Skip to main content

Search

Cloudi-Fi Knowledge Base

How to integrate Aruba Airwave with Cloudi-Fi

Alexandre de THOMASSON
  • Updated

Describes how to configure your Aruba Airwave to activate the Cloudi-Fi splash page feature.

 

Use case

The following sections will give you step-by-step instructions to enable Cloudi-Fi cloud-based WiFi Captive portal service with your existing Aruba Airwave architecture.

 

Prerequisites

Before starting, ensure that you have the following prerequisites:

  • An Aruba access point.
  • Access to the Aruba dashboard.
  • Cloudi-Fi Radius IPs and Secret  
  • Knowledge of your network’s IP addressing scheme.
  • Firewall ports allowed: 
    • HTTP, HTTPS
    • DNS
    • RADIUS: UDP 1812, 1813

 

1. Get Cloudi-Fi required information

Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:

  • Location Name
  • Type (Redirect URL)
  • Portal template
  • Country 

Location URL: this URL will be used to configure an External Captive Portal

  • Access the Cloudi-Fi administration console
  • Select the location
  • Click on the menu button for the location
  • Select "Copy Splash page URL"

Cloudi-Fi Get captive portal url

Transform the URL as follows:

Cloudi-Fi

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com

Aruba Airwave

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/sparuba.com

Company Key

  • Go to Settings Company Account and copy the Cloudi-Fi Public Key

 

2. Get Radius information

You will need the Radius information (Server IPs, Secret, Ports) to proceed with the setup.

  1. IPs address of the Radius servers
  2. Ports: UDP 1812 (Authentication) & 1813 (Accounting)
  3. The Secret (provided by Cloudi-Fi Support)

You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.

Cloudi-Fi - Get Radius information for Aruba Airwave

  1. What shared secret is used for the Radius server with Aruba? (Please save this confidential information securely, and do not share it publicly.)

  • Transform the URI as following

Cloudi-Fi

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com

Aruba Instant

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/sparuba.com

 

3. Enable instant GUI config

The Instant GUI config feature allows Instant APs to be configured via AirWave rather than through the embedded controllers in the access points.

Enabling this feature is done in Groups Basic and Enable Instant GUI Config.

Save and Apply. The Instant Config menu should be visible in the Groups List Select the Group name to configure.

 

4. SSID configuration

Go to Groups List and select the Group name where you want to define SSIDs

 

Aruba Airwave - Instant Config add SSID

Click on the "+" button to add a new network

 

Aruba Airwave - Configure SSID with Captive portal

  • Type : Wireless

  • Name : Give it a name

  • Usage : Guest

Ensure the SSID is broadcasted in the advanced options.

Configure the appropriate network parameters in the VLAN menu.

In the Security menu, choose Splash page type: External

Aruba Airwave - Configure External splash page

Create a captive portal profile

Aruba Airwave - Configure External captive portal

  • Type: Radius Authentication

  • IP or hostname: login.cloudi-fi.net

  • URL: paste the rest of the splash page URI

  • Port: 443

  • Use HTTPS: Enabled

  • Captive portal Failure: Deny Internet

  • Automatic Whitelisting: Enabled

  • Redirect URL: your website

Create Radius authentication servers.

  • IP: Provided by Cloudi-Fi

  • Auth Port: 1812

  • Shared secret: Provided by Cloudi-Fi

  • Confirm Shared secret: Provided by Cloudi-Fi.

  • RFC 5997: Authentication

  • Nas-Identifier: Cloudi-Fi Public Key

  • Service type framed user: Captive portal

In the Access menu, choose Role-Based and create a new rule.

Aruba Airwave - Role-based for captive portal

  • Rule Type: Access Control

  • Service: Network

  • Any

  • Action: Allow

  • Destination: To a Particular server

  • IP: login.cloudi-fi.net, login-cn.cloudi-fi.net

  • Options: Log

Select this new rule as the pre-authentication rule

In Access Rules, edit the rule and check the log option

 

5. Import SSL certificate

TLS/SSL certificates secure internet connections by encrypting your data. They ensure data is transmitted privately, without modification, loss or theft. Adding a certificate ensures a more secure Internet experience for your users.

In addition, some browsers may block authentication on HTTP pages. Using a certificate will allow access to HTTPS pages, and your users can authenticate themselves.

Go to Device Setup Certificate and add a new item:

Aruba Airwave - Add HTTPS certificate for captive portal

  • Name: Name of the certificate

  • Certificate Name: Import the certificate from your computer

  • Passphrase and confirm Passphrase: Provide the secret Key.

  • Format : PKCS#12 or PEM

  • Type: Captive Portal Cert

Go to Groups List, Select Group Basic Aruba Instant, and select the appropriate Certificate for Captive portal Cert.

 

6. Syslog forwarding

We will now configure the Syslog to send the access logs to Cloudi-Fi.

Go to Instant Config System Monitoring

Aruba Airwave - Configure External syslog for captive portal

  • Syslog server: IP provided by Cloudi-Fi

  • Syslog Facility levels: According to your convenience, at least User and User-Debug with the Debug level (or by default all at Debug)

 

Troubleshooting

If you still encounter any issues during the setup or operation, follow Cloudi-Fi's first-level troubleshooting guide. We invite you to contact the Cloudi-Fi support team if you still face issues.

 

What’s next?

Congratulations on configuring your Aruba Airwave with Cloudi-Fi!