Purpose
This guide shows how to configure a Hewlett Packard controller of the “Unified 800 Series” for Cloud4Wi.
Please note that the commands and the configuration contained in this article may sometimes refer to older versions of Hewlett Packard interface. But the details included in “Parameters for the Solution” will always be up to date.
Prerequisites
The configuration procedure has been performed and tested with the following device model: Hewlett Packard Unified 830 and with the following firmware version: 5.20.109.
Prior to using this guide, please make sure that your Hewlett Packard controller is connected to the Internet.
Accessing the command-line interface
This device comes also with a web UI, but it doesn't allow to set all necessary parameters.
In order to make a complete configuration, it is necessary to use the command-line interface, that may be accessed by a local connection thought the serial console port, or a remote Telnet connection.
Redirection of unauthenticated user
It is necessary to upload some pages to the controller in order to handle the following events:
- Default logon page (logon.htm)
- Logon success (logonSuccess.htm)
- Logon Failure (logonFail.htm)
- Logoff success (logoffSuccess.htm)
- User already online (online.htm)
- Service is busy (busy.htm)
You can find everything you need in the “cloud4wi2.zip” included in this article. You can find also the “redirect.js” file, a JavaScript file that is required to make the HTML files work.
Below, you can find all the operative steps to install them into the controller:
- Copy the “cloud4wi2.zip” archive to the /root directory of your controller
- Create a directory named “portal” under /root directory.
- Copy the content of your cloud4wi2.zip archive to the /root/portal directory. Don't delete your “cloud4wi2.zip” archive
- If your SSID name is "TT-Guest4wi2” and your archive is “cloud4wi2.zip”, please type the following command:
portal local-server bind ssid TT-Guest4wi2 file cloud4wi2.zip
Please consider that you will find this command also in the paragraph below called “Set configuration”. Ensure to type this command at least once, and when the procedure above has been completed.
Set configuration
This is an example of a working configuration. Any part of the code is commented with a short description.
In blue you can find the parameters that you probably will need to change for your implementation. In particular:
- You should replace hp830 with the unique identifier that you have to enter into the Admin Panel
- You should replace TT-Guest4wi2 with the name of the SSID of your network
- You should replace cloud4wi2.zip with the ZIP archive containing your web pages. Anyway we recommend you to use the “cloud4wi2.zip” attached to this page
- You should replace radius_secret with the RADIUS secret that Cloud4Wi privately communicates to customers
In green you can find RADIUS IP addresses. Please check that they correspond with the values that you can find in the "Parameters for the Solution" paragraph. In case they differ, data in "Parameters for the Solution" are the most updated.
In orange, you can find the Splash Page URL. Please check that it corresponds to the value that you can find in the "Parameters for the Solution" paragraph. In case they differ, data in "Parameters for the Solution" are the most updated.
You will need to adjust your Walled Garden according to your needs. In order to do that, please find the part of the code regarding the Walled Garden, and find below the paragraph "Walled Garden" when you can find more information about that.
Please ensure that the procedure "Redirection of unauthenticated user" has been completed before going on.
### - Firmware version used
#
version 5.20.109, Release 3507P39
#
sysname HP_830
#
clock timezone CET add 01:00:00
#
### - You need to set the domain in order to define how to access to the controller
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 8.8.8.8
dns domain Cloud4wi
ip host hp830 192.168.200.1
#
### - You need to configure the redirection to the WPortal and the list of
### walled garden entries
#
portal server Cloud4wi-LOCAL ip 192.168.200.1 url https://splashportal.cloud4wi.com/?vendor=hp800 server-type imc
portal free-rule 1 source interface Bridge-Aggregation1 destination any
portal free-rule 2 source ip any destination ip 8.8.8.8 mask 255.255.255.255
portal free-rule 3 source ip 192.168.200.0 mask 255.255.255.0 destination ip 192.168.200.1 mask 255.255.255.255
portal free-rule 4 source ip any destination ip 74.125.232.152 mask 255.255.255.255
portal free-rule 6 source ip any destination ip 54.247.117.188 mask 255.255.255.255
portal free-rule 7 source ip any destination ip 172.16.0.4 mask 255.255.255.255
portal free-rule 8 source ip 192.168.200.0 mask 255.255.255.0 destination ip 79.125.111.180 mask 255.255.255.255
portal nas-id hp830
portal local-server https server-policy cloud4wi
portal local-server bind ssid TT-Guest4wi2 file cloud4wi2.zip
portal url-param include nas-id
portal url-param include user-mac
portal url-param include nas-ip
portal url-param include ap-mac
portal url-param include user-url
portal url-param include user-ip
portal url-param include ac-name
portal url-param include ssid
#
### - You need to configure the access-list in order to enable NAT in the guest network
#
acl number 2001
rule 0 permit source 192.168.200.0 0.0.0.255
