Aruba Controller

From Social ID Developers
(Difference between revisions)
Jump to: navigation, search
(Created page with "The following guide was created using an Aruba wireless network with the following components: * AP: model APIN0205 * Controller: model 7005 * Software: ArubaOS 6.5.4.1 == W...")
 
 
Line 13: Line 13:
 
[[File:1-aruba-controller-walled-garden.png|800px]]
 
[[File:1-aruba-controller-walled-garden.png|800px]]
  
== RADIUS Server ==
+
== RADIUS Servers ==
  
Go to "SECURITY > Authentication > Servers", select the group "RADIUS server" and create a new entry labeled "socialid-radius-server" with the following parameters:
+
Go to "SECURITY > Authentication > Servers", select the group "RADIUS server" and create a new entry labeled "socialid-radius-primary-server" with the following parameters:
  
 
* Host: the [[Captive_Portal#RADIUS_Server|RADIUS server host or IP]] according to your environment/region
 
* Host: the [[Captive_Portal#RADIUS_Server|RADIUS server host or IP]] according to your environment/region
Line 21: Line 21:
 
* Auth Port: 1812
 
* Auth Port: 1812
 
* Acct Port: 1813
 
* Acct Port: 1813
 +
 +
Repeat the process and create a server "socialid-radius-secondary-server" for the secondary RADIUS server host.
  
 
[[File:2-aruba-controller-radius-server.png|800px]]
 
[[File:2-aruba-controller-radius-server.png|800px]]
Line 26: Line 28:
 
=== Server Group ===
 
=== Server Group ===
  
Go to "SECURITY > Authentication > Servers", click in "Server Group" and create a new group labeled "socialid-radius". Add the RADIUS server "socialid-radius-server":
+
Go to "SECURITY > Authentication > Servers", click in "Server Group" and create a new group labeled "socialid-radius". Add the RADIUS servers "socialid-radius-primary-server" and "socialid-radius-secondary-server":
  
 
[[File:3-aruba-controller-server-group.png|800px]]
 
[[File:3-aruba-controller-server-group.png|800px]]

Latest revision as of 23:26, 3 September 2021

The following guide was created using an Aruba wireless network with the following components:

  • AP: model APIN0205
  • Controller: model 7005
  • Software: ArubaOS 6.5.4.1

Contents

Walled Garden

Go to "ADVANCED SERVICES > Stateful Firewall > Destination" and create a group "socialid-wg".

Add an entry with type "name" for each walled garden domain you want to enable on your captive portal:

1-aruba-controller-walled-garden.png

RADIUS Servers

Go to "SECURITY > Authentication > Servers", select the group "RADIUS server" and create a new entry labeled "socialid-radius-primary-server" with the following parameters:

  • Host: the RADIUS server host or IP according to your environment/region
  • Key: the provided shared secret
  • Auth Port: 1812
  • Acct Port: 1813

Repeat the process and create a server "socialid-radius-secondary-server" for the secondary RADIUS server host.

2-aruba-controller-radius-server.png

Server Group

Go to "SECURITY > Authentication > Servers", click in "Server Group" and create a new group labeled "socialid-radius". Add the RADIUS servers "socialid-radius-primary-server" and "socialid-radius-secondary-server":

3-aruba-controller-server-group.png

Authenticated User Role

Go to "SECURITY > Access Control > User Roles" and create an "User Role" labeled "socialid-auth" with the default parameters and add the following "Firewall Policies" rules:

  • ra-guard
  • dhcp-acl
  • dns-acl
  • http-acl
  • https-acl
  • icmp-acl
  • v6-dhcp-acl
  • v6-dns-acl
  • v6-http-acl
  • v6-https-acl
  • V6-icmp-acl

4-aruba-controller-auth-role.png

Captive Portal

Go to "SECURITY > Authentication > L3 Authentication", click in "Captive Portal Authentication" and create a new entry labeled "socialid-captive-portal" with the following parameters:

5-aruba-controller-captive-portal.png 6-aruba-controller-captive-portal-2.png

Server Group

In the Captive Portal "Server Group", select the "socialid-radius" group as the "Server Group":

7-aruba-controller-captive-portal-server-group.png

Pre-Auth User Role

Go to "SECURITY > Access Control > User Roles" and create an "User Role" labeled "socialid-preauth" with the following parameters:

  • Captive Portal Profile: socialid-captive-portal

And add the following "Firewall Policies" rules:

  • ra-guard
  • logon-control
  • captiveportal
  • v6-logon-control
  • captiveportal6

8-aruba-controller-preauth-role.png

AAA Profile

Go to "SECURITY > Authentication > AAA Profile" and create a new profile labeled "socialid-aaa-profile" with the following parameters:

  • Initial Role: socialid-preauth

9-aruba-controller-aaa-profile.png

RADIUS Accounting Server Group

In the "RADIUS Accounting Server Group" subitem, select the "socialid-radius" group as the "RADIUS Accounting Server Group":

10-aruba-controller-aaa-profile-radius-server.png

AP Configuration

Go to "Wireless > AP Configuration", and create a new "AP Group" labeled "socialid-ap-group".

Virtual AP

In the AP Group, go to "Wireless LAN > Virtual AP" and create a new "Virtual AP" labeled "socialid-virtual-ap":

11-aruba-controller-virtual-ap.png

AAA Profile

In the Virtual AP, go to "AAA" and select the "socialid-aaa-profile" as the "AAA Profile":

13-aruba-controller-virtual-ap-aaa-profile.png

SSID Profile

In the Virtual AP, go to "SSID" and create a new SSID Profile labeled "socialid-ssid". Set your Network Name (SSID):

12-aruba-controller-virtual-ap-ssid-profile.png

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox