Purpose
In this guide, we will see how to configure an Aruba Networks device in the "Controller - AP" architecture for Cloud4Wi.
Please note that the images contained in this article may contain outdated configuration data. Therefore, please check the data contained in the article "Parameters for the Solution" at the bottom of the page, as they are certainly up to date.
Prerequisites
This guide applies to the Solution for the Aruba Operating System version 6.3.1.9 or later.
The following device models are supported:
- 220 Series
- 200 Series
- 130 Series
- 110 Series
- 100 Series
- 103 Series
- AP-103H
- 270 Series
- 175 Series
- RAP-3
- RAP-100 Series
- RAP-155
The controller and access points must be connected to the Internet and the access points must be configured to correctly point to the controller.
To ensure proper user experience, you have to upload a trusted certificate into the controller, once done please share with Support Team your custom FQDN
Accessing the controller
You must access the controller through the web UI.
Setting RADIUS configuration
To set the RADIUS configuration you must click on the Configuration tab on the main page. Under Security, you have to click Authentication and then choose the Servers tab.
Once in the Security > Authentication > Servers page, expand the RADIUS server section, as indicated below.
Now you must add a new RADIUS server to your list by entering a new name and clicking Add.
By clicking a name of a RADIUS server, you can edit its configuration: you must set the following data with the values indicated in the paragraph "Parameters for the Solution".
- Host
- Key
- Auth Port
- Acct Port
Then, in the same Security > Authentication > Servers page, under the same Servers tab, expand the RFC 3576 Server section. and enter the RADIUS server also there.
Please note that it is necessary to retype the Key of the RADIUS server.
Then, in the same Security > Authentication > Servers page, under the same Servers tab, expand the Server Group section and create one item.
Here, in the drop-down menu, you have to add the RADIUS Server previously created (in this case "Cloud4Wi Radius").
Then go to the AAA Profiles tab and expand the AAA section.
Then create a profile (in this case called "Cloud4Wi_AAA_Profile") by clicking the Add button under the list of profiles. Expand the profile just created and select RADIUS Accounting Server Group.
Here you have to select the Server Group "Cloud4Wi" previously created and set the RADIUS Server created above (in this case "Cloud4Wi Radius") as accounting.
Then, under the same AAA Profiles tab, move to RFC 3576 servers tab and add a new profile.
Then you will see your profile in the list.
Setting access policies
You must set the ACL for your device. You can do this by clicking the Configuration tab on the main page and then, under Security, clicking Access Control and choosing the Policies tab.
You have to create a new ACL set as the picture below allowing HTTP and HTTPS traffic from the device to the Admin Portal.
Setting captive portal configuration
To configure the captive portal you have to choose the Configuration tab on the main page. Then, under Security, you have to click Authentication and then choose the L3 Authentication tab. Then expand the Captive Portal Authentication section and create your configuration profile.
By clicking the name of a profile, you can edit its configuration: you must set the following data with the values indicated in the paragraph "Parameters for the Solution".
- Login page
- Welcome page
- Redirect URL
You can also configure the walled garden for your device here, this is mentioned later in this article, in the paragraph "Walled garden".
Then you have to apply the Server Group previously created (in this case "Cloud4Wi") to the configuration profile just created.
Setting network configuration
First, you must choose the Configuration tab on the main page. Then, under Wireless you have to click AP Configuration and then choose the AP Group tab. Then create your AP Group.
By expanding the Wireless LAN section and then Virtual AP, you can find your AP Group previously created.
Here you can apply any AAA Profile and SSID Profile.
Provisioning
When setting up the access point for the first time, it is necessary to associate the device with the AP group containing all the settings configured above. You can do this by clicking the Configuration tab on the main page and then, under Wireless, clicking AP installation and choosing the Provisioning tab. Then you have to click the Provision button.
Then you have to select the correct AP group.
In the AP list, you will see your access point. Please note that the value displayed as AP Name is the identifier to enter in the Admin Panel.
Walled garden
In the Configuration tab on the main page. Under Advanced Services you have to click Stateful Firewall and then select the Destination tab. Then create a new destination profile.
After that, you can click the profile and specify all the domains included.
In the Configuration tab on the main page. Under Security, you have to click Authentication and then choose the L3 Authentication tab.
Going back to your profile previously created, you can add sites or domains to the walled garden of your device.
About the walled garden, the following articles are available:
- Walled garden for the Social Login (websites/domains to open)
- Walled garden for PayPal feature (websites/domains to open)
Allowing free access to the CDN
As explained in the article Enabling the CDN, you must add some IP addresses to the walled garden in order to support the access to the CDN.
The domains to add for this purpose are:
- c4wstatic.cloud4wi.com
- c4wstaticjs.cloud4wi.com
Entering the device details into the Admin Panel
In order to integrate the access point with the Solution, it is necessary to enter its details into the Admin Panel.
To have further information on how to do that, please see How to add an access point. In the Admin Panel, a field called Identifier will be required by the web interface.
For Aruba Networks products it corresponds to the AP Name displayed in the Wireless > AP Installation > Provision page (please check the "Provisioning" paragraph above).
Please note that this value must be unique for all the devices entered in the Admin Panel. Otherwise, the access point will be not correctly integrated with the Solution.
Parameters for the Solution
The parameters indicated above for the Services > Hotspot page, are mandatory for the proper functioning. The necessary parameters to integrate the device with the Solution are the following:
Host: 54.247.117.188 (primary), 79.125.111.180 (secondary)
Key: (it will be communicated by Cloud4Wi)
Auth Port: 1812
Acct Port: 1813
Login page: https://splashportal.cloud4wi.com
Welcome page: https://splashportal.cloud4wi.com
Redirect URL: https://splashportal.cloud4wi.com
Please note that it is necessary to enter the Admin Portal URL exactly as it is written above.
If you enter the Admin Portal URL in different formats (e.g. https://splashportal.cloud4wi.com/c4wportal/mysplashportal), then the redirection will fail and the end-user will not be able to see the Splash Page.