rule 40 deny
#
### - You need to configure the VLAN that is assigned to the guest network
#
vlan 200
description Guest-wireless
#
### - You need to set RADIUS servers
#
radius scheme cloud4wi_rad
server-type extended
primary authentication 54.247.117.188 key shared_key
primary accounting 54.247.117.188 key shared_key
secondary authentication 79.125.111.180 key shared_key
secondary accounting 79.125.111.180 key shared_key
user-name-format keep-original
### - You need to set AAA
#
domain cloud4wi
authentication portal radius-scheme cloud4wi_rad
authorization portal radius-scheme cloud4wi_rad
accounting portal radius-scheme cloud4wi_rad
access-limit disable
state active
idle-cut disable
self-service-url disable
domain cloud4wi-pki
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
### - You need to set pki identity
#
pki entity cloud4wi
common-name *.cloud4wi.com
organization-unit Domain Control Validated
fqdn *.cloud4wi.com
#
pki domain cloud4wi-pki
ca identifier GlobalSign Root CA
certificate request from ca
certificate request entity cloud4wi
crl check disable
#
pki domain local_domain
crl check disable
#
### - You need to configure the DHCP server for guests
#
dhcp server ip-pool ip_guest_wireless
network 192.168.200.0 mask 255.255.255.0
gateway-list 192.168.200.1
dns-list 192.168.200.1
domain-name hp830.local
#
### - You need to define the SSID
#
wlan service-template 1 clear
ssid TT-Guest4wi2
bind WLAN-ESS 0
service-template enable
#
### - You need to define pki domain
#
ssl server-policy cloud4wi
pki-domain cloud4wi-pki
#
### - You need to set IP addresses for the wireless Network Interface Controller
#
interface Vlan-interface1
ip address 172.16.0.4 255.255.252.0
undo dhcp select server global-pool
nat outbound 2001
#
### - You need to set IP addresses for the guest network
interface Vlan-interface200
ip address 192.168.200.1 255.255.255.0
portal server Cloud4wi-LOCAL method direct
portal domain cloud4wi
#
### - You need to define the VLAN in the current wireless virtual interface
#
interface WLAN-ESS0
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 200 untagged
port hybrid pvid vlan 200
#
### - Enabling DHCP
#
dhcp enable
#
### - Enabling HTTPS access in the wireless controller
#
ip https ssl-server-policy cloud4wi
ip https enable
#
Installing the SSL certificate to the controller
The configuration above consists of all necessary parameters to enable the HTTPS access in the controller.
In order to install the SSL certificate, it is necessary to upload the P12 certificate file to your /root directory.
Then, once the configuration commands in the paragraph "Set configuration" have been submitted, it is necessary to type the following command:
pki import-certificate local domain cloud4wi-pki p12 filename cloud4wi.com_chain.p12
Where cloud4wi.com_chain.p12 is the name of your certificate.
Walled Garden
As you can find in the example above, the syntax to add a new Walled Garden entry is the following:
portal free-rule NUMBER source ip any destination ip IP_ADDRESS mask NETMASK
where:
- NUMBER: is a progressive number for the rule
- IP_ADDRESS: is the IP address to include
- NETMASK: is the IP address of the rule
An example should be:
portal free-rule 6 source ip any destination ip 54.247.147.188 mask 255.255.255.255
Please note that domain names are not supported by the controller.
The controller accepts a rule containing a domain name (e.g. portal free-rule 6 source ip any destination ip splashportal.cloud4wi.com mask 255.255.255.255), but in the rule that will be saved, the domain name will be converted to the IP address got as per DNS request.
In order to configure the walled garden for other purposes, please check the following articles:
- Walled garden for the Social Login (websites/domains to open)
- Walled garden for PayPal feature (websites/domains to open)
Allowing free access to the CDN
As explained in the article Enabling the CDN, it is necessary to add some IP addresses to the Walled Garden in order to support the access to the CDN.
As already mentioned, you can find these entries configured in the example above:
- 50.18.178.180 / 255.255.255.255
- 54.248.102.194 / 255.255.255.255
- 54.246.86.254 / 255.255.255.255
- 46.137.206.166 / 255.255.255.255
- 54.232.119.5 / 255.255.255.255
- 54.253.118.101 / 255.255.255.255
Entering the device details into the Admin Panel
In order to integrate the controller with the Solution, it is necessary to enter its details into the Admin Panel.
To get further information on how to do that, please see How to add an access point. Secondly, in the Admin Panel, a field called Identifier will be required by the web interface.
For Hewlett Packard Unified 800 Series, it corresponds to the value set in the script as "portal nas-id" (it was "hp830" in our example).
Parameters for the Solution
Before doing your configuration, please check that the values in your configuration match with the following ones:
Primary RADIUS server: 54.247.117.188
Secondary server: 79.125.111.180
RADIUS secret: (it will be communicated by Cloud4Wi)
RADIUS Authentication/Authorization port: 1812
RADIUS Accounting port: 1813
UAM login page: https://splashportal.cloud4wi.com/?vendor=hp800
Please note that it is necessary to enter the Splash Page URL exactly as it is written above.
If these parameters change in the future, we will promptly inform you about new values.