Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
​
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Steps to integrate Kiwire and Huawei WAC
System file version: V200R021C00SPC100
Patch file version: V200R021SPH1b0
1. Configure user ACL
-
Configuration → Security → ACL
-
Click on “User ACL Settings” tab
-
Click “Create”
-
Destination IP: 0.0.0.0/0
-
Wildcard: Kiwire IP address
-
Action: Permit
-
Protocol: TCP(6)
2. Modify RADIUS and Authorization server profile
-
Configuration → Security → AAA
-
Click on “RADIUS” tab → RADIUS server profile → Create
-
Profile name: Kiwire
-
Mode: Active/Standby mode
-
NAS IP address: Use an AP’s IP address
-
Profile default shared key: Same key with Kiwire NAS shared secret key
-
Click “Create server”
-
IP address: Kiwire IP address
-
Shared key: Same key with Kiwire NAS shared secret key
-
Checked on “Authentication” and set port number to 1812
-
Checked on “Accounting” and set port number to 1813
-
On “Authorization Server Template” → Create
-
Authorization server IP address: Kiwire IP address
-
Profile name: choose RADIUS server that has been created
-
Key: Same key with Kiwire NAS shared secret key
3. Modify authentication server
-
Click on “Portal Server Global Configuration”→ External portal
-
Tick “HTTP protocol”
-
HTTP interoperation mode: HTTPS-based/HTTP
-
Go to “Portal Authentication Server List” → Create
-
Server name: Kiwire
-
Server IP: Kiwire IP→click “+”
-
Protocol type: HTTP
-
Shared key: Same key with Kiwire NAS shared secret key
-
URL: http://[kiwire-ip]/login/huawei-wlc
-
Click on “URL Option Settings”
-
Tick System name keyword/System name: nas-id/[WAC Model/WAC hostname]
-
Tick AP-IP keyword: ap-ip
-
Tick User access URL keyword: redirect-url
-
Tick User IP address keyword: user-ip
-
Tick AP-MAC keyword: ap-mac
-
Tick User MAC keyword: user-mac
-
Tick SSID keyword: ssid
-
Tick Login URL keyword/Login URL: login-url/http://[controller-ip]:8000
-
MAC address format: Normal
-
Separator: Colon “:”
-
Click on “Parameter Parsing Configuration”
-
Original URL keyword: dst
-
Login success response: Redirect to the original
4. Modify portal profile
-
Configuration→AP Config→Profile
-
AAA→Authentication Profile→Create
-
Profile name: Kiwire → OK
-
Click “Apply”
-
Click “+” → Portal Profile
-
Portal authentication: External portal server
-
Interoperation protocol: HTTP
-
Primary Portal server group: choose Kiwire
-
Click “Apply”
5. Modify RADIUS server profile
-
Click “RADIUS Server Profile”→choose Kiwire
-
Click “Apply”
6. Modify Authentication Scheme
-
Click “Authentication Scheme”→choose “radius”
-
First authentication: RADIUS authentication
7. Configure Accounting Scheme
-
Under “AAA”→choose “Accounting Scheme”
-
Click “Create”
-
Profile name: Kiwire
-
Accounting mode: RADIUS accounting → click “Apply”
-
AAA→Authentication Profile → Kiwire→click “+” → click “Accounting Scheme”
-
Choose “Kiwire” → click “Apply”
8. Configure Authentication Profile for WLAN
-
Click “Wireless Service” → VAP Profile → Create
-
Profile name: Kiwire
-
Click “OK”
-
Click “+” → Click “Authentication Profile” → choose “Kiwire”
-
Click “Apply”
9. Configure Portal Profile for WLAN
-
Click “+” → Portal Profile → choose “Kiwire”
-
Click “Apply”
10. Configure RADIUS Server Profile for WLAN
-
Click “RADIUS Server Profile” → choose “Kiwire”
-
Click “Apply”
11. Configure Authentication Profile for WLAN
-
Click “Authentication Scheme” → choose “radius”
-
First authentication: RADIUS authentication
-
Click “Apply”
12. Modify Forwarding Mode
-
Click “Kiwire”
-
Forwarding Mode: Tunnel
-
Click “Apply”
13. Modify Authentication-free Rule Profile
-
Click “Authentication-free Rule Profile” → choose “default_free_rule”
-
Click “Create
-
Rule ID: 1
-
Source IP address: none
-
Destination IP address: specified (8.8.8.8)
-
Mask: 24(255.255.255.0)
-
Protocol type: none
-
Click “OK”
-
Create another rule
-
Rule ID: 2
-
Source IP address: none
-
Destination IP address: specified (Kiwire IP)
-
Mask: 24(255.255.255.0)
-
Protocol type: none
-
Click “OK”
Kiwire Configuration for Huawei controller
1. Adding NAS into Kiwire
-
Click “Devices” → Devices → Add Device
-
Device Type: Controller
-
Vendor: Huawei
-
Identity: WAC name (AC6508)
-
IP Address: WAC IP Address
-
Username/Password: Username and password for WAC
-
Shared Secret Key: Kiwire NAS shared secret key
-
COA Port: 3799
-
Click “Create”