This article describes how to enable Cloudi-Fi captive portal on your Huawei iMaster NCE-Campus
Before starting, ensure that you have the following prerequisites:
- Access to the Huawei iMaster NCE-Campus.
- Access to Cloudi-Fi’s admin console
- Cloudi-Fi Radius IPs and Secret
- Knowledge of your network’s IP addressing scheme.
- Firewall ports allowed:
- HTTP, HTTPS
Step 1: Get the Cloudi-Fi required URL
To create a new location in the Cloudi-fi Admin interface if it doesn't already exist, follow these instructions:
Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:
- Location Name
- Type (Redirect URL)
- Portal template
Location URL: this URL will be used to configure an External Captive Portal
- Access the Cloudi-Fi administration console
- Select the location
- Click on the menu button for the location
- Select "Copy Splash page URL"
Transform the URL as follows:
Huawei iMaster NCE-Master
2. Create API User
The following describes how to create a tenant administrator account with the Open API Operator, which will be used to obtain tokens.
Login to iMaster NCE-Campus as an administrator
Go to System User Management User Management, click the Users tab, and click Create. On the displayed page, set Type to Third-party, set a username and a password, and click Next.
On the Select User Groups page, you can add the user to a specific user group and click Next.
Select Open API Operator and Open API Monitor on the Select Roles page, and click Next.
On the Select Managed Object, Select all resources, and click Next.
On the Select Access Policies page, click Next.
Click OK. The tenant administrator account with the Open API Operator role is created successfully.
Share the login/password with the Cloudi-Fi support team.
3. Create the SSID
This section describes how to configure an SSID.
Go to Provision Physical Network Site Configuration from the main menu. Select a site from the Site drop-down list in the upper left corner. Then go to AP WI-FI, click Create, and configure basic SSID information.
Configure the authentication mode as follows.
In the Default permit rule, create ACL Rules for :
Cloudi-Fi captive portal domain : *.cloudi-fi.net
Huawei domain : *.huawei.com
In Policy Control, you can enable the bandwidth limitation per SSID and Enable Application / URL filtering.
4. Configure Portal Page Push Policy
This section describes how to configure a portal push policy based on which the specified portal will be pushed to the terminals associated with Wi-Fi.
Go to Admission Admission Resources Page Management, select Portal Page Push Policy, and click Create.
Set a Name, select the Site(s) you want to deploy the Captive Portal and Access Mode to Wireless.
Set Authentication mode and paste the Captive Portal URI as a Third-party authentication URL.
5. Configure Authorization Result (Optional)
This section describes configuring the ACL, rate limit policy, and other permissions granted to successfully authenticated users.
Go to Admission Admission Policy Authentication and Authorization, select Authorization Result, and click Create.
Set a Name and select an authorization strategy, such as ACL, VLAN, or rate.
The authorization result is successfully created.
In the Bind sites dialog box, binding sites.
Go to Admission Admission Policy Authentication and Authorization, select Authorization Rules, and click Create.
Set a Name, Authentication Mode to User access authentication, and Access Mode to Wireless.
Enable Match Sites and select the site(s) you want to deploy the Captive Portal.
Set the Authentication result to the result configured earlier
Following these actions, you can enable the Cloudi-Fi captive portal into your Huawei iMaster NCE-Campus environment and provide a seamless and hassle-free experience for your network users when connecting to the SSID.