Huawei WLAN Controller (AC)

IMPORTANT: You must be using firmware V2R7C20 or above to continue.


Log in to your Huawei WLAN Controller web interface and click Configuration at the top.


Click AC Config > VLAN on the left, then Add. Set the VLAN ID to whatever you wish, i.e. 500. Now, click the Create VLANIF option and set the following:

  • Description: guestwifi
  • IP address format: IPv4
  • IPv4 Address/mask: 10.1.0.1 / 255.255.255.0


Click OK to Save. Next, click IP on the left and ensure the DHCP status is enabled. Click Create and set the following:

  • Address pool type: Interface address pool
  • Select interface: VLAN500


click Advanced and set the following:

  • Primary DNS server: 8.8.8.8
  • Secondary DNS server: 8.8.4.4


Click OK to Save. Next, go to Security > ACL on the left and click the Domain Name Configuration tab. For each domain below, click Create and set the following:

  • Domain name ID: 1
  • Domain name: *.*insert access_domain here*

  • Domain name ID: 2
  • Domain name: *.cloudfront.net

  • Domain name ID: 3
  • Domain name: *.venuewifi.com

  • Domain name ID: 4
  • Domain name: *.openweathermap.org

  • Domain name ID: 5
  • Domain name: *.stripe.com


If you wish to support social network logins, you also need to add the domains below for each network you plan to support. For the Domain name ID, increment by 1 each time.

Facebook
Twitter
LinkedIn
Instagram
*.facebook.com
*.fbcdn.net
*.akamaihd.net
connect.facebook.net

*.twitter.com
*.twimg.com  

*.linkedin.com
*.licdn.net
*.licdn.com

*.instagram.com


Next, click the User ACL Settings tab. Click Create and set the following:

  • ACL name: guestwifi
  • ACL number: 6030


Click OK to Save. Next, click the Add Rule beside the new ACL you created. You need to do this for each domain name you added above:

  • Rule ID: 1 (increment by 1 each time)
  • Action: Permit
  • Protocol type: IP
  • Dest domain: choose the domain you added


Click OK to Save. Remember to add a rule for each domain.


Next, go to Security > AAA on the left. On the External Portal Server tab. Under External Portal Interoperation Protocol set the following:

  • HTTP protocol: Enabled
  • HTTP interoperation mode: HTTP-based
  • Port number for listening to HTTP packets: 8000


Click Apply to Save. Next, under Portal Authentication Server List click Create and set the following:

  • Server name: guestwifi
  • Server IP: 10.1.0.1
  • URL: *insert access_url here*

under URL Option Settings set the following:

  • AC-IP: ac-ip
  • User access URL: url
  • User IP: user-ip
  • SSID: ssid
  • Login URL keyword/Login URL: login-url / http://10.1.0.1:8000/login
  • User MAC: user-mac
  • AP-MAC: ap-mac
  • MAC address format: normal
  • Separator: -

under Parameter Parsing Configuration set the following:

  • Protocol type: HTTP
  • Login success response: Redirect to the specific URL: *insert redirect_url here*


Click OK to Save. Next, click the RADIUS tab and then under RADIUS Server Profile click Create. Set the following:

  • Profile name: guestwifi
  • Key: *insert radius_secret here*
  • Confirm key: as above


Click OK to Save. Under Authentication/Accounting Server click Create. Under Profile Name choose guestwifi and Set the following:

  • Server type: Authentication server
  • IP address (IPv4): *insert radius_server_ip here*
  • Port number: 1812
  • Weight: 1


Click the + icon on the right to add another server and set the following:

  • Server type: Authentication server
  • IP address (IPv4): *insert radius_server2_ip here*
  • Port number: 1812
  • Weight: 2


Click OK to Save and then click Create again. Under Profile Name choose guestwifi and set the following:

  • Server type: Accounting server
  • IP address (IPv4): *insert radius_server_ip here*
  • Port number: 1813
  • Weight: 1


Click the + icon to the right to add another server and set the following:

  • Server type: Accounting server
  • IP address (IPv4): *insert radius_server2_ip here*
  • Port number: 1813
  • Weight: 2


Click OK to Save. Next, click the Authentication Profile tab and click Create. Set the following:

  • Profile Name: guestwifi


Click OK to Save. The new profile should appear in the tree on the left. Click the + to expand the tree and then click Portal Profile.


Click Add and enter guestwifi as the name then click OK. Set the following:

  • Portal authentication: External portal server
  • Active server: guestwifi
  • Authentication mode: Layer 3


Click Apply to Save. Next, click on RADIUS Server Profile and choose guestwifi, then press Apply to Save.


Next, click on Authentication Scheme. Click Add and enter guestwifi as the name then click OK. Set the following:

  • First authentication: RADIUS


Next, click on Accounting Scheme. Click Add and enter guestwifi as the name then click OK. Set the following:

  • Real-time accounting: On
  • Real-time accounting interval: 3


Click Apply to Save.


Next, click on Authentication-free Rule Profile. Click Add and enter guestwifi as the name then click OK. Set the following:

  • Control mode: ACL
  • ACL number: 6030


Next, click on the Advanced tab. Set the following:

  • HTTPS Redirection Status: Off
  • Portal URL encoding and decoding: Off


Click Apply to Save. Next, click on AP Config > Profile on the left and under the Wireless Service > VAP Profile click Create. Enter the Profile name guestwifi and click OK. Set the following:

  • Status: On
  • VAP type: Service VAP
  • Forwarding mode: Tunnel
  • Service VLAN ID: 500
  • Home agent: AP
  • Layer 3 roaming: On
  • IP learning: On


Click Apply to Save. Next, under the Wireless Service > SSID Profile click Create. Enter the Profile name guestwifi and click OK. Set the following:

  • SSID: Guest WiFi (or whatever you wish)


Click Apply to Save.


Next, click on AP Config > AP Group on the left. Click in to your Group Name > VAP Configuration. Click Add and set the following:

  • VAP profile name: guestwifi
  • WLAN ID: 2 (or an available ID)


Click OK to Save.


Next, expand the guestwifi profile you just created and under SSID Profile choose guestwifi. Click Apply to Save.

Next, click on Security Profile and click Create. Enter the Profile name as guestwifi and click OK. Set Security Policy to Open and click Apply to Save.

Next, click on Authentication Profile and choose guestwifi from the dropdown. Click Apply to Save.


Be sure to click Save at the top to persist settings.






Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.