Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
​
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator > Setting up the Wi-Fi Hardware & Configuration > Aruba iAP Virtual Controller
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Aruba iAP Virtual Controller Configuration
a). Initial setup
​
-
Go to Security > Authentication Servers
-
Set IP address to Kiwire IP address
-
Set RadSec to Disabled in the dropdown option
-
Set Auth port to 1812
-
Set Accounting port to 1813
-
Set Shared key to the same key with Kiwire NAS shared key
-
Retype key (shared key above) in the input box and proceed
-
Set Timeout to 5 sec
-
Set Retry count to 3
-
Set RFC 3576 to Enabled in the dropdown option
-
Set Air Group CoA port to 3799
-
At RFC 5997 place a checkmark for Authentication and Accounting
-
Set NAS IP address to the iAP Virtual Controller IP
-
Set NAS identifier to the iAP Virtual Controller MAC address
-
At Service type framed user place a checkmark for Captive Portal

b. Security setting
-
Go to Security > External Captive Portal
-
Type: RADIUS Authentication
-
IP or Hostname: Kiwire IP address
-
URL: /login/aruba
-
Port: 80
-
Use https: Disabled
-
Captive Portal Failure: Deny Internet
-
Automatic URL Whitelisting: Enabled
-
Server offload: Disabled
-
Prevent frame overlay: Disabled
-
Use VC IP in Redirect URL: Disabled
-
Redirect URL: post-login redirection

c). System setting
-
Go to System > General
-
Virtual Controller IP: iAP Virtual Controller IP address
-
Dynamic Proxy: RADIUS ticked

d). Wireless configuration
-
You are now at the WLAN Settings menu tab
-
Toggle Primary usage to select Guest on the radio button
-
Press Next on the menu below to proceed

e). Vlan configuration
-
Proceed with the following settings in VLAN menu tab
-
Toggle Client IP assignment to select Virtual Controller managed
-
Toggle Client VLAN assignment to select Default
-
Press Next on the menu below to proceed
f). Security setting
-
Proceed with the following settings in the Security menu tab
-
Set Splash page type to External in the dropdown option
-
Set Captive portal profile to Kiwire profile
-
Set WISPr to Enabled in the dropdown option
-
Set Auth server 1 to select Kiwire profile
-
Set Reauth interval to 5 and select min. for the interval type
-
Set Accounting to Use authentication servers in the dropdown option
-
Set Accounting mode to Authentication in the dropdown option
-
Set Accounting interval to 5 min
-
Press Next on the menu below to proceed

g). Role setting
​
-
Proceed with the following settings in the Access menu tab
-
Toggle Access Rules to Role-Based in the control ruler
-
Assign pre-authentication role: Kiwire role profile
-
Press Finish on the menu below to complete

QOS Speed limit configuration
-
Add a Bandwidth Contract Rule Type

QOS Speed limit configuration
-
Add a Bandwidth Contract Rule Type
​
-
Assign Role Assignment Rule with:
-
Attribute: Aruba-User-Role
-
Operator: contains
-
String: Role name
-
Role: bandwidth contract role

Kiwire
a). Go to account > profile , select profile
-
Set custom profile to the configured user profile
-
{“Aruba-User-Role”:”value”}
-
Set Value to assign a role name