Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
​
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator - Device & Controller Setup Guide
FortiWiFi Device Configuration for Kiwire Hotspot
Prerequisites
None
Note:
-
Tested on Fortiwifi 5.2 and above
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Fortiwifi Hostname change
a. Go to System > Dashboard > status
b. Change the Hostname to FortiWifi Mac address without the colon
​
2. Add Radius services
a. Go to User & Device > Authentication > Radius Server
b. Name → Kiwire
c. Primary server ip → Kiwire ip
d. Primary server secret → a secret key assign for communication between Kiwire and fortiwifi
e. Authentication method → specify
f. Method → PAP
g. NAS IP → Wan ip of fortiwifi Wan
3. Configure Fortiwifi for accounting interim update
a). Go to command CLI
b). Type the following command
#config user radius edit Kiwire
#config accounting-server edit 1
#set status enable
#set server Kiwire ip ( replace with actual Kiwire ip address )
#set secret XXXX ( replace xxxx with actual shared secret key )
#end
#set acct-interim-interval 1800
#end
c). Verify by running #show user radius
d. You can test fortiwifi authentication with Kiwire server bellow command, if username test and password test have been created at Kiwire platform.
#diagnose test authserver radius kiwire pap test test.
​
e. Output command
4. Create user for hotspot
a. Go to user & Device > user > user definition
b. Username → kiwire-guest
c. Match user on radius server → select kiwire
d. Click ok to save
e. Go to user & device > user > user group
f. Create a new group
g. Name → kiwire-guest
h. Type → firewall
i. Remote server → Kiwire
j. Group name → Any
5. Wallgarden
a. To create wallgarden for social login , as per network wallgarden guide , please go to Policy & Object > Address and add
b. You can create required records based on the table below. Merge them under one title to make it more clean to understand and allow better management.
c. Specific records for Google, Facebook and Twitter should be created only when you use social networks for authentication.
d. Add the Synchroweb Socialgate into the policy object
e. Name → Socialgate.synchroweb
f. Type → FQDN
g. FQDN→socialgate.synchroweb.com
h. Interface any
i. Show in address list → Yes
j. Repeat above for socialgate.kiwire.net
​
​
6. Set Kiwire Portal as object
a. Go to Policy & Objects > Objects > Address
b. Add New
c. Name → Kiwire server
d. Subnet ip range → Kiwire ip
​
7. Create Security policy
a. Go to Policy & Objects > Policy > IPv4
a. Create a security policy for unauthenticated users that allows access only to the captive portal.
b. Incoming interface → Select wifi ssid
c. Source address → all
d. Outgoing interface → WAN
e. Destination Address → select kiwire server + social wallgarden + socialgate
f. Service → all
g. Action → Accept
​
​
8. Enable Bypass for captive portal
a. Go to command CLI
9. Create Internet access Policy
a). The first rule for allowing the access to selected sources for not-authenticated users
b. Go to Policy & Object > policy > ipv4
c. Create new
d. Incoming interface → Wifi interface
e. Source address → all
f. Source user → kiwire-guest
g. Outgoing interface → Wan
h. Destination address → All
i. Service → all
j. Action → accept
​
10. Create DNS bypass
a. Go to Policy & Object > policy > ipv4
b. Create new
c. Incoming interface → Wifi interface
d. Source address → all
e. Outgoing interface → Wan
f. Destination address → All
g. Service → DNS
h. Action → accept
11. Create Wifi network
12. Go to System > Network interface
a. Create a new wifi ssid
b. Interface name → Select your interface name
c. Type → wifi ssid
d. Traffic mode → tunnel to wireless controller
e. Ip/netmask → Set your interfaced ip
f. Administrative Access → Ping
g. Dhcp server → enable
h. Starting IP & End IP → your DHCP pool for guest
i. Netmask → your network subnet mask
j. Default gateway → Same as interface IP
k. DNS server → same as system DNS
l. SSID → your wireless SSID name
m. Security mode→ Captive portal
n. Portal type → authentication
o. Authentication Portal → External , kiwireip/login/fortiap , without https or http
p. User group → kiwire-guest
q. Except list → kiwire server
r. Go to FortiAP Profile
s. Radio1 mode → Access point
t. SSID → select the ssid created.
Kiwire Configuration for Fortigate
Adding NAS into Kiwire
-
Navigate to Devices > Devices > Add Device
-
Device Type → Controller
-
Vendor → FortiAP
-
Identity → The hostname of fortiAP
-
Ip Address → FortiAP wan ip
-
Address → optional
-
Username → FortiAP username
-
Password → FortiAPpassword
-
Shared Secret Key → Secret key phrase set at Radius
-
COA Port → 3799
-
Description → optional
-
Monitoring Method → optional
-
Community → optional
-
Snmp version → optional
-
Create→ to save