Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Steps to integrate Kiwire and Huawei WAC
System file version: V200R021C00SPC100
Patch file version: V200R021SPH1b0
1. Configure user ACL
![Screen Shot 2023-09-12 at 5.10.54 PM.png](https://static.wixstatic.com/media/3c373c_5f4d455043534b0b99bc7e37b433f01d~mv2.png/v1/fill/w_773,h_363,al_c,q_85,usm_4.00_1.00_0.00,enc_avif,quality_auto/Screen%20Shot%202023-09-12%20at%205_10_54%20PM.png)
-
Configuration → Security → ACL
-
Click on “User ACL Settings” tab
![Screen Shot 2023-09-12 at 5.15.09 PM.png](https://static.wixstatic.com/media/3c373c_ee80bc39a71743ef861a7c6f8729b930~mv2.png/v1/fill/w_772,h_363,al_c,q_85,usm_4.00_1.00_0.00,enc_avif,quality_auto/Screen%20Shot%202023-09-12%20at%205_15_09%20PM.png)
-
Click “Create”
-
Destination IP: 0.0.0.0/0
-
Wildcard: Kiwire IP address
-
Action: Permit
-
Protocol: TCP(6)
2. Modify RADIUS and Authorization server profile
![Screen Shot 2023-09-12 at 5.18.54 PM.png](https://static.wixstatic.com/media/3c373c_efcd8b807b804494ab4e6521a9316cee~mv2.png/v1/fill/w_773,h_361,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-12%20at%205_18_54%20PM.png)
-
Configuration → Security → AAA
![Screen Shot 2023-09-12 at 5.28.52 PM.png](https://static.wixstatic.com/media/3c373c_d4ce9ecf729e401fbef0f31de55b23cf~mv2.png/v1/fill/w_773,h_362,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-12%20at%205_28_52%20PM.png)
-
Click on “RADIUS” tab → RADIUS server profile → Create
![Screen Shot 2023-09-12 at 5.30.49 PM.png](https://static.wixstatic.com/media/3c373c_e0cf6c8fc330464aa6f26fbc8e0682a5~mv2.png/v1/fill/w_778,h_551,al_c,q_90,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-12%20at%205_30_49%20PM.png)
-
Profile name: Kiwire
-
Mode: Active/Standby mode
-
NAS IP address: Use an AP’s IP address
-
Profile default shared key: Same key with Kiwire NAS shared secret key
![Screen Shot 2023-09-12 at 5.42.41 PM.png](https://static.wixstatic.com/media/3c373c_ff1d5342ceab4a9884782f8b284c5773~mv2.png/v1/fill/w_600,h_526,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-12%20at%205_42_41%20PM.png)
-
Click “Create server”
-
IP address: Kiwire IP address
-
Shared key: Same key with Kiwire NAS shared secret key
-
Checked on “Authentication” and set port number to 1812
-
Checked on “Accounting” and set port number to 1813
![Screen Shot 2023-09-13 at 2.20.13 PM.png](https://static.wixstatic.com/media/3c373c_c251d3794d8143f4988f0e5ccb7d7efc~mv2.png/v1/fill/w_777,h_368,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%202_20_13%20PM.png)
-
On “Authorization Server Template” → Create
![Screen Shot 2023-09-13 at 2.25.05 PM.png](https://static.wixstatic.com/media/3c373c_39dea8b8ae8c47ae8e0d59d69080d5c1~mv2.png/v1/fill/w_600,h_305,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%202_25_05%20PM.png)
-
Authorization server IP address: Kiwire IP address
-
Profile name: choose RADIUS server that has been created
-
Key: Same key with Kiwire NAS shared secret key
3. Modify authentication server
![Screen Shot 2023-09-13 at 3.34.22 PM.png](https://static.wixstatic.com/media/3c373c_678cb8d23b5a48e18834940d0c40a557~mv2.png/v1/fill/w_781,h_362,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%203_34_22%20PM.png)
-
Click on “Portal Server Global Configuration”→ External portal
![Screen Shot 2023-09-13 at 3.36.21 PM.png](https://static.wixstatic.com/media/3c373c_809885d4c8a04f2d88bf976fc0404c40~mv2.png/v1/fill/w_777,h_429,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%203_36_21%20PM.png)
-
Tick “HTTP protocol”
-
HTTP interoperation mode: HTTPS-based/HTTP
![Screen Shot 2023-09-13 at 3.38.53 PM.png](https://static.wixstatic.com/media/3c373c_2f6bf94127e54ab68819d988b39d5d84~mv2.png/v1/fill/w_778,h_365,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%203_38_53%20PM.png)
-
Go to “Portal Authentication Server List” → Create
![Screen Shot 2023-09-13 at 3.41.09 PM.png](https://static.wixstatic.com/media/3c373c_a3ab2245fb2a4098a69c75f925830aca~mv2.png/v1/fill/w_776,h_282,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%203_41_09%20PM.png)
-
Server name: Kiwire
-
Server IP: Kiwire IP→click “+”
-
Protocol type: HTTP
-
Shared key: Same key with Kiwire NAS shared secret key
