Describes how to configure your Aruba Airwave to activate the Cloudi-Fi splash page feature.
Use case
The following sections will give you step-by-step instructions to enable Cloudi-Fi cloud-based WiFi Captive portal service with your existing Aruba Airwave architecture.
Prerequisites
Before starting, ensure that you have the following prerequisites:
- An Aruba access point.
- Access to the Aruba dashboard.
- Cloudi-Fi Radius IPs and Secret
- Knowledge of your network’s IP addressing scheme.
- Firewall ports allowed:
- HTTP, HTTPS
- DNS
- RADIUS: UDP 1812, 1813
1. Get Cloudi-Fi required information
Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:
- Location Name
- Type (Redirect URL)
- Portal template
- Country
Location URL: this URL will be used to configure an External Captive Portal
- Access the Cloudi-Fi administration console
- Select the location
- Click on the menu button for the location
- Select "Copy Splash page URL"
Transform the URL as follows:
Cloudi-Fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com
Aruba Airwave
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/sparuba.com
Company Key
- Go to Settings Company Account and copy the Cloudi-Fi Public Key
2. Get Radius information
You will need the Radius information (Server IPs, Secret, Ports) to proceed with the setup.
- IPs address of the Radius servers
- Ports: UDP 1812 (Authentication) & 1813 (Accounting)
- The Secret (provided by Cloudi-Fi Support)
You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.
- What shared secret is used for the Radius server with Aruba? (Please save this confidential information securely, and do not share it publicly.)
-
Transform the URI as following
Cloudi-Fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com
Aruba Instant
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/sparuba.com
3. Enable instant GUI config
The Instant GUI config feature allows Instant APs to be configured via AirWave rather than through the embedded controllers in the access points.
Enabling this feature is done in Groups Basic and Enable Instant GUI Config.
Save and Apply. The Instant Config menu should be visible in the Groups List Select the Group name to configure.
4. SSID configuration
Go to Groups List and select the Group name where you want to define SSIDs
Click on the "+" button to add a new network
-
Type : Wireless
-
Name : Give it a name
-
Usage : Guest
Ensure the SSID is broadcasted in the advanced options.
Configure the appropriate network parameters in the VLAN menu.
In the Security menu, choose Splash page type: External
Create a captive portal profile
-
Type: Radius Authentication
-
IP or hostname: login.cloudi-fi.net
-
URL: paste the rest of the splash page URI
-
Port: 443
-
Use HTTPS: Enabled
-
Captive portal Failure: Deny Internet
-
Automatic Whitelisting: Enabled
-
Redirect URL: your website
Create Radius authentication servers.
-
IP: Provided by Cloudi-Fi
-
Auth Port: 1812
-
Shared secret: Provided by Cloudi-Fi
-
Confirm Shared secret: Provided by Cloudi-Fi.
-
RFC 5997: Authentication
-
Nas-Identifier: Cloudi-Fi Public Key
-
Service type framed user: Captive portal
In the Access menu, choose Role-Based and create a new rule.
-
Rule Type: Access Control
-
Service: Network
-
Any
-
Action: Allow
-
Destination: To a Particular server
-
IP: login.cloudi-fi.net, login-cn.cloudi-fi.net
-
Options: Log
Select this new rule as the pre-authentication rule
In Access Rules, edit the rule and check the log option
5. Import SSL certificate
TLS/SSL certificates secure internet connections by encrypting your data. They ensure data is transmitted privately, without modification, loss or theft. Adding a certificate ensures a more secure Internet experience for your users.
In addition, some browsers may block authentication on HTTP pages. Using a certificate will allow access to HTTPS pages, and your users can authenticate themselves.
Go to Device Setup Certificate and add a new item:
-
Name: Name of the certificate
-
Certificate Name: Import the certificate from your computer
-
Passphrase and confirm Passphrase: Provide the secret Key.
-
Format : PKCS#12 or PEM
-
Type: Captive Portal Cert
Go to Groups List, Select Group Basic Aruba Instant, and select the appropriate Certificate for Captive portal Cert.
6. Syslog forwarding
We will now configure the Syslog to send the access logs to Cloudi-Fi.
Go to Instant Config System Monitoring
-
Syslog server: IP provided by Cloudi-Fi
-
Syslog Facility levels: According to your convenience, at least User and User-Debug with the Debug level (or by default all at Debug)
Troubleshooting
If you still encounter any issues during the setup or operation, follow Cloudi-Fi's first-level troubleshooting guide. We invite you to contact the Cloudi-Fi support team if you still face issues.
What’s next?
Congratulations on configuring your Aruba Airwave with Cloudi-Fi!