Purpose
This guide shows how to configure an Extreme Network Wireless Controller (EWC) for Cloud4Wi.
Prerequisites
The configuration procedure has been performed and tested on the following hardware:
- Controller: EWC V2110 Small, running firmware version 10.41.14.0008
- Access point: AP3915i, running firmware version 10.41.14.0008
Before integrating the controller with Cloud4Wi, it is necessary that:
- the controller and access point are connected to the Internet and reachable on the network
- the access point has an IP address assigned (DHCP or static), and it is reachable through the network
RADIUS Servers
Go to VNS in the main menu, click on Global and create your RADIUS server items. We recommend you to define both primary and secondary servers.
Primary Server
Hostname/IP: 54.247.117.188
Shared Secret: (Cloud4Wi will communicate it)
Default Protocol: PAP
Secondary Server
Hostname/IP: 79.125.111.180
Shared Secret: (Cloud4Wi will communicate it)
Default Protocol: PAP
Network topology
In the following steps, you'll need to configure a new WLAN, and at the same time, you'll have to provide the topology of your network.
You can define your topology by going to VNS in the main menu, and then clicking on Topologies in the left-side toolbar.
You can make the configuration according to your requirements. In the example below the traffic is bridged locally at the AP, and the IP address is assigned to clients by the local DHCP server.
WLAN
Go to VNS in the main menu, click on WLAN Services and in this section create a new WLAN or modify an existing one.
WLAN Services
In the WLAN Services tab, you have to provide general information, such as a friendly name, the name of the SSID, the topology, etc.
Privacy
In the Privacy tab, you usually need an open network. So you have to select None.
Auth & Acct
In the Auth & Acct tab, you are required to select the following options:
- Authentication → Mode: Firewall Friendly External (you will need to configure this)
- Enable RADIUS Accounting checked
Under RADIUS Servers, select the RADIUS server items created previously.
Click on the Configure button and set values as listed below.
IMPORTANT: Skipping this part, or setting different values, will create inconveniences during the user experience.
Redirection URL: https://splashportal.cloud4wi.com? (IMPORTANT: don't miss the "?")
Fields to be checked:
- EWC/AP IP & port
- AP name & serial number
- AP Ethernet MAC
- SSID
- Station's MAC address
QoS
For most common use cases, you don't need to configure this section.
Roles
Roles define the access domain of users, and you can manage them by going to VNS in the main menu, and then clicking on Roles.
In this case, you have to create two different roles, one before and one after the authentication.
Authenticated users
For authenticated users, configure the VLAN & Class of Service tab with the following options:
- Access Control: Allow
- Default Class of Service: No change
- Traffic Mirror: None
For the Policy Rules tab, in most cases, you have to allow all incoming and outcoming connections.
Unauthenticated users
For unauthenticated users, configure the VLAN & Class of Service tab with the following options:
- Access Control: Allow
- Default Class of Service: No change
- Traffic Mirror: None
- Redirection URL: https://splashportal.cloud4wi.com
In the Policy Rules tab, you have to set a rule to deny all the traffic and put it as last rule. Before this rule, you should include all the exceptions related to all the services that you need to reach, e.g., DHCP, DNS servers, Splash Portal (
Below an example:
You can use the "Cloud Computing group" to define all the exceptions related to the walled garden. When creating your rule, you have to set:
- Classification: L7
- Group: Cloud Computing
Then click on Custom Web Applications to define the walled garden.
In the walled garden list, you are required to enter "cloud4wi.com" and all the entries you require. For more frequent use cases, you may need to read the following articles:
- Walled garden for the Social Login (websites/domains to open)
- Walled garden for PayPal feature (websites/domains to open)
VNS
The most important entity in this configuration is the VNS that allows binding WLANs with roles.
To do that, you have to go to VNS in the main menu, and then click on Virtual Networks. Then select the WLAN and the roles that you have defined in the previous steps.
Entering the device details into the Cloud4Wi Dashboard
To add a new access point to the system, please see How to add an access point.