-
URL: http://[kiwire-ip]/login/huawei-wlc
![Screen Shot 2023-09-13 at 3.43.06 PM.png](https://static.wixstatic.com/media/3c373c_bbf9846e34ce4004b5c2630b4f3a72a4~mv2.png/v1/fill/w_729,h_526,al_c,q_90,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%203_43_06%20PM.png)
-
Click on “URL Option Settings”
-
Tick System name keyword/System name: nas-id/[WAC Model/WAC hostname]
-
Tick AP-IP keyword: ap-ip
-
Tick User access URL keyword: redirect-url
-
Tick User IP address keyword: user-ip
-
Tick AP-MAC keyword: ap-mac
-
Tick User MAC keyword: user-mac
-
Tick SSID keyword: ssid
-
Tick Login URL keyword/Login URL: login-url/http://[controller-ip]:8000
-
MAC address format: Normal
-
Separator: Colon “:”
![Screen Shot 2023-09-13 at 3.44.59 PM.png](https://static.wixstatic.com/media/3c373c_c3c33ab319c848d8a529b8f7dd0a9bf9~mv2.png/v1/fill/w_765,h_146,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%203_44_59%20PM.png)
-
Click on “Parameter Parsing Configuration”
-
Original URL keyword: dst
-
Login success response: Redirect to the original
4. Modify portal profile
![Screen Shot 2023-09-13 at 3.47.52 PM.png](https://static.wixstatic.com/media/3c373c_5cbf94c8ac8e4e87847e06a4f41b0003~mv2.png/v1/fill/w_779,h_414,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%203_47_52%20PM.png)
-
Configuration→AP Config→Profile
![Screen Shot 2023-09-13 at 3.50.04 PM.png](https://static.wixstatic.com/media/3c373c_d4fd61c6074f41a288be2626a5433f7d~mv2.png/v1/fill/w_780,h_369,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%203_50_04%20PM.png)
-
AAA→Authentication Profile→Create
![Screen Shot 2023-09-13 at 4.32.29 PM.png](https://static.wixstatic.com/media/3c373c_5ba5a5ff879e4cf787f7d1dbdb53f5bb~mv2.png/v1/fill/w_775,h_411,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-13%20at%204_32_29%20PM.png)
-
Profile name: Kiwire → OK
![Screen Shot 2023-09-14 at 10.07.09 AM.png](https://static.wixstatic.com/media/3c373c_b1cb75a22670488c9bfe220864005510~mv2.png/v1/fill/w_779,h_414,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_07_09%20AM.png)
-
Click “Apply”
![Screen Shot 2023-09-14 at 10.27.12 AM.png](https://static.wixstatic.com/media/3c373c_de3e60ae236e4f49ad80bb5c1a1c36cc~mv2.png/v1/fill/w_775,h_408,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_27_12%20AM.png)
-
Click “+” → Portal Profile
-
Portal authentication: External portal server
-
Interoperation protocol: HTTP
-
Primary Portal server group: choose Kiwire
-
Click “Apply”
5. Modify RADIUS server profile
![Screen Shot 2023-09-14 at 10.29.52 AM.png](https://static.wixstatic.com/media/3c373c_574712752b824e09bbcb1e5f46934d3d~mv2.png/v1/fill/w_778,h_416,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_29_52%20AM.png)
-
Click “RADIUS Server Profile”→choose Kiwire
-
Click “Apply”
6. Modify Authentication Scheme
![Screen Shot 2023-09-14 at 10.31.31 AM.png](https://static.wixstatic.com/media/3c373c_92f09465267241bb8257d13027432bf5~mv2.png/v1/fill/w_779,h_413,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_31_31%20AM.png)
-
Click “Authentication Scheme”→choose “radius”
-
First authentication: RADIUS authentication
7. Configure Accounting Scheme
![Screen Shot 2023-09-14 at 10.34.37 AM.png](https://static.wixstatic.com/media/3c373c_9d6f4e8f7ec044a5a03fb21817ea0a8d~mv2.png/v1/fill/w_778,h_328,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_34_37%20AM.png)
-
Under “AAA”→choose “Accounting Scheme”
-
Click “Create”
![Screen Shot 2023-09-14 at 10.37.56 AM.png](https://static.wixstatic.com/media/3c373c_d9c5f3dd1bbf48d984f870cca89ccd6f~mv2.png/v1/fill/w_770,h_322,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_37_56%20AM.png)
-
Profile name: Kiwire
![Screen Shot 2023-09-14 at 10.39.33 AM.png](https://static.wixstatic.com/media/3c373c_95edaa8e22cf469bb8b786690f78917e~mv2.png/v1/fill/w_773,h_292,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_39_33%20AM.png)
-
Accounting mode: RADIUS accounting → click “Apply”
![Screen Shot 2023-09-14 at 10.41.11 AM.png](https://static.wixstatic.com/media/3c373c_b3db3e46717a45b19465fbccfaed8c0b~mv2.png/v1/fill/w_779,h_328,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_41_11%20AM.png)
-
AAA→Authentication Profile → Kiwire→click “+” → click “Accounting Scheme”
