Describes how to configure your Aruba Cloud (Central) to enable Cloudi-Fi's captive portal.
This setup consists of below main parts:
1. Get Cloudi-Fi required URL
Location URL: this URL will be used to configure an External Captive Portal
Cloudi-Fi administration Locations Click on the menu button of the location and select Copy Splash page URI
Transform the URI as follows
Go to the chat interface and ask for your Radius secret
-
Copy the secret as well
2. Configure a Group
NB: We recommend you create a Group by Location
On the Aruba Central interface :
-
click on "Global"
-
modify "Groups" by clicking on the gear
-
add a New Group by clicking on the "+"
Then, you can give a name to your Group and select the type of devices that will belong to it.
You can now add your devices to each Group.
3. Configure the SSID
Click on the Config button in the top right corner. You can see all the SSIDs on your devices, and we will add a new one by clicking "Add SSID".
Give a name to your new SSID.
Apply your Network’s preferences
4. Configure the SSID Security Level
Select the "Visitors" Security Level. Choose the "External Captive Portal" type. Now, you must configure the Captive Portal Profile and the Radius servers.
5. Configure the Radius Server and the Captive Portal
First, we will create the link to the external captive portal. Click on the " + " and select " External Captive Portal ".
Name it, choose RADIUS authentication, and write " login.cloudi-fi.net " as IP/Hostname, then in the URL box, enter your portal’s modified URL from "/auth " to the end.
Check the "Automatic URL Allowlisting" then click on "OK".
Add a new "Primary Server", and enter the information that you can find on this page: Radius & Syslog servers
Use the secret that the Cloudi-fi's support gave you earlier.
Check "MAC/Captive Portal", "Authentication" and "Accounting" then click on "OK".
Add the "Secondary Server" as well.
Then, in the « Advanced Settings », go to the « Walled Garden » and add « *.cloudi-fi.net » in the Allowlist by clicking on the « + Add ».
6. Configure the Access rules
Choose « Role Based » access rules and create a "pre-auth" Role
This rule should allow connections to a Domain Name: login.cloudi-fi.net and login-cn.cloudi-fi.net
You have to check "Log" too.
Assign Pre-Authentication Role: Select the "pre-auth" you’ve just created.
Click on « Next » and then finish.
7. Configure the Syslog Server
To configure the Syslog server, click on “System" then "Logging", now you can enter the server’s IP address.
Ensure you are part of the appropriate group before configuring the Syslog server. Click on "device", followed by "System" and then "Logging", and input the Syslog IPs for Cloudi-Fi’s server.
And select user and user-debug as Syslog Facility Level with debug level and Warning or critical for everything else.
9. Configure an SSL Certificate (Optional)
If you encounter several problems connecting to the internet using the captive portal, importing a certificate could be the solution.
To import a certificate in your Group, click "Organization" on the left panel, then click "Certificates."
Now you can add a new certificate by clicking "+".
And applies the following settings:
To ensure that the newly added certificate is recognised, applying it to the captive portal is necessary.
Click on "Portal Captive" and select "your_certificate" to apply for the added certificate. After successfully adding and using the certificate, connect to the SSID.