Aruba (Controller-based)

Start by logging into your Aruba Controller web interface.

Step 1 - WLAN

Click Configure > WLANs on the left and then click the + sign to add a new WLAN. Configure with:

Name (SSID)
Guest WiFi (or whatever you wish)
Primary Usage
Guest
Forwarding Mode
Tunnel

Click Next and configure with:

VLAN
1 (or whatever you use)

Click Next and configure with:

Is this WLAN for internal or guest?
Guest

Click Next and configure with:

Captive Portal Type
ClearPass or other external Captive Portal

Under Auth servers click + then + again to create a new server. Configure with:

Server type
RADIUS
Name
guest1
IP Address
*insert radius_server here*
Auth port
1812
Accounting port
1813
Shared key
*insert radius_secret here*
Retype key
as above
Timeout
5

Click Submit and then + again. Configure with:

Server type
RADIUS
Name
guest2
IP Address
*insert radius_server2 here*
Auth port
1812
Accounting port
1813
Shared key
*insert radius_secret here*
Retype key
as above
Timeout
5

Click Submit and then configure the further options with:

Host addressing
IPv4
Host
*insert access_domain here*
Page
/access/

Click Next and then Next again to complete the wizard.


Step 2 - Firewall

Next, click Roles & Policies on the left. Select the Aliases tab and click +. Configure with:

IP Version
IPv4
Name
guestwifi

Under Items click + and configure with:

Rule Type
Name
Domain Name
*.*insert access_domain here*

Click + again and do the same for the following domains:

*.cloudfront.net

*.venuewifi.com

*.openweathermap.org

*.stripe.com

Note: If you wish to support social network logins, you also need to add the URL entries below for each network you plan to support:

Facebook:

*.facebook.com

*.fbcdn.net

*.akamaihd.net

connect.facebook.net


Twitter:

*.twitter.com

*.twimg.com


LinkedIn:

*.linkedin.com

*.licdn.net

*.licdn.com


Instagram:

*.instagram.com


Click Submit to save.


Step 3 - Captive Portal/RADIUS

Next, click Authentication on the left. Select the L3 Authentication tab and then click the Guest WiFi-cppm_prof entry. Configure with:

Default Role
guest
Default Guest Role
guest
Redirect Pause
0
User Login
Enabled
Guest Login
Disabled
Logout popup window
Disabled
Use HTTP for authentication
Enabled
Logon wait minimum wait
1
Logon wait maximum wait
10
Authentication Protocol
PAP
Login page
*insert access_url here*
Welcome page
*insert redirect_url here*
Show Welcome page
Enabled
Add switch IP in redirection URL
Enabled
Adding APs MAC address in redirection URL
Enabled
White List
Add guestwifi from the list

Click Submit to save, Next, select the AAA Profiles tab and click on Guest WiFi-aaa_prof. Configure with:

Initial role
Guest WiFi-guest-logon
RADIUS Interim Accounting
Enabled

Click Submit to save. Next, click on the RADIUS Accounting Server Group and configure with:

RADIUS Accounting Server Group
Guest WiFi-dot1_svg

Click Submit to save. Next, select the Auth Servers tab and then All Servers > guest1. Leave all settings as they are except:

Mode
Enabled
MAC address delimiter
Dash
Station ID Type
AP MAC address
Station ID Delimiter
Dash
Include SSID
Enabled

Click Submit to save and then do the same for the guest2 server.

Finally, click Pending Changes at the top and apply changes.


The configuration is now complete.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.