Aruba Instant On

Owned by Santiago Nanclares (Unlicensed)
May 11, 2021
3 min read

CONFIGURATION GUIDE

The purpose of the following manual is to describe the necessary configuration of the Aruba Instant equipment for integration with the Octopus Platform.

1- Pre-requisites

  • Before starting the configuration you must log in to Aruba Central: https://portal.arubainstanton.com

  • If there is a firewall in the network that might block the traffic, you will need to allow access to some domains to enable user's authentication:

    • Radius Servers:

      • Primary: <IP_Radius_1> 1812 and 1813 UDP ports

      • Secondary: <IP_Radius_2> 1812 and 1813 UDP ports

    • Splash Portal server: 

      • Domain <captive_portal_domain> 80 and 443 TCP ports

  • For the operation of the Guest and Enterprise modules configuration, it will be necessary to previously contract the Octopus platform licenses with the respective modules.

2- Guest module configuration

2.1 Create or edit WLAN WiFi Guest

Within Networks > Select Add to create a WLAN

  • Usage: Guest

  • Network name: SSID of the network, Example: Wifi Guest

  • Security: Portal

 

Click on Options:

Check the Show network option to make the network visible.

 

 

 

 

 

 

 

Check also Specific to this wireless network (default) and assign the ip address that will be dedicated to the wifi network users.

 

Click on Network Access:

Check the Unrestricted Access option

 

Once you have done all this, click on Save.

2.2  Captive Portal

To configure all the settings for the external Captive Portal, go back to the previously created network, go to the Identification tab and select Customize guest portal.

 

Once this is done, select External in the first drop-down list.

 

 

  • Server URL : http://<captive_portal_domain>/login/hotspot/arubaion

 

  • Redirect URL: http://<captive_portal_domain>/login/hotspot/arubaion

 

 

 

 

  • Allowed domains: Click on + to add the domains you want to add until the list is complete.

If you wish to add extra domains (Social Networks, Paypal, etc...) they can be consulted from the following link.

 

2.3 Radius Server

To add the radius the first thing to do is to add all the configuration of the Radius servers. To do this, go to the section on the right:

Select Send RADIUS accounts

 

  • IP address of the server: <IP_Radius_1>

  • Shared secret: <Secret>

 

Select More RADIUS parameters

  • Authentication port: 1812

  • Account port: 1813

 

Do the same with the secondary radius server.

 

Check the Secondary RADIUS server option.

  • IP address of the server: <IP_Radius_1>.

  • Shared secret: <Secret>

 

Select More RADIUS parameters

  • Authentication port: 1812

  • Accounts port: 1813

 

 

 

 

In the next section located on the right hand side select the Use device IP (default) option.

 

 

2.4 Authorized MAC Addresses

In order to allow the users to authenticate themselves in the captive portal correctly, it is necessary to identify the NAS that will send the authentication requests to the Radius Server. In Aruba Instant, it is required to add the MAC address of every access point that will radiate the configured SSID.

These MAC addresses are easily accessible in the Inventory > Devices tab, where all connected devices are displayed in more detail.

 

Â