How to configure 802.1X authentication on Aruba access points (through Aruba Central ) using Cloudi-Fi as the RADIUS provider.
Prerequisites
Before starting, ensure that you have the following prerequisites:
- Cloudi-Fi Radius IPs and Secret
- Access to Aruba Central dashboard.
- Knowledge of your network’s IP addressing scheme.
- Access to your firewall to allow several ports:
| Source | Destination | Port | Protocol | Action | Comment |
| 802.1x subnet | Cloudi-Fi IPs | 1815 | UDP | Allow | RADIUS traffic |
| 802.1x subnet | Any | 80 | TCP | Allow | HTTP traffic |
| 802.1x subnet | Any | 443 | TCP | Allow | HTTPS traffic |
| 802.1x subnet | Any | 53 | UDP/TCP | Allow | DNS resolution |
| * | * | * | * | Deny | To be adjusted according to your needs |
1. Get Radius information
You will need the Radius information (Server IPs, Secret, Ports) to proceed with the setup.
| Parameter | Description |
| RADIUS IPs | Provided by Cloudi-Fi |
| Ports | UDP 1815 (Authentication) |
| Shared Secret | Obtain via the Cloudi-Fi chatbot or Support team |
You can get the Secret by asking in the Chatbot. Cloudi-Fi’s Support team will provide you with the necessary information.
What shared secret is used for the Radius server for 802.1X for Aruba Central? Please save this confidential information securely, and do not share it publicly.
2. Get the Cloudi-Fi NAS-ID
You must create or use a Cloudi-Fi location and retrieve its NAS-ID (Hash key).
- Log in to the Cloudi-Fi admin console.
- Go to Location.
- Create a new location if needed and fill in:
- Location name
- Type (Redirect URL)
- Country
- Save.
- Click the location you created.
- Go to Network parameters and copy the Hash key — this will be used as the NAS-ID.
3. Configure a group
Once on the Aruba Central interface, we suggest you group your devices by location for simplified management and configuration.
- Start by selecting "Global" and then click on "Groups" located at the top left.
- Proceed to create a new group by clicking the "+" symbol. We suggest generating a group for each specific location.
- Assign a name to the group as "your_Group."
- Choose "Access Point" to indicate that this group will encompass Access Points.
- To continue, click the "Next" button.
You can adapt the configuration to your network and equipment by clicking “Add“.
Note: The access point architectures of both ArubaOS 8 and ArubaOS 10 are compatible.
4. Create an SSID
At this level, you’ll create a new SSID and configure it as a network for managed devices.
To create a new SSID:
Navigate to Devices, then Access Points.
Enable config mode
Click on "Add SSID."
Name your SSID and then select "Next."
Configure your network preferences and click "Next" to proceed.
Opt for the "Enterprise" Security Level.
- Key Management : WPA3-Enterprise(CCM 128)
- Server Group : Primary and backup only
Click on the button "+"
- Server type : Radius
- Radsec : disabled
- Shared Key : Provided by Cloudi-Fi
- Retry Count : 3
- Timeout : 5
- Name : e.g. cloudifi_radius_emp
- IP Address/FQDN : Click here to obtain the IP
- NAS Identifier : set the NAD ID collected in 2. Get the Cloudi-Fi NAS-ID
- Auth port: 1815
- Query Status of RADIUS Servers(RFC 5997): Authentication and Accounting
- Require Message-Authenticator in RADIUS Requests : enabled
Click "OK" to proceed.
Then choose the "Role-based" access rules and click on “Next“.
Then click on “Finish“ to finish.
5. Validation
- After completing the configuration:
- Connect a test client to the SSID.
- The client should be prompted for 802.1X credentials.
- Successful authentication should appear in both:
- Aruba Central > Devices
- Cloudi-Fi > Users > Authentications
If authentication fails, verify:
- RADIUS IPs and shared secret match on both sides.
- UDP port 1815 is reachable from the access point.
- The Cloudi-Fi RADIUS service is not blocked by your firewall.