Huawei AC
Prerequisites
This guide assumes that you are using an external DHCP server for your access points as well as Access Controller and that your access point is already managed by the Access controller.
Compatibility
Social WiFi has been tested and proven to work for this setup, but should work with any other combination that supports the firmware listed below. Access Point used for this guide: Huawei AirEngine5761-11
Access Point version number: V200R020C10SPC100 Controller used for this guide: Huawei AC 6005-8-PWR
Controller version number: V200R019C00SPC500
Walled garden
Go to Configuration -> Security -> ACL.
Now, from the tabs at the top select Domain Name Configuration and press Create.
Add all of the domains below one at the time and set the Domain name ID respectively starting from 1.
Mandatory
Facebook remarketing pixel
Google remarketing tag
YouTube widget on login pages
Google login
Facebook login
Twitter login
LinkedIn login
Next you need to switch to the User ACL Settings tab and click Create.
Configure as follows:
ACL name | socialwifi |
ACL number | 6030 |
Now, proceed with adding all the rules added before in the "Domain Name Configuration" by clicking on Add Rule and adding one at the time and set the "Rule ID" respectively starting from 1.
Add each rule as follows:
Rule ID | *"Rule ID" starting from 1* |
Protocol type | IP |
Dest domain name | *Choose the domain from the drop down menu respectively* |
Add all the domains needed for your Social WiFi login page.
You also must add two additional rules in this step to make captive portal login possible, configure as follows:
Rule ID | *your last "Rule ID" + 1* |
Action | Permit |
Protocol type | TCP(6) |
Dest IP | *your controller IP address* |
Wildcard | 0.0.0.0 |
Dest port number | 8000 |
In the "Dest port number" , the "8000" must be the same as "Port number for listening to HTTP packets" in previous External Portal -> HTTP Protocol.
Rule ID | *your last "Rule ID" + 1* |
Action | Permit |
Protocol type | UDP(17) |
Dest IP | 8.8.8.8 |
Wildcard | 1.1.1.1 |
Dest port number | 53 |
"Dest IP" value (8.8.8.8 in this example) must be set as the DNS IP address for guest network.
Captive Portal configuration
Now, switch tabs to Configuration -> Security -> AAA. From the menu at the top, select External Portal and configure as follows:
HTTP Protocol | Enabled |
HTTP interpretation mode | HTTP-based |
Port number for listening to HTTP packets | 8000 (default) |
If the controller has SSL certificate added correctly, you also can set the protocol as HTTPS-based.
Next, under the Portal "Authentication Server" list, click Create. Configure as follows:
Server name | socialwifi |
Server IP | 35.205.62.147 (click "+" to add the server) |
Protocol type | HTTP |
Shared key | Shared key is available in Access Points tab of the Social WiFi Panel |
Packet port number | 50100 |
URL | http://login.socialwifi.com |
Scroll down to the "URL Option Settings" and configure as follows:
AC-IP keyword/AC-IP | AC-IP |
User access URL keyword | redirect-url |
User IP address keyword | user-ip |
AP-MAC keyword | AP-MAC |
User MAC keyword | user-mac |
Login URL keyword/Login URL | login-url / http://*controller IP*:8000/login |
MAC address format | Normal |
Separator | : |
In the "Login URL keyword/Login URL" , the "8000" must be the same as "Port number for listening to HTTP packets" in previous External Portal -> HTTP Protocol.
Leave the "Parameter Parsing Configuration" config as default.
Now, go to the "RADIUS" tab and click on Create to add a new RADIUS server.
Configure like this:
Profile name | socialwifi |
Mode | Active/Standby mode |
Profile default shared key | Shared key is available in Access Points tab of the Social WiFi Panel |
Then, click on Create Server.
IP address | IPv4 | 35.205.62.147 |
Shared key | Shared key is available in Access Points tab of the Social WiFi Panel |
Authentication | Enabled |
Port number | 31812 |
Weight | 1 |
Source IP address of outgoing packets | Loopback |
Accounting | Enabled |
Port number | 31813 |
Weight | 1 |
Source IP address of outgoing packets | Loopback |
Click OK to confirm. Make sure that the server you've created appears on the list:
SSID configuration
Go to Configuration -> Config Wizard -> Wireless Service.
Click Create and go through the wizard, set the SSID name in the first step and click Next to access the second panel "2. Security Authentication".
For "Security Settings" select Portal (applicable to enterprise networks). In the "External Portal Server Configuration" and "External RADIUS Server Configuration" under "Server template name" select the previously created templates from the dropdown menu "..." (refer to the images below).
Click Next at the bottom of the screen.
Now, under the Binding the AP group, from the dropdown menu "..." select your AP group (this example uses "default" group.
Click Finish to save the configuration. Next, go to Configuration -> AP Config -> Profile.
From the menu on the left, go to Wireless Service -> VAP Profile -> *your SSID name* -> Authentication Profile -> Authentication-free Rule Profile.
From "Authentication-free Rule Profile" dropdown menu, select the "default_free_rule" profile.
Configure as follows:
Control mode | ACL |
ACL number | 6030 |
Click Apply.
Please make sure to click Save after the configuration in order to save all the changes made.
Add the access points to Social WiFi panel
The setup of the controller is now finished. The last step is to add all access points to the Social WiFi platform.
Go to Ap Config -> AP Config -> AP Info -> AP List in the menu on the left.
Now, switch to Social WiFi Panel, go to Access Points tab, click the Add button and paste the MAC addresses of all of your Access Points controller by the Huawei AC. Click Create.
Test the solution
Connect with the WiFi network. You should see a login page. Go through the login process and, once finished, you should have internet access. You should see first connections and authorizations in the Social WiFi Panelβs statistics section.
Last updated
