Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
​
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cisco WLC Configuration for Kiwire hotspot
Prerequisites
None
Note:
-
Tested on Firmware 8 and above
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Cisco WLC with Flex Connect AP Configuration
-
Change RADIUS authentication settings.
-
Go to SECURITY > RADIUS > Authentication
-
Set Auth Called Station ID Type → AP MAC Address:SSID
-
MAC Delimiter → Hyphen
-
Take note that the Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address which will be needed later
2. Edit the server with the following settings:
​
-
Shared Secret code to be the same key with Kiwire NAS
-
Confirm Shared Secret code in the next input box and proceed
-
Set Server Status to Enabled
-
Set Support for CoA to Enabled
-
Shared Secret Format → ASCII
3. Configure RADIUS accounting server.
​
-
Go to SECURITY > RADIUS > Accounting
-
Acct Called Station ID Type → System MAC Address
-
MAC Delimiter to Hyphen
4. Edit the RADIUS accounting server with the following settings:
-
The Server Address (Ipv4/Ipv6) column is displaying the current Kiwire IP address
-
Set Shared Secret Format → ASCII
-
Shared Secret code to be the same key with Kiwire NAS
-
Confirm Shared Secret code in the next input box and proceed
-
Set Server Status to Enabled
5. Add access control rules for inbound server.
-
Locate Source input row select IP Address
-
Fill in the input field with the Kiwire IP Address and Netmask
-
Destination → Any
-
Protocol → Any
-
DHCP → Any
-
Set Direction → Inbound
-
Action → Permit
6. Add access control rules for outbound server.
-
Locate Source input row select Any from the dropdown option
-
Fill in the input field with the Kiwire IP Address and Netmask
-
Destination → IP Address
-
Protocol → Any
-
DHCP → Any
-
Direction → Outbound
-
Action → Permit
7. Configure the web login page.
​
-
Go to SECURITY > Web Auth > Web Login Page
-
Web Authentication Type → External (Redirect to external server)
-
External Webauth URL to http://kiwire-ip/login/cisco_wlc
8. Go to WLANs > WLANs Step 10 – Edit the CISCO_Kiwire WLAN with the following settings:
​
-
Select General category tab on the right menu
-
Set Profile Name to your desired profile name in the input box
-
Set SSID to a SSID name you had created
-
Status → Enabled
-
Set Interface/Interface Group(G) to either option based on your captive portal interface
-
Set NAS-ID to your Cisco WLC MAC address
9. Go to WLANs > Security > Layer 3
​
-
Layer 3 Security → Web Policy
-
Authentication from the list of radio buttons below
-
Preauthentication ACL to choose ACL for IPv4 and WebAuth FlexACL
10. Go to WLANs > Security > AAA Servers
-
At the Authentication Servers column select Kiwire server and place a checkmark on enabled
-
At the Accounting Servers column select Kiwire server and place a checkmark on enabled
-
Place a checkmark on Interim Update to enable and set desired time
-
Locate Authentication priority order for web-auth user section and set to user: RADIUS
Kiwire Configuration for Cisco WLC
Adding NAS into Kiwire
-
Navigate to Devices > Devices > Add Device
-
Device Type → Controller
-
Vendor → cisco wlc
-
Identity → The hostname of cisco wlc
-
Ip Address → cisco wlc wan ip
-
Address → optional
-
Username → Cisco wlc username
-
Password → Cisco wlc password
-
Shared Secret Key → Secret key phrase set at Radius
-
COA Port → 3799
-
Description → optional
-
Monitoring Method → optional
-
Community → optional
-
Snmp version → optional
-
Create→ to save