Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In the Security / ACL / Domain Name Configuration menu is necessary to create the records with the WalledGarden DNS names using the list and description above.

Image RemovedImage Added

The next step is creating User ACL with the WalledGarden DNS records. This can be made in the  Security / ACL / User ACL Settings menu. Create a User ACL and add the rule for each WalledGarden DNS records based on TCP protocol, Action Permit. It is recommended to add the rule for enabling the ICMP protocol.

For example the User ACL with its rules:

Image RemovedImage Added

The settings detail of the Rule ID = 2. In the Dest domain is set the record from the ACL - Domain Name Configuration

Image RemovedImage Added

AAA - Radius settings

...

For the RADIUS settings in the Security / AAA / RADIUS must be created the RADIUS Server Profile (f.e. SOCIFI_radius_server). Create records for Authentication and Accounting server in this profile. The settings are different only in the Port Number value. For the Authentication server the port 1812 shall be set. For the Accounting server the port 1813 shall be set. The secret Key ("socifi") is the same for both settings. The IP addresses of these servers are listed above.


Image RemovedImage Added

Details of Authentication/Accounting settings

Image RemovedImage Added


ID device - MAC address of the controller

SOCIFI uses MAC address of the controller as the identification code. You can found the MAC address in the Monitoring / AC menu under AC Basic Information.

Image RemovedImage Added


External portal

Under the Security / AAA / External Portal Server menu create the external portal with these settings:

Server IP

52.251.110.178

52.51.203.246

54.232.124.137

52.44.151.156

URLhttp://connect.socifi.com
URL Option Settings
AC-IPAC-IP
User access URLredirect-url
User IPuser-ip
AP-IPAP-IP
AC-MACAC-MAC
User MACuser-mac
System name<HUW_xxxxxxxxxxxx>
AP-MACAP-MAC
MAC address formatnormal
Separator: (colon)

Note: The value of the System name consists of string "HUW_" and MAC address of controller (see above) without delimiters (e.g. mac address of controller is "8038-bc1a-c0df" then value of System name is "HUW_8038bc1ac0df")

Image RemovedImage Added

Authentication profile

In the Security /  AAA / Authentication Profile menu shall be created separate Authentication Profile "SOCIFI_auth_profile" with following settings:

Image RemovedImage Added

... Potal Profile ... create a new profile "SOCIFI_portal_access_profile" with the Active server properties set to "SOCIFI" (see above to the External Portal settings)

Image RemovedImage Added

... Authentication-free Rule ... create a new profile "SOCIFI_free_rule" and set the control mode to the ACL value. ACL number is the number of the User ACL rule with the DNS Walled Garden rule (see above to the Security ACL - DNS-based WalledGarden settings) 

Image RemovedImage Added

... Radius Server Profile ... select the "SOCIFI_radius_servers" as the RADIUS Server Profile

Image RemovedImage Added

... finally, select the value "radius" as Authentication Scheme with the First authentication set on the RADIUS authentication property. 

Image RemovedImage Added


Profile management

...

For SOCIFI system are important only authentication properties settings. Create the SOCIFI_VAP_profile in the VAP Profile properties. 

Image RemovedImage Added

Under Authentication Profile select SOCIFI_auth_profile.

Image RemovedImage Added

Finally select the "SOCIFI_VAP_Profile" for any AP group where the SOCIFI system use is intended.

Image RemovedImage Added


Connecting your Huawei controller to SOCIFI Dashboard

...

Include Page
How to add your hotspot
How to add your hotspot

Please pay attention

...

to these important settings:

  • the value of the variable System name - "HUW_<mac_of_the_controller_without_delimiters>" in the External Portal settings

  • time synchronization
  • DNS WalledGarden -  used WhiteLabel domain shall be added to the WalledGarden.
  • the correct Server IP in the External Portal settings - There are usually set IPs of SOCIFI servers for the backward authentication communication by UDP protocol. If the controller is located in the local LAN without direct public IP address, wrong recognition of UDP communication source may occureoccurs. In this case, the local IP of NAT service should be listed. For the best detection use CLI with the following commands: "terminal monitor", "terminal debugging" and "debugging the web all".
  • open the UDP communication with the destination port 2000 (on the controller side) on all firewalls or ACLs between the Huawei controller and the SOCIFI servers in on the internet.