Skip to main content

Search

Cloudi-Fi Knowledge Base

How to Integrate Extreme Networks CloudIQ - Aerohive with Cloudi-Fi

Alexandre de THOMASSON
  • Updated

Describes how to configure your Extreme Networks Cloud IQ to enable Cloudi-Fi's captive portal

Use case

The following sections will provide step-by-step instructions to enable Cloudi-Fi cloud-based WiFi Captive portal service with your existing Extreme Networks CloudIQ architecture.

Prerequisites

Before starting, ensure that you have the following prerequisites:

  • Access to the Extreme Networks CloudIQ dashboard.
  • Knowledge of your network’s IP addressing scheme.

Step 1: Retrieve Cloud-fi required information 

To create a new location in the Cloudi-fi Admin interface if it doesn't already exist, follow these instructions:

Go to the "Location" section in the Cloudi-fi Admin interface.
Create a New Location and enter the required details for the new location:

  • Location Name
  • Type (Redirect URL)
  • Portal template
  • Country 

Location URL: this URL will be used to configure an External Captive Portal

  • Access the Cloudi-Fi administration console
  • Select the location
  • Click on the menu button for the location
  • Select "Copy Splash page URL"

Cloudi-Fi Get captive portal url

Transform the URL as follows:

Cloudi-Fi

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spsomething.com

Extreme Cloud IQ

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spextremcloudiq.com

Step 2: Get Radius information

To set up, you will need the Radius information (Server IPs, Secret, Ports).

  1. IPs address of the Radius servers
  2. Ports: UDP 1812 (Authentication) & 1813 (Accounting)
  3. The Secret (provided by Cloudi-Fi Support)

You can get the Secret by asking in the Chatbot. Cloudi-Fi’s Support team will provide you with the necessary information.

Cloudi-Fi - Get radius information for XQI

What shared secret is used for the Radius server? (Please save this confidential information securely, and do not share it publicly.)

Company Key

  • This value will be used as a Custom NAS-ID in the Radius request.

  • Go to Settings and copy the Cloudi-Fi Public Key in your notepad:

Now, we can start the configuration in your Extreme CloudIQ account.

Step 2: Create the Radius Server in Extreme CloudIQ

In Extreme CloudIQ, go to Configure Common Objects External Radius Server.

Click on + to add a new server.

To set up, you will need the Radius information (Server IPs, Secret, Ports).

  1. IPs address of the Radius servers
  2. Ports: UDP 1812 (Authentication) & 1813 (Accounting)
  3. The Secret (provided by Cloudi-Fi Support)

  • Click on Save External Radius

Step 3: Supplemental CLI

In this section, we must configure a supplemental CLI to send the Cloudi-Fi Company Key as NAS-ID in the Radius request sent by the Access Point.

 

First, we would like to enable Supplemental CLI in your account.

Go to your CloudIQ profile in the top-right corner, then:

Global Settings VIQ Management Supplemental CLI: ON

XIQ admin - Enable Supplemental CLI

Once done, you can go to Configure Common Objects Supplemental CLI Objects:

Click + to add a new Supplemental CLI, then:

  • Name: Cloudi-Fi Custom NAS-ID

  • CLI Command: aaa attribute NAS-Identifier YOUR_COMPANY_KEY

  • Click Save

Step 4: Create the Guest SSID on the Extreme CloudIQ admin interface

Connect to your Extreme Cloud IQ administration interface.

Go to Configure Network Policies. Create or edit an existing one

  • In the Extreme CloudIQ Policy Details tab:
    - Select Wireless

  • In the Wireless Networks tab:
    - Click on "+" and select "All other network (standard)"
    - Name (SSID): Provide a name
    - Broadcast Name: WLAN name visible by clients

    - SSID Authentication: Open
    - Enable Captive Web Portal: On and select User Auth on Captive Web Portal
    - Authentication type: Redirect to External URL
    - Send Client's requested URL in clear text: Checked
    - Default Web Portal: Add.

