Configuring Aruba Controller

Purpose of this document

  • This document should be used in conjunction with Aruba user guide for configuring your Aruba Access points (IAP controller) in WiFiLAN Cloud. Please refer to WiFiLAN administrator guide and Aruba user guide for detail information.
  • It assumes that the user has basic knowledge of networking including configuring subnet mask, RADIUS setting, default gateway and DNS configuration.
  • In order to configure Aruba you will need a static IP address, Subnet mask, default gateway and DNS information given to you by your Internet Service Provider. Please keep this information handy while setting up your gateway.
  • Configuring WiFiLan you will need the WAN public IP address, AP MAC address, RADIUS secret, serial number and public IP address of your Aruba gateway.
  • You need an active WiFiLan account. Please contact Wifi-soft sales to create your WiFiLan account.

 

WiFiLan Setup

Add Hotspot:

  1. Open a web browser and type http://w1.wifi-soft.net/wifilan/ and press Enter. Welcome screen of WiFiLan appears.
  2. Click the Hotspot link under Authentication section.
  3. Click the Add New Hotspot tab. The New Hotspot page appears.

Fields and Buttons

Description

Hotspot Plan

Select the plan for the hotspot based on number of concurrent users.

Hotspot Name

Enter the name of the hotspot in the Hotspot Name field.

Address

Enter the address of the location in the Address field.

City

Enter the name of the city of the location in the City field.

State

Select the name of the state from the State drop down list.

Zip Code

Enter the zip code of the location in the Zip Code field.

Latitude

Enter the Latitude of the location in the Latitude field.

Longitude

Enter the Longitude of the location in the Longitude field.

Type

Select the type of location from the Type drop down menu.

Is Paid

Click Is Paid check box if the location is charged.

Auto MAC Register

Select Auto MAC Register check box to enable the auto login feature in WiFiLan.

Submit

Click Submit button to save the changes.


Then, enter the details of the gateway

Fields & Buttons

Description

Device Type

Select Aruba from the Device Type drop down menu.

Public IP Address

Enter Public IP Address of the gateway in the IP Address field. If your broadband connection is having a dynamic IP, please enter the current IP address. WiFiLAN will work even when the IP address changes. In this case, WiFiLAN uses the MAC address or NAS ID of the router to validate the packet.

If you don't know the public IP, connect to your modem and type http://www.whatismyip.org. It will display your current public IP address.

Secret

Enter the RADIUS secret configured in the gateway in the Secret field.

NAS ID

Enter an Unique NAS Identifier for the device in the NAS ID field.

MAC Address

Enter the MAC address of the WAN port in the MAC Address field.

Description

Enter a short description for the device

Once the hotspot is added, WiFiLAN will be ready to start accepting AAA requests from the gateway/controller. When the hotspot is added, WiFiLAN will automatically add a user group for that hotspot. The space in the hotspot name is replaced with underscore for the user group name.

Now you will need to design a captive portal for your hotspot and generate a URL that can be configured in the gateway/controller's settings.

Please refer to the captive portal design guide for steps to design your custom captive portal.

 

Configure Aruba Access Point (AP)

To configure Aruba Access Point (AP)

  1. Open a web browser and type web address of Aruba and press Enter.
  2. Aruba Login page appears.

  3. Enter Username and Password.

  4. Click Login. Aruba welcome screen appears.

  5. Click Security link (in the top right corner).

  6. Security pop up window appears. To add Authentication Server click New button.

New Authentication Server pop up window appears.

Authentication Servers tab

Fields & Buttons

Description

Radius

Select the Radius radio button.

Name

Enter name for hotspot in the Name field.

IP Address

Enter IP address of the RADIUS server in the IP Address field.

Auth port

Enter the Authentication port number of Radius server in Auth port field. Example: 1812

Accounting port

Enter the accounting port of Radius server in Accounting port field. Example: 1813

Shared Key

Enter shared secret in the Shared Key field. The shared Key should match the shared key configured in WiFiLAN.

Retype Key

Re-enter the shared Key in the Retype Key field.

Timeout

Enter timeout for authentication to 10 seconds in the Timeout field.

NAS IP

Enter the public IP address of the AP, if IP address is static in the NAS IP field.

NAS Identifier

Enter the NAS Identifier in the NAS Identifier field. Copy the NAS Identifier from WiFiLAN.

OK

Click OK to save the changes.

External Captive Portal tab

To add external captive portal

  1. Click External Captive Portal tab. Pop up window appears.

Fields & Buttons

Description

Name

Enter Name of the Wifi-soft Portal in the Name field.

Type

Select Radius Authentication from the Type drop down menu.

IP or hostname

Enter domain name of Wifisoft portal server in IP or hostname field. Example: wp1.wifi-soft.com

URL

Enter URL after the domain name in the URL field.

