Kiwire 3.0 Administrator - Device & Controller Setup Guide
Kiwire 3.0 Administrator - Device & Controller Setup Guide
Cambium Networks Configuration for Kiwire Hotspot
Cambium Networks Configuration for Kiwire Hotspot
Prerequisites
Before integrating the controller with Kiwire, it is necessary that the controller and access point:
-
are connected to the Internet
-
are reachable on the network
-
have an IP address assigned to the a through DHCP or static
Note:
-
Kiwire-hostname or Kiwire-ip can be obtain by contacting our technical support for our cloud customer. For enterprise client the ip will be on premises Kiwire ip address.
-
Social network hostname list can be obtained from Social network whitelist guide
Part 1: Cambium cnMaestro configuration
-
Login to your Cambium cnMaestro controller
-
Go to WLANs > Configuration > AAA Servers
-
Authentication Server
-
Host: Kiwire-hostname or Kiwire-Ip
-
Secret: create a secret pass phrase
-
Port: 1812
-
Timeout: 3 seconds
-
Attempts: 1
-
-
Accounting Server
-
Host: Kiwire-hostname or Kiwire-ip
-
Secret: secret same as authentication server
-
Port: 1813
-
Timeout: 3 seconds
-
Attempts: 1
-
Accounting Mode: Start-Interim-Stop
-
Accounting Packet: ticked
-
Interim Update Interval: 1800 seconds
-
-
Advanced Settings
-
NAS-Identifier: AP MAC address with capital letters and colon
-
Dynamic Authorization: ticked
-
Dynamic VLAN: ticked
-
Called Station ID: AP-MAC:SSID
-
-
Omaya 3.0 Administrator > Quick Setup > Dashboard
Documentation
Kiwire 3.0 Administrator > Integration > Radius
Kiwire 3.0 Administrator - Integration
Integration - Radius
The radius integrations module let you authenticate users with an external Radius server. The external Radius servers must accessible to the Kiwire platform for radius integration to work. Kiwire support authentication with multiple radius server or single server with multi profile by using realm suffix.
* Note: Remember to add Kiwire IP address into the Radius server as NAS device for Kiwire to integrate successfully.
Mode of Operation
Kiwire supports 2 mode of radius integration which are radius pass thru mode and override profile mode. Kiwire also have built-in features that check if the attribute replied by external radius server match with the realm configuration configured. This is useful in event you have multiple profile for each users group, using profile checks we will be able check if the realm suffix requested by user match the correct realm.
MODE : Radius Pass Thru
The radius pass thru mode, let you authenticate your users with the external radius and carry forward the restriction & profiles over to the Kiwire, if the user have 30 minutes credit left from the external radius , the user will also have the same 30 minutes restrictions when authenticating.
-
User send username and password.
-
External radius reply authentication status and associated profiles from the external radius.
-
Kiwire will check if user granted authentication, temporary profile will be created on Kiwire profiles database, Kiwire will optional perform a secondary check if attribute response matched with keyword set during add radius connection setup. If attribute does not match, it will be rejected to authenticate.
-
Kiwire will send the attributes it received from the external radius to the NAS and let user connect to network with attributes.
-
Kiwire will send accounting information to the external radius server. In event of user disconnected from network.
MODE : Override Profile
In the override profile mode, Kiwire will only use external radius as authentication host only. If the user authenticated successfully will be assign a locally created Kiwire profiles when login. This is useful for multi group, single external radius server setup or if you wish to provide an different profile for users when they connect to networks.
-
User send username and password.
-
External radius reply authentication status.
-
Kiwire will check if user authenticated successfully. A locally assigned profile to the realm will be attached to the user’s authentication.
-
Kiwire will optionally perform secondary check if attribute response matched with keyword set during add radius connection.
-
Kiwire will send the local assign profiles to NAS and let user connect to network.
-
Kiwire will send accounting information to the external radius server.
Radius Connection
To access the radius module click on Integration > Radius from the navigation. On the radius listing module, you may search for specific radius connection by using the search field.
The field and its function description is listed below.
ADD NEW RADIUS CONNECTION
Click on “Add Radius” button and populate the required fields. Fill in the field with relevant information to complete the process.
The field and its function description is listed below.
EDIT OR DELETE RADIUS CONNECTION
Click the edit icon on the listing screen to edit the setting of the radius connection. The edit screen be display which you can edit the setting of the radius connection. Click on the delete icon to delete the radius connection. A prompt will be display to ask for your confirmation to proceed to delete the radius connection. Please exercise with cautions as this not a reversible action.