This article describes how to enable Cloudi-Fi captive portal on Aruba Airwave supervisor.

This setup consists of below main parts:

  1. Get Cloudi-Fi required information

  2. Enable Instant GUI Config

  3. SSID Configuration

  4. Import SSL certificate

  5. Syslog forwarding

1) Get Cloudi-Fi required information

Location URL : this URL will be used to configure an External Captive Portal

  • Cloudi-Fi administration > Locations > Click on the menu button of the location and select Copy Splash page URI

  • Transform the URI as following

Company Key :

  • Go to Settings > Company Account and copy the Cloudi-Fi Public Key

Radius Server Information

2) Enable Instant GUI Config

The Instant GUI config feature allows Instant APs to be configured via AirWave, rather than through the embedded controllers in the access points.

Enabling this feature is done in Groups > Basic and Enable Instant GUI Config

Save and Apply. The Instant Config menu should be visible in Groups > List > Select the Group name to configure.

3) SSID Configuration

Go to Groups > List and select the Group name where you want to define SSIDs

Click on the "+" button to add a new network

  • Type : Wireless

  • Name : Give it a name

  • Usage : Guest

In the advanced options, make sure that the SSID is broadcasted.

In the VLAN menu, configure the appropriate network parameters.

In the Security menu, choose Splash page type: External

Create a captive portal profile

  • Type: Radius Authentication

  • IP or hostname: login.cloudi-fi.net

  • URL: paste the rest of the splash page URI

  • Port: 443

  • Use HTTPS : Enabled

  • Captive portal Failure : Deny Internet

  • Automatic Whitelisting : Enabled

  • Redirect URL: your website

Create Radius authentication servers

  • IP : Provided by Cloudi-Fi

  • Auth Port : 1812

  • Shared secret : Provided by Cloudi-Fi

  • Confirm Shared secret : Provided by Cloudi-Fi

  • RFC 5997 : Authentication

  • Nas-Identifier : Cloudi-Fi Public Key

  • Service type framed user : Captive portal

In the Access menu, choose Role-Based and create a new rule

  • Rule Type : Access Control

  • Service : Network

  • Any

  • Action : Allow

  • Destination : To a Particular server

  • IP : login.cloudi-fi.net

  • Options : Log

Select this new rule as the pre-authentication rule

In Access Rules, edit the rule and check the log option

4) Import SSL certificate

TLS/SSL certificates secure internet connections by encrypting your data. They ensure that data is transmitted privately, without modification, loss or theft. By adding a certificate, you ensure a more secure Internet experience for your users.

In addition, some browsers may block authentication on HTTP pages. Using a certificate will allow access to HTTPS pages and your users can authenticate themselves.

Go to Device Setup > Certificate and add a new item:

  • Name: Name of the certificate

  • Certificate Name : Import the certificate from your computer

  • Passphrase and confirm Passphrase : Provide the secret Key

  • Format : PKCS#12 or PEM

  • Type : Captive Portal Cert

Go to Groups > List > Select Group > Basic > Aruba Instant and select the appropriate Certificate for Captive portal Cert

5) Syslog Forwarding

We are now going to configure the Syslog so that the access logs are sent to Cloudi-Fi.

Go to Instant Config > System > Monitoring

  • Syslog server : IP provided by Cloudi-Fi

  • Syslog Facility levels : According to your convenience, at least User and User-Debug with the Debug level (or by default all at Debug)

Did this answer your question?