Port

Enter HTTP port (80 or 443) in the Port field.

Use https:

Select Disabled option from the Use https: drop down menu.

Captive Portal failure

Select Deny Internet option from the Captive Portal failure drop down menu.

Automatic URL whitelisting:

Select Disabled option from Automatic URL whitelisting drop down menu.

Redirect URL

This should be following URL:

http://wp1.wifi-soft.com/portal/default/loginIframeSuccess.php

OK

Click OK to save the changes.

Wall Garden tab

  1. Click Wall Garden tab. Pop up window appears.

  2. Click the New button in the left corner of the pop up window. New regular expression for Whitelist field appears.

  3. Enter Whitelisted URL in the field, and click OK. The URL will be added in the above Whitelist

 

System Configuration

  1. Click System link (on the top right corner).

System pop up window appears.

Fields & Buttons

Description

Name

Enter the public IP of your Internet connection in the Name field. It is the IP address of master IAP

System location

Keep the System location field blank.

Virtual Controller IP

Enter the Virtual Controller IP in the Virtual Controller IP field

Dynamic RADIUS proxy

Select Disabled option from Dynamic RADIUS proxy drop down menu.

MAS integration

Select Disabled option from MAS integration drop down menu.

NTP server

Keep the NTP server field balnk.

Timezone

Select time zone from the Timezone drop down menu.

Preferred band

Select All option from Preferred band drop down menu

AppRF visibility

Select Enabled option from AppRF visibility drop down menu.

OK

Click OK to save the changes.

Cancel

Click Cancel to discard the changes.

  1. Hover your mouse on More link (in the top right corner). You will see 6 options:
  • VPN
  • IDS
  • Wired
  • Services
  • DHCP Server
  • Support

  2. Click Services option under More link. Click Network Integration tab.

  3. Configure only XML API Server Configuration

  1. Enter the WiFiLan Portal server IP address in the IP address
  2. Enter the secret in the Passphrase It should match the WiFiLan secret.
  3. Re-enter the secret in the Retype field.
  4. Click OK to save the changes.

WLan Configuration

Click the New link (in top left corner) of the Welcome screen of Aruba.

WLAN pop up window appears.

  1. Enter the SSID that you want to broadcast in the Name (SSID)
  2. Select Guest radio button for the Primary Usage
  3. Click Next. Step 2 VLAN window appears. Skip this step.
  4. Click Next. Step 3 Security Level window appears.

Security Level

Fields & Buttons

Description

Splash Page type

Select External option from Splash Page type drop down menu.

Captive Portal profile

Select Wifisoft-Portal option from Captive Portal profile drop down menu.

WISPr

Select Enabled option from the WISPr drop down menu.

Auth server 1

Select Wifi-soft (RADIUS profile) option from the Auth server 1 drop down menu.

Auth server 2

Select secondary RADIUS profile (if applicable) option from the Auth server 2 drop down menu.

Reauth interval

Keep the Reauth interval as 0.

Accounting

Select Use authentication servers option from Accounting drop down menu.

Accounting mode

Select Authentication option from the Accounting mode drop down menu.

Accounting interval

Enter 10 mins in Accounting interval field. (Interim Update Interval)

Blacklisting

Select Disabled option from the Blacklisting drop down menu

Walled Garden

Click the Wall Garden link to view the status of the Blacklist, and Whitelist.

Disable if uplink type is

Don’t select any check box for Disable if uplink type is menu.

Encryption

Select Disabled option for the Encryption drop down menu.

Back

Click Back button to go to Step 2 VLAN.

Next

Click Next button to go to Step 4 Access.

Cancel

Click Cancel button to discard the changes

Step 4 Access

When you click on Step 4 Access. Access Rules window appear.

  1. Click Role - Based link (in the left pane).
  2. Click New button under Roles table.

  3. Enter the name of the role called PreAuth to handle the flow for pre-authenticated users. And click Ok. The Role is added in the above Roles

  4. Click the New button under the table called Access Rules for PreAuth.

  5. Select Captive portal option from the Rule type drop down menu.
  6. Select External option from Splash page type drop down menu.
  7. Select Wifisoft-Portal option from Captive portal profile drop down menu.
  8. Click OK to save the rule defined.

Define another rule to block all the traffic in the network until the customer is authenticated.

  9. Click the New button under the table called Access Rules for PreAuth.

  10. Select Access Control option from the Rule type drop down menu.
  11. Select Network radio button from the Services
  12. Select any option, and Deny option under Action drop down menu.
  13. Select to all destinations from the Destinations drop down menu.

  14. Click OK to save the changes.

  15. Click pre-authentication role check box, and select PreAuth from the drop down menu.

  16. Click Finish button.

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.