Log in to your Huawei CloudCampus (Agile) web interface. At the top, click on Design > Policy Template.
On the left, click ACL and then Create. Configure with:
- Name: guestwifi
- ACL Type: User
- ACL Number: 6000
Under Rule List click Add and configure with:
- Rule Type: domain
- IP/Domain: *.*insert access_domain here*
Click Submit. You now need to add further rules as per above, one per domain:
- *.cloudfront.net
- *.venuewifi.com
- *.openweathermap.org
- *.stripe.com
Note: If you wish to support social network logins, you also need to add the below domains for each network you plan to support.
Facebook:
- *.facebook.com
- *.fbcdn.net
- *.akamaihd.net
- connect.facebook.net
Twitter:
- *.twitter.com
- *.twimg.com
LinkedIn:
- *.linkedin.com
- *.licdn.net
- *.licdn.com
Instagram:
- *.instagram.com
Click OK to Save.
Next, on the left, click URL Template and then Create. Configure with:
- Name: guestwifi
- Template type: Relay authentication by cloud platform
Under Parameters in template click Create and configure with:
- Parameter Name: loginUrl
- Value Assignment Mode: Replace the existing value
- Parameter Value: loginurl
Click the Tick icon to add the item. You'll need to add the below ones too:
- Parameter Name: originalUrl
- Value Assignment Mode: Replace the existing value
- Parameter Value: redirect-url
- Parameter Name: ssid
- Value Assignment Mode: Replace the existing value
- Parameter Value: ssid
- Parameter Name: umac
- Value Assignment Mode: Replace the existing value
- Parameter Value: umac
- Parameter Name: uip
- Value Assignment Mode: Replace the existing value
- Parameter Value: uaddress
- Parameter Name: apmac
- Value Assignment Mode: Replace the existing value
- Parameter Value: ap-mac
Click Confirm to Save.
Next, on the left, click RADIUS Relay Server and then Create. Configure with:
- Name: guestwifi
Under Authentication server address click Add and configure with:
- Priority: 1
- Host: *insert radius_server_ip here*
- Port: 1812
- Key: *insert radius_secret here*
Click Submit to save. Then, click Add again and configure with:
- Priority: 2
- Host: *insert radius_server2_ip here*
- Port: 1812
- Key: *insert radius_secret here*
Click Submit to save. Set the following:
- Auth protocol: PAP
Under Accounting server address click Add and configure with:
- Priority: 1
- Host: *insert radius_server_ip here*
- Port: 1813
- Key: *insert radius_secret here*
Click Submit to save. Then, click Add again and configure with:
- Priority: 2
- Host: *insert radius_server2_ip here*
- Port: 1813
- Key: *insert radius_secret here*
Click Submit to save. Set the following:
- Timeout period: 30
- Retransmission times: 5
- Load balancing mode: Strict accordance with priority
Click Confirm to Save.
Next, at the top, click on Deploy > Site Configuration and on the left menu click Site > AP > SSID. Click Create and configure with:
- Name: Guest WiFi (or whatever SSID name you wish)
- Working status: On
- Effective radio: 2.4/5G
- Network connection mode: NAT
Click Next and configure with:
- Authentication mode: Open network
- Push pages: On
- Page pusher: Relay authentication by cloud platform
- Interconnection mode: RADIUS relay
- User name: username
- Password: password
- Success page URL: redirect_URL
- RADIUS Relay Server: click Select Server > guestwifi
- Portal authentication free: Disabled
- Real-time acocunting: Enabled
- Billing reporting cycle: 2
- Default permit rule: click Select Template > guestwifi (6000)
Next, at the top, click on Admission > Portal Page Pushing Rule. Click Create and configure with:
- Name: guestwifi
- SSID: Guest WiFi (or whatever SSID name you created earlier)
- Page Push Setting authentication mode: Relay authentication by cloud platform
- Interconnection mode: Relay
- URL template: click Select Template > guestwifi
- Third-party authentication URL: *insert access_url here*
Click OK to Save.