Skip to main content

Search

Cloudi-Fi Knowledge Base

How to enable Cloudi-Fi with Alcatel-Lucent OV2500 with Radius

Mahfoud
  • Updated

Step-by-step instructions to set up a Radius-based captive portal with Alcatel-Lucent OV2500 Controller and Cloudi-Fi for user authentication.

Use case:

By leveraging the authentication capabilities of a Radius server, you can enforce access control policies, allocate bandwidth effectively, and enhance device recognition and management across your network infrastructure. The following sections will provide step-by-step instructions to enable this powerful configuration.

Prerequisites:

Before starting, ensure that you have the following prerequisites:

  • An Alcatel-Lucent access point.
  • Admin access to the OV2500 controller 
  • Cloudi-Fi Radius IPs and Secret  
  • Knowledge of your network’s IP addressing scheme.
  • Access to your firewall to allow several ports : 
Source Destination  Port Protocol Action Comment
Guest subnet Cloudi-Fi IPs 1812-1813 UDP Allow RADIUS traffic
Guest subnet Any 80 TCP Allow HTTP traffic
Guest subnet Any 443 TCP Allow HTTPS traffic
Guest subnet Any 53 UDP/TCP Allow DNS resolution
* * * * Deny To be adjusted according to your needs

Step 1: Get Cloudi-Fi required URL

Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:

  • Location Name
  • Type (Redirect URL)
  • Portal template
  • Country 

Location URL: this URL will be used to configure an External Captive Portal

  • Access the Cloudi-Fi administration console
  • Select the location
  • Click on the menu button for the location
  • Select "Copy Splash page URL"

Cloudi-Fi Get captive portal url

Transform the URL as follows:

Cloudi-Fi

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com

Alcatel lucent OV2500

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spalcatel.com

Step 2: Get Radius information

You will need the Radius information (Server IPs, Secret, Ports) to proceed with the setup.

  1. IPs address of the Radius servers
  2. Ports: UDP 1812 (Authentication) & 1813 (Accounting)

You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.

Step 3: Add Radius Servers

  1. Navigate to the "Security" section
  2. Next, "Authentication Servers" and Radius
  3. Click the + sign to add a new Radius Server. Configure with:
    1. Server Name: Cloudi-Fi_Primary (Cloudi-Fi_Secondary)
    2. Host Name/IP Address: Cloudi-Fi Radius IPs
    3. Backup Host Name/Ip Address: Cloudi-Fi Radius IPs
    4. Retries: 3
    5. Timeout: 5
    6. Shared Secret: Shared by the Support team
    7. Confirm secret: Shared by the Support team
    8. Authentication Port: 1812
    9. Accounting Port: 1813
    10. VRF Name: Default (or select yours)

Alcatel Lucent Admin console - Configure radius server

Step 4: SSID configuration

  1. Navigate to the "WLAN" section
  2. Next, "SSIDs" and "SSIDs"
  3. Click the + sign to add a new SSID. Configure with:
    1. SSID Service Name: Your SSID Name
    2. SSID: Your SSID Name
    3. Usage: Guest Network (Open or Captive Portal)
    4. Do you want users to go through a Captive Portal?: Yes
    5. Captive Portal Type: External Captive Portal
       
      Alcatel lucent OV2500 UI - Create Guest SSID
    6. Default VLAN/Network section
      1. VLAN(s): Select your VLAN
      2. External Captive Portal:
        1. Portal Server: login.cloudi-fi.net (or login-cn.cloudi-fi.net for China locations)
        2. Redirect URL: Captive portal URL from the admin console without login.cloudi-fi.net 
        3. HTTPS Redirection: Enabled
        4. AAA Server Profile: Select the Radius Server created earlier
      3. Walled Garden:
        1. Add at least Cloudi-Fi wildcard domain: *.cloudi-Fi
        2. You may need to add social networks domainsAlcatel Lucent - Configure VLAN and Cloudi-Fi captive portal

Troubleshooting

  1. The captive portal is not displayed

    1. Before beginning, please check that the following Firewall rules are active, as mentioned in the Solution prerequisites section.

      If you still encounter problems after following all the configuration steps, follow the steps below and provide it to the Cloudi-Fi support team

      • Make a web capture of your browser
      • Share with the Cloudi-Fi support team
      • The URL of the captive portal configured on Aruba 
      • User ID facing the error page Aruba troubleshooting command lists
  2. Authentication fail or Error after authentication 

    1. Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal. Check if: 

      1. The URL transformed at the beginning is not misconfigured, 

      2. Check the Radius Server configuration and connectivity