Step 1 — Add the Device to Wiacom
- Go to Inventory → Routers → Add New Router
- Select Huawei / WLAN Controller from the vendor dropdown
- Enter the required details and assign a location
- Click Save
Step 2 — Create a Guest VLAN
Log in to the Huawei WLAN Controller web interface → Configuration:- AC Config → VLAN → Add: set a VLAN ID (e.g.
500), enable Create VLANIF- Description:
guestwifi, IP Address format: IPv4 - IPv4 Address/Mask: gateway IP for the guest subnet
- Description:
- IP → DHCP: ensure DHCP is enabled, click Create
- Address pool type: Interface address pool, Select interface:
VLAN<ID> - Advanced → Primary/Secondary DNS: your preferred DNS servers
- Address pool type: Interface address pool, Select interface:
Step 3 — Configure Walled Garden (Domain ACL)
Go to Security → ACL → Domain Name Configuration. Add each domain with an incrementing Domain Name ID:| Category | Domains |
|---|---|
| Wiacom portal | *.wiacom.ai |
| Video / CDN | fast.wistia.com, *.fastly.net, *.player.vimeo.com, *.akamaiedge.net, *.akamaized.net, *.amazonaws.com, *.zencdn.net |
| Facebook / Instagram | *.facebook.com, *.fbcdn.net, *.akamaihd.net, connect.facebook.net |
| Twitter / X | *.twitter.com, *.twimg.com |
*.linkedin.com, *.licdn.net, *.licdn.com |
- ACL name:
guestwifi, ACL number:6030 - For each domain: Add Rule → Action: Permit, Protocol: IP, Dest domain: select domain
Step 4 — Configure External Portal Server
Security → AAA → External Portal Server tab:- HTTP protocol: Enabled, HTTP interoperation mode: HTTP-based
- Port for listening to HTTP packets:
8000
| Field | Value |
|---|---|
| Server name | guestwifi |
| Server IP | Controller gateway IP (VLANIF) |
| URL | <PORTAL_URL> — provided by Wiacom |
| Parameter | Value |
|---|---|
| AC-IP | ac_ip |
| User access URL | redirect_url |
| User IP | user_ip |
| SSID | ssid |
| Login URL / keyword | login / http://<CONTROLLER_IP>:8000/login |
| User MAC | user_mac |
| AP-MAC | ap_mac |
| MAC address format | normal |
| Separator | : |
- Protocol type: HTTP
- Login success response: Redirect to
<PORTAL_URL>?res=success
Step 5 — Configure RADIUS
Security → AAA → RADIUS → RADIUS Server Profile → Create:- Profile name:
guestwifi - Key / Confirm key:
<RADIUS_SHARED_SECRET>
| Auth Server | Accounting Server | |
|---|---|---|
| Server type | Authentication | Accounting |
| IP address (IPv4) | <RADIUS_SERVER_IP> | <RADIUS_SERVER_IP> |
| Port | 1812 | 1813 |
| Weight | 1 | 1 |
Step 6 — Configure Authentication Profile
- Authentication Profile → Create → name
guestwifi - Expand profile → Portal Profile → Add → name
guestwifi- Portal authentication: External portal server, Active server:
guestwifi, Authentication mode: Layer 3
- Portal authentication: External portal server, Active server:
- RADIUS Server Profile → select
guestwifi - Authentication Scheme → Add → name
guestwifi, First authentication: RADIUS - Accounting Scheme → Add → name
guestwifi, Real-time accounting: On, Interval:3 - Authentication-free Rule Profile → Add → name
guestwifi, Control mode: ACL, ACL number:6030 - Advanced tab: HTTPS Redirection Status: Off, Portal URL encoding: Off
Step 7 — Configure VAP and SSID Profiles
- AP Config → Profile → VAP Profile → Create → name
guestwifi- Status: On, VAP type: Service VAP, Forwarding mode: Tunnel
- Service VLAN ID: your guest VLAN, Home agent: AP, Layer 3 roaming: On, IP learning: On
- SSID Profile → Create → name
guestwifi, SSID: your guest WiFi name - AP Group → [group] → VAP Configuration → Add → VAP profile:
guestwifi, WLAN ID: available ID - Under
guestwifiprofile: SSID Profile →guestwifi - Security Profile → Create → name
guestwifi, Security Policy: Open - Authentication Profile → select
guestwifi - Click Save at the top to persist all settings
Troubleshooting
Guests not redirected to portal
Guests not redirected to portal
Confirm HTTPS Redirection is Off and Portal URL encoding is Off in the Advanced tab.
RADIUS authentication fails
RADIUS authentication fails
Verify the RADIUS IP and shared secret match values provided by Wiacom. Confirm UDP 1812 and 1813 are reachable from the controller.
Login URL not resolving
Login URL not resolving
The Login URL uses the controller’s own IP and port 8000 — not the Wiacom cloud URL.