Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
CONFIGURE THE FILTER ON IPCOP DEVICES
You can activate the content filter on any IPCOP devices by following these steps:
If you haven’t registered yet, you can do it now for free here: Click here to register.
Connect to the dashboard by entering the IP address in your browser. NB: you have to write the address as follows: https://IPAddress:8443.
Then insert your credentials to log in.
First of all, you need to change the DNS of your device. To do that, click on the [System] menu and open the [SSH Access] submenu.
Check on the SSH Access tab and click on [Save] to apply the changes.
You can use the software Putty (Click here to download the software.) to access the console using the SSH protocol.
Then open the software Putty and type in the IP of your IPCOP in the field and 8022 in the Port field.
Then click on [Open].
Now use your root user credentials and enter the command setup. Then push the enter key on your keyboard and a Wizard page will be appear.
Select the Networking item, then click on [Select].
Choose the DNS and Gateway settings item and click on [Select].
Insert the address 185.236.104.104 as the primary DNS and 185.236.105.105 as the seconday DNS.
Click the [Ok] button and wait for the network’s reconfiguration to be completed.
You can now close Putty.
NB: you can check if the DNS has been properly modified by clicking on the [Status] button, in the IPCOP web panel, and then by opening the [Network Status] submenu. Search for the Red DNS configuration item and check if the DNS is correct.
Now you need to configure your IPCOP so you can authenticate it with our servers.
To do that, open the [Services] menu and then the [Dynamic DNS] submenu.
Select the dyndns.org item as Service. IMPORTANT: You do not have to register with the dyndns.org service: it works anyway because the servers redirect the request to themselves.
Then click on the [Add] button to configure the service.
Configure the Dynamic DNS service as follows:
– Enabled: Check the item.
– Hostname: Enter a name of your choice.
– Domain: Insert a domain name. For example, domain.com.
– Username: Insert the filter’s email/username. NB: you don’t have to enter the username for the Dyndns.org service.
– Password: Insert the filter’s password. NB: you don’t have to enter the password for the Dyndns.org service
– Finally, click on the [Update] button to save.
You can enable and configure the DHCP server to distribute the filter ‘s DNSs to the devices within your network.
To do that, open the [DHCP Server] submenu of the [Services] menu, and fill in the following fields:
– Enabled: Check the item to enable the service.
– Start address: Insert the first IP of the DHCP range.
– End address: Insert the last IP of the range.
– Default lease time (mins): Choose the DHCP lease time (in minutes).
– Primary DNS: Insert the filter’s primary DNS: 185.236.104.104.
– Secondary DNS: Insert the filter’s secondary DNS: 185.236.105.105.
– Click on [Save] to apply the configuration.
Alternatively, you can manually change the DNS of the devices that you want to filter.
OPTIONAL: DENY DNS CHANGES BY USERS
You can enforce security by preventing users from changing the DNS. To do this, you can proceed in the following way:
Click on the [Firewall] menu and open the [Firewall rules] submenu.
Now you need to create rules to block all traffic on port 53 (DNS Service), TCP and UDP, except on the filter’s DNS servers. Click on [Outgoing Traffic] to create a new rule.
See the image below to understand how to create the rules.
NB: Type 185.236.104.104 in the field Destination IP or Net:.
Click then on [Save] to add the rule.
Create another rule, similar to the previous one, except for the field Destination IP or Net:, which must be 185.236.105.105.
Finally, you need to create a rule which blocks all traffic on port 53 (DNS), TCP and UDP. See the image below to understand how to fill in the different fields:
