Skip to main content

Huawei

Onboarding for Using the OCMP Splash Page (Smart WiFi)

Several steps are required to configure Huawei access points in Huawei iMaster NCE for OCMP. Because the Huawei iMaster API is used, a user also needs to be created.

Creating a Huawei API User Group

User Management

In Huawei iMaster NCE, a user group for API access is required first. Navigate to System → User Management and open the user groups area.

User Group

If no suitable group exists yet, create a new one at this point.

Create Group

Assign a suitable name so that the group can later be identified clearly as the API group for OCMP. In the next step, define the roles for this group.

Group Roles

Select the Open Api Operator role so that the user later receives the required API permissions.

Group Roles Ready

Once the role has been set, select all available resources so that the access required for the later integration is fully available.

Creating a Huawei API User

User List

In the same area, create a new user.

Create User

Create the user as a Third-party user. A recommended username is ocmp_api_user. Use a strong password and store it securely.

User Settings

In the advanced settings, increase the maximum number of simultaneous sessions and disable password renewal.

Then select the user group created earlier.

Select Group

Assign the Open Api Operator role.

Select Role

Then select all resources.

Select Objects

The access policies remain unchanged.

Select Policies

Creating ACLs

ACL Overview

Under Plan → Network Design → Template Management → Policy Template → ACL, create two ACLs.

ACL Create

Create the first ACL, acl_ocmp_portal, as an Advanced ACL with a fixed number.

ACL Create Detail

The second ACL, ocmp_acl, contains all domains and IP addresses that must be reachable for the captive portal, acting as the Walled Garden. Add one rule for each address.

Creating a Portal Page Push Policy

Template Management

In the Policy → Admission Resources → Page Management menu, create a new Portal Page Push Policy.

Portal Page

Configure the policy as follows:

  • Name: ocmp_portal
  • Access Mode: Wireless
  • Authentication: Cloud platform-based relay authentication
  • Third-party URL: OCMP splash page URL

Then assign the policy to the desired locations.

Configuring Authentication

Auth Menu

Under Policy → Admission Policy → Authentication and Authorization, adjust the existing rules.

Auth Create

Activate EAP-PEAP-MSCHAPv2 in the authentication protocol.

Auth Detail

Then create an authorization result:

  • Name: ocmp_auth_result
  • ACL: acl_ocmp_portal

Assign this result to the locations.

Next, create a new authorization rule:

  • Name: ocmp_rule
  • Enable Portal-HACA
  • Assign sites
  • Select authorization result

Configuring the SSID

In Site Configuration → AP → Wi-Fi, create a new SSID or adjust an existing one.

Portal Enable

Important settings:

  • Security: Open + Portal authentication
  • Page Push Policy: Relay authentication
  • Default Permit Rule: ocmp_acl
  • Enable Bypass Policy