This guide shows how to configure a Hewlett Packard controller of the “Unified 800 Series” for Cloud4Wi.
Please note that the commands and the configuration contained in this article may sometimes refer to older versions of Hewlett Packard interface. But the details included in “Parameters for the Solution” will always be up to date.
The configuration procedure has been performed and tested with the following device model: Hewlett Packard Unified 830 and with the following firmware version: 5.20.109.
Prior to using this guide, please make sure that your Hewlett Packard controller is connected to the Internet.
Accessing the command-line interface
This device comes also with a web UI, but it doesn't allow to set all necessary parameters.
In order to make a complete configuration, it is necessary to use the command-line interface, that may be accessed by a local connection thought the serial console port, or a remote Telnet connection.
Redirection of unauthenticated user
It is necessary to upload some pages to the controller in order to handle the following events:
- Default logon page (logon.htm)
- Logon success (logonSuccess.htm)
- Logon Failure (logonFail.htm)
- Logoff success (logoffSuccess.htm)
- User already online (online.htm)
- Service is busy (busy.htm)
Below, you can find all the operative steps to install them into the controller:
- Copy the “cloud4wi2.zip” archive to the /root directory of your controller
- Create a directory named “portal” under /root directory.
- Copy the content of your cloud4wi2.zip archive to the /root/portal directory. Don't delete your “cloud4wi2.zip” archive
- If your SSID name is "TT-Guest4wi2” and your archive is “cloud4wi2.zip”, please type the following command:
portal local-server bind ssid TT-Guest4wi2 file cloud4wi2.zip
Please consider that you will find this command also in the paragraph below called “Set configuration”. Ensure to type this command at least once, and when the procedure above has been completed.
This is an example of a working configuration. Any part of the code is commented with a short description.
In blue you can find the parameters that you probably will need to change for your implementation. In particular:
- You should replace hp830 with the unique identifier that you have to enter into the Admin Panel
- You should replace TT-Guest4wi2 with the name of the SSID of your network
- You should replace cloud4wi2.zip with the ZIP archive containing your web pages. Anyway we recommend you to use the “cloud4wi2.zip” attached to this page
- You should replace radius_secret with the RADIUS secret that Cloud4Wi privately communicates to customers
In green you can find RADIUS IP addresses. Please check that they correspond with the values that you can find in the "Parameters for the Solution" paragraph. In case they differ, data in "Parameters for the Solution" are the most updated.
In orange, you can find the Splash Page URL. Please check that it corresponds to the value that you can find in the "Parameters for the Solution" paragraph. In case they differ, data in "Parameters for the Solution" are the most updated.
You will need to adjust your Walled Garden according to your needs. In order to do that, please find the part of the code regarding the Walled Garden, and find below the paragraph "Walled Garden" when you can find more information about that.
Please ensure that the procedure "Redirection of unauthenticated user" has been completed before going on.
### - Firmware version used
version 5.20.109, Release 3507P39
clock timezone CET add 01:00:00
### - You need to set the domain in order to define how to access to the controller
domain default enable system
dns proxy enable
dns server 184.108.40.206
dns domain Cloud4wi
ip host hp830 192.168.200.1
### - You need to configure the redirection to the WPortal and the list of
### walled garden entries
portal server Cloud4wi-LOCAL ip 192.168.200.1 url https://splashportal.cloud4wi.com/?vendor=hp800 server-type imc
portal free-rule 1 source interface Bridge-Aggregation1 destination any
portal free-rule 2 source ip any destination ip 220.127.116.11 mask 255.255.255.255
portal free-rule 3 source ip 192.168.200.0 mask 255.255.255.0 destination ip 192.168.200.1 mask 255.255.255.255
portal free-rule 4 source ip any destination ip 18.104.22.168 mask 255.255.255.255
portal free-rule 6 source ip any destination ip 22.214.171.124 mask 255.255.255.255
portal free-rule 7 source ip any destination ip 172.16.0.4 mask 255.255.255.255
portal free-rule 8 source ip 192.168.200.0 mask 255.255.255.0 destination ip 126.96.36.199 mask 255.255.255.255
portal nas-id hp830
portal local-server https server-policy cloud4wi
portal local-server bind ssid TT-Guest4wi2 file cloud4wi2.zip
portal url-param include nas-id
portal url-param include user-mac
portal url-param include nas-ip
portal url-param include ap-mac
portal url-param include user-url
portal url-param include user-ip
portal url-param include ac-name
