Aruba IAP

From Social ID Developers
Jump to: navigation, search

The following guide was created using an Aruba wireless network with the following components:

  • AP: model APIN0205
  • Software: Aruba Instant Virtual Controller 6.5.1.0-4.3.1.2_58595

Contents

Authentication Server (RADIUS)

Go to "Security > Authentication Servers" and create a new one with the following custom parameters:

  • Select RADIUS
  • Name: socialid-radius
  • IP address: the RADIUS server IP according to your environment/region
  • Shared key: the provided shared secret
  • Retype key: the provided shared secret

1-aruba-iap-radius.png

Roles (Walled Garden)

Go to "Security > Roles" and create a new role labeled “socialid-pre-auth”. This role will be used as the pre-authentication rule (walled garden) for the captive portal.

For each walled garden domain you want to enable on your captive portal you will need to add the following rule: Allow any to domain <domain.com>. Example:

  • Allow any to domain socialidnow.com

2-aruba-iap-new-rule.png

2-aruba-iap-pre-auth-role.png

Captive Portal

Go to "Security > External Captive Portal" and create a new one with the following custom parameters:

  • Name: socialid-captive-portal
  • Type: RADIUS Authentication
  • IP or hostname: the provided captive portal hostname (e.g.: wifi.socialidnow.com)
  • URL: the provided captive portal URL (e.g.: /portals/cbt-aruba-iap-lab/auth)
  • Port: 80
  • Use https: Disabled
  • Redirect URL: the provided captiv portal redirect URL (e.g.: http://wifi-staging.socialidnow.com/portals/cbt-aruba-iap-lab)

3-aruba-iap-captive-portal.png

WLAN

Create a new Network with the following settings:

WLAN Settings

  • Name: your SSID name
  • Primary Usage: Guest

4-aruba-iap-wlan.png

VLAN

  • Client IP assignment: Virtual Controller managed
  • Client VLAN assignment: Default

5-aruba-iap-vlan.png

Security

  • Splash page type: External
  • Captive portal profile: select the captive portal created earlier (e.g.: socialid-captive-portal).
  • Auth Server 1: select the authentication server created earlier (e.g.: socialid-radius)
  • Accounting: Use authentication servers
  • Accounting mode: Authentication
  • Accounting interval: 5 min.
  • Walled garden: this walled garden does not accept HTTPS based urls, so keep it empty because we are going to implement the walled garden based on Access Rules.

6-aruba-iap-security.png

Access

Select “Role-based” control.

Select the pre-authentication role created earlier (e.g.: socialid-pre-auth) and check “Assign pre-authentication role” option.

7-aruba-iap-access.png

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox