Step-by-step instructions to set up a Radius-based captive portal with Alcatel-Lucent OV2500 Controller and Cloudi-Fi for user authentication.
By leveraging the authentication capabilities of a Radius server, you can enforce access control policies, allocate bandwidth effectively, and enhance device recognition and management across your network infrastructure. The following sections will provide step-by-step instructions to enable this powerful configuration.
Before starting, ensure that you have the following prerequisites:
- An Alcatel-Lucent access point.
- Admin access to the OV2500 controller
- Cloudi-Fi Radius IPs and Secret
- Knowledge of your network’s IP addressing scheme.
- Access to your firewall to allow several ports :
|Guest subnet||Cloudi-Fi IPs||1812-1813||UDP||Allow||RADIUS traffic|
|Guest subnet||Any||80||TCP||Allow||HTTP traffic|
|Guest subnet||Any||443||TCP||Allow||HTTPS traffic|
|Guest subnet||Any||53||UDP/TCP||Allow||DNS resolution|
|*||*||*||*||Deny||To be adjusted according to your needs|
Step 1: Get Cloudi-Fi required URL
Location URL: this URL will be used to configure an External Captive Portal
Cloudi-Fi administration Locations Click on the menu button of the location and select Copy Splash page URI.
Transform the URI as follows.
Step 2: Get Radius information
You will need the Radius information (Server IPs, Secret, Ports) to proceed with the setup.
- IPs address of the Radius servers
- Ports: UDP 1812 (Authentication) & 1813 (Accounting)
You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.
Step 3: Add Radius Servers
- Navigate to the "Security" section
- Next, "Authentication Servers" and Radius
- Click the + sign to add a new Radius Server. Configure with:
- Server Name: Cloudi-Fi_Primary (Cloudi-Fi_Secondary)
- Host Name/IP Address: Cloudi-Fi Radius IPs
- Backup Host Name/Ip Address: Cloudi-Fi Radius IPs
- Retries: 3
- Timeout: 5
- Shared Secret: Shared by the Support team
- Confirm secret: Shared by the Support team
- Authentication Port: 1812
- Accounting Port: 1813
- VRF Name: Default (or select yours)
Step 3: SSID configuration
- Navigate to the "WLAN" section
- Next, "SSIDs" and "SSIDs"
- Click the + sign to add a new SSID. Configure with:
- SSID Service Name: Your SSID Name
- SSID: Your SSID Name
- Usage: Guest Network (Open or Captive Portal)
- Do you want users to go through a Captive Portal?: Yes
- Captive Portal Type: External Captive Portal
- Default VLAN/Network section
- VLAN(s): Select your VLAN
- External Captive Portal:
- Portal Server: login.cloudi-fi.net (or login-cn.cloudi-fi.net for China locations)
- Redirect URL: Captive portal URL from the admin console without login.cloudi-fi.net
- HTTPS Redirection: Enabled
- AAA Server Profile: Select the Radius Server created earlier
- Walled Garden:
- Add at least Cloudi-Fi wildcard domain: *.cloudi-Fi
- You may need to add social networks domains
- The captive portal is not displayed
Before beginning, please check that the following Firewall rules are active, as mentioned in the Solution prerequisites section.
If you still encounter problems after following all the configuration steps, follow the steps below and provide it to the Cloudi-Fi support team:
- Make a web capture of your browser
- Share with the Cloudi-Fi support team
- The URL of the captive portal configured on Aruba
- Capture HTTP
- User ID facing the error page Aruba troubleshooting command lists
- Authentication fail or Error after authentication
Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal. Check if:
- The URL transformed at the beginning is not misconfigured,
Check the Radius Server configuration and connectivity