Log in to your Huawei iMaster NCE (CloudCampus) web interface. At the top, click on Design > Template Management.
On the left, click ACL and then Create. Configure with:
- Name: guestwifi
- ACL Type: User
- ACL Number: 6000
Under Rule List click Add and add the required domains as per below. Please refer to this list.
- Rule Type: domain
- IP/Domain: *insert domain here*
Click OK to save.
Next, on the left, click URL Template and then Create. Configure with:
- Name: guestwifi
- Template type: Cloud platform-based relay authentication
Under Parameters in template click Create and configure with:
- Parameter loginurl
- Value Assignment Mode: Replace the existing value
- Parameter Name: loginUrl
Click the Tick icon to add the item. You'll need to add the below ones too:
- Parameter: redirect-url
- Value Assignment Mode: Replace the existing value
-
Parameter Name : originalUrl
- Parameter: ssid
- Value Assignment Mode: Replace the existing value
-
Parameter Name: ssid
- Parameter: user-mac
- Value Assignment Mode: Replace the existing value
-
Parameter Value: umac
- Parameter: user-ip
- Value Assignment Mode: Replace the existing value
-
Parameter Name : uaddress
- Parameter: device-mac
- Value Assignment Mode: Replace the existing value
- Parameter Name : ap-mac
Click OK to save.
Next, on the left, click RADIUS Relay Server and then Create. Configure with:
- Name: guestwifi
- Authentication service: Portal authentication
- Authentication protocol: PAP
Under Authentication server address click Add and configure with:
- Priority: 1
- Host: *insert radius_server_ip here*
- Port: 1812
- Key: *insert radius_secret here*
Add again and configure with:
- Priority: 2
- Host: *insert radius_server2_ip here*
- Port: 1812
- Key: *insert radius_secret here*
Under Accounting server address click Add and configure with:
- Priority: 1
- Host: *insert radius_server_ip here*
- Port: 1813
- Key: *insert radius_secret here*
Add again and configure with:
- Priority: 2
- Host: *insert radius_server2_ip here*
- Port: 1813
- Key: *insert radius_secret here*
Click Submit to save. Set the following:
- Timeout period: 5
- Load balancing mode: Strict accordance with priority
Click OK to save.
Next, at the top, click on Provision> Site Configuration and on the left menu click AP > SSID. Click Create and configure with:
- SSID Name: Guest WiFi (or whatever SSID name you wish)
- Working status: On
- Effective radio: 2.4 and 5G
- Network connection mode: Layer 2 or NAT
Click Next and configure with:
- WLAN security policy: Open network
- Push pages: On
- Portal pushing mode: Relay authentication by cloud platform
- Interconnection mode: RADIUS relay
- Page push protocol: HTTPS
- Username: username
- Password parameter name: password
- Redirect URL matching rule: Redirect URL parameter
- Parameter name for the authentication success redirect URL: redirect_URL
- RADIUS relay server: select guestwifi
- Portal authentication free: Disabled
- Real-time acocunting: Enabled
- Billing reporting cycle: 5
- Default permit rule: select guestwifi
- Bypass policy: User access is allowed without authentication.
Click Next and then OK to save.
Next, at the top, click on Admission > Page Management. Click the Portal Page Push Policy at the top. Click Create and configure with:
- Name: guestwifi
- Access Mode: Wireless
- Match SSIDs: Yes, and click Add. Choose the SSID you created earlier
- Page Push authentication mode: Cloud platform-based relay authentication
- Interconnection mode: Relay
- URL template: select guestwifi
- Third-party authentication URL: *insert access_url here*
Click OK to Save.
The configuration is now complete.