New Captive Web Portal window

  • Captive Web Portal Settings
    - Name: Cloudi-Fi location name
    - Login URL: Copy the Splash page URI location from the Cloudi-Fi Admin UI Location menu 
    - Password encryption: Plaintext
    - Authentication method: PAP
    - Success page: Off
    - Redirect client after a successful login: Checked
    - To a specific URL: https://login.cloudi-fi.net/success.php

  • Advanced settings
    - Web Servers registration period: This timer must be equal to the Cloudi-Fi session lifetime (Cloudi-Fi UI Portals Session lifetime)
    - Use HTTP 302: Checked

  • WalledGarden
    - Click + and select the Service Type: Web
    - Add this URL:*.cloudi-fi.net


If you use a social media connector on your captive portal, the Cloudi-Fi support team will provide you with an additional URL to add to the walled garden.

  • Click Save CWP

In the Wireless settings tab, you will now configure the

Authentication settings section:

  • Click + and add the Cloudi-Fi Radius Server created at step 2

  • Save

XIQ - add Cloudi-Fi radius servers

Click Save

Go to the Additional Settings tab on Extreme CloudIQ admin:

 

In the additional settings, we will activate the Custom NAS-ID configured by applying the Supplemental CLI created previously.

 

XIQ admin - set Custom NAS-ID

 

Click Save

Step 5: Add SSL Certificate

Browser updates are causing security exceptions when the user submits their login credentials. This occurs because they are using HTTP in an HTTPS connection. The section is an option if you want to prevent security exceptions. The procedure requires a domain certificate pushed to the Access Points through ExtremeCloud IQ. 

1. Obtain a valid and commercial certificate. You can use your company's wildcard domain certificate. 

2. Map the hostname to an IP address 

  • To find the default CWP server IP from AP, run the following CLI command
    • show interface wifi0.1
    • show interface wifi1.1
  • Create two A records with two IP addresses on your DNS server serving the wireless guest SSID.
    • For Instance : 
      • Interface wifi0 = 198.18.2.1 -> guest.3wi.fi
      • Interface wifi1 = 198.18.31.1 -> guest.3wi.fi

⚠️ The IP address may vary from one Network policy to another. And from one radio frequency band to another. 

3. Import the Certificate into XIQ certificate management.

The file must contain the server certificate, all intermediate certificates in order of chain of trust, the root CA certificate and the private key in exactly that order.

-----BEGIN CERTIFICATE -----
SERVER CERTIFICATE
-----END CERTIFICATE -------

-----BEGIN CERTIFICATE -----
INTERMEDIATE CERTIFICATE
-----END CERTIFICATE -------

-----BEGIN CERTIFICATE -----
ROOT CERTIFICATE
-----END CERTIFICATE -------

-----BEGIN PRIVATE KEY -----
ROOT CERTIFICATE
-----END PRIVATE KEY -------

Once a PEM file meets these requirements, it can be uploaded to ExtremeCloud IQ.

In Configure > Certificate Management, Import the Certificate

  • File: Select the PEM File
  • File type: CERT_KEY

ExtremeCloud IQ - Import Certificate

4. Configure the CWP 

  • In Advance Configuration
  • Enter Domain Name
  • Enable HTTPS
  • Select the HTTPS Certificate imported previously 

ExtremeCloud IQ - Enable HTTPS for CWP

DO NOT Select "Override Web Server Domain.." because wildcard cert does not contain CN value.

Step 6: Deploy your policy 

You can go to the Deploy Policy tab.

Select the devices where you want to deploy this policy.

Click "Deploy" and select "Complete Configuration Update."

Troubleshooting:

If you still encounter any issues during the setup or operation, follow Cloudi-Fi's first-level troubleshooting guide. If you still face issues, we invite you to contact the Cloudi-Fi support team.

What’s Next?

Congratulations on configuring your Extreme Networks CloudIQ with Cloudi-Fi!