Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cisco WLC Configuration for Kiwire hotspot
Prerequisites
None
Note:
-
Tested on Firmware 8 and above
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Cisco WLC with Flex Connect AP Configuration
-
Change RADIUS authentication settings.
-
Go to SECURITY > RADIUS > Authentication
-
Set Auth Called Station ID Type → AP MAC Address:SSID
-
MAC Delimiter → Hyphen
-
Take note that the Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address which will be needed later
2. Edit the server with the following settings:
-
Shared Secret code to be the same key with Kiwire NAS
-
Confirm Shared Secret code in the next input box and proceed
-
Set Server Status to Enabled
-
Set Support for CoA to Enabled
-
Shared Secret Format → ASCII
3. Configure RADIUS accounting server.
-
Go to SECURITY > RADIUS > Accounting
-
Acct Called Station ID Type → System MAC Address
-
MAC Delimiter to Hyphen
4. Edit the RADIUS accounting server with the following settings:
-
The Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address
-
Set Shared Secret Format → ASCII
-
Shared Secret code to be the same key with Kiwire NAS
-
Confirm Shared Secret code in the next input box and proceed
-
Set Server Status to Enabled
5. Add access control rules for inbound server.
-
Locate Source input row select IP Address
-
Fill in the input field with the Kiwire IP Address and Netmask
-
Destination → Any
-
Protocol → Any
-
DHCP → Any
-
Set Direction → Inbound
-
Action → Permit
6. Add access control rules for outbound server.
-
Locate Source input row select Any from the dropdown option
-
Fill in the input field with the Kiwire IP Address and Netmask
-
Destination → IP Address
-
Protocol → Any
-
DHCP → Any
-
Direction → Outbound
-
Action → Permit
7. Configure the web login page.
-
Go to SECURITY > Web Auth > Web Login Page
-
Web Authentication Type → External (Redirect to external server)
-
External Webauth URL to http://kiwire-ip/login/cisco_wlc
8. Go to WLANs > WLANs Step 10 – Edit the CISCO_Kiwire WLAN with the following settings:
-
Select General category tab on the right menu
-
Set Profile Name to your desired profile name in the input box
-
Set SSID to a SSID name you had created
-
Status → Enabled
-
Set Interface/Interface Group(G) to either option based on your captive portal interface
-
Set NAS-ID to your Cisco WLC MAC address
9. Go to WLANs > Security > Layer 3
-
Layer 3 Security → Web Policy
-
Authentication from the list of radio buttons below
-
Preauthentication ACL to choose ACL for IPv4 and WebAuth FlexACL
10. Go to WLANs > Security > AAA Servers
-
At the Authentication Servers column select Kiwire server and place a checkmark on enabled
-
At the Accounting Servers column select Kiwire server and place a checkmark on enabled
-
Place a checkmark on Interim Update to enable and set desired time
-
Locate Authentication priority order for web-auth user section and set to user: RADIUS
Kiwire Configuration for Cisco WLC
Adding NAS into Kiwire
-
Navigate to Devices > Devices > Add Device
-
Device Type → Controller
-
Vendor → cisco wlc
-
Identity → The hostname of cisco wlc
-
Ip Address → cisco wlc wan ip
-
Address → optional
-
Username → Cisco wlc username
-
Password → Cisco wlc password
-
Shared Secret Key → Secret key phrase set at Radius
-
COA Port → 3799
-
Description → optional
-
Monitoring Method → optional
-
Community → optional
-
Snmp version → optional
-
Create→ to save