-
Choose “Kiwire” → click “Apply”
8. Configure Authentication Profile for WLAN
![Screen Shot 2023-09-14 at 10.50.16 AM.png](https://static.wixstatic.com/media/3c373c_1867e7e776334e7596e79314596d29e7~mv2.png/v1/fill/w_774,h_414,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_50_16%20AM.png)
-
Click “Wireless Service” → VAP Profile → Create
![Screen Shot 2023-09-14 at 10.58.29 AM.png](https://static.wixstatic.com/media/3c373c_f4fee2b76913492195c5c41969290cd9~mv2.png/v1/fill/w_771,h_409,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2010_58_29%20AM.png)
-
Profile name: Kiwire
-
Click “OK”
![Screen Shot 2023-09-14 at 11.00.12 AM.png](https://static.wixstatic.com/media/3c373c_b470371f02714171a893af165417a792~mv2.png/v1/fill/w_780,h_416,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2011_00_12%20AM.png)
-
Click “+” → Click “Authentication Profile” → choose “Kiwire”
-
Click “Apply”
9. Configure Portal Profile for WLAN
![Screen Shot 2023-09-14 at 11.06.45 AM.png](https://static.wixstatic.com/media/3c373c_e91855a7fbf3467ba43f635ba75ed358~mv2.png/v1/fill/w_776,h_416,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%2011_06_45%20AM.png)
-
Click “+” → Portal Profile → choose “Kiwire”
-
Click “Apply”
10. Configure RADIUS Server Profile for WLAN
![Screen Shot 2023-09-14 at 1.39.22 PM.png](https://static.wixstatic.com/media/3c373c_464cfeab19474ce78693881ac9fa23ae~mv2.png/v1/fill/w_772,h_413,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%201_39_22%20PM.png)
-
Click “RADIUS Server Profile” → choose “Kiwire”
-
Click “Apply”
11. Configure Authentication Profile for WLAN
![Screen Shot 2023-09-14 at 1.42.59 PM.png](https://static.wixstatic.com/media/3c373c_5eb6238f98cb4403a79c4ae763e94c2d~mv2.png/v1/fill/w_778,h_382,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%201_42_59%20PM.png)
-
Click “Authentication Scheme” → choose “radius”
-
First authentication: RADIUS authentication
-
Click “Apply”
12. Modify Forwarding Mode
![Screen Shot 2023-09-14 at 1.45.03 PM.png](https://static.wixstatic.com/media/3c373c_285e314aeb44407890dc3d524ab54ac3~mv2.png/v1/fill/w_780,h_382,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%201_45_03%20PM.png)
-
Click “Kiwire”
-
Forwarding Mode: Tunnel
-
Click “Apply”
13. Modify Authentication-free Rule Profile
![Screen Shot 2023-09-14 at 1.46.26 PM.png](https://static.wixstatic.com/media/3c373c_11d64fcb62d5473eb500be3d74377ecc~mv2.png/v1/fill/w_777,h_442,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%201_46_26%20PM.png)
-
Click “Authentication-free Rule Profile” → choose “default_free_rule”
-
Click “Create
![Screen Shot 2023-09-14 at 1.48.11 PM.png](https://static.wixstatic.com/media/3c373c_ee696912b10d4df9b4db2f5859395650~mv2.png/v1/fill/w_772,h_310,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%201_48_11%20PM.png)
-
Rule ID: 1
-
Source IP address: none
-
Destination IP address: specified (8.8.8.8)
-
Mask: 24(255.255.255.0)
-
Protocol type: none
-
Click “OK”
![Screen Shot 2023-09-14 at 1.55.37 PM.png](https://static.wixstatic.com/media/3c373c_4cdb99aae2024be3b438a8a37f3ea6c1~mv2.png/v1/fill/w_770,h_310,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%201_55_37%20PM.png)
-
Create another rule
-
Rule ID: 2
-
Source IP address: none
-
Destination IP address: specified (Kiwire IP)
-
Mask: 24(255.255.255.0)
-
Protocol type: none
-
Click “OK”
Kiwire Configuration for Huawei controller
1. Adding NAS into Kiwire
![Screen Shot 2023-09-14 at 1.58.57 PM.png](https://static.wixstatic.com/media/3c373c_7962e67978a441199bf970e4ec69701f~mv2.png/v1/fill/w_776,h_408,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%201_58_57%20PM.png)
-
Click “Devices” → Devices → Add Device
![Screen Shot 2023-09-14 at 2.00.44 PM.png](https://static.wixstatic.com/media/3c373c_8db9f64cd2b0468bb036c38e31e4b44e~mv2.png/v1/fill/w_600,h_635,al_c,q_90,usm_0.66_1.00_0.01,enc_avif,quality_auto/Screen%20Shot%202023-09-14%20at%202_00_44%20PM.png)
-
Device Type: Controller
-
Vendor: Huawei
-
Identity: WAC name (AC6508)
-
IP Address: WAC IP Address
-
Username/Password: Username and password for WAC
-
Shared Secret Key: Kiwire NAS shared secret key
-
COA Port: 3799
-
Click “Create”