Log In
Access the Huawei WLAN Controller web interface.
Navigate to Configuration at the top menu.
Configure VLAN
Go to AC Config > VLAN on the left panel.
Click Add and set the following:
VLAN ID: (e.g., 100)
Enable Create VLANIF and configure:
Description: ironwifi
IP Address Format: IPv4
IPv4 Address/Mask: 10.1.0.1 / 255.255.255.0
Click OK to save.
Enable DHCP
Go to IP on the left.
Ensure DHCP Status is enabled.
Click Create and set:
Address Pool Type: Interface address pool
Select Interface: VLAN100
Click Advanced and configure:
Primary DNS: 8.8.8.8
Secondary DNS: 8.8.4.4
Click OK to save.
Domain Whitelisting
Navigate to Security > ACL > Domain Name Configuration tab.
For each domain:
Click Create
Set:
Domain Name ID: (e.g., 1)
Domain Name: *insert domain here*
Create ACL Rules
Go to the User ACL Settings tab.
Click Create and set:
ACL Name: ironwifi
ACL Number: 6030
Click OK.
For each domain added:
Click Add Rule
Set:
Rule ID: Start at 1 and increment
Action: Permit
Protocol Type: IP
Destination Domain: select corresponding domain
Click OK.
Portal Server Configuration
Go to Security > AAA > External Portal Server tab.
Set under External Portal Interoperation Protocol:
HTTP Protocol: Enabled
Interoperation Mode: HTTP-based
Port: 8000
Click Apply.
Under Portal Authentication Server List, click Create and configure:
Server Name: ironwifi
Server IP: 10.1.0.1
URL: insert access_url here
Under URL Option Settings:
Set:
AC-IP: ac-ip
User Access URL: url
User IP: user-ip
SSID: ssid
Login URL Keyword/URL: login-url / http://10.1.0.1:8000/login
User MAC: user-mac
AP MAC: ap-mac
MAC Format: Normal
Separator: -
Under Parameter Parsing Configuration:
Protocol Type: HTTP
Login Success Response: Redirect to URL – insert redirect_url here
Click OK.
RADIUS Configuration
Go to the RADIUS tab.
Under RADIUS Server Profile, click Create:
Profile Name: ironwifi
Key: insert radius_secret here
Confirm Key: same as above
Click OK.
Under Authentication/Accounting Server:
Click Create:
Profile: ironwifi
Server Type: Authentication
IP Address: insert radius_server_ip here
Port: insert radius_server_auth_port here
Weight: 1
Click + to add second server:
IP: insert radius_server2_ip here
Port: insert radius_server2_auth_port here
Weight: 2
Click OK.
Click Create again:
Server Type: Accounting
IPs/Ports: same as above but using acct_port
Authentication Profiles
Go to Authentication Profile, click Create:
Profile Name: ironwifi
Expand it in the tree, go to Portal Profile, click Add:
Name: ironwifi
Portal Authentication: External portal server
Active Server: ironwifi
Authentication Mode: Layer 3
Click Apply.
Assign the RADIUS Server Profile:
Choose ironwifi, click Apply.
Authentication and Accounting Schemes
Under Authentication Scheme:
Click Add > Name: ironwifi, click OK
First Authentication: RADIUS
Under Accounting Scheme:
Click Add > Name: ironwifi, click OK
Real-time Accounting: On
Interval: 3 seconds
Click Apply.
Authentication-Free Rule Profile
Click Add, name: ironwifi, click OK
Control Mode: ACL
ACL Number: 6030
Go to Advanced tab:
HTTPS Redirection: Off
Portal URL Encoding/Decoding: Off
Click Apply.
AP Configuration
Go to AP Config > Profile > VAP Profile:
Click Create: name ironwifi, click OK
Set:
Status: On
VAP Type: Service VAP
Forwarding Mode: Tunnel
Service VLAN ID: 100
Home Agent: AP
Layer 3 Roaming: On
IP Learning: On
Click Apply.
SSID Configuration
Go to SSID Profile, click Create:
Name: ironwifi
SSID: Iron WiFi (or custom name)
Click Apply.
Assign VAP to AP Group
Go to AP Config > AP Group
Select group > VAP Configuration
Click Add:
VAP Profile: ironwifi
WLAN ID: 2 (or available ID)
Click OK.
Link SSID and Security
Expand ironwifi profile, assign SSID Profile: ironwifi
Go to Security Profile, click Create:
Name: ironwifi
Security Policy: Open
Click Apply.
Set Authentication Profile to ironwifi, then Apply.
Finalize
Click Save at the top to store all changes.