Step-by-step instructions to set up a Radius-based captive portal with Alcatel-Lucent OV2500 Controller and Cloudi-Fi for user authentication.
Use case:
By leveraging the authentication capabilities of a Radius server, you can enforce access control policies, allocate bandwidth effectively, and enhance device recognition and management across your network infrastructure. The following sections will provide step-by-step instructions to enable this powerful configuration.
Prerequisites:
Before starting, ensure that you have the following prerequisites:
- An Alcatel-Lucent access point.
- Admin access to the OV2500 controller
- Cloudi-Fi Radius IPs and Secret
- Knowledge of your network’s IP addressing scheme.
- Access to your firewall to allow several ports :
Source | Destination | Port | Protocol | Action | Comment |
Guest subnet | Cloudi-Fi IPs | 1812-1813 | UDP | Allow | RADIUS traffic |
Guest subnet | Any | 80 | TCP | Allow | HTTP traffic |
Guest subnet | Any | 443 | TCP | Allow | HTTPS traffic |
Guest subnet | Any | 53 | UDP/TCP | Allow | DNS resolution |
* | * | * | * | Deny | To be adjusted according to your needs |
Step 1: Get Cloudi-Fi required URL
Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:
- Location Name
- Type (Redirect URL)
- Portal template
- Country
Location URL: this URL will be used to configure an External Captive Portal
- Access the Cloudi-Fi administration console
- Select the location
- Click on the menu button for the location
- Select "Copy Splash page URL"
Transform the URL as follows:
Cloudi-Fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com
Alcatel lucent OV2500
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spalcatel.com
Step 2: Get Radius information
You will need the Radius information (Server IPs, Secret, Ports) to proceed with the setup.
- IPs address of the Radius servers
- Ports: UDP 1812 (Authentication) & 1813 (Accounting)
You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.
Step 3: Add Radius Servers
- Navigate to the "Security" section
- Next, "Authentication Servers" and Radius
- Click the + sign to add a new Radius Server. Configure with:
- Server Name: Cloudi-Fi_Primary (Cloudi-Fi_Secondary)
- Host Name/IP Address: Cloudi-Fi Radius IPs
- Backup Host Name/Ip Address: Cloudi-Fi Radius IPs
- Retries: 3
- Timeout: 5
- Shared Secret: Shared by the Support team
- Confirm secret: Shared by the Support team
- Authentication Port: 1812
- Accounting Port: 1813
- VRF Name: Default (or select yours)
Step 4: SSID configuration
- Navigate to the "WLAN" section
- Next, "SSIDs" and "SSIDs"
- Click the + sign to add a new SSID. Configure with:
- SSID Service Name: Your SSID Name
- SSID: Your SSID Name
- Usage: Guest Network (Open or Captive Portal)
- Do you want users to go through a Captive Portal?: Yes
- Captive Portal Type: External Captive Portal
- Default VLAN/Network section
- VLAN(s): Select your VLAN
- External Captive Portal:
- Portal Server: login.cloudi-fi.net (or login-cn.cloudi-fi.net for China locations)
- Redirect URL: Captive portal URL from the admin console without login.cloudi-fi.net
- HTTPS Redirection: Enabled
- AAA Server Profile: Select the Radius Server created earlier
- Walled Garden:
- Add at least Cloudi-Fi wildcard domain: *.cloudi-Fi
- You may need to add social networks domains
Troubleshooting
- The captive portal is not displayed
-
Before beginning, please check that the following Firewall rules are active, as mentioned in the Solution prerequisites section.
If you still encounter problems after following all the configuration steps, follow the steps below and provide it to the Cloudi-Fi support team
- Make a web capture of your browser
- Share with the Cloudi-Fi support team
- The URL of the captive portal configured on Aruba
- User ID facing the error page Aruba troubleshooting command lists
-
- Authentication fail or Error after authentication
-
Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal. Check if:
- The URL transformed at the beginning is not misconfigured,
-
Check the Radius Server configuration and connectivity
-