cmx facebook wi-fi - cisco · 4-3 cisco cmx connect and engage configuration guide for visitor...

Cisco CMX Connect OL-31277-01

C H A P T E R 4
CMX Facebook Wi-Fi
• CMX Facebook Wi-Fi Overview, page 4-1

• CMX Facebook Wi-Fi Workflow, page 4-2

• CMX Facebook Wi-Fi Report, page 4-9

CMX Facebook Wi-Fi OverviewThe Facebook Wi-Fi allows the customer to use Facebook page as the Wi-Fi captive page. This allows customers to access the free Wi-Fi from their mobile devices after checking into their Facebook account. The Facebook Wi-Fi helps business to learn more about their customers.

The CMX Facebook Wi-Fi is based on WLAN Web Passthrough authentication on Wireless LAN Controllers (WLC). The controllers intercepts only HTTP traffic and redirects client browser to the MSE. The MSE finds client location and redirects the client browser location to the configured location specific Facebook page. After successful Facebook sign-in and check-in, the MSE redirects client browser to the specific Facebook page.

CMX Facebook Wi-Fi provides:

• Simple free Wi-Fi

• In-venue promotions

• Provides demographic data—For more information on how to collect Facebook statistics and demographic data, see http://www.slideshare.net/EmergenceMedia/facebook-demographics-user-statistics-emergence-media

• Increases brand exposure

Note If you have the OVA implementation and migrating towards the MSE, then you just have to deploy the MSE and no longer have to do the OVA setup and Policy Based Routing (PBR).

4-1and Engage Configuration Guide for Visitor Connect

http://www.slideshare.net/EmergenceMedia/facebook-demographics-user-statistics-emergence-media



Chapter 4 CMX Facebook Wi-Fi CMX Facebook Wi-Fi Workflow

CMX Facebook Wi-Fi WorkflowTable 4-2 describes the steps for configuring the CMX Facebook Wi-Fi

Configuring Access Control ListsTo configure Access Control Lists (ACLs) for Facebook Wi-Fi, follow these steps:

Step 1 Choose Security > Access Control Lists > Access Control Name link from the Controller UI.

Step 2 Add a new ACL by clicking New. The Access Control Lists > New page appears.

Step 3 In the Access Control List Name text box, enter a name for the new ACL. You can enter up to 32 alphanumeric characters.

Step 4 Choose the ACL type. There are two types of ACL supported, IPv4 and IPv6.

Step 5 Click Apply. When the Access Control Lists page reappears, click the name of the new ACL.

Table 4-1 Differences Between Facebook Wi-Fi and Visitor Connect OAuthentication

Facebook Wi-Fi Visitor Connect and Facebook OAuthentication

Uses a special protocol between Cisco and Facebook.

Uses a generic protocol widely used for web authentication.

Clients cannot have web access without Facebook authentication.

With Release 8.0 visitor connect (customized guest portal), clients can have web access without Facebook authentication.

Clients are served with guest login page that is hosted by Facebook.

With Release 8.0 visitor connect (customized guest portal), clients are served with customized portal that is hosted by CMX and then authenticate it with the Facebook.

Table 4-2 Workflow to Setup the CMX Facebook Wi-Fi

Process Description

1. Configure Access Control Lists See the following URL: Configuring Access Control Lists

2. Configure WLAN for authentication See the following URL: Configuring WLAN for Web Passthrough Authentication

3. Creating a Facebook page See the following URL: Creating a Facebook Page for your Organization

4. Creating and pairing a default Facebook page See the following URL: Pairing a Default Facebook Page

5. Pairing MSE and specific locations with the Facebook page

See the following URL: Pairing Locations with the Facebook Page

4-2Cisco CMX Connect and Engage Configuration Guide for Visitor Connect

OL-31277-01


Step 6 When the Access Control Lists > Edit page appears, click Add New Rule. The Access Control Lists > Rules > New page appears.

