Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Steps to integrate Kiwire and Huawei WAC
System file version: V200R021C00SPC100
Patch file version: V200R021SPH1b0
1. Configure user ACL
-
Configuration → Security → ACL
-
Click on “User ACL Settings” tab
-
Click “Create”
-
Destination IP: 0.0.0.0/0
-
Wildcard: Kiwire IP address
-
Action: Permit
-
Protocol: TCP(6)
2. Modify RADIUS and Authorization server profile
-
Configuration → Security → AAA
-
Click on “RADIUS” tab → RADIUS server profile → Create
-
Profile name: Kiwire
-
Mode: Active/Standby mode
-
NAS IP address: Use an AP’s IP address
-
Profile default shared key: Same key with Kiwire NAS shared secret key
-
Click “Create server”
-
IP address: Kiwire IP address
-
Shared key: Same key with Kiwire NAS shared secret key
-
Checked on “Authentication” and set port number to 1812
-
Checked on “Accounting” and set port number to 1813
-
On “Authorization Server Template” → Create
-
Authorization server IP address: Kiwire IP address
-
Profile name: choose RADIUS server that has been created
-
Key: Same key with Kiwire NAS shared secret key
3. Modify authentication server
-
Click on “Portal Server Global Configuration”→ External portal
-
Tick “HTTP protocol”
-
HTTP interoperation mode: HTTPS-based/HTTP
-
Go to “Portal Authentication Server List” → Create
-
Server name: Kiwire
-
Server IP: Kiwire IP→click “+”
-
Protocol type: HTTP
-
Shared key: Same key with Kiwire NAS shared secret key
-
URL: http://[kiwire-ip]/login/huawei-wlc
-
Click on “URL Option Settings”
-
Tick System name keyword/System name: nas-id/[WAC Model/WAC hostname]
-
Tick AP-IP keyword: ap-ip
-
Tick User access URL keyword: redirect-url
-
Tick User IP address keyword: user-ip
-
Tick AP-MAC keyword: ap-mac
-
Tick User MAC keyword: user-mac
-
Tick SSID keyword: ssid
-
Tick Login URL keyword/Login URL: login-url/http://[controller-ip]:8000
-
MAC address format: Normal
-
Separator: Colon “:”
-
Click on “Parameter Parsing Configuration”
-
Original URL keyword: dst
-
Login success response: Redirect to the original
4. Modify portal profile
-
Configuration→AP Config→Profile
-
AAA→Authentication Profile→Create
-
Profile name: Kiwire → OK
-
Click “Apply”
-
Click “+” → Portal Profile
-
Portal authentication: External portal server
-
Interoperation protocol: HTTP
-
Primary Portal server group: choose Kiwire
-
Click “Apply”
5. Modify RADIUS server profile
-
Click “RADIUS Server Profile”→choose Kiwire
-
Click “Apply”
6. Modify Authentication Scheme
-
Click “Authentication Scheme”→choose “radius”
-
First authentication: RADIUS authentication
7. Configure Accounting Scheme
-
Under “AAA”→choose “Accounting Scheme”
-
Click “Create”
-
Profile name: Kiwire
-
Accounting mode: RADIUS accounting → click “Apply”
-
AAA→Authentication Profile → Kiwire→click “+” → click “Accounting Scheme”
-
Choose “Kiwire” → click “Apply”
8. Configure Authentication Profile for WLAN
-
Click “Wireless Service” → VAP Profile → Create
-
Profile name: Kiwire
-
Click “OK”
-
Click “+” → Click “Authentication Profile” → choose “Kiwire”
-
Click “Apply”
9. Configure Portal Profile for WLAN
-
Click “+” → Portal Profile → choose “Kiwire”
-
Click “Apply”
10. Configure RADIUS Server Profile for WLAN
-
Click “RADIUS Server Profile” → choose “Kiwire”
-
Click “Apply”
11. Configure Authentication Profile for WLAN
-
Click “Authentication Scheme” → choose “radius”
-
First authentication: RADIUS authentication
-
Click “Apply”
12. Modify Forwarding Mode
-
Click “Kiwire”
-
Forwarding Mode: Tunnel
-
Click “Apply”
13. Modify Authentication-free Rule Profile
-
Click “Authentication-free Rule Profile” → choose “default_free_rule”
-
Click “Create
-
Rule ID: 1
-
Source IP address: none
-
Destination IP address: specified (8.8.8.8)
-
Mask: 24(255.255.255.0)
-
Protocol type: none
-
Click “OK”
-
Create another rule
-
Rule ID: 2
-
Source IP address: none
-
Destination IP address: specified (Kiwire IP)
-
Mask: 24(255.255.255.0)
-
Protocol type: none
-
Click “OK”
Kiwire Configuration for Huawei controller
1. Adding NAS into Kiwire
-
Click “Devices” → Devices → Add Device
-
Device Type: Controller
-
Vendor: Huawei
-
Identity: WAC name (AC6508)
-
IP Address: WAC IP Address
-
Username/Password: Username and password for WAC
-
Shared Secret Key: Kiwire NAS shared secret key
-
COA Port: 3799
-
Click “Create”