Purpose

In this guide, we will see how to configure an Aruba Networks device in the "Controller - AP" architecture for Cloud4Wi.

This guide applies to the Solution for the Aruba Operating System version 8 or later.

Importante note: To avoid security and authentication issues, it is necessary to upload a trusted certificate into the controller, once done please share with Support Team your custom FQDN. (With Aruba Mobility Controller the intermediate and root cert must be combined together into the same file so that the trust chain is complete)

WLAN Creation

• Start by logging into your Aruba Controller web interface.

  Step 1 - WLAN

  Click Configuration > WLANs on the left and then click the + sign to add a new WLAN. Configure with:

  Name (SSID): Cloud4Wi Guest (or whatever you wish)

  Primary Usage: Guest

  Forwarding Mode: Tunnel

   

  

  Click Next and configure with:

  VLAN: 1 (or whatever you use)

   

  

  Click Next and configure with:

  Captive Portal Type: ClearPass or other external Captive Portal

  

  Under Auth servers click + then + again to create a new server. Configure with:

  Server type: RADIUS

  Name: Primary Radius

  IP Address: 54.247.117.188

  Auth port: 1812

  Accounting port: 1813

  Shared key: *insert radius_secret here*

  Retype key: as above

  Timeout: 5

  

  Click Submit and then + again. Configure with:

  Server type: RADIUS

  Name: Secondary Radius

  IP Address: 79.125.111.180

  Auth port: 1812

  Accounting port: 1813

  Shared key: *insert radius_secret here*

  Retype key: as above

  Timeout: 5

  

  Click Submit and then configure the further options with:

  Host addressing: IPv4

  Host: cloud4wi.com

  Page: https://splashportal.cloud4wi.com

  

  Click Next and then Next again to complete the wizard.

   

  Roles & Policies configuration

  Next, click Roles & Policies on the left. Select the Aliases tab and click +. Configure with:

  IP Version:IPv4

  Name: cloud4wi_walled

  Under Items click + and configure with:

  Rule Type: Name

  Domain Name: *.cloud4wi.com

  Click + again and do the same for the following domains:

  c4wstatic.cloud4wi.com

  c4wstaticjs.cloud4wi.com

  cloud4wi.com

  

  Click Submit to save.

  Authentication setup

  L3 Authentication

  Next, click Authentication on the left. Select the L3 Authentication tab and then create the Cloud4Wi Portal Profile entry. Configure with:

  Default Role: logon (or custom)

  Default Guest Role: logon (or custom)

  Redirect Pause: 10

  User Login: Enabled

  Guest Login: Disabled

  Logout popup window: Disabled

  Use HTTP for authentication: Enabled

  Logon wait minimum wait: 5

  Logon wait maximum wait: 10

  Authentication Protocol: PAP

  Login page: https://splashporal.cloud4wi.com

  Welcome page: https://splashporal.cloud4wi.com

  Show Welcome page: Enabled

  Add switch IP in redirection URL: Enabled

  Adding APs MAC address in redirection URL: Enabled

  White List: Add cloud4wi_walled from the list

  Redirect URL: https://splashporal.cloud4wi.com

  

  

  Click Submit to save.

   

  AAA Profiles

   

  Next, select the AAA Profiles tab and create C4W AAA Profile. Configure with:

  Initial role: logon

  RADIUS Interim Accounting: Enabled

  

  Click Submit to save. Next, click on the RADIUS Accounting Server Group and configure with:

  RADIUS Accounting Server Group: C4W Radius

  

  with the server group defined in Auth Servers tab: 

   

  Auth Servers

  

  Click Submit to save. Next, select the Auth Servers tab and then All Servers > Primary Radius. Leave all settings as they are except:

  Mode: Enabled

  MAC address delimiter: None

  Station ID Type: AP Name

  Station ID Delimiter: Colon

  Click Submit to save and then do the same for the Secondary Server server.

  Finally, click Pending Changes at the top and apply changes.