Hewlett Packard (Unified 800 Series)



This guide shows how to configure a Hewlett Packard controller of the “Unified 800 Series” for Volare.

Please note that the commands and the configuration contained in this article may sometimes refer to older versions of Hewlett Packard interface. But the details included in “Parameters for the Solution” will always be up to date.



The configuration procedure has been performed and tested with the following device model: Hewlett Packard Unified 830 and with the following firmware version: 5.20.109.

Prior to using this guide, please make sure that your Hewlett Packard controller is connected to the Internet.


Accessing the command-line interface

This device comes also with a web UI, but it doesn't allow to set all necessary parameters.
In order to make a complete configuration, it is necessary to use the command-line interface, that may be accessed by a local connection thought the serial console port, or a remote Telnet connection.


Redirection of unauthenticated user

It is necessary to upload some pages to the controller in order to handle the following events:

  • Default logon page (logon.htm)
  • Logon success (logonSuccess.htm)
  • Logon Failure (logonFail.htm)
  • Logoff success (logoffSuccess.htm)
  • User already online (online.htm)
  • Service is busy (busy.htm)

You can find everything you need in the “cloud4wi2.zip” included in this article. You can find also the “redirect.js” file, a JavaScript file that is required to make the HTML files work.

Below, you can find all the operative steps to install them into the controller:

  1. Copy the “cloud4wi2.zip” archive to the /root directory of your controller
  2. Create a directory named “portal” under /root directory.
  3. Copy the content of your cloud4wi2.zip archive to the /root/portal directory. Don't delete your “cloud4wi2.zip” archive
  4. If your SSID name is "TT-Guest4wi2” and your archive is “cloud4wi2.zip”, please type the following command:

    portal local-server bind ssid TT-Guest4wi2 file cloud4wi2.zip

    Please consider that you will find this command also in the paragraph below called “Set configuration”. Ensure to type this command at least once, and when the procedure above has been completed.


Set configuration

This is an example of a working configuration. Any part of the code is commented with a short description.

In blue you can find the parameters that you probably will need to change for your implementation. In particular:

  • You should replace hp830 with the unique identifier that you have to enter into the Admin Panel
  • You should replace TT-Guest4wi2 with the name of the SSID of your network
  • You should replace cloud4wi2.zip with the ZIP archive containing your web pages. Anyway we recommend you to use the “cloud4wi2.zip” attached to this page
  • You should replace radius_secret with the RADIUS secret that Cloud4Wi privately communicates to customers

In green you can find RADIUS IP addresses. Please check that they correspond with the values that you can find in the "Parameters for the Solution" paragraph. In case they differ, data in "Parameters for the Solution" are the most updated.

In orange, you can find the Splash Page URL. Please check that it corresponds to the value that you can find in the "Parameters for the Solution" paragraph. In case they differ, data in "Parameters for the Solution" are the most updated.

You will need to adjust your Walled Garden according to your needs. In order to do that, please find the part of the code regarding the Walled Garden, and find below the paragraph "Walled Garden" when you can find more information about that.

Please ensure that the procedure "Redirection of unauthenticated user" has been completed before going on.


### - Firmware version used
version 5.20.109, Release 3507P39
sysname HP_830
clock timezone CET add 01:00:00

### - You need to set the domain in order to define how to access to the controller
domain default enable system
dns resolve
dns proxy enable
dns server
dns domain Cloud4wi
ip host hp830

### - You need to configure the redirection to the WPortal and the list of
### walled garden entries

portal server Cloud4wi-LOCAL ip url https://splashportal.cloud4wi.com/?vendor=hp800 server-type imc
portal free-rule 1 source interface Bridge-Aggregation1 destination any
portal free-rule 2 source ip any destination ip mask
portal free-rule 3 source ip mask destination ip mask
portal free-rule 4 source ip any destination ip mask
portal free-rule 6 source ip any destination ip mask
portal free-rule 7 source ip any destination ip mask
portal free-rule 8 source ip mask destination ip mask
portal nas-id hp830
portal local-server https server-policy cloud4wi
portal local-server bind ssid TT-Guest4wi2 file cloud4wi2.zip
portal url-param include nas-id
portal url-param include user-mac
portal url-param include nas-ip
portal url-param include ap-mac
portal url-param include user-url
portal url-param include user-ip
portal url-param include ac-name
portal url-param include ssid
### - You need to configure the access-list in order to enable NAT in the guest network
acl number 2001
rule 0 permit source
rule 40 deny