Step 7 Configure a rule for this ACL as follows:

a. The controller supports up to 64 rules for each ACL. These rules are listed in order from 1 to 64. In the Sequence text box, enter a value (between 1 and 64) to determine the order of this rule in relation to any other rules defined for this ACL.

Note If rules 1 through 4 are already defined and you add rule 29, it is added as rule 5. If you add or change a sequence number for a rule, the sequence numbers for other rules adjust to maintain a continuous sequence. For instance, if you change a rule’s sequence number from 7 to 5, the rules with sequence numbers 5 and 6 are automatically reassigned as 6 and 7, respectively.

b. From the Source drop-down list, choose one of these options to specify the source of the packets to which this ACL applies:

– Any—Any source (this is the default value).

– IP Address—A specific source. If you choose this option, enter the IP address and netmask of the source in the text boxes. If you are configuring IPv6 ACL, enter the IPv6 address and prefix length of the destination in the text boxes.

c. From the Destination drop-down list, choose one of these options to specify the destination of the packets to which this ACL applies:

– Any—Any destination (this is the default value).

– IP Address—A specific destination. If you choose this option, enter the IP address and netmask of the destination in the text boxes. If you are configuring IPv6 ACL, enter the IPv6 address and prefix length of the destination in the text boxes.

d. From the Protocol drop-down list, choose the protocol ID of the IP packets to be used for this ACL. These are the protocol options:

– Any—Any protocol (this is the default value)

– TCP—Transmission Control Protocol

– UDP—User Datagram Protocol

– ICMP/ICMPv6—Internet Control Message Protocol

Note ICMPv6 is only available for IPv6 ACL.

– ESP—IP Encapsulating Security Payload

– AH—Authentication Header

– GRE—Generic Routing Encapsulation

– IP in IP—Internet Protocol (IP) in IP (permits or denies IP-in-IP packets)

– Eth Over IP—Ethernet-over-Internet Protocol

– OSPF—Open Shortest Path First

– Other—Any other Internet Assigned Numbers Authority (IANA) protocol


OL-31277-01


Note If you choose Other, enter the number of the desired protocol in the Protocol text box. You can find the list of available protocols in the INAI website.

Step 8 The controller can permit or deny only IP packets in an ACL. Other types of packets (such as ARP packets) cannot be specified.

e. If you chose TCP or UDP in the previous step, two additional parameters appear: Source Port and Destination Port. These parameters enable you to choose a specific source port and destination port or port ranges. The port options are used by applications that send and receive data to and from the networking stack. Some ports are designated for certain applications such as Telnet, SSH, HTTP, and so on.

Note Source and Destination ports based on the ACL type.

f. From the DSCP drop-down list, choose one of these options to specify the differentiated services code point (DSCP) value of this ACL. DSCP is an IP header text box that can be used to define the quality of service across the Internet.

– Any—Any DSCP (this is the default value)

– Specific—A specific DSCP from 0 to 63, which you enter in the DSCP edit box

g. From the Direction drop-down list, choose one of these options to specify the direction of the traffic to which this ACL applies:

– Any—Any direction (this is the default value)

– Inbound—From the client

– Outbound—To the client

Note If you are planning to apply this ACL to the controller CPU, the packet direction does not have any significance, it is always ‘Any’.

h. From the Action drop-down list, choose Deny to cause this ACL to block packets or Permit to cause this ACL to allow packets. The default value is Deny.

i. Click Apply to commit your changes. The Access Control Lists > Edit page reappears, showing the rules for this ACL. The Deny Counters fields shows the number of times that packets have matched the explicit deny ACL rule. The Number of Hits field shows the number of times that packets have matched an ACL rule. You must enable ACL counters on the Access Control Lists page to enable these fields.

Note If you want to edit a rule, click the sequence number of the desired rule to open the Access Control Lists > Rules > Edit page. If you want to delete a rule, hover your cursor over the blue drop-down arrow for the desired rule and choose Remove.

