Describes how to configure your Aruba Airwave to activate the Cloudi-Fi splash page feature.
This setup consists of below main parts:
-
Get Cloudi-Fi required information
-
Enable Instant GUI Config
-
SSID Configuration
-
Import SSL certificate
-
Syslog forwarding
1) Get Cloudi-Fi required information
Location URL : this URL will be used to configure an External Captive Portal
-
Cloudi-Fi administration Locations Click on the menu button of the location and select Copy Splash page URI
-
Transform the URI as following
Company Key :
-
Go to Settings Company Account and copy the Cloudi-Fi Public Key
Radius Server Information
-
Use the chatbot interface and ask for the Radius IPs and secret
2) Enable Instant GUI Config
The Instant GUI config feature allows Instant APs to be configured via AirWave, rather than through the embedded controllers in the access points.
Enabling this feature is done in Groups Basic and Enable Instant GUI Config
Save and Apply. The Instant Config menu should be visible in Groups List Select the Group name to configure.
3) SSID Configuration
Go to Groups List and select the Group name where you want to define SSIDs
Click on the "+" button to add a new network
-
Type : Wireless
-
Name : Give it a name
-
Usage : Guest
In the advanced options, make sure that the SSID is broadcasted.
In the VLAN menu, configure the appropriate network parameters.
In the Security menu, choose Splash page type: External
Create a captive portal profile
-
Type: Radius Authentication
-
IP or hostname: login.cloudi-fi.net
-
URL: paste the rest of the splash page URI
-
Port: 443
-
Use HTTPS : Enabled
-
Captive portal Failure : Deny Internet
-
Automatic Whitelisting : Enabled
-
Redirect URL: your website
Create Radius authentication servers
-
IP : Provided by Cloudi-Fi
-
Auth Port : 1812
-
Shared secret : Provided by Cloudi-Fi
-
Confirm Shared secret : Provided by Cloudi-Fi
-
RFC 5997 : Authentication
-
Nas-Identifier : Cloudi-Fi Public Key
-
Service type framed user : Captive portal
In the Access menu, choose Role-Based and create a new rule
-
Rule Type : Access Control
-
Service : Network
-
Any
-
Action : Allow
-
Destination : To a Particular server
-
IP : login.cloudi-fi.net
-
Options : Log
Select this new rule as the pre-authentication rule
In Access Rules, edit the rule and check the log option
4) Import SSL certificate
TLS/SSL certificates secure internet connections by encrypting your data. They ensure that data is transmitted privately, without modification, loss or theft. By adding a certificate, you ensure a more secure Internet experience for your users.
In addition, some browsers may block authentication on HTTP pages. Using a certificate will allow access to HTTPS pages and your users can authenticate themselves.
Go to Device Setup Certificate and add a new item:
-
Name: Name of the certificate
-
Certificate Name : Import the certificate from your computer
-
Passphrase and confirm Passphrase : Provide the secret Key
-
Format : PKCS#12 or PEM
-
Type : Captive Portal Cert
Go to Groups List Select Group Basic Aruba Instant and select the appropriate Certificate for Captive portal Cert
5) Syslog Forwarding
We are now going to configure the Syslog so that the access logs are sent to Cloudi-Fi.
Go to Instant Config System Monitoring
-
Syslog server : IP provided by Cloudi-Fi
-
Syslog Facility levels : According to your convenience, at least User and User-Debug with the Debug level (or by default all at Debug)
Comments
0 comments