Describes how to configure your Aruba Cloud (Central) to enable Cloudi-Fi's captive portal.

This setup consists of below main parts:

1. Get Cloudi-Fi required information

2. Configure a group

3. Configure the SSID

4. Configure the SSID Security Level

5. Configure the Radius Server and the Captive Portal

6. Configure the Access rules

7. Configure the Syslog Server

8. Configure an SSL Certificate (Optional)

1. Get Cloudi-Fi required URL

Location URL: this URL will be used to configure an External Captive Portal

Cloudi-Fi administration Locations Click on the menu button of the location and select Copy Splash page URI

Transform the URI as follows

Go to the chat interface and ask for your Radius secret

• Copy the secret as well

2. Configure a Group

NB: We recommend you create a Group by Location

On the Aruba Central interface :

• click on "Global"

• modify "Groups" by clicking on the gear

• add a New Group by clicking on the "+"

Then, you can give a name to your Group and select the type of devices that will belong to it.

You can now add your devices to each Group.

3. Configure the SSID

Click on the Config button in the top right corner. You can see all the SSIDs on your devices, and we will add a new one by clicking "Add SSID".

Give a name to your new SSID.

Apply your Network’s preferences

4. Configure the SSID Security Level

Select the "Visitors" Security Level. Choose the "External Captive Portal" type. Now, you must configure the Captive Portal Profile and the Radius servers.

5. Configure the Radius Server and the Captive Portal

First, we will create the link to the external captive portal. Click on the " + " and select " External Captive Portal ".

Name it, choose RADIUS authentication, and write " login.cloudi-fi.net " as IP/Hostname, then in the URL box, enter your portal’s modified URL from "/auth " to the end.

Check the "Automatic URL Allowlisting" then click on "OK".

Add a new "Primary Server", and enter the information that you can find on this page: Radius & Syslog servers

Use the secret that the Cloudi-fi's support gave you earlier.

Check "MAC/Captive Portal", "Authentication" and "Accounting" then click on "OK".

Add the "Secondary Server" as well.

Then, in the « Advanced Settings », go to the « Walled Garden » and add « *.cloudi-fi.net » in the Allowlist by clicking on the « + Add ».

6. Configure the Access rules

Choose « Role Based » access rules and create a "pre-auth" Role

This rule should allow connections to a Domain Name: login.cloudi-fi.net

You have to check "Log" too.

Assign Pre-Authentication Role: check and select the "pre-auth" that you’ve just created.

Click on « Next » and then finish.

7. Configure the Syslog Server

To configure the Syslog server, click on "System" then "Logging", now you can enter the server's IP address.

Ensure you are part of the appropriate group before configuring the Syslog server. Click on "device", followed by "System" and then "Logging", and input the Syslog IPs for Cloudi-Fi's server.

And select user and user-debug as Syslog Facility Level with debug level and Warning or critical for everything else.

9. Configure an SSL Certificate (Optional)

If you encounter several problems connecting to the internet using the captive portal, importing a certificate could be the solution.

To import a certificate in your Group, click on "Organization" on the left panel, then click on "Certificates."

Now you can add a new certificate by clicking "+".

And applies the following settings:

To ensure that the newly added certificate is recognized, applying it to the captive portal is necessary.

Click on "Portal Captive" and select "your_certificate" to apply for the added certificate. After successfully adding and using the certificate, connect to the SSID.