Aruba (Controller-based)

IMPORTANT NOTE: You must add the MAC address of the Controller in to your portal under the Hardware tab. Choose "Aruba AP (Controller based) as the type. The MAC is printed on the sticker on the back of the Controller, or you can retrieve it by going to the "Monitoring > Controller Summary" page on the Controller web interface.


Login to your Aruba controller web interface and click on Configure


On the left, under Wizards choose Campus WLAN


Under then WLANs box click New. Enter Guest WiFi as the name (or whatever you want the SSID to be)


Click Next and configure with:

  • Forwarding Mode: Tunnel (unless you have an existing setup)


Click Next and configure with:

  • Radio Type: All
  • Broadcast SSID: Yes
  • VLAN: 1 (unless you have a specific VLAN to use)


Click Next and configure with:

  • Is this WLAN intended for internal or guest?: Guest



Click Next and configure with:

  • Captive portal with authentication via credentials: Selected


Click Next and and then Next again on the Captive Portal options page.


On the Specify Authentication Server page click Add and configure with:

  • Server type: RADIUS
  • Name: guest1
  • IP Address: *insert radius_server here*
  • Auth port: 1812
  • Acct port: 1813
  • Shared key: *insert radius_secret here*
  • Retype key: as above


Click OK and then Add again, this time configuring with:

  • Server type: RADIUS
  • Name: guest2
  • IP Address: *insert radius_server2 here*
  • Auth port: 1812
  • Acct port: 1813
  • Shared key: *insert radius_secret here*
  • Retype key: as above


Click OK and then Next and configure with:

  • Pre-authentication role: Guest WiFi-guest-logon
  • Authenticated role: guest


Click Next and then Finish to confirm.


Next, under Advanced Services on the left click on Stateful Firewall. Select the Destination tab and click on Add. Configure with:


IP Version: IPv4

Destination Name: guestwifi


Click the Add button and configure with:


Type: name

Domain Name: *insert access_domain here*


Click Add to save and add all the below domains one by one until all are in the list:


*insert access_domain here*

*.venuewifi.com

*.openweathermap.org

*.cloudfront.net

*.stripe.com


If you wish to support social network logins, you also need to add the domains below for each network you plan to support


FacebookTwitterLinkedInInstagram
*.facebook.com
*.fbcdn.net
*.akamaihd.net
connect.facebook.net

*.twitter.com
*.twimg.com

*.linkedin.com
*.licdn.net
*.licdn.com

*.instagram.com


Click Apply to Save


Next, under Security on the left, click on Authentication.


Select the L3 Authentication tab and then click on Guest WiFi-cp_prof entry. Configure with the following:

  • Default Role: guest
  • Default Guest Role: guest
  • Redirect Pause: 0
  • User Login: Ticked
  • Guest Login: Unticked
  • Logout popup window: Unticked
  • Use HTTP for authentication: Ticked
  • Authentication Protocol: PAP
  • Login page: *insert access_url here*?acmac=<controller-mac>   (i.e. *insert access_url here*?acmac=00-0B-86-6E-C5-F8)
  • Welcome page: *insert redirect_url here*&acmac=<controller-mac>   (i.e. *insert redirect_url here*&acmac=00-0B-86-6E-C5-F8)
  • Show Welcome page: Ticked
  • Add switch IP in redirection URL: Ticked
  • White List: Add guestwifi from the list


Click Apply to Save


Next, select the AAA Profiles tab and click on Guest WiFi-aaa_prof. Configure with:

  • Initial role: Guest WiFi-guest-logon
  • RADIUS Interim Accounting: Ticked


Click Apply to Save


Next, click on the RADIUS Accounting Server Group and configure with:


RADIUS Accounting Server Group: Guest WiFi-srvgrp-xxx (where xxx is a random number)


Click Apply to Save


Next, select the Servers tab and click on RADIUS Server then guest1. Leave all settings as they are except:

  • Mode: Ticked
  • MAC address delimiter: Dash

    Under Called-Station-Id:
  • csid_type: ap-macaddr
  • include_ssid: enable
  • csid_delimiter: dash


Click Apply to Save


Next, click on RADIUS Server then guest2. Leave all settings as they are except:

  • Mode: Ticked
  • MAC address delimiter: Dash

    Under Called-Station-Id:

  • csid_type: ap-macaddr
  • include_ssid: enable
  • csid_delimiter: dash


Click Apply to Save


Finally, click Save configuration at the top and reload/reboot the controller to ensure all settings take effect.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.