Follow our step-by-step guide to enable Cloudi-Fi connectivity with Huawei iMaster NCE, which can help enhance your campus network.
Prerequisites
Before starting, ensure that you have the following prerequisites:
- Access to the Huawei iMaster NCE-Campus.
- Access to Cloudi-Fi’s admin console
- Cloudi-Fi Radius IPs and Secret
- Knowledge of your network’s IP addressing scheme.
- Firewall ports allowed:
- HTTP, HTTPS
- DNS
Step 1: Get the Cloudi-Fi required URL
To create a new location in the Cloudi-fi Admin interface if it doesn't already exist, follow these instructions: Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:
- Location Name
- Type (Redirect URL)
- Portal template
- Country
Location URL: this URL will be used to configure an External Captive Portal
- Access the Cloudi-Fi administration console
- Select the location
- Click on the menu button for the location
- Select "Copy Splash page URL"
Transform the URL as follows:
Cloudi-Fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com
Huawei iMaster NCE-Master
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/sphuaweicloud.com
2. Create API User
The following describes how to create a tenant administrator account with the Open API Operator, which will be used to obtain tokens.
- Login to iMaster NCE-Campus as an administrator
- Go to System User Management User Management, click the Users tab, and click Create. On the displayed page, set Type to Third-party, set a username and a password, and click Next.
- On the Select User Groups page, you can add the user to a specific user group and click Next.
- Select Open API Operator and Open API Monitor on the Select Roles page, and click Next.
- On the Select Managed Object, Select all resources, and click Next.
- On the Select Access Policies page, click Next.
- Click OK. The tenant administrator account with the Open API Operator role is created successfully.
- Share the login/password with the Cloudi-Fi support team.
3. Create the SSID
This section describes how to configure an SSID.
Go to Provision Physical Network Site Configuration from the main menu. Select a site from the Site drop-down list in the upper left corner. Then go to AP WI-FI, click Create, and configure basic SSID information.
Click Next
Configure the authentication mode as follows.
In the Default permit rule, create ACL Rules for :
-
Cloudi-Fi captive portal domain : *.cloudi-fi.net
-
DNS
-
Default Gateway
-
Huawei domain : *.huawei.com
Click Next
In Policy Control, you can enable the bandwidth limitation per SSID and Enable Application / URL filtering.
Click OK.
4. Configure Portal Page Push Policy
This section describes how to configure a portal push policy based on which the specified portal will be pushed to the terminals associated with Wi-Fi.
- Navigate to the Admission Resources Page Management in the portal.
- Choose "Portal Page Push Policy."
- Click on the option to create a new policy.
- Provide a name for the policy.
- Choose the site(s) where you intend to deploy the Captive Portal.
- Select the Access Mode for Wireless deployment.
Set Authentication mode and paste the Captive Portal URI as a Third-party authentication URL.
Click Apply.
5. Configure Authorization Result (Optional)
This section describes configuring the ACL, rate limit policy, and other permissions granted to successfully authenticated users.
- Head to Admin, Admission Policy, then Authentication and Authorization.
- Choose "Authorization Result" and initiate the creation process.
- Specify a name for the policy.
- Select an authorization strategy, such as ACL, VLAN, or rate.
Click OK.
The authorization result is successfully created.
In the Bind sites dialog box, binding sites.
Go to Admission Admission Policy Authentication and Authorization, select Authorization Rules, and click Create.
Set a Name, Authentication Mode to User access authentication, and Access Mode to Wireless.
Enable Match Sites and select the site(s) you want to deploy the Captive Portal.
- Set the Authentication result to the result configured earlier
Following these actions, you can enable the Cloudi-Fi captive portal into your Huawei iMaster NCE-Campus environment and provide a seamless and hassle-free experience for your network users when connecting to the SSID.
Don't hesitate to contact our team (How to contact your support? ) to make the necessary changes to your captive portal or consult the articles in our online knowledge base.