Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Once you have the license, paste it in Space Settings > Integrations > Radius



  2. Save the settings and then click on "Manage Radius Servers".
  3. Click on "Add Radius Server" and give it a meaningful name and a description. Choose the correct appliance vendor




  4. Once the server is created you can access its details to get the IP addresses, port numbers and secrets to used in the configuration of the appliance below.

 


Info
Each license comes with two geographically redundant servers for RADIUS Authentication and RADIUS Accounting. We will create these as close as possible to your physical location based on the data-centers we have available.

...

This option will present users with a splash page. It relies on your WiFi network to be open or to use a shared WiFi password. When users connect to it and open their browser, they will presented with a login screen where to type their email and pincode to connect to your network.

 


  1. Sign-in to the Aruba Administration console usually available at https://instant.arubanetworks.com:4343.

    aruba_captive_portal1

  2. Navigate to Network -> Edit and open configuration settings of a network that should be protected with a Captive Portal with RADIUS authentication - aruba qa in our example.


    aruba_captive_portal2

  3. Configure Client IP & VLAN Assignment. In our example, we keep the default settings.



    • Navigate to the Security tab and configure Security Level:

    • Splash page type: External

    • Captive portal profile: qa in our example

    • Auth server 1: qa in our example

    • Accounting: Use authentication servers

    • Encryption: DisabledProvide us (support@nexudus.com) with the public IP of your UniFi controller. The RADIUS servers need to be able to directly connect to  your Controller (SW, Cloud Key) to authorise connecting devices. Controller URL is usually in format like this https://your_public_static_ip:8443. Make sure it is the PUBLIC IP address and it's reachable through the Internet (not internal address like 192.168.*.*, 172.16.*.*, or 10.*.*.*). You might need to configure port forwarding on your Internet router and firewall. If you are not sure, please consult with your ISP provider.


  4. Click on the Edit button next to the Captive portal profile and enter values from the IronWifi console:

    Type: Radius Authentication
    IP or hostnamehttp://XYZ.spaces.nexudus.com/ (XYZ is the subdomain of your account as found in System > Spaces > your space name > Web Address.)
    URL: /en/splash
    Port: 443
    Use https: Enabled
    Captive Portal failure: Deny internet
    Automatic URL Whitelisting: Enabled
    Redirect URL: empty

     


 

 

 




Click on the Edit button next to the Auth server 1 and enter values from the IronWifi console:

IP address: 81.89.56.92 in our example
Auth port: 5701
Accounting port: 5702
Shared key: xxxxxxxxx


aruba_external_radius6

Click on the Walled garden link and enter values from the RADIUS server.

White list: all IP addresses and host-names from the IronWifi consolebelow, including http://XYZ.spaces.nexudus.com/

aruba_walled_garden7

By default, Aruba controller will intercept HTTPS traffic to all external servers breaking SSL connections. To prevent this, we need to create new Role permitting TCP connections to port 443 on external servers - splash.ironwifi.com, google.com, facebook.com etc.

allow https

...

Page properties
hiddentrue
Related issues