| IMPORTANT: You must be using firmware V2R7C20 or above to continue. Earlier versions are not supported. |
Logging in & VLAN Configuration
Log in to your Huawei WLAN Controller web interface and click Configuration at the top. Then, click AC Config > VLAN on the left row and select Add. Set the VLAN ID to your preferred value (e.g., 500). Click the Create VLANIF option and configure with:
| Description | guestwifi |
| IP address format | IPv4 |
| IPv4 Address/mask | 10.1.0.1 / 255.255.255.0 |
Click OK to Save.
DHCP Server Settings
Click IP on the left menu and verify that the DHCP status is globally enabled. Click Create and configure the interface parameters below:
| Address pool type | Interface address pool |
| Select interface | VLAN500 |
| Primary DNS server | 8.8.8.8 |
| Secondary DNS server | 8.8.4.4 |
Click OK to Save.
ACL & Domain Settings
Navigate to Security > ACL on the left row and click the Domain Name Configuration tab. For each required whitelisted domain, click Create and map out the parameters below. Please refer to this list for precise entries.
| Domain name ID | 1 |
| Domain name | *insert domain here* |
Next, select the User ACL Settings tab. Click Create and declare the following identifier settings:
| ACL name | guestwifi |
| ACL number | 6030 |
Click OK to Save. Next, select the Add Rule action row right beside your newly formed ACL profiles. You must repeat this step explicitly for each structural domain name created earlier:
| Rule ID | 1 (increment sequentially by 1 each time) |
| Action | Permit |
| Protocol type | IP |
| Dest domain | Choose the corresponding domain you added |
Click OK to Save. Verify that a unique permit line rule captures every whitelisted server domain.
External Portal Server & AAA Setup
Navigate to Security > AAA on the left row. Select the External Portal Server tab. Under the External Portal Interoperation Protocol section, establish the baseline parameters:
| HTTP protocol | Enabled |
| HTTP interoperation mode | HTTP-based |
| Port number for listening to HTTP packets | 8000 |
Click Apply to Save. Next, locate the Portal Authentication Server List container row, click Create, and specify the URL string mechanics below:
| Server name | guestwifi |
| Server IP | 10.1.0.1 |
| URL | *insert access_url here* |
| URL Option Settings (AC-IP / User Access URL / User IP / SSID) | AC-IP: ac-ip | User access URL: url | User IP: user-ip | SSID: ssid
|
| Login URL keyword / Login URL |
login-url / http://10.1.0.1:8000/login
|
| User MAC / AP-MAC Mapping | User MAC: user-mac | AP-MAC: ap-mac
|
| MAC Address Format / Separator | MAC Format: normal | Separator: -
|
| Parameter Parsing: Protocol Type | HTTP |
| Parameter Parsing: Login success response | Redirect to the specific URL: *insert redirect_url here* |
Click OK to Save.
RADIUS Server Profiles
Select the RADIUS tab, find the RADIUS Server Profile workspace, and click Create:
| Profile name | guestwifi |
| Key | *insert radius_secret here* |
| Confirm key | as above |
Click OK to Save. Under the Authentication/Accounting Server row node, click Create. Pick your active guestwifi profile container link and declare the following targeted server entries:
| Primary Authentication Server | Server Type: Authentication server | IPv4 IP: *insert radius_server_ip here* | Port: 1812 | Weight: 1
|
| Secondary Authentication Server | Server Type: Authentication server | IPv4 IP: *insert radius_server2_ip here* | Port: 1812 | Weight: 2 (Click the + icon to add) |
| Primary Accounting Server | Server Type: Accounting server | IPv4 IP: *insert radius_server_ip here* | Port: 1813 | Weight: 1 (Click Create) |
| Secondary Accounting Server | Server Type: Accounting server | IPv4 IP: *insert radius_server2_ip here* | Port: 1813 | Weight: 2 (Click the + icon to add) |
Click OK to Save.
Authentication Profile & Schemes
Click the Authentication Profile tab and select Create. Name the structural string row profile guestwifi and hit OK to Save. Find the profile listing tree displayed on the left row column, click the + to expand, and select Portal Profile. Click Add, enter guestwifi as the name string, select OK, and build out the following settings group block:
| Portal authentication mode | External portal server |
| Active server | guestwifi |
| Authentication layer mode | Layer 3 |
| RADIUS Server Profile mapping | guestwifi (Click row node link to choose and hit Apply) |
| Authentication Scheme rule | First authentication: RADIUS (Click Add, name it guestwifi, select OK) |
| Accounting Scheme rule settings | Real-time accounting: On | Interval: 3 (Click Add, name it guestwifi, select OK) |
| Authentication-free Rule Profile | Control mode: ACL | ACL number: 6030 (Click Add, name it guestwifi, select OK) |
| Advanced: HTTPS Redirection Status | Off |
| Advanced: Portal URL encoding/decoding | Off |
Click Apply to Save.
VAP & SSID Profile Distribution
Click AP Config > Profile on the left row index menu. Expand the structural path to Wireless Service > VAP Profile and click Create. Create the profile name string guestwifi, click OK, and apply the rules below:
| Status / VAP Type | Status: On | VAP type: Service VAP
|
| Forwarding mode / VLAN Assignment | Forwarding mode: Tunnel | Service VLAN ID: 500
|
| Roaming & Optimization | Home agent: AP | Layer 3 roaming: On | IP learning: On
|
Click Apply to Save. Next, locate Wireless Service > SSID Profile on the left, select Create, define the profile target name as guestwifi, and set the SSID parameter:
| SSID String Name | Guest WiFi (or whatever you wish) |
Click Apply to Save. Navigate to the AP Config > AP Group zone selection link on the left menu view. Click on your active Group Name > VAP Configuration node path. Hit Add and finalize the mapping details:
| VAP profile name / WLAN ID | VAP Profile: guestwifi | WLAN ID: 2 (or an alternative open system slot) |
| SSID Profile assignment | Expand the newly established profile tree entry and map the SSID Profile option to guestwifi. Click Apply. |
| Security Profile mapping | Click on Security Profile, hit Create, name the element guestwifi, choose Open as the policy model, and hit Apply. |
| Authentication Profile binding | Click on Authentication Profile, pick the existing guestwifi item inside the dropdown field, and click Apply. |
Click OK to Save.
Configuration Complete
The core configuration steps are finalized. Make absolutely sure to click the top persistent Save icon to safely preserve all controller system memory states and configuration profiles.
Free Guest WiFi
Purple App
SecurePass
Splash Access