The WeChat messaging service is a cross platform communication software which supports text messages, audio calls, video calls, games. WeChat also offers full fledged m-commerce capabilities in their app using which you can do purchases, make bill payments within the WeChat app. This app has a large customer base in China and is gaining popularity in rest of the world. This feature gives WeChat users access to wireless internet service using their smartphones or PC. The authentication of the account is done by the WeChat servers. This is a simple process and requires little user inputs.
This platform benefits both, the customer and the merchant. The customer gets access to the Internet and the merchant gets a customer engaging platform to advertise merchandise and services.
This feature is supported on Cisco Wave 1 APs in FlexConnect mode only.
Downgrading a Cisco WLC running a release with QR-Scan or WeChat specific configuration to an older release which does not support this feature leads to XML validation errors for the Layer 3 security type during the downgrade process.
The errors do not have any impact on the functioning of the Cisco WLC.
Configuring WeChat Client Authentication on WLC (GUI)
Before You Begin
The AP SSID and the WLC MAC address needs be configured in the Baitone server database.
Log in to the WLC GUI interface.
Choose WLANs > WLAN ID > Security to open the WLANs Edit page.
In the Security tab, configure the following parameters:
Set the Layer 2 Security to None from the drop-down list on the Layer 2 tab.
Set the Layer 3 Security to Web Policy from the drop-down list on the Layer 3 tab.
Select the Qr Code Scanning check box.
Enter the portal web page address in the Redirect URL text box and Shared Key (Preconfigured on the external authentication server).
From the Preauthentication ACL > WebAuth FlexAcl drop-down list, choose the Acl option that you want to apply to the WLAN.
Before the client is authenticated, this Acl allows the authentication traffic to pass through to the WeChat authentication servers.
In the Advanced tab, select the FlexConnect Local Switching check box.
(Optional) Enable local authentication by configuring the following parameters:
Under the Security tab, select the Web policy done locally on AP check box.
This enables local authentication at the AP and the central authentication at the WLC is disabled.
In the Advanced tab, select the FlexConnect Local Auth check box.
Set this option to enable if Web policy done locally on AP is enabled
On the Wireless tab, follow the steps:
Select the FlexConnect ACLs.
Choose an existing Acl or create a new Acl
Add the portal page IP address and the WeChat authentication server IP address with permit action as new rules.
In the Wireless > Global Configuration page, configure the following parameter:
Enter the virtual IP address in the AP Virtual IP address text box.
The default Virtual AP IP address is: 10.1.0.6. The WLC and the client interact with the AP using this AP virtual IP address.
Choose Security > Web Auth > Web Login Page. Enter the values for:
QrCode Scanning Bypass Timer. The valid range is between 5 and 60 seconds to allow traffic temporary.
QrCode Scanning Bypass Count. The valid range is between 1 to 9 retries to bypass for authentication.
Configuring WeChat Client Authentication on WLC (CLI)
Before You Begin
The AP SSID and the WLC MAC address needs be configured in the external authentication server database.
Configure the WLAN:
Create a WLAN, by entering this command:
config wlan create wlan-id profile-name ssid-name
Disable L2 security by entering this command:
config wlan security wpadisable wlan-id
Enable WLAN L3 passthrough by entering this command: