Skip to main content

Search

Cloudi-Fi Knowledge Base

How to integrate Huawei iMaster NCE-Campus in Third-Party Portal Server mode

Mahfoud
  • Updated

Explore our comprehensive tutorial for streamlined integration and efficient Huawei iMaster NCE Campus management into Third-Party Portal Server mode.

 

Use Case

This guide provides step-by-step instructions for integrating the Cloudi-Fi captive portal with Huawei iMaster NCE-Campus. This setup enables Radius-based user authentication, ensuring a secure and seamless network access experience in Third-Party Portal Server mode. 

Huawei integration with Cloudi-Fi captive portal diagram

Huawei Third-Party Portal Server integration with Cloudi-Fi captive portal diagram

Prerequisites

Before starting, ensure that you have the following prerequisites:

  • Access to the Huawei iMaster NCE-Campus. 
  • Access to Cloudi-Fi’s admin console
  • Cloudi-Fi Radius IPs and Secret  
  • Knowledge of your network’s IP addressing scheme.
  • Firewall ports allowed: 
    • HTTP, HTTPS
    • DNS
    • RADIUS: UDP 1812, 1813

Step 1: Get the Cloudi-Fi required URL

To create a new location in the Cloudi-fi Admin interface if it doesn't already exist, follow these instructions:


Go to the "Location" section in the Cloudi-fi Admin interface.
Create a New Location and enter the required details for the new location:

  • Location Name
  • Type (Redirect URL)
  • Portal template
  • Country 

Location URL: this URL will be used to configure an External Captive Portal

  • Access the Cloudi-Fi administration console
  • Select the location
  • Click on the menu button for the location
  • Select "Copy Splash page URL"

Cloudi-Fi Get captive portal URL for Huawei iMaster NCE-Campus

Transform the URL as follows:

Cloudi-Fi

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spsomething.com

Huawei iMaster NCE-Master

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/sphuaweiap.com

Step 2: Get Radius information

You will need the Radius information (Server IPs, Secret, Ports) to set up.

  1. IPs address of the Radius servers
  2. Ports: UDP 1812 (Authentication) & 1813 (Accounting)
  3. The Secret (provided by Cloudi-Fi Support)

You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.

Cloudi-Fi - Get radius information for Huawei iMaster NCE-Campus

What shared secret is used for the Radius server? (Please save this confidential information securely, and do not share it publicly.)

Step 3: Create an URL Template

  1. Go to the 'Plan' section
  2. Under 'Design’ and 'Network Design', access 'Template Management'.
  3. Find and choose the 'URL Template' section.
  4. Create a new URL Template and configure it as follows.
    1. Name: Give it a name, for instance, "Cloudi-Fi-URL-Template".
    2. Template Type: Third-party authentication
    3. Parameters in the template: Configure as follows: 
      Parameter Parameter Name
      redirect-url redirect-url
      loginurl login-url https://{vlanif1}:8443
      device-mac ap-mac
      user-ip uaddress
      user-mac umac
      ssid ssid

Step 4: Create a Portal Server

  1. Go to the 'Plan' section
  2. Under 'Design', and 'Network Design', access 'Template Management'.
  3. Find and choose the 'Portal server' section.
  4. Create a new server and configure it as follows.
    1. Name: Give it a name, for instance, 'Cloudi-Fi-Portal'.
    2. Authentication protocol: HTTPS
    3. Submission method: POST
    4. Redirect: Enabled
      1. Redirection type: Static redirection
      2. Redirection URL address: https://login.cloudi-fi.net/success.php
    5.  Password encoding mode: None
    6. IP Address: 172.67.70.238
    7. Port: 443
    8. URL: Paste the Captive Portal URI
    9. URL Parameter profile: 
    10. Key: Set your key and share it with Cloudi-Fi Support
  5. After entering all the details, save your settings to finalize the setup.

Huawei NCE-Campus UI - Set Cloudi-Fi portal server.png

Step 5: Create ACL

  1. Go to the 'Plan' section
  2. Under 'Design’ and 'Network Design', access 'Template Management'.
  3. Find and choose the ACL section.
  4. Create a new ACL and configure it as follows.
    1. Name: Give it a name, for instance, "Cloudi-Fi-ACL".
    2. ACL Type: User
    3. Rule list, add the following:

      • Cloudi-Fi captive portal domain : *.cloudi-fi.net

      • DNS

      • Huawei domain : *.huawei.com

  5. After entering all the details, save your settings to finalize the setup.

Huawei NCE-Campus - Create Cloudi-Fi ACL

Step 6: Create a RADIUS relay server

  1. Go to the 'Plan' section
  2. Under 'Design', and 'Network Design', access 'Template Management'.
  3. Find and choose the 'Radius server' section.
  4. Create a new server and configure it as follows.
    1. Name: Give it a name, for instance, 'Cloudi-Fi-Radius'.
    2. Type: Third-Party
    3. Authentication servers: Add Cloudi-Fi Radius servers
    4. Accounting servers: Add Cloudi-Fi Radius servers
    5. Key: Shared by Cloudi-Fi Support
  5. After entering all the details, save your settings to finalize the setup.

Huawei NCE-Campus UI - Configure Cloudi-Fi Radius servers.png

Step 7: Configuring an SSID

  1. Go to the 'Plan' section
  2. Under 'Provision’ and 'Device Configuration', access 'Site Configuration'.
  3. Go to the AP section and create a new SSID
    1. Give a unique name to your SSID.
    2. Choose the VLAN that will be used for this SSID.
    3. Opt for 'Open Network' and select 'Open+Portal authentication'.
    4. Set the authentication type to 'Third-party authentication'.
    5. Select Cloudi-Fi-Portal as Primary portal Server 
    6. Select Cloudi-Fi-Radius as the Radius Server
    7. Select 'Cloudi-Fi-ACL' for the default permit rule.
    8. Bypass Policy: Select 'Authenticated users can continue accessing the network, and new users are not allowed to access the network'
  4. After reviewing all the settings, save the configuration to apply the changes.

Huawei NCE-Campus admin - Configure SSID with Cloudi-Fi.png

Troubleshooting

  1. Firewall problem
    1. Before beginning, please check that the following Firewall rules are active, as mentioned in the Solution prerequisites section.
    2. If you still encounter problems after following all the configuration steps, follow the steps below and provide it to the Cloudi-Fi support team:
    3. Make a web capture of your browser
    4. Share with the Cloudi-Fi support team
    5. The URL of the captive portal configured on Huawei 
    6. User ID facing the error page Aruba troubleshooting command lists
  2. Captive portal display issue before or after authentication
    1. The problem may be related to DHCP or DNS.
      • Check that your IP private address is valid.
      • Check that login.cloudi-fi.net is resolved.

      Assuming the DNS and IP address function is correct, you still have a captive portal problem.

    2. Type http://neverssl.com on your browser to apply the redirection on the portal.
    3. If the captive portal still does not appear, check the ACL
  3. Error after authentication on the page
    1. Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal

      1. Check the configuration of the Radius server:

        • The IP address of RADIUS
        • RADIUS port (default port 1812)
        • The pre-shared key

Following these actions, you can enable the Cloudi-Fi captive portal into your Huawei iMaster NCE-Campus environment and provide a seamless and hassle-free experience for your network users when connecting to the SSID.

 

Don't hesitate to contact our team (How to contact your support? ) to make the necessary changes to your captive portal or consult the articles in our online knowledge base.