Aruba Virtual Controller

This page explains different configuration scenarios for Aruba Virtual Controller and authentication with IronWifi.

Captive Portal and Sign-on with IronWifi RADIUS



to the Aruba Administration console available at



Navigate to Network -> Edit and open configuration settings of a network that should be protected with a Captive Portal with RADIUS authentication - aruba qa in our example.




Configure Client IP & VLAN Assignment. In our example, we keep the default settings.





Navigate to the Security tab and configure Security Level:

Splash page type: External

Captive portal profile: qa in our example

Auth server 1: qa in our example

Accounting: Use authentication servers

Encryption: Disabled



Click on the Edit button next to the Captive portal profile and enter values from the IronWifi console:

Type: Radius Authentication

IP or hostname:

URL: /api/pages/46/

Port: 443

Use http: Enabled

Captive Portal failure: Deny internet

Automatic URL Whitelisting: Enabled

Redirect URL: empty




Click on the Edit button next to the Auth server 1 and enter values from the IronWifi console:

IP address: in our example

Auth port: 5701

Accounting port: 5702

Shared key: xxxxxxxxx




Click on the Walled garden link and enter values from the IronWifi console:

Whitelist: all IP addresses and hostname from IronWifi console




allow https


By default, Aruba controller will intercept HTTPS traffic to all external servers breaking SSL connections. To prevent this, we need to create new Role permitting TCP connections to port 443 on external servers -,, etc.



Enable the Assign pre-authentication role and select create role. Click on the Finish button to apply new settings.