Skip to main content

Search

How can we help ?

Aruba Instant deployment

Alexandre de THOMASSON
  • Updated


Describes how to configure your Aruba Instant Access Points to activate the Cloudi-Fi splash page feature.

                                                            

 

Pre-requisite: Get the Cloudi-Fi required URL and Radius Secret

Go to your Cloudi-Fi administration interface and get the URL for external authentication

 

Go to Locations Menu

Click on the menu button of the location and select "Copy Splash page URI"

Go to the chat interface and ask for your Radius secret

  • Copy the secret as well

 

1. Create an authentication server

This server will send authorization to the Aruba controller after the user provided his credentials to Cloudi-Fi.
In the Aruba Instant controller GUI, in the top right corner, go to Security Authentication Server New.

 

IP Address: 87.98.173.68
Auth Port: 1812
Accounting port: 1813
Shared key: provided by the Cloudi-Fi support team
Service type framed user: tick Captive Portal

 

2. Create an external captive portal 

In this section, we will configure the URL where the user are redirected to be authenticated.
Go to Security External Captive Portal New

 

Type: RADIUS Authentication
IP or hostname: login.cloudi-fi.net
URL: your dedicated URL is provided in the Cloudi-Fi administration portal
Port: 443
Use https: Enabled
Captive Portal failure : Deny Internet
All other settings are Disabled

 

3. Create a Pre-Authentication role

This role will be assigned to users not authenticated yet in the Cloudi-Fi portal.
This role will authorize a non-authenticate user to access external resources needed for the authentication.
For example, we allow the user to access Facebook to use his Facebook account to log in.
Go to Security Role New Name it CloudiFi_pre-auth
Create rules as below:
Rule type: Access control
Service: Network
Action: Allow
Destination: to the domain name
Domaine name: login.cloudi-fi.net, login-cn.cloudi-fi.net and depending authentication module available on your captive portal, you need to add different URLs.
The cloudi-Fi Support team will provide you needed URL.

 

4. WLAN Creation

In the controller GUI Dashboard, click on "+" in the Network section to add a new WLAN.

 

Give it a name
Primary usage: Guest
Next

 

These choices are depending of your your network infrastructure (if you have a dedicated DHCP server, if you need to assign users in a VLAN...)
Else you can let default choices.

 

In the Security tab:
Splash page type: External
Captive portal profil: Cloudi-Fi
WISPr: Disabled
MAC authentication: Disabled
Auth server1: Cloudi-Fi Radius
Reauth interval: this timer shall be equal to the lifetime session configured in Cloudi-Fi portal
All other options must be disabled

 

In the Access tab:
Select default_wired_port_profile (except if you want to restrict some specific resources)
Tick and assign the pre_authentication role we created earlier
Click Finish

 

 

 

5. Captive Portal Certificate on Aruba controller 

A public certificate has to be deployed on the controller to bring up a secured channel between the guest device and the Aruba controller. Without this certificate, guests will receive "Untrusted Certificate" error messages after they authenticate on the Cloudi-Fi portal.

 

Once you get a public certificate, you must put all certificate material in a single file in x509 ( aka PEM ) or PKCS12 format.

 

The AP’s certificate must be first, followed by the certificate chain in order, and then followed by the private key for the certificate. For example, with a root CA, a single intermediate CA, and a root CA, the PEM or PKCS12 file must contain the following parts in this order:

1. Server Certificate

2. Intermediate CA

3. Root CA

4. Private key

 

Once done, upload the certificate under Maintenance Certificates.

 

Aruba Controller will create a DNS record corresponding to your Server Certificate Common Name.


And finally, reboot the Access Point.