Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
CONFIGURE THE FILTER ON CISCO DEVICES
To activate Content Filter Cloud with Cisco devices follow these steps:
Register for free, if you aren’t yet, by visiting this link: Click here to register.
Connect to the dashboard by entering the IP address of the Cisco in your browser. Then type login credentials.
First of all you need to change the DNSs of the device. To do that click on the [Setup] menu and then open the [Network] submenu.
At this point check the WAN Settings Table section and select your WAN interface. Click the [Edit] button to modify it.
In the windows that appears, enable the Use the Following DNS Server Address voice and type the following IPs respectively in the fields DNS Server 1 and DNS Server 2:
– 185.236.104.104
– 185.236.105.105
Click the ‘Save’ button to apply the changes.
To configure the Dynamic DNS service, open the [Setup] menu and then click on the [Dynamic DNS] entry.
Select your WAN interface and click the [Edit] button.
Configure the service in this way:
– Service: Select DynDNS.org.
– Username: Type the Content Filter email/username.
– Password: Type the Content Filter password.
– Host Name: Enter ddns.flashstart.com.
Then click on the [Save] button to save the changes.
After that you can enable the DHCP Server to automatically distribute our DNS on internal network devices.
Open the [DHCP] menu and then click on [DHCP Setup] submenu.
Configure the service with your network parameters and choose the Use DNS as Below entry, in the DNS Server field, to configure our DNSs.
Enter the following IPs respectively in the fields Static DNS 1 and Static DNS 2:
– 185.236.104.104
– 185.236.105.105
Click [Save] to run the service.
Otherwise you can manually change DNS of various devices that you want to filter.
OPTIONAL: DENY USER DNS CHANGES
You can enforce security avoiding user DNS changes. To do that you can proceed in this way:
Open the [Firewall] menu and click on the [Access Rules] entry. Click [Add] to create a new rule.
Now you need to configure a rule to block all traffic on port 53 (DNS Service), except Content Filter DNS Servers. To do that, fill in the fields as follows:
– Action: Choose Allow.
– Services: Choose DNS[UDP/53~53].
– Log: Choose if you want, or not, log the traffics for this rule.
– Souce Interface: Choose the name of your LAN (internal) interface.
– Source IP: Leave ANY. NB: You can also choose a range of IP that will use this rule instead of ANY.
– Destination IP: Select Single and add the Public IP 185.236.104.104.
– Time: Leave Always.
Then click the [Save] button to create the rule.
Now you need to create another rule, equal to the previous one, except for the Destination IP field that must be 185.236.105.105.
The last thing to do is create a new rule as follows:
– Action: Choose Deny.
– Services: Choose DNS[UDP/53~53].
– Log: Choose if you want, or not, log the traffics for this rule.
– Souce Interface: Choose the name of your LAN (internal) interface.
– Source IP: Leave ANY. NB: You can also choose a range of IP that will use this rule instead of ANY.
– Destination IP: Select ANY.
– Time: Leave Always.
Click the [Save] button to apply the changes.
