Configuring Aruba IAP

Avatar
Indio Support
Follow

Purpose of this document

  • This document should be used in conjunction with Aruba user guide for configuring your Aruba gateways in WiOS. Please refer to WiOS administrator guide and Aruba user guide for detail information.It assumes that the user has basic knowledge of networking including configuring subnet mask, RADIUS setting, default gateway and DNS configuration.

  • In order to configure Aruba you will need a public IP address, Subnet mask, default gateway and DNS information given to you by your Internet Service Provider. Please keep this information handy while setting up your gateway.

  • Configuring WiOS you will need the WAN public IP address, MAC address, RADIUS secret and serial number  of your Aruba gateway.

  • You need an active WiOS account. Please contact Wifi-soft sales to create your WiOS account.

WiOS Setup

Add New Network:

  1. Open a web browser and type https://wios.wifi-soft.com/index.php and press Enter. Welcome screen of WiOS Cloud appears.

  2. Click the Networks link under Network Administration section.

  3. Click on the + sign in the top right corner tab. The New Network page appears.

iap-1.png

Fields and Buttons

Description

Network Name

Enter the name of your network/hotspot

Device Type

Select the device type (Aruba Controller) of your hotspot gateway or controller

Venue

Select the type of venue

Address

Displays the address of the network. You need to use the map to locate your address on the map. If you know the address, type the address in the search box on the map and click on search button. The map will display the marker for the address. If you unable to find the exact address, drag the map so the marker is pointing to correct location on the map.

Country

The country where the hotspot is located.

Latitude

The latitude of the network location

Longitude

The longitude of the network location

Submit

Click Submit button to save the changes.

Once the network is added, go back to the List Network page and locate the network that you have recently added.

Then, click on the edit button for the given network.

At the bottom of the page, you will find the Enable hotspot option.

Check this option to enable hotspot for this network. The hotspot settings appear below the form.

step-2.png

Fields & Buttons

Description

Enable hotspot

Check this option if you want to enable hotspot service for this network.

Autologin

Enable autologin for this location. Autologin helps end users connect to hotspot automatically without having to login each time. The MAC address of the device is used to identify the device on the network and system automatically validates the MAC address of the device and authenticates it. Please note that you need to enable Mac Authentication feature in the IAP settings.

Validity Period

The time period for autologin to remain active. After the given period, the autologin entry is deleted and user will have to relogin.

Auto MAC Capture

Instructs the system to capture the user's MAC address automatically during first login. This option will ensure that user will remain online even if he has disconnected on the network for some time.

NAS ID

Auto generated NAS ID for the gateway. This NAS Id should be added to the gateway so it can authenticate with the system. You need to copy the NAD ID and enter it in the gateway settings.

Secret

Shared secret between gateway and RADIUS server. You need to add the secret to the gateway. The secret is used to encrypt the communication between gateway and RADIUS server. You need to copy the shared secret and enter it in the RADIUS settings of the gateway.

IP Address

Enter the Public IP address of the gateway if you know it. Otherwise use the default one.

Plan

Select the plan based on your requirements. The plan will restrict the number of concurrent devices allowed on the network.

Interim Interval

Enter the interim interval for the accounting packets in seconds. Sometime this setting needs to be done on the gateway.

Once the hotspot is enabled, WiOS will be ready to start accepting AAA requests from the gateway/controller. When the hotspot is added, WiOS will automatically add a default captive portal for the hotspot. You may go an edit the captive portal and customize it as per your requirements.

Now you will need to design a captive portal for your hotspot and generate a URL that can be configured in the gateway/controller's settings.

Please refer to the captive portal design guide for steps to design your custom captive portal.

 

Configure Aruba Access Point (AP)

To configure Aruba Access Point (AP)

  1. Open a web browser and type web address of Aruba and press Enter.
  2. Aruba Login page appears.

ArubaLoginScreen.png

3. Enter Username and Password.

4. Click LoginAruba welcome screen appears.

ArubaWelcomeScreen-Aruba.png

5. Click Security link (in the top right corner).

  6. Security pop up window appears. To add Authentication Server click New button.

SecurityNewbutton-Aruba.png

New Authentication Server pop up window appears.

iap-2.png

Authentication Servers tab

Fields & Buttons

Description

Radius

Select the Radius radio button.

Name

Enter name for hotspot in the Name field.

IP Address

Enter IP address of the RADIUS server in the IP Address field. (IP of 3.20.135.30)

Auth port

Enter the Authentication port number of Radius server in Auth port field. Example: 1812

Accounting port

Enter the accounting port of Radius server in Accounting port field. Example: 1813

Shared Key

Enter shared secret in the Shared Key field. The shared Key should match the shared key(secret) configured in WiOS. You will find the shared Secret under Edit Network section.

Retype Key

Re-enter the shared Key in the Retype Key field.

Timeout

Enter timeout for authentication to 10 seconds in the Timeout field.

NAS IP

Enter the public IP address of the AP, if IP address is static in the NAS IP field.

NAS Identifier

Enter the NAS Identifier in the NAS Identifier field. Copy the NAS Identifier from WiOS. You will find the NASID from the Edit Network section in WiOS under Network Management section.

OK

Click OK to save the changes.

External Captive Portal tab

To add external captive portal

  1. Click External Captive Portal tab. Pop up window appears.

ExternalCaptivePortal-Aruba.png

Fields & Buttons

Description

Name

Enter Name of the Wifi-soft Portal in the Name field.

Type

Select Radius Authentication from the Type drop down menu.

IP or hostname

Enter domain name of Wifisoft portal server in IP or hostname field. Example: https://portal.wios.wifi-soft.com/portal/default/index.php?n=wios&c=4&l=206 

URL

Enter URL after the domain name in the URL field.

Port

Enter HTTP port (80 or 443) in the Port field.

Use https:

Select Disabled option from the Use https: drop down menu.

Captive Portal failure

Select Deny Internet option from the Captive Portal failure drop down menu.

Automatic URL whitelisting:

Select Disabled option from Automatic URL whitelisting drop down menu.

Redirect URL

www.google.com

OK

Click OK to save the changes.

Wall Garden tab

  1. Click Wall Garden tab. Pop up window appears.

iap-3.png

 2. Click the New button in the left corner of the pop up window. New regular expression for Whitelist field appears.

  3. Enter Whitelisted URL in the field, and click OK. The URL will be added in the above Whitelist

We need to add :-
wios.wifi-soft.com
portal.wios.wifi-soft.com
rad01.wios.wifi-soft.com

System Configuration

  1. Click System link (on the top right corner).

SystemPopUp-Aruba.png

Fields & Buttons

Description

Name

Enter the public IP of your Internet connection in the Name field. It is the IP address of master IAP

System location

Keep the System location field blank.

Virtual Controller IP

Enter the Virtual Controller IP in the Virtual Controller IP field

Dynamic RADIUS proxy

Select Disabled option from Dynamic RADIUS proxy drop down menu.

MAS integration

Select Disabled option from MAS integration drop down menu.

NTP server

Keep the NTP server field balnk.

Timezone

Select time zone from the Timezone drop down menu.

Preferred band

Select All option from Preferred band drop down menu

AppRF visibility

Select Enabled option from AppRF visibility drop down menu.

OK

Click OK to save the changes.

Cancel

Click Cancel to discard the changes.
  1. Hover your mouse on More link (in the top right corner). You will see 6 options:
  • VPN
  • IDS
  • Wired
  • Services
  • DHCP Server
  • Support

MoreLinkOptions-Aruba.png

2. Click Services option under More link. Click Network Integration tab.

iap-4.png

 3. Configure only XML API Server Configuration

  1. Enter the WiOS Portal server IP address in the IP address (IP of portal.wios.wifi-soft.com)
  2. Enter the secret in the Passphrase It should match the WiOS secret listed under Edit Network section.
  3. Re-enter the secret in the Retype field.
  4. Click OK to save the changes.

WLan Configuration

Click the New link (in top left corner) of the Welcome screen of Aruba.


NewLink-WelcomeScreen-Aruba.png

WLAN pop up window appears.

1WLANSettings-New-WelcomeScreen.png

  1. Enter the SSID that you want to broadcast in the Name (SSID)
  2. Select Guest radio button for the Primary Usage
  3. Click Next. Step 2 VLAN window appears. Skip this step.
  4. Click Next. Step 3 Security Level window appears.

Security Level

Step3Security-New-Aruba.png

Fields & Buttons

Description

Name

Enter the public IP of your Internet connection in the Name field. It is the IP address of master IAP

System location

Keep the System location field blank.

Virtual Controller IP

Enter the Virtual Controller IP in the Virtual Controller IP field

Dynamic RADIUS proxy

Select Disabled option from Dynamic RADIUS proxy drop down menu.

MAS integration

Select Disabled option from MAS integration drop down menu.

NTP server

Keep the NTP server field balnk.

Timezone

Select time zone from the Timezone drop down menu.

Preferred band

Select All option from Preferred band drop down menu

AppRF visibility

Select Enabled option from AppRF visibility drop down menu.

OK

Click OK to save the changes.

Cancel

Click Cancel to discard the changes.

Step 4 Access

When you click on Step 4 Access. Access Rules window appear.

  1. Click Role - Based link (in the left pane).
  2. Click New button under Roles table.

Step4Access-New-Aruba.png

3. Enter the name of the role called PreAuth to handle the flow for pre-authenticated users. And click Ok. The Role is added in the above Roles

  4. Click the New button under the table called Access Rules for PreAuth.

NewRule-Roles-Step4Access-Aruba.png

5. Select Captive portal option from the Rule type drop down menu.
6. Select External option from Splash page type drop down menu.
7. Select Wifisoft-Portal option from Captive portal profile drop down menu.
8. Click OK to save the rule defined.

Define another rule to block all the traffic in the network until the customer is authenticated.

9. Click the New button under the table called Access Rules for PreAuth.

AccessControl-NewRule-Step4Access-Aruba.png

10. Select Access Control option from the Rule type drop down menu.
11. Select Network radio button from the Services
12. Select any option, and Deny option under Action drop down menu.
13. Select to all destinations from the Destinations drop down menu.
14. Click OK to save the changes.
15. Click pre-authentication role check box, and select PreAuth from the drop down menu.

AssignPreAuthRole-PreAuth-Finish-Step4Access.png

16. Click Finish button.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.