### - You need to configure the VLAN that is assigned to the guest network
vlan 200
description Guest-wireless

### - You need to set RADIUS servers
radius scheme cloud4wi_rad
server-type extended
primary authentication key shared_key
primary accounting key shared_key
secondary authentication key shared_key
secondary accounting key shared_key
user-name-format keep-original

### - You need to set AAA
domain cloud4wi
authentication portal radius-scheme cloud4wi_rad
authorization portal radius-scheme cloud4wi_rad
accounting portal radius-scheme cloud4wi_rad
access-limit disable
state active
idle-cut disable
self-service-url disable
domain cloud4wi-pki
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable

### - You need to set pki identity
pki entity cloud4wi
common-name *.cloud4wi.com
organization-unit Domain Control Validated
fqdn *.cloud4wi.com
pki domain cloud4wi-pki
ca identifier GlobalSign Root CA
certificate request from ca
certificate request entity cloud4wi
crl check disable
pki domain local_domain
crl check disable

### - You need to configure the DHCP server for guests
dhcp server ip-pool ip_guest_wireless
network mask
domain-name hp830.local

### - You need to define the SSID
wlan service-template 1 clear
ssid TT-Guest4wi2
bind WLAN-ESS 0
service-template enable

### - You need to define pki domain
ssl server-policy cloud4wi
pki-domain cloud4wi-pki

### - You need to set IP addresses for the wireless Network Interface Controller
interface Vlan-interface1
ip address
undo dhcp select server global-pool
nat outbound 2001

### - You need to set IP addresses for the guest network
interface Vlan-interface200
ip address
portal server Cloud4wi-LOCAL method direct
portal domain cloud4wi

### - You need to define the VLAN in the current wireless virtual interface
interface WLAN-ESS0
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 200 untagged
port hybrid pvid vlan 200

### - Enabling DHCP
dhcp enable

### - Enabling HTTPS access in the wireless controller
ip https ssl-server-policy cloud4wi
ip https enable


Installing the SSL certificate to the controller

The configuration above consists of all necessary parameters to enable the HTTPS access in the controller.
In order to install the SSL certificate, it is necessary to upload the P12 certificate file to your /root directory.
Then, once the configuration commands in the paragraph "Set configuration" have been submitted, it is necessary to type the following command:

pki import-certificate local domain cloud4wi-pki p12 filename cloud4wi.com_chain.p12

Where cloud4wi.com_chain.p12 is the name of your certificate.


Walled Garden

As you can find in the example above, the syntax to add a new Walled Garden entry is the following:

portal free-rule NUMBER source ip any destination ip IP_ADDRESS mask NETMASK


  • NUMBER: is a progressive number for the rule
  • IP_ADDRESS: is the IP address to include
  • NETMASK: is the IP address of the rule

An example should be:

portal free-rule 6 source ip any destination ip mask

Please note that domain names are not supported by the controller.
The controller accepts a rule containing a domain name (e.g. portal free-rule 6 source ip any destination ip splashportal.cloud4wi.com mask, but in the rule that will be saved, the domain name will be converted to the IP address got as per DNS request.

In order to configure the walled garden for other purposes, please check the following articles:


Allowing free access to the CDN

As explained in the article Enabling the CDN, it is necessary to add some IP addresses to the Walled Garden in order to support the access to the CDN.
As already mentioned, you can find these entries configured in the example above:

  • /
  • /
  • /
  • /
  • /
  • /

Entering the device details into the Admin Panel

In order to integrate the controller with the Solution, it is necessary to enter its details into the Admin Panel.

To get further information on how to do that, please see How to add an access point. Secondly, in the Admin Panel, a field called Identifier will be required by the web interface.

For Hewlett Packard Unified 800 Series, it corresponds to the value set in the script as "portal nas-id" (it was "hp830" in our example).


Parameters for the Solution

Before doing your configuration, please check that the values in your configuration match with the following ones:

Primary RADIUS server:
Secondary server:
RADIUS secret: (it will be communicated by Cloud4Wi)
RADIUS Authentication/Authorization port: 1812
RADIUS Accounting port: 1813
UAM login page: https://splashportal.cloud4wi.com/?vendor=hp800

Please note that it is necessary to enter the Splash Page URL exactly as it is written above.

If these parameters change in the future, we will promptly inform you about new values.

Have more questions? Submit a request