Aruba Virtual Controller

This page explains basic configuration for Aruba Virtual Controller and external Captive Portal with RADIUS authentication.

Sign-in to the Aruba Administration console usually available at http://instant.arubanetworks.com:4343.

aruba_captive_portal1

Navigate to Network -> Edit and open configuration settings of a network that should be protected with a Captive Portal with RADIUS authentication - aruba qa in our example.

aruba_captive_portal2

Configure Client IP & VLAN Assignment. In our example, we keep the default settings.

aruba_captive_portal3

Navigate to the Security tab and configure Security Level:

Splash page type: External

Captive portal profile: qa in our example

Auth server 1: qa in our example

Accounting: Use authentication servers

Encryption: Disabled

arubacaptive_portal4

Click on the Edit button next to the Captive portal profile and enter values from the IronWifi console:

Type: Radius Authentication

IP or hostname: console.ironwifi.com

URL: /api/pages/46/

Port: 443

Use http: Enabled

Captive Portal failure: Deny internet

Automatic URL Whitelisting: Enabled

Redirect URL: empty

aruba_captive_portal5

Click on the Edit button next to the Auth server 1 and enter values from the IronWifi console:

IP address: 81.89.56.92 in our example

Auth port: 5701

Accounting port: 5702

Shared key: xxxxxxxxx


aruba_external_radius6

Click on the Walled garden link and enter values from the IronWifi console:

White list: all IP addresses and host-names from the IronWifi console

aruba_walled_garden7

By default, Aruba controller will intercept HTTPS traffic to all external servers breaking SSL connections. To prevent this, we need to create new Role permitting TCP connections to port 443 on external servers - splash.ironwifi.com, google.com, facebook.com etc.

allow https

Enable the Assign pre-authentication role and select create role. Click on the Finish button to apply new settings.

pre-authentication