The following are the different options to choose for access before authentication:

• Allow HTTPs traffic only before authentication and block all the traffic:

– To do this, click the sequence number whose Source Port or Dest Port has the value HTTPs. The Access Control Lists > Rules > Edit page appears and you can select Permit from the Action drop-down list and click Apply.


OL-31277-01


• Allow all the traffic before authentication and intercept HTTP only.

– To intercept HTTP, click the sequence number whose Source Port or Dest Port has the value HTTP. The Access Control Lists > Rules > Edit page appears and you can select Deny from the Action drop-down list and click Apply.

Step 9 Click Save Configuration to save your changes.

Step 10 Repeat this procedure to add any additional ACLs.

Configuring WLAN for Web Passthrough AuthenticationFor providing network access to the customers, you need to configure WLAN on the Cisco Wireless LAN Controller (WLC). For this you need to set up the Web Passthrough on the layer three security of WLAN for CMX Visitor Connect.

To configure Web Passthrough configuration, follow these steps:

Step 1 Choose WLANs to open the WLANs page from the Controller UI.

Step 2 Click the ID number of the desired WLAN to open the WLANs > Edit page.

Step 3 Choose Security > Layer 2 tab.

Step 4 From the Layer 2 Security drop-down list, choose None.

Step 5 Click Apply.

Step 6 Choose the Security and Layer 3 tabs to open the WLANs > Edit (Security > Layer 3) page.

Step 7 Select Web Policy from the Layer 3 Security drop-down list.

Step 8 For web passthrough, choose Passthrough radio button.

Step 9 To override global authentication configuration web authentication pages, select the Over-ride Global Config check box.

Step 10 To define the web authentication pages for wireless guest users, choose External(Re-direct to external server) from the Web Auth type drop-down list. This redirects clients to an external server for authentication. If you choose this option, you must also enter the URL of the external server in the URL text box.

Step 11 Enter the URL Facebook Wi-Fi page in the URL text box. The external redirection URL should point to the portal on MSE for Facebook Wi-Fi. For example, you can enter: http://<MSE>:8084/fbwifi/forward

Note If MSE is behind the firewall, you need to modify security rules to allow traffic to 8084 port on MSE. Otherwise splash pages will not be displayed to the visitor.

Step 12 Enable this SSID.

Step 13 Click Apply to commit your changes.

Step 14 Click Save Configuration to save the changes.


OL-31277-01


Note Visitor Connect redirection requires special configuration on WLC for iOS devices and you can do it using this command: config network web-auth captive-bypass enable.

Creating a Facebook Page for your OrganizationTo create a Facebook page, follow these steps:

Step 1 Go to https://www.facebook.com/pages/create.

Step 2 Click a page category.

Step 3 Select a more specific category from Choose a category drop-down menu and fill in the required information.

Step 4 Select the check the box next to I agree to Facebook Pages Terms.

Step 5 Click Get Started.

The Set Up wizard appears.

Step 6 Follow the instructions given in the Set Up wizard to complete the page or Skip to go to the page that you created.


OL-31277-01

facebook.com/pages/create

facebook.com/pages/create

https://www.facebook.com/pages/create


Pairing a Default Facebook Page The MSE displays the default Facebook page for those locations that do not have a specific Facebook page pairing or for cases where MSE is unable to locate the client.

To create a default Facebook page, follow these steps:

Step 1 Choose Facebook Wi-Fi from the left sidebar menu.

The Facebook Wi-Fi page appears in the right pane.

Step 2 Click Set in the Default Facebook Page.

The Facebook Wi-Fi Configuration page appears.

Note The Facebook Wi-Fi Configuration page appears only of if you have created a valid Facebook page.


OL-31277-01


Step 3 Select the appropriate Facebook page from the Select a Page drop-down list. This page is displayed to all the locations that do not have any paired Facebook page.

