Cloud4Wi certifies the interoperability with Huawei Cloud Campus using AP with the following firmware version:
AirEngine 5700 AirEngineX761-V200R021C00SPC200.zip Download - Huawei
Last tested Release: V300R022C00SPC826
1. Create a site and add devices to the site
Go to Design > Site Management > Click on Create
In Device Type select AP so that the site can support AP management and configuration.
There are two ways to add devices:
- By ESN: enter the ESN of the device
- By Device Model: enter a device model. Since the device must be managed by CloudCampus, it is also required to enter the ESN of the device. The option “Add by Device Model” is useful when ESN are Label 4.0 because Label 4.0 ESN can’t be added just by their ESN
2. Configuration of policy template
Next, you need to create the ACL, RADIUS Relay Server and URL Template information that will be used later in the configuration of the SSID and Portal Page Push Policy.
2.1 ACL configuration
Go to Design > Network Design > Template Management > Policy Template
Select ACL on the left column and click on Create
Give the ACL a Name, such as "Cloud4Wi_Walled_Garden" (you'll need to recall this ACL later on)
Now add the required the ACLs (Note: these rules are implicitly permit rules).
By default, you need to add at least the ACLs for the Cloud4Wi service on the domain: *.cloud4wi.com
To configure the walled garden to support Social Login or other capabilities, please check the following articles:
- Walled garden for the Social Login (websites/domains to open)
- Walled garden for PayPal feature (websites/domains to open)
When the configuration is finished, click on OK.
2.2 RADIUS Relay Server configuration
Go to Design > Network Design > Template Management > Template
Go on “RADIUS Relay Server” in the left column and enter the Cloud4Wi authentication server and accounting server.
For Authentication service select RADIUS authentication.
As NAS identifier select Controller ID.
Authentication server:
RADIUS Primary IP Address / Port: 54.247.117.188 / 1812
RADIUS Secondary IP Address / Port: 79.125.111.180 / 1812
Shared Secret: <as communicated by Cloud4Wi team>
Accounting server:
RADIUS Primary IP Address / Port: 54.247.117.188 / 1813
RADIUS Secondary IP Address / Port: 79.125.111.180 / 1813
Shared Secret:<as communicated by Cloud4Wi team>
When the configuration is finished, click on OK.
2.3 URL Template
In Design > Network Design > Template
Go to URL Template in the left column. Click on Create.
Select Cloud platform-based relay authentication in template type
Then use the following parameters in the template:
|
Value Assignment Mode |
Parameter |
Parameter Name |
Description |
eration |
|
|---|---|---|---|---|---|
|
User-defined |
Huawei |
vendor |
|||
|
User-defined |
V300R022C00SPC826 |
version |
|||
|
Replace the existing value of the controller |
user-mac |
client-mac |
|||
|
Replace the existing value of the controller |
loginurl |
loginUrl |
|||
|
Replace the existing value of the controller |
device-mac |
apMac |
|||
|
Replace the existing value of the controller |
ssid |
ssid |
In the end, the table for parameters should look like the following screenshot:
3. SSID configuration
- Select a site.
- Choose Provision > Device Configuration > Site Configuration from the main menu.
- In the displayed window, select a site from the Site drop-down list in the upper left corner.
- Click the Site Configuration tab.
- Choose AP > Wi-Fi from the navigation pane, click the SSID tab, click Create, and configure the basic information of an SSID.
Click on Next to configure the authentication mode. - Security authentication
Select Open + Portal authentication in WLAN Security Policy.
Choose RADIUS Relay authentication by cloud platform.
Choose RADIUS Relay for the interconnection mode.
For the third-party authentication parameters, use the following:
Username: username
Password parameter name: password
Redirect url matching rule: Redirect URL parameter
Parameter url for authentication success redirect url: redirect_Url
In the default permit rule choose the ACLs set which has been created in step 2.1
Choose a bypass policy, it’s the policy applied to the SSID when the authentication service is unreachable by the AP.
Click on Next
No need to configure anything in Policy Control step of the wizard.
4. Portal Page Push Policy
Choose Admission > Admission Resources > Page Management from the main menu.
Go to the Portal Page Push Policy tab and click Create and create and configure a Portal Page Push Policy
In Authentication mode, select Cloud platform based relay.
Interconnection mode, select RADIUS Relay.
In URL template, choose the template configured in step 2.3
In third-party authentication url, enter the portal url: https://splashportal.cloud4wi.com
5. Authentication and authorization rule
Go to Admission > Admission Policy > Authentication and authorization rule
Go to tab Authorization rule and create a new rule.
Give the rule a name (such as Cloud4Wi_Authorization"). Configure the settings matchign the following screen:
turn on the Match SSID switch, click Add and enter the name of the SSID where you are configuring the guest WiFI service.
Note:
It’s a best practice to apply our matching conditions in Authorization rules.
At the bottom, select in Authorization result, “Permit”.
6. CLI template to send
Go to Provision > Device Configuration > Site configuration
Select Site > CLI
Create a CLI template for AP.
- In Device type, choose: AP
- In Device configuration, choose All
- In the CLI field, enter “portal pass DNS enable” under system-view
7. CNA Adaptive Function for IOS Terminals
To ensure a proper user experience on iOS devices, make sure the "CNA Adaptive Function for iOS Terminals" flag is disabled.
8. Add the AP to the Cloud4Wi Dashboard
You can simply add the AP in the Cloud4Wi Dashboard selecting Huawei as a vendor.