Aruba Controller

From Social ID Developers
Jump to: navigation, search

The following guide was created using an Aruba wireless network with the following components:

  • AP: model APIN0205
  • Controller: model 7005
  • Software: ArubaOS 6.5.4.1

Contents

Walled Garden

Go to "ADVANCED SERVICES > Stateful Firewall > Destination" and create a group "socialid-wg".

Add an entry with type "name" for each walled garden domain you want to enable on your captive portal:

1-aruba-controller-walled-garden.png

RADIUS Server

Go to "SECURITY > Authentication > Servers", select the group "RADIUS server" and create a new entry labeled "socialid-radius-server" with the following parameters:

  • Host: the RADIUS server host or IP according to your environment/region
  • Key: the provided shared secret
  • Auth Port: 1812
  • Acct Port: 1813

2-aruba-controller-radius-server.png

Server Group

Go to "SECURITY > Authentication > Servers", click in "Server Group" and create a new group labeled "socialid-radius". Add the RADIUS server "socialid-radius-server":

3-aruba-controller-server-group.png

Authenticated User Role

Go to "SECURITY > Access Control > User Roles" and create an "User Role" labeled "socialid-auth" with the default parameters and add the following "Firewall Policies" rules:

  • ra-guard
  • dhcp-acl
  • dns-acl
  • http-acl
  • https-acl
  • icmp-acl
  • v6-dhcp-acl
  • v6-dns-acl
  • v6-http-acl
  • v6-https-acl
  • V6-icmp-acl

4-aruba-controller-auth-role.png

Captive Portal

Go to "SECURITY > Authentication > L3 Authentication", click in "Captive Portal Authentication" and create a new entry labeled "socialid-captive-portal" with the following parameters:

5-aruba-controller-captive-portal.png 6-aruba-controller-captive-portal-2.png

Server Group

In the Captive Portal "Server Group", select the "socialid-radius" group as the "Server Group":

7-aruba-controller-captive-portal-server-group.png

Pre-Auth User Role

Go to "SECURITY > Access Control > User Roles" and create an "User Role" labeled "socialid-preauth" with the following parameters:

  • Captive Portal Profile: socialid-captive-portal

And add the following "Firewall Policies" rules:

  • ra-guard
  • logon-control
  • captiveportal
  • v6-logon-control
  • captiveportal6

8-aruba-controller-preauth-role.png

AAA Profile

Go to "SECURITY > Authentication > AAA Profile" and create a new profile labeled "socialid-aaa-profile" with the following parameters:

  • Initial Role: socialid-preauth

9-aruba-controller-aaa-profile.png

RADIUS Accounting Server Group

In the "RADIUS Accounting Server Group" subitem, select the "socialid-radius" group as the "RADIUS Accounting Server Group":

10-aruba-controller-aaa-profile-radius-server.png

AP Configuration

Go to "Wireless > AP Configuration", and create a new "AP Group" labeled "socialid-ap-group".

Virtual AP

In the AP Group, go to "Wireless LAN > Virtual AP" and create a new "Virtual AP" labeled "socialid-virtual-ap":

11-aruba-controller-virtual-ap.png

AAA Profile

In the Virtual AP, go to "AAA" and select the "socialid-aaa-profile" as the "AAA Profile":

13-aruba-controller-virtual-ap-aaa-profile.png

SSID Profile

In the Virtual AP, go to "SSID" and create a new SSID Profile labeled "socialid-ssid". Set your Network Name (SSID):

12-aruba-controller-virtual-ap-ssid-profile.png

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox