...
In the Security / ACL / Domain Name Configuration menu is necessary to create the records with the WalledGarden DNS names using the list and description above.
The next step is creating User ACL with the WalledGarden DNS records. This can be made in the Security / ACL / User ACL Settings menu. Create a User ACL and add the rule for each WalledGarden DNS records based on TCP protocol, Action Permit. It is recommended to add the rule for enabling the ICMP protocol.
For example the User ACL with its rules:
The settings detail of the Rule ID = 2. In the Dest domain is set the record from the ACL - Domain Name Configuration
AAA - Radius settings
...
For the RADIUS settings in the Security / AAA / RADIUS must be created the RADIUS Server Profile (f.e. SOCIFI_radius_server). Create records for Authentication and Accounting server in this profile. The settings are different only in the Port Number value. For the Authentication server the port 1812 shall be set. For the Accounting server the port 1813 shall be set. The secret Key ("socifi") is the same for both settings. The IP addresses of these servers are listed above.
Details of Authentication/Accounting settings
ID device - MAC address of the controller
SOCIFI uses MAC address of the controller as the identification code. You can found the MAC address in the Monitoring / AC menu under AC Basic Information.
External portal
Under the Security / AAA / External Portal Server menu create the external portal with these settings:
| Server IP | 52.251.110.178 52.51.203.246 54.232.124.137 52.44.151.156 |
|---|---|
| URL | http://connect.socifi.com |
| URL Option Settings | |
| AC-IP | AC-IP |
| User access URL | redirect-url |
| User IP | user-ip |
| AP-IP | AP-IP |
| AC-MAC | AC-MAC |
| User MAC | user-mac |
| System name | <HUW_xxxxxxxxxxxx> |
| AP-MAC | AP-MAC |
| MAC address format | normal |
| Separator | : (colon) |
Note: The value of the System name consists of string "HUW_" and MAC address of controller (see above) without delimiters (e.g. mac address of controller is "8038-bc1a-c0df" then value of System name is "HUW_8038bc1ac0df")
Authentication profile
In the Security / AAA / Authentication Profile menu shall be created separate Authentication Profile "SOCIFI_auth_profile" with following settings:
... Potal Profile ... create a new profile "SOCIFI_portal_access_profile" with the Active server properties set to "SOCIFI" (see above to the External Portal settings)
... Authentication-free Rule ... create a new profile "SOCIFI_free_rule" and set the control mode to the ACL value. ACL number is the number of the User ACL rule with the DNS Walled Garden rule (see above to the Security ACL - DNS-based WalledGarden settings)
... Radius Server Profile ... select the "SOCIFI_radius_servers" as the RADIUS Server Profile
... finally, select the value "radius" as Authentication Scheme with the First authentication set on the RADIUS authentication property.
Profile management
...
For SOCIFI system are important only authentication properties settings. Create the SOCIFI_VAP_profile in the VAP Profile properties.
Under Authentication Profile select SOCIFI_auth_profile.
Finally select the "SOCIFI_VAP_Profile" for any AP group where the SOCIFI system use is intended.
Connecting your Huawei controller to SOCIFI Dashboard
...
| Include Page | ||||
|---|---|---|---|---|
|
Please pay attention
...
to these important settings:
the value of the variable System name - "HUW_<mac_of_the_controller_without_delimiters>" in the External Portal settings
- time synchronization
- DNS WalledGarden - used WhiteLabel domain shall be added to the WalledGarden.
- the correct Server IP in the External Portal settings - There are usually set IPs of SOCIFI servers for the backward authentication communication by UDP protocol. If the controller is located in the local LAN without direct public IP address, wrong recognition of UDP communication source may occureoccurs. In this case, the local IP of NAT service should be listed. For the best detection use CLI with the following commands: "terminal monitor", "terminal debugging" and "debugging the web all".
- open the UDP communication with the destination port 2000 (on the controller side) on all firewalls or ACLs between the Huawei controller and the SOCIFI servers in on the internet.