user can user PowerShell:
$sponsoruser = Get-Credential
Invoke-WebRequest -Headers @{“accept”=”application/json”} -Credential $sponsoruser -Uri ‘https://<cisco-ise-host>:9060/ers/config/guestuser/versioninfo’

 

Linux users can use the curl command:
curl -k -H ‘ACCEPT: application/json’ –user ‘<sponsorusername>:<sponsorpassword>’ ‘https://<cisco-ise-host>:9060/ers/config/guestuser/versioninfo’

 

Or you can use a tool like Postman:

 

 

Step 7: Configure NAT

 

If you Cisco ISE administration node is behind a firewall you will need to configure NAT in your firewall so that the Axians cloud’s public IP address (82.146.118.60) can access the ISE Policy administration node on port 9060

 

 

Step 8: Configure a Cisco ISE Bridge in the Wi-Fi Add-on web application

 

  1. Login to the Proxyclick Wi-Fi add-on at https://proxyclick.app.axians-cloud.be/login

  2. Select “Wi-Fi Bridges” in the top menu

  1. Click “Add first” (or “Add new” if you already have Bridges configured) and select the location you want to configure the Bridge for

  2. In the next screen, select “Cisco ISE” as Bridge type. The Integration environment ID can be anything when configuring Cisco ISE. We suggest that you pick something clear containing your location name like “cisco-ise-merelbeke”. Click “Create new Wi-Fi Bridge” to continue

  1. The next screen configures the integration itself:Host: this is the public ip address or domain name that will be mapped by the NAT configuration from step 7Port: port 9060 is usedSponsor user name: the name of the sponsor user from step 2Sponsor user password: the sponsor user’s passwordClick the test connection button. If it turns green the ERS API on the administration node can be reached and the sponsor user has access to the guest user API.Guest type: the Guest Type from step 3Sponsor Portal Id: the Sponsor Portal ID from step 4Location: the location name from step 5Save the configuration

You are now ready to test.

 

A check-in in Proxyclick should create a new guest user. You can see the users being created by logging into the sponsor portal with the sponsor user.
A check-out in Proxyclick will suspend that user.

 

 

If you have any questions or feedback, please contact support@proxyclick.com or send us a message on the live chat.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.