portal url-param include ssid
### - You need to configure the access-list in order to enable NAT in the guest network
acl number 2001
rule 0 permit source 192.168.200.0 0.0.0.255
rule 40 deny
### - You need to configure the VLAN that is assigned to the guest network
### - You need to set RADIUS servers
radius scheme cloud4wi_rad
primary authentication 188.8.131.52 key shared_key
primary accounting 184.108.40.206 key shared_key
secondary authentication 220.127.116.11 key shared_key
secondary accounting 18.104.22.168 key shared_key
### - You need to set AAA
authentication portal radius-scheme cloud4wi_rad
authorization portal radius-scheme cloud4wi_rad
accounting portal radius-scheme cloud4wi_rad
### - You need to set pki identity
pki entity cloud4wi
organization-unit Domain Control Validated
pki domain cloud4wi-pki
ca identifier GlobalSign Root CA
certificate request from ca
certificate request entity cloud4wi
crl check disable
pki domain local_domain
crl check disable
### - You need to configure the DHCP server for guests
dhcp server ip-pool ip_guest_wireless
network 192.168.200.0 mask 255.255.255.0
### - You need to define the SSID
wlan service-template 1 clear
bind WLAN-ESS 0
### - You need to define pki domain
ssl server-policy cloud4wi
### - You need to set IP addresses for the wireless Network Interface Controller
ip address 172.16.0.4 255.255.252.0
undo dhcp select server global-pool
nat outbound 2001
### - You need to set IP addresses for the guest network
ip address 192.168.200.1 255.255.255.0
portal server Cloud4wi-LOCAL method direct
portal domain cloud4wi
### - You need to define the VLAN in the current wireless virtual interface
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 200 untagged
port hybrid pvid vlan 200
### - Enabling DHCP
### - Enabling HTTPS access in the wireless controller
ip https ssl-server-policy cloud4wi
ip https enable
Installing the SSL certificate to the controller
The configuration above consists of all necessary parameters to enable the HTTPS access in the controller.
In order to install the SSL certificate, it is necessary to upload the P12 certificate file to your /root directory.
Then, once the configuration commands in the paragraph "Set configuration" have been submitted, it is necessary to type the following command:
pki import-certificate local domain cloud4wi-pki p12 filename cloud4wi.com_chain.p12
Where cloud4wi.com_chain.p12 is the name of your certificate.
As you can find in the example above, the syntax to add a new Walled Garden entry is the following:
portal free-rule NUMBER source ip any destination ip IP_ADDRESS mask NETMASK
- NUMBER: is a progressive number for the rule
- IP_ADDRESS: is the IP address to include
- NETMASK: is the IP address of the rule
An example should be:
portal free-rule 6 source ip any destination ip 22.214.171.124 mask 255.255.255.255
Please note that domain names are not supported by the controller.
The controller accepts a rule containing a domain name (e.g. portal free-rule 6 source ip any destination ip splashportal.cloud4wi.com mask 255.255.255.255), but in the rule that will be saved, the domain name will be converted to the IP address got as per DNS request.
In order to configure the walled garden for other purposes, please check the following articles:
- Walled garden for the Social Login (websites/domains to open)
- Walled garden for PayPal feature (websites/domains to open)
Allowing free access to the CDN
As explained in the article Enabling the CDN, it is necessary to add some IP addresses to the Walled Garden in order to support the access to the CDN.
As already mentioned, you can find these entries configured in the example above:
- 126.96.36.199 / 255.255.255.255
- 188.8.131.52 / 255.255.255.255
- 184.108.40.206 / 255.255.255.255
- 220.127.116.11 / 255.255.255.255
- 18.104.22.168 / 255.255.255.255
- 22.214.171.124 / 255.255.255.255
Entering the device details into the Admin Panel
In order to integrate the controller with the Solution, it is necessary to enter its details into the Admin Panel.
To get further information on how to do that, please see How to add an access point. Secondly, in the Admin Panel, a field called Identifier will be required by the web interface.
For Hewlett Packard Unified 800 Series, it corresponds to the value set in the script as "portal nas-id" (it was "hp830" in our example).
Parameters for the Solution
Before doing your configuration, please check that the values in your configuration match with the following ones:
Primary RADIUS server: 126.96.36.199
Secondary server: 188.8.131.52
RADIUS secret: (it will be communicated by Cloud4Wi)
RADIUS Authentication/Authorization port: 1812
RADIUS Accounting port: 1813
UAM login page: https://splashportal.cloud4wi.com/?vendor=hp800
Please note that it is necessary to enter the Splash Page URL exactly as it is written above.
If these parameters change in the future, we will promptly inform you about new values.