Step 4 In the Bypass Mode option, you can either select Skip check-in link or Require Wi-Fi code radio button for guest users without a Facebook account.

Step 5 From the Session Length drop-down list, select the length of time your customers will have Wi-Fi after they check-in.

Step 6 Click Okay in the You’ve Set Up Facebook Wi-Fi confirmation dialog box.

Step 7 Switch back to CMX Connect &Engage Dashboard.

Pairing Locations with the Facebook PageYou can configure different Facebook pages for different locations.

Pairing a Building and Campuses with a Facebook Page

To pair a specific location with a Facebook page, follow these steps:


OL-31277-01

Chapter 4 CMX Facebook Wi-Fi CMX Facebook Wi-Fi Report

Step 1 Choose Facebook Wi-Fi from the left sidebar menu.

Step 2 From Location Specific Facebook page table, highlight the location that you want to pair with the Facebook page and select Default, Set, or Inherit from the Settings drop-down list. For campuses, the options available are Default and Set. For Buildings, the options available are Inherit and Set.

• Default—This options makes the campus inherit location from default.

• Set—This option allows you to set up pairing for both campuses and buildings.

• Inherit—This option makes buildings inherit location from campus.

Step 3 Click Set.


Step 4 All the previously created pages are listed in the Select a Page drop-down list. Select a page from the Select a drop-down list to associate it with a location.

Step 5 Click Okay in the You’ve Set Up Facebook Wi-Fi confirmation dialog box.

Step 6 Switch back to CMX Connect &Engage Dashboard.

Pairing Zones and Floors with the Facebook Page

To pair a zone or floor with the Facebook page, follow these steps:

Step 1 Choose Maps from the left sidebar menu.

Step 2 Choose Maps > System Campus and do the following:

• To pair a venue with the Facebook page, choose Maps > System Campus > Venue and click Pair with Facebook.

• To pair a floor with the Facebook page, choose Maps > System Campus > Floor and click Pair with Facebook.

• To pair a zone with the Facebook page, choose Maps > System Campus > Zone and click Pair with Facebook.


Step 3 Follow Step 3 through Step 6 in Pairing a Building and Campuses with a Facebook Page, page 4-8.

CMX Facebook Wi-Fi Report

Monitoring the Visitor DetailsTo monitor the visitor details, follow these steps:

Step 1 From the left side bar menu, choose Summary.

Step 2 To monitor the visitor details, click the Facebook Wi-Fi tab in the right pane.


OL-31277-01


• To view the hourly based trend for new and total visitors connected through Visitor Connect, click Hourly and choose a start date and time and end date and time.

•

Figure 4-1 Hourly Trend for New Visitors

Figure 4-2 Hourly Trend for Total Visitors


OL-31277-01


• To view daily trend for new visitors and total visitors, click Daily and choose the start date and end date.

Figure 4-3 Daily Trend for New Visitors

Figure 4-4 Daily Trend for Total Visitors

• To view weekly trend for new visitors and total visitors, click Weekly and choose the start date and end date.


OL-31277-01


Figure 4-5 Weekly Trend for New Visitors

Figure 4-6 Weekly Trend for Total Visitors

• To view monthly trend for new visitors and total visitors, click Monthly and then choose the month.


OL-31277-01


Figure 4-7 Monthly Trend for New Visitors

Figure 4-8 Monthly Trend for Total Visitors

Step 3 The Active Visitors table at the bottom of the page shows the information for visitors that were registered either by Visitor Connect or Facebook Wi-Fi service. This information in the table can be sorted and filtered.

Step 4 Click Export to CSV > Export Active Visitors to export all active visitors details. Click Export to CSV > Export All Visitors to export all visitors details.


OL-31277-01



OL-31277-01

cmx facebook wi-fi - cisco · 4-3 cisco cmx connect and engage configuration guide for visitor...

Documents