Aruba (Controller-based)

Start by logging into your Aruba Controller web interface.

Step 1 - AAA servers

Click Configure at the top and then Wizards > Campus WLAN on the left. Under the WLANs box click New.


Enter Guest WiFi (or whatever you wish for the SSID) as the name and click Next. Configure with:

Forwarding Mode
Tunnel (unless you have an existing setup)

Click Next and configure with:

Radio Type
All
Broadcast SSID
Enabled
VLAN
1 (unless you have a specific VLAN to use)

Click Next and configure with:

Is this WLAN for internal or guest?
Guest

Click Next and configure with:

Captive portal with authentication via credentials
Enabled

Click Next and then Next again on the Captive Portal options page. On the Specify Authentication Server page click Add and configure with:

Server type
RADIUS
Name
guest1
IP Address
*insert radius_server here*
Auth port
1812
Acct port
1813
Shared key
*insert radius_secret here*
Retype key
as above

Click OK and then Add again. Configure with:

Server type
RADIUS
Name
guest2
IP Address
*insert radius_server2 here*
Auth port
1812
Acct port
1813
Shared key
*insert radius_secret here*
Retype key
as above

Click OK and then Next. Configure with:

Pre-authentication role
Guest WiFi-guest-logon
Authenticated role
guest

Click Next and then Finish to confirm.


Next, click Advanced Services > Stateful Firewall on the left. Select the Destination tab and click Add. Configure with:

IP Version
IPv4
Destination Name
guestwifi
Type
name
Domain Name
*.*insert access_domain here*

Click Add again and do the same for the following domains:

*.cloudfront.net

*.venuewifi.com

*.openweathermap.org

*.stripe.com

Note: If you wish to support social network logins, you also need to add the URL entries below for each network you plan to support:

Facebook:

*.facebook.com

*.fbcdn.net

*.akamaihd.net

connect.facebook.net


Twitter:

*.twitter.com

*.twimg.com


LinkedIn:

*.linkedin.com

*.licdn.net

*.licdn.com


Instagram:

*.instagram.com


Click Apply to save. Next, click Security > Authentication on the left. Select the L3 Authentication tab and then click the Guest WiFi-cp_prof entry. Configure with:

Default Role
guest
Default Guest Role
guest
Redirect Pause
0
User Login
Enabled
Guest Login
Disabled
Logout popup window
Disabled
Use HTTP for authentication
Enabled
Authentication Protocol
PAP
Login page
*insert access_url here*?acmac=controller-mac (i.e. *insert access_url here*?acmac=00-0B-86-6E-C5-F8)
Welcome page
*insert redirect_url here*&acmac=controller-mac (i.e. *insert access_url here*&acmac=00-0B-86-6E-C5-F8)
Show Welcome page
Enabled
Add switch IP in redirection URL
Enabled
White List
Add guestwifi from the list

Click Apply to save, Next, select the AAA Profiles tab and click on Guest WiFi-aaa_prof. Configure with:

Initial role
Guest WiFi-guest-logon
RADIUS Interim Accounting
Ticked

Click Apply to save. Next, click on the RADIUS Accounting Server Group and configure with:

RADIUS Accounting Server Group
Guest WiFi-srvgrp-xxx

Click Apply to save. Next, select the Servers tab and then RADIUS Server > guest1. Leave all settings as they are except:

Mode
Enabled
MAC address delimiter
Dash
csid_type
ap-macaddr
include_ssid
enable
csid_delimiter
dash

Click Apply to save. Next, click RADIUS Server > guest2. Leave all settings as they are except:

Mode
Enabled
MAC address delimiter
Dash
csid_type
ap-macaddr
include_ssid
enable
csid_delimiter
dash

Click Apply to save. Finally, click Save configuration at the top.

IMPORTANT: You must reload/reboot the controller to ensure all settings take effect.
NOTE: You must add the MAC address of the Controller in to your portal under the Hardware tab. Choose Aruba AP (Controller based) as the type. The MAC can be retrieved on the Monitoring > Controller Summary page.


The configuration is now complete.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.