Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator > Setting up the Wi-Fi Hardware & Configuration > Aruba Central
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Aruba Central Configuration for Kiwire Hotspot
Aruba Central Configuration
1. Adding Kiwire as authentication server and external captive portal
a). Locate “Wireless Management” on the left sidebar
b). Go to and select “Wireless Management” module labeled as “WL”
c). Go to “Security” tab on the left sidebar
d). Proceed to add a new authentication server by clicking on the “+” icon located on the bottom left of the main content table.
e). In the “EDIT SERVER”menu locate and select “RADIUS”
f). Enter your Kiwire IP Address in the IP Address input area
g). Create a shared key by filling up “Shared Key” and “Retype Key” field with identical input.
h). Place a check-mark on the checkbox in “Dynamic Authorization”
i). On the right column section set “Auth Port” and “Accounting Port” accordingly
j). Next, under “Query Status of RADIUS Servers (RFC 5997)” place a check-mark on “Authentication” and “Accounting” input options.
2. Security Setting
a) Scroll downwards the left column to locate “Service Type Framed User”, place a check-mark on “Captive Portal” input option to enable captive portal.
b) Save settings by clicking on the “Save” button.
c) On the dropdown menu select “Roles”
d). Locate KIWIRE and modify rule settings for the selected role on the right menu.
e). Add rule to allow Kiwire IP, DNS, DHCP and deny others
3. Wallgarden
a). Scroll further below to find the “Walled Garden”.
b). Go to Walled Garden “Whitelist” section on the right column to add Kiwire domain as whitelist.
c). Go to “External Captive Portal” and make the following changes.
d). Select the drop down box in Authentication Type and select “RADIUS authentication”.
e). Under “IP or Hostname” fill up the input box with Kiwire domain or IP.
f). Under “URL”, key in the input box with the redirection URL “/login/aruba”
g). Under “Port”, key in the input box with the Kiwire web port “443”
h). Under “Use HTTPS” checkbox option , place a check-mark to enable only if you are using SSL.
4. Wireless Setting
a). Go to and select “Wireless SSIDs” on the left sidebar.
b). Locate and select the “Security” tab on the right content panel.
c). Under “Security Level” use the drag slider and select “Captive Portal” security level.
d). Scroll below to find “Splash Page” settings.
e). Under “Captive Portal Type”, select “External” option on the drop-down menu.
f). Go to and select “Wireless SSIDs” on the left sidebar.
g). Locate and select the “Security” tab on the right content panel.
h). Under “Security Level” use the drag slider and select “Captive Portal” security level.
i). Scroll below to find “Splash Page” settings.
j). Under “Captive Portal Type”, select “External” option on the drop-down menu.
k). Select Authentication server by following the configuration below:
l). Under "Captive Portal Profile, select "Kiwire-CT" under the drop-down menu
m). Under "Primary Server", select "Kiwire-CT" under the drop-down menu
n). Under advanced setting select authentication server as accounting using the following configurations.
o). Go to "Accounting" and select "Use authentication servers" from the drop-down input option.
p) Go to "Accounting interval" and set "5" minutes as interval.
q) Under “Walled Garden” section, ensure that the Kiwire hostname is listed inside Whitelist category on the right column.
r). After all Security settings have been completed, proceed to the "Access" tab .
s). Under "Access Rules", select "Role Based" on the drag slider.
t). Under “Assign Pre-Authentication Role” place a check-mark on the drop-down input and select “Pre-Kiwire”.
5). Set Bandwidth limit.
a). Go back to the “Security” menu in Aruba Central
b). Go to “Roles”
c). Add a Role name
d). Set bandwidth contract
e). Go back to Kiwire platform, Go to Account > Profile
f). Select profile
g). Set custom attribute in json format as bellow
{“Aruba-User-Role”:”rolename”}
h). Ensure that "rolename" follow role name from Aruba Central
Kiwire Configuration for Aruba central
Adding NAS into Kiwire
-
Navigate to Devices > Devices > Add Device
-
Device Type → Controller
-
Vendor → Aruba
-
Identity → AP Mac without colon
-
Ip Address → AP ip address
-
Address → optional
-
Shared Secret Key → Secret key phrase set at Radius
-
COA Port → 3799
-
Description → optional
-
Monitoring Method → optional
-
Community → optional
-
Snmp version → optional
-
Create→ to save