Explore our comprehensive tutorial for streamlined integration and efficient Huawei iMaster NCE Campus management into Third-Party Portal Server mode.
Use Case
This guide provides step-by-step instructions for integrating the Cloudi-Fi captive portal with Huawei iMaster NCE-Campus. This setup enables Radius-based user authentication, ensuring a secure and seamless network access experience in Third-Party Portal Server mode.
Huawei integration with Cloudi-Fi captive portal diagram
Prerequisites
Before starting, ensure that you have the following prerequisites:
- Access to the Huawei iMaster NCE-Campus.
- Access to Cloudi-Fi’s admin console
- Cloudi-Fi Radius IPs and Secret
- Knowledge of your network’s IP addressing scheme.
- Firewall ports allowed:
- HTTP, HTTPS
- DNS
- RADIUS: UDP 1812, 1813
Step 1: Get the Cloudi-Fi required URL
To create a new location in the Cloudi-fi Admin interface if it doesn't already exist, follow these instructions:
Go to the "Location" section in the Cloudi-fi Admin interface.
Create a New Location and enter the required details for the new location:
- Location Name
- Type (Redirect URL)
- Portal template
- Country
Location URL: this URL will be used to configure an External Captive Portal
- Access the Cloudi-Fi administration console
- Select the location
- Click on the menu button for the location
- Select "Copy Splash page URL"
Transform the URL as follows:
Cloudi-Fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spsomething.com
Huawei iMaster NCE-Master
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/sphuaweiap.com
Step 2: Get Radius information
You will need the Radius information (Server IPs, Secret, Ports) to set up.
- IPs address of the Radius servers
- Ports: UDP 1812 (Authentication) & 1813 (Accounting)
- The Secret (provided by Cloudi-Fi Support)
You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.
What shared secret is used for the Radius server? (Please save this confidential information securely, and do not share it publicly.)
Step 3: Create an URL Template
- Go to the 'Plan' section
- Under 'Design’ and 'Network Design', access 'Template Management'.
- Find and choose the 'URL Template' section.
- Create a new URL Template and configure it as follows.
- Name: Give it a name, for instance, "Cloudi-Fi-URL-Template".
- Template Type: Third-party authentication
- Parameters in the template: Configure as follows:
Parameter Parameter Name redirect-url redirect-url loginurl login-url https://{vlanif1}:8443 device-mac ap-mac user-ip uaddress user-mac umac ssid ssid
Step 4: Create a Portal Server
- Go to the 'Plan' section
- Under 'Design', and 'Network Design', access 'Template Management'.
- Find and choose the 'Portal server' section.
- Create a new server and configure it as follows.
- Name: Give it a name, for instance, 'Cloudi-Fi-Portal'.
- Authentication protocol: HTTPS
- Submission method: POST
- Redirect: Enabled
- Redirection type: Static redirection
- Redirection URL address: https://login.cloudi-fi.net/success.php
- Password encoding mode: None
- IP Address: 172.67.70.238
- Port: 443
- URL: Paste the Captive Portal URI
- URL Parameter profile:
- Key: Set your key and share it with Cloudi-Fi Support
- After entering all the details, save your settings to finalize the setup.
Step 5: Create ACL
- Go to the 'Plan' section
- Under 'Design’ and 'Network Design', access 'Template Management'.
- Find and choose the ACL section.
- Create a new ACL and configure it as follows.
- Name: Give it a name, for instance, "Cloudi-Fi-ACL".
- ACL Type: User
- Rule list, add the following:
-
Cloudi-Fi captive portal domain : *.cloudi-fi.net
-
DNS
-
Huawei domain : *.huawei.com
-
- After entering all the details, save your settings to finalize the setup.
Step 6: Create a RADIUS relay server
- Go to the 'Plan' section
- Under 'Design', and 'Network Design', access 'Template Management'.
- Find and choose the 'Radius server' section.
- Create a new server and configure it as follows.
- Name: Give it a name, for instance, 'Cloudi-Fi-Radius'.
- Type: Third-Party
- Authentication servers: Add Cloudi-Fi Radius servers
- Accounting servers: Add Cloudi-Fi Radius servers
- Key: Shared by Cloudi-Fi Support
- After entering all the details, save your settings to finalize the setup.
Step 7: Configuring an SSID
- Go to the 'Plan' section
- Under 'Provision’ and 'Device Configuration', access 'Site Configuration'.
- Go to the AP section and create a new SSID
- Give a unique name to your SSID.
- Choose the VLAN that will be used for this SSID.
- Opt for 'Open Network' and select 'Open+Portal authentication'.
- Set the authentication type to 'Third-party authentication'.
- Select Cloudi-Fi-Portal as Primary portal Server
- Select Cloudi-Fi-Radius as the Radius Server
- Select 'Cloudi-Fi-ACL' for the default permit rule.
- Bypass Policy: Select 'Authenticated users can continue accessing the network, and new users are not allowed to access the network'
- After reviewing all the settings, save the configuration to apply the changes.
Troubleshooting
- Firewall problem
- Before beginning, please check that the following Firewall rules are active, as mentioned in the Solution prerequisites section.
- If you still encounter problems after following all the configuration steps, follow the steps below and provide it to the Cloudi-Fi support team:
- Make a web capture of your browser
- Share with the Cloudi-Fi support team
- The URL of the captive portal configured on Huawei
- User ID facing the error page Aruba troubleshooting command lists
- Captive portal display issue before or after authentication
- The problem may be related to DHCP or DNS.
- Check that your IP private address is valid.
- Check that login.cloudi-fi.net is resolved.
Assuming the DNS and IP address function is correct, you still have a captive portal problem.
- Type http://neverssl.com on your browser to apply the redirection on the portal.
- If the captive portal still does not appear, check the ACL
- The problem may be related to DHCP or DNS.
- Error after authentication on the page
- Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal
-
Check the configuration of the Radius server:
- The IP address of RADIUS
- RADIUS port (default port 1812)
- The pre-shared key
-
- Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal
Following these actions, you can enable the Cloudi-Fi captive portal into your Huawei iMaster NCE-Campus environment and provide a seamless and hassle-free experience for your network users when connecting to the SSID.
Don't hesitate to contact our team (How to contact your support? ) to make the necessary changes to your captive portal or consult the articles in our online knowledge base.