What do I need?
Before you configure this appliance, you will need a RADIUS Server license. You can reach out to firstname.lastname@example.org to obtain one.
- Once you have the license, paste it in Space Settings > Integrations > Radius
- Save the settings and then click on "Manage Radius Servers".
- Click on "Add Radius Server" and give it a meaningful name and a description. Choose the correct appliance vendor
- Once the server is created you can access its details to get the IP addresses, port numbers and secrets to used in the configuration of the appliance below.
Configuring Aruba Controller
This page explains basic configuration for Aruba Virtual Controller and external Captive Portal with RADIUS authentication.
This option will present users with a splash page. It relies on your WiFi network to be open or to use a shared WiFi password. When users connect to it and open their browser, they will presented with a login screen where to type their email and pincode to connect to your network.
- Sign-in to the Aruba Administration console usually available at https://instant.arubanetworks.com:4343.
- Navigate to Network -> Edit and open configuration settings of a network that should be protected with a Captive Portal with RADIUS authentication - aruba qa in our example.
- Configure Client IP & VLAN Assignment. In our example, we keep the default settings.
Navigate to the Security tab and configure Security Level:
Splash page type: External
Captive portal profile: qa in our example
Auth server 1: qa in our example
Accounting: Use authentication servers
Click on the Edit button next to the Captive portal profile and enter values from the IronWifi console:
Type: Radius Authentication
IP or hostname: http://XYZ.spaces.nexudus.com/ (XYZ is the subdomain of your account as found in System > Spaces > your space name > Web Address.)
Use https: Enabled
Captive Portal failure: Deny internet
Automatic URL Whitelisting: Enabled
Redirect URL: empty
Click on the Walled garden link and enter values from the RADIUS server.
White list: all IP addresses and host-names below, including http://XYZ.spaces.nexudus.com/
Enable the Assign pre-authentication role and select create role. Click on the Finish button to apply new settings.
To fix the SSL error, you will need to replace default invalid certificate.
You can generate a valid SSL certificate for free on this URL - https://www.sslforfree.com/. You can let the page generate a certificate signing request for you, or visit the following page for detailed instructions on how to generate a request manually - https://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025. Don't use a wildcard SSL certificate.
Copy content of downloaded files certificate.crt, ca_bundle.crt and private.key to a single file (aruba.pem).
Upload this file to your Aruba IAP - click on Maintenance -> Certificates.
Certificate type: Captive portal server certificate
Certificate format: PAM
Click on the Upload Certificate button to apply new settings.