Aruba Virtual Controller

This page explains basic configuration for Aruba Virtual Controller and external Captive Portal with RADIUS authentication.

to the Aruba Administration console usually available at


Navigate to Network -> Edit and open configuration settings of a network that should be protected with a Captive Portal with RADIUS authentication - aruba qa in our example.


Configure Client IP & VLAN Assignment. In our example, we keep the default settings.


Navigate to the Security tab and configure Security Level:

Splash page type: External

Captive portal profile: qa in our example

Auth server 1: qa in our example

Accounting: Use authentication servers

Encryption: Disabled


Click on the Edit button next to the Captive portal profile and enter values from the IronWifi console:

Type: Radius Authentication

IP or hostname:

URL: /api/pages/46/

Port: 443

Use https: Enabled

Captive Portal failure: Deny internet

Automatic URL Whitelisting: Enabled

Redirect URL: empty


Click on the Edit button next to the Auth server 1 and enter values from the IronWifi console:

IP address: in our example

Auth port: 5701

Accounting port: 5702

Shared key: xxxxxxxxx


Click on the Walled garden link and enter values from the IronWifi console:

White list: all IP addresses and host-names from the IronWifi console


By default, Aruba controller will intercept HTTPS traffic to all external servers breaking SSL connections. To prevent this, we need to create new Role permitting TCP connections to port 443 on external servers -,, etc.

allow https

Enable the Assign pre-authentication role and select create role. Click on the Finish button to apply new settings.


To fix the SSL error, you will need to replace default invalid certificate.

You can generate a valid SSL certificate for free on this URL - You can let the page generate a certificate signing request for you, or visit the following page for detailed instructions on how to generate a request manually - Don't use a wildcard SSL certificate.

Copy content of downloaded files certificate.crt, ca_bundle.crt and private.key to a single file (aruba.pem).

Upload this file to your Aruba IAP - click on Maintenance -> Certificates.

Certificate type: Captive portal server certificate

Certificate format: PAM

Click on the Upload Certificate button to apply new settings.