Logging in
Start by logging into your Aruba Controller web interface.
WLAN
Click Configure > WLANs on the left and then click the + sign to add a new WLAN. Configure with:
Name (SSID): | Guest WiFi (or whatever you wish) |
Primary Usage: | Guest |
Forwarding Mode: | Tunnel |
Click Next and configure with:
VLAN: | 1 (or whatever you use) |
Click Next and configure with:
Is this WLAN for internal or guest? | Guest |
Click Next and configure with:
Captive Portal Type: | ClearPass or other external Captive Portal |
Under Auth servers click + then + again to create a new server. Configure with:
Server type: | RADIUS |
Name: | guest1 |
IP Address: | *insert radius_server here* |
Auth port: | 1812 |
Accounting port: | 1813 |
Shared key: | *insert radius_secret here* |
Retype key: | as above |
Timeout: | 5 |
Click Submit and then + again. Configure with:
Server type: | RADIUS |
Name: | guest2 |
IP Address: | *insert radius_server2 here* |
Auth port: | 1812 |
Accounting port: | 1813 |
Shared key: | *insert radius_secret here* |
Retype key: | as above |
Timeout: | 5 |
Click Submit and then configure the further options with:
Host addressing: | IPv4 |
Host: | *insert access_domain here* |
Page: | /access/ |
Click Next and then Next again to complete the wizard.
Firewall
Next, click Roles & Policies on the left. Select the Aliases tab and click +. Configure with:
IP Version: | IPv4 |
Name: | guestwifi |
Under Items click + and add the required domains as per below. Please refer to this list.
Rule Type: | Name |
Domain Name: | *insert domain here* |
Click + again and do the same for all required domains.
Click Submit to save.
Captive Portal/RADIUS
Next, click Authentication on the left. Select the L3 Authentication tab and then click the Guest WiFi-cppm_prof entry. Configure with:
Default Role: | guest |
Default Guest Role: | guest |
Redirect Pause: | 0 |
User Login: | Enabled |
Guest Login: | Disabled |
Logout popup window: | Disabled |
Use HTTP for authentication: | Enabled |
Logon wait minimum wait: | 1 |
Logon wait maximum wait: | 10 |
Authentication Protocol: | PAP |
Login page: | *insert access_url here* |
Welcome page: | *insert redirect_url here* |
Show Welcome page: | Enabled |
Add switch IP in redirection URL: | Enabled |
Adding APs MAC address in redirection URL: | Enabled |
White List: | Add guestwifi from the list |
Click Submit to save. Next, select the AAA Profiles tab and click on Guest WiFi-aaa_prof. Configure with:
Initial role: | Guest WiFi-guest-logon |
RADIUS Interim Accounting: | Enabled |
Click Submit to save. Next, click on the RADIUS Accounting Server Group and configure with:
RADIUS Accounting Server Group: | Guest WiFi-dot1_svg |
Click Submit to save. Next, select the Auth Servers tab and then All Servers > guest1. Leave all settings as they are except:
Mode: | Enabled |
MAC address delimiter: | Dash |
Station ID Type: | AP MAC address |
Station ID Delimiter: | Dash |
Include SSID: | Enabled |
Click Submit to save and then do the same for the guest2 server.
Finally, click Pending Changes at the top and apply changes.
Configuration Complete
The configuration is now complete.