Skip to main content

Search

How can we help ?

Aruba Instant AP deployment with Cloudi-Fi

Alexandre de THOMASSON
  • Updated

Learn how to create a secure captive portal with Aruba Instant AP using Radius for user authentication. Step-by-step guide for network control.

                                                            

Table of contents

Overview

Prerequisites

Step 1 - Get Cloudi-Fi required URL

Step 2 - Get Radius information

Step 3 - Network configuration

Step 4 - Security configuration

Step 5 - Create a captive portal profile

Step 6 - Create an authentication server

Step 7 - Configure the access rules

Step 8 - Add a certificate

Troubleshooting

What’s Next?

 

Overview

Employing the authentication features of a Radius server enables you to enforce access control policies, optimise bandwidth allocation, and improve device identification and network management. The upcoming sections will guide you through setting up this configuration step by step. 

Prerequisites

Before starting, ensure that you have the following prerequisites:

  • An Aruba access point.
  • Cloudi-Fi Radius IPs and Secret  
  • Access to the Aruba dashboard.
  • Knowledge of your network’s IP addressing scheme.
  • Permission to configure your firewall to allow specific ports."
Source Destination Port Protocol Action Comment
Guest subnet Cloudi-Fi IPs 1812-1813 UDP Allow RADIUS traffic
Guest subnet Any 80 TCP Allow HTTP traffic
Guest subnet Any 443 TCP Allow HTTPS traffic
Guest subnet Any 53 UDP/TCP Allow DNS resolution
* * * * Deny To be adjusted according to your needs

 

Step 1 - Get Cloudi-Fi required URL

  • Location URL: this URL will be used to configure an External Captive Portal
  • Access Cloudi-Fi administration > Select the location and choose Copy Splash page URI.Cloudi-Fi Get captive portal url.png
  • Transform the URL as show below.

 

Step 2 - Get Radius information

To proceed with the setup, you'll require the Radius details, including Server IPs, Secret, and Ports: 

  1. IPs address of the Radius servers
  2. Ports: UDP 1812 (Authentication) & 1813 (Accounting)

You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information: 

“What shared secret is used for the Radius server with Aruba? (Please save this confidential information securely, and do not share it publicly.)”

Screenshot 2023-10-25 at 11.59.41.png

Step 3 - Network configuration

  1. On the Virtual controller interface, go to Configuration Networks
  2. Click on the « + » to create a new Network
  3. Name your Network, select "Wireless" as the type, and "Guest" as the Primary usage.
  4. Proceed to set your Vlan parameters (recommended: "Network assigned" and "Default" for Client IP and VLAN assignments).

 

Step 4 - Security configuration

  • Splash page type: External
  • Captive portal profile: Click on « + » to create a new portal
  • Authentication server: Click on « + » to create a new authentication server

Step 5 - Create a captive portal profile

After selecting the '+' to generate a new captive portal profile, a pop-up window will appear.

  • Type: RADIUS Authentication
  • IP or hostname: login.cloudi-fi.net
  • URL: the one that you’ve modified here
  • Port: 443
  • Use HTTPS: selected
  • Captive Portal failure: Deny Internet
  • Redirect URL: optional

 

Step 6 - Create an authentication server

  • Enter the server information as following
  • Select "Authentication" and "Captive Portal."

Step 7 - Configure the access rules

Once you’ve finished the security part, you can configure the Access rules

  • Access Rules: Unrestricted
  • Download roles: unselected

At this stage, your captive portal has been set up.

Step 8 - Add a certificate

The absence of a certificate could lead to display issues. 

To add a certificate, go to Maintenance Certificates> click on Upload New Certificate.

A popup will show up on your screen, allowing you to add your certificate.

 

Troubleshooting

If you encounter issues with your captive portal, they may have various underlying causes.

Firewall problem 

Firewall Concerns Before troubleshooting, ensure that the following firewall rules are enabled, as outlined in the prerequisites section.

If problems persist after configuring, follow these steps and share the following details with the Cloudi-Fi support team:

  • Capture a web snapshot from your browser
  • Share the captured data with Cloudi-Fi support
  • Provide the URL of the captive portal configured on your Aruba device
  • Share any User IDs encountering error pages

Certificate-related Problems 

If you lack a valid or properly applied certificate, you need to add and configure the certificate:

Add the Certificate:

  1. Navigate to "Your Group" in the Group section, then "Organization," and select "Certificates."
  2. Right-click on the '+' icon to add a certificate.
  3. Specify the name as "Your_certificate_name."
  4. Choose "Server Certificate" as the type.
  5. Select "PEM" as the format.
  6. Enter the passphrase and retry the passphrase.
  7. Add the certificate file.

Apply the Certificate to the Portal:

  1. Go to "Your Group" in Group, then "Device" and "Security."
  2. Unlock Certificate Usage.
  3. Check and add "Your_certificate."
  4. Click "Save Setting."

Error after authentication on the page

If you encounter a Cloudi-Fi error page after connecting to the SSID instead of your captive portal, check if  

  • The URL transformed at the beginning is not misconfigured, 
  • Aruba APs do not receive requests from Cloudi-Fi.

Check the configuration of the Radius server:

  • The IP address of RADIUS 
  • RADIUS port (default port 1812)
  • The shared password.
  • Perform a Radius test from the Aruba dashboard.

Check the availability of the RADIUS server:

If you encounter any issues or have any questions, please do not hesitate to contact our Support team.

What’s Next?

Please refer to this page for additional details regarding Aruba and Cloudi-Fi configurations.