Skip to main content

Search

Cloudi-Fi Knowledge Base

How to enable Cloudi-Fi with Huawei iMaster NCE-Campus (API Based)

Alexandre de THOMASSON
  • Updated

Follow our step-by-step guide to enable Cloudi-Fi connectivity with Huawei iMaster NCE, which can help enhance your campus network.

Prerequisites

Before starting, ensure that you have the following prerequisites:

  • Access to the Huawei iMaster NCE-Campus. 
  • Access to Cloudi-Fi’s admin console
  • Knowledge of your network’s IP addressing scheme.
  • Firewall ports allowed: 
    • HTTP, HTTPS
    • DNS

1. Get the Cloudi-Fi required URL

To create a new location in the Cloudi-fi Admin interface if it doesn't already exist, follow these instructions: Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:

  • Location Name
  • Type (Redirect URL)
  • Portal template
  • Country 

Location URL: this URL will be used to configure an External Captive Portal

  • Access the Cloudi-Fi administration console
  • Select the location
  • Click on the menu button for the location
  • Select "Copy Splash page URL"

Cloudi-Fi Get captive portal url

Transform the URL as follows:

Cloudi-Fi

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com

Huawei iMaster NCE-Master

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/sphuaweicloud.com

 

2. Create API User

The following describes how to create a tenant administrator account with the Open API Operator, which will be used to obtain tokens.

Login to iMaster NCE-Campus as an administrator

Go to System > User Management > User Management, click the Users tab, and click Create.

 

In Set information page, edit the following information and click Next.

  • Type : Third Party
  • Username : for instance huawei_api_cloudifi
  • Password creation mode : Manual
  • Password
  • Confirm password
  • Two-factor authentication : System setting(Disabled)
  • Enable account: Yes
  • Advanced setting/Password validity : duration of your Cloudi-Fi subscription

huawei_cloudi-fi_usermanagement__set information.png

huawei_cloudi-fi_usermanagement__set information_2.png

In Select User Groups page, you can add the user to a specific user group and click Next.

huawei_cloudi-fi_usermanagement_usergroups.png

In Select Roles page, add Open API Operator and Open API Monitor and click Next.

huawei_cloudi-fi_usermanagement_selectrole.png

In the Select Managed Object, select Select all resources, and click Next.

huawei_cloudi-fi_usermanagement_selectmanagedobjects.png

In the Select Access Policies page, click Next.

huawei_cloudi-fi_usermanagement_selectaccesspolicies.png

Click OK  and share the username/password with the Cloudi-Fi support team.

 

3. Create the SSID

This section describes how to configure an SSID.

Go to Network Configuration > Network Configuration > Site Configuration.

Then select a site from the Site drop-down list in the upper left corner.

huawei_cloudi-fi_network-configuration_site-configuration_Site.png

Then go to AP > Wi-FI, click Create, and configure SSID information.

 

In the Basic Settings page, edit the following information and click Next.

  • SSID name : for instance Huawei_Guest
  • Enabled

huawei_cloudi-fi_network-configuration_site-configuration_SSID_basic settings.png

 

In Security Authentication page, edit the following information and click Next.

  • WLAN security policy : Open Network (Open + Portal authentication)
  • Page pushing mode : Cloud platform relay authentication
  • Interconnection mode : API
  • Page push protocol : HTTPS
  • Default permit rule : create ACL Rules
  • Bypass policy : Authenticated users can continue accessing the network, and new users are not allowed to access the network.

huawei_cloudi-fi_network-configuration_site-configuration_SSID_security_1.png

huawei_cloudi-fi_network-configuration_site-configuration_SSID_security_2.png

huawei_cloudi-fi_network-configuration_site-configuration_SSID_security_3.pngIn Policy Control page, you can enable the bandwidth limitation per SSID and Enable Application / URL filtering.

huawei_cloudi-fi_network-configuration_site-configuration_SSID_policy-control.png

 

Click Create.

 

4. Configure Portal Page Push Policy

This section describes how to configure a portal push policy based on which the specified portal will be pushed to the terminals associated with Wi-Fi.

Navigate to the Admission Management > Admission policy > Page management > Portal Page Push Policy

Click on the option to create a new policy.

  • Name : for instance Cloudifi_Portal
  • Access mode : Wireless
  • Match sites : enable
  • Site : click on Add and select your site
  • Authentication mode : Cloud platform-based relay authentication
  • Interconnection mode : API
  • Third-party authentication URL : copy/past the URL you get in 1. Get the Cloudi-Fi required URL

huawei_cloudi-fi_admission management_page management_create.png

huawei_cloudi-fi_admission management_page management_create_2.png

huawei_cloudi-fi_admission management_page management_create_3.png

Click OK.

 

5. Configure Authorization Result (Optional)

This section describes configuring the ACL, rate limit policy, and other permissions granted to successfully authenticated users.

 

Go to Admission Management > Admission Policy > Authentication and Authorization.

 

Go to Authentication Rule and select Create

  • Name : for instance AuthenticatedUsers
  • Authentication mode : User access authentication
  • Access mode : Wireless
  • Match site : select your site
  • Data source : local data source
  • Authentication protocol : All
  • Access permission for non-existent accounts : Continue processing
  • Access permission after an identity authentication failure : Deny access

huawei_cloudi-fi_admission management_authentication and authorization_authentication rule_1.png

huawei_cloudi-fi_admission management_authentication and authorization_authentication rule_2.png

huawei_cloudi-fi_admission management_authentication and authorization_authentication rule_3.png

 

 

Then go to Authorization Rule and select Create

  • Name : for instance authenticated_users
  • Authentication mode : User access authentication
  • Access mode : Wireless
  • Match site : select your site
  • Authorization result : Permit access

huawei_cloudi-fi_admission management_authentication and authorization_authorization rule_1.png

huawei_cloudi-fi_admission management_authentication and authorization_authorization rule_2.png

Click OK.

 

What's next?

Following these actions, you can enable the Cloudi-Fi captive portal into your Huawei iMaster NCE-Campus environment and provide a seamless and hassle-free experience for your network users when connecting to the SSID.

Don't hesitate to contact our team (How to contact your support? ) to make the necessary changes to your captive portal or consult the articles in our online knowledge base.