Purpose
This guide shows how to configure the ExtremeCloud IQ Pilot dashboard, and related access points to use our service.
Prerequisites
This article applies to the following models:
- AP121
- AP130
- AP141
- AP230
- AP330
- AP350
- AP370
- AP390
To make everything work, check that:
- the access points are connected to the Internet
- their WAN and LAN interfaces are correctly configured
We recommend you update the device with the most recent firmware version available.
Create a Network Policy
To create a new configuration, log in to the ExtremeCloud IQ Pilot web interface, go to Configure → Network Policies, then click on Add Network and finally click on Add Standard Network.
Then make the following actions in sequence:
- Select the SSID Authentication tab, and then the Open Unsecured tab
- Set Enable Captive Web Portal ON
- Select the Captive Web Portal radio button. Under Select features for this captive web portal, check the User Auth on Captive Web Portal option and uncheck all the other ones.
- Choose Authentication Type: select Redirect to External URL for Authentication
- Find Default Captive Web Portal below. If you previously defined your Captive Web Portal, then you have to click the Select button and find the correct entry. Otherwise, click Add and fill in all the fields as described in the paragraph below, called "Define a new Captive Web Portal"
- Move to Authentication Settings → Authenticate via RADIUS Server. If you previously defined your RADIUS Server Group, then you have to click the button and find the correct entry. Otherwise, click and fill in all the fields as described in the paragraph below, called "Define a new RADIUS Server Group"
Then click on Save.
Define a new Captive Web Portal
Proceed in reading only if you read the paragraph above called "Create a Network Policy", and you need to create a new Captive Web Portal profile. If you don't need this, then move forward.
To go to the page where you can create a new Captive Web Portal profile, you can follow the procedure mentioned in the paragraph above, called "Create a Network Policy". Alternatively, in a shorter way, you can go to Configure → Common Objects, and then select Authentication → Captive Web Portals in the left-side toolbar, and click Add.
Then enter the following data:
Default Captive Web Portal
- Name: (enter a name here, e.g., "Splash")
Captive Web Portal Settings
- Authentication Method: CHAP
-
: OFF
- → Redirect clients after a successful login attempt → To a specified URL: https://splashportal.cloud4wi.com
- → Redirect clients after a failed login attempt → To a specified URL: https://splashportal.cloud4wi.com
Then move to Walled Garden. Add *.cloud4wi.com as the first line (this action also enables the CDN).
For some specific use cases, you may be interested in the following articles:
Define a new RADIUS Server Group
Proceed in reading only if you read the paragraph above called "Create a Network Policy", and you need to create a new RADIUS Server Group. If you don't need this, then move forward.
To go to the page where you can create a new RADIUS Server Group, you can follow the procedure mentioned in the paragraph above, called "Create a Network Policy". Alternatively, in a shorter way, you can go to Configure → Common Objects, and then select Authentication → External RADIUS Servers in the left-side toolbar, and click Add.
We strongly recommend you to create an entry for the primary RADIUS server and one for the secondary RADIUS server.
To create an entry for the primary RADIUS server, please set up the data as follows:
- Name: (any name, e.g. "Radius1")
- IP/Host Name: to set this, click and select "IP Address", then set Name: (any name you wish) and
"54.247.117.188")
- Server Type → Authentication: 1812
- Server Type → Accounting: 1813
- Shared Secret: (Cloud4Wi will communicate it privately)
To create an entry for the primary RADIUS server, please set up the data as follows:
- Name: (any name, e.g. "Radius2")
- IP/Host Name: to set this, click and select "IP Address", then set Name: (any name you wish) and
"79.125.111.180")
- Server Type → Authentication: 1812
- Server Type → Accounting: 1813
- Shared Secret: (Cloud4Wi will communicate it privately)
Configuring QoS settings
Proceed in reading only if you need to set your QoS / traffic shaping rules. If you don't need this, then move to the next paragraph.
Go to Configure → Network Policies, then find and click on the network you have created previously (check the "Create a Network Policy" above). Once in the edit page, scroll down until you find the User Access Settings section, and then check the Apply a different user profile to various clients and user groups. option.
Then add a new user profile by clicking on Add, or select your existing on by clicking on the button. Once the profile has been set and you can see it in the list, then click on under Assignment Rules.
Specify User Profile Name and Connect to values, then move to the QoS tab, turn on the Quality of Service (QoS) option, set the other parameters according to your needs, and finally save.
Then, you will find your user profile on your list.
After that, you have to assign the rule. So, click on one of the related icons (on if your rule doesn't exist, on if it does).
If you clicked on , then you have to create the rule. So specify Name and Description, and then click on Add → → RADIUS Attribute and set the desired value.
Remember this value (it's "100" in our picture below), since you'll have to enter also in Cloud4Wi Admin Panel, as mentioned in the last paragraph of this guide.
If you clicked on , then you have to assign an existing rule for this profile.
For any more specific information, you can read the Extreme Documentation Portal.
In particular, you might be interested also in reading this specific article: User Profile QoS Settings.
Deploy Policy
Once you finished the configuration procedure, go to the Deploy Policy tab, select your device, and push the configuration by clicking on Update Devices.
Configuring the Cloud4Wi Admin Panel
Adding the access point
You need to add the Access Point into our inventory. To get further information on how to do that, please read How to add an access point.
In this specific case, you need to enter the following information:
- Hardware manufacturer: "Aerohive Networks, Inc."
- MAC address: your MAC address
The MAC address is printed on the back of your device.
Note: Currently (referring to the tested firmware version), devices do not support the "logout" feature. For this reason, you will not find a Logout link on any Splash Pages loaded through these devices.
QoS
If you want our platform to support QoS rules, and you've configured the related section accordingly with the guidelines described above, keep in mind that you have to set this rule in your Internet plan in Volare. You can find the procedure here.
In the Advanced parameters section, make sure to set the Filter-Id value with the same value specified in the assignment step as RADIUS Attribute ("100" in the case of our picture in the section above).
If the two values in HiveManager and Cloud4Wi match, then the QoS will work correctly.