Skip to main content
All CollectionsHotspot Setup GuideAruba (HPE)
Aruba Mobility Controller Setup Guide
Aruba Mobility Controller Setup Guide
L
Written by Lawrence Soong
Updated this week

Information required for FansWiFi Manager

  • Mac Addresses of the APs

Tested Model and Firmware Version

  • Model: Aruba3200-US

  • Firmware Version: 6.3.1.24

Setting on Aruba Controller

Step 0: Make sure the controller can successfully connected to FansWiFi radius server

  • a. Goto Diagnostics > Network > Ping

    • IP address: 103.6.85.240 (radius.fanswifi.com)

      image2024-12-18_16-56-58.png

    • Click "Ping"

      • If not success, please move to (b)

      • If success, please move to step 1

        image2024-12-18_16-58-39.png

  • b. Goto Configuration > IP

    • Click "Add" under Static from Default Gateway

      • IP address: "Your IP address"

      • Click "Add"

      • image2024-12-18_17-2-50.png

    • Try step (a) again to see whether it can connect to the radius or not

Step 1: Configure the Aruba Mobility Controller

  • a. Access the Aruba Mobility Controller by opening a Web Browser

  • b. Click Configuration > WIZARDS > Campus WLAN to open wizard to configure

Screen Shot 2018-07-13 at 6.54.54 PM.png

  • c. Under WLANs box, click New. Enter SSID name (e.g. FansWiFi) then click Ok and then click Next.

Screen Shot 2018-07-13 at 4.55.52 PM.png

  • d. In Forwarding Mode, select "Tunnel" then click Next

Screen Shot 2018-07-13 at 4.56.29 PM.png

  • e. In Radio & VLAN, configure with:

    • i. Radio Type: All

    • ii. Broadcast SSID: Yes

    • iii. VLAN: 1

  • Click Next to save configuration

Screen Shot 2018-07-13 at 4.56.52 PM.png

  • f. In Internal/Guest, select "Guest" then click Next

Screen Shot 2018-07-13 at 4.57.02 PM.png

  • g. In Authentication and Encryption, select "Captive portal with authentication via credentials(username and password) provided by user" then click Next

Screen Shot 2018-07-13 at 4.57.19 PM.png

  • h. In Authentication Server, click Add and configure with below settings

    • First Server

      • i. Server type: RADIUS

      • ii. Name: FansWiFi_rad1

      • iii. IP address: 103.6.85.240

      • iv. Auth port: 1812

      • v. Acct port: 1813

      • vi. Shared key: social123

      • vii. Retype key: social123

    • Second Server

      • i. Server type: RADIUS

      • ii. Name: FansWiFi_rad2

      • iii. IP address: 52.220.226.90

      • iv. Auth port: 1812

      • v. Acct port: 1813

      • vi. Shared key: social123

      • vii. Retype key: social123

  • Click Ok when adding each server and then click Next

Screen Shot 2018-07-18 at 3.30.54 PM.png
Screen Shot 2018-07-18 at 3.31.55 PM.png

  • i. In Role Assignment, configure with below settings

    • i. Pre-authentication role: FansWiFi-guest-logon

    • ii. Authenticated role: guest

  • Click Next to save configuration

Screen Shot 2018-07-13 at 5.02.00 PM.png

  • j. In WLAN Configured, you can review the WiFi settings and then click Finish

Screen Shot 2018-07-13 at 7.17.55 PM.png

Step 2: Configuration: Walled Garden

  • a. Select Configuration > ADVANCED SERVICES > Stateful Firewall > Destination

  • b. Click Add to add a walled garden

Screen Shot 2018-07-13 at 5.09.28 PM.png

  • c. Configure the settings with below settings

    • i. IP Version: IPv4

    • ii. Destination Name: FansWiFi_WalledGarden

  • d. Click Add to add a rule and configure with below settings

    • i. Rule Type: name

    • ii. Domain Name: *Enter walled garden domain name*

  • e. Click Add to confirm details and add a new rule

    Screen Shot 2018-07-13 at 5.09.28 PM.png

  • f. Configure the walled garden with below settings

Walled Garden List (required)

  1. *.fanswifi.com

i. Walled Garden List (Optional, you may skip this if there is no Facebook Login Enabled)

  1. *.facebook.com

  2. *.facebook.net

  3. *.fbcdn.net

  4. *.fbcdn.com

  5. *.akamaihd.net

  6. www.google.com

  7. *.doubleclick.net

  8. www.google.com.hk (Local Google URL of your Country / Region)

    1. Example:

      1. EU: www.google.eu

      2. UK: www.google.co.uk

      3. Hong Kong: www.google.com.hk

      4. Japan: www.google.co.jp

      5. Taiwan: www.google.com.tw

      6. Thailand: www.google.co.th

      7. Malaysia: www.google.com.my

      8. Myanmar: www.google.com.mm

ii. Walled Garden List (Optional, you may skip this if there is no Weibo Login Enabled)

  1. *.weibo.com

  2. *.weibo.cn

  3. *.sinaapp.com

  4. *.sina.com.cn

  5. *.sinajs.cn

iii. Walled Garden List (Optional, you may skip this if there is no Instagram Login Enabled)

  1. *.instagram.com

  2. *.akamaihd.net

  3. *.cdninstagram.com

vi. Twitter Login (Optional, you may skip this if there is no Twitter Login Enabled)

  1. *.twitter.com

  2. *.twimg.com

vi. LINE Login (Optional, you may skip this if there is no LINE Login Enabled)

  1. *.line.me

  2. *.line-scdn.net

vi. PayPal Login (Optional, you may skip this if there is no PayPal Login Enabled)

  1. *.paypal.com

  2. *.paypalobjects.com

  3. www.google-analytics.com

v. Video Login (Optional, you may skip this if there is no Video Login Enabled)

  1. *.akamaized.net

  2. *.akamaihd.net

  3. ssl.google-analytics.com

    1. *.scorecardresearch.com

    2. *.vimeocdn.com

    3. *.vimeo.com

  • g. Click Apply to save configuration

Screen Shot 2018-07-18 at 3.21.22 PM.png

Step 3: Configuration: Captive Portal

  • a. Click Configuration > SECURITY > Authentication > L3 Authentication

Screen Shot 2018-07-13 at 5.17.35 PM.png

  • b. Click FansWiFi-cp_prof add configure with below settings

    • i. Default Role: guest

    • ii. Default Guest Role: guest

    • iii. Redirect Pause: 0

    • iv. User Login: Ticked

    • v. Guest Login: Unticked

    • vi Logout popup window: Unticked

    • vii. Use HTTP for authentication: Ticked

    • viii. Show FQDN: Ticked

    • ix. Authentication Protocol: PAP

    • x. Login page: https://connect-p.fanswifi.com/auth

    • xi. Welcome page: *leave it as it is*

    • xii.Show Welcome page: Unticked

    • xiii. Add switch IP in redirection URL: Ticked

    • xiv. Adding user vlan in redirection URL: Ticked

    • xv. White List: Add FansWiFi_WalledGarden from the list

    • xvi. Redirect URL: https://connect-p.fanswifi.com/auth?res=success&id=aruba-xml-api

  • c. Click Apply to save configuration

Screen Shot 2018-07-18 at 4.17.44 PM.png

  • d. Then under FansWiFi-cp_prof, click Server Group

  • e. Configure Server Group > as FansWiFi_srvgrp-xxx (where xxx is a random number)

  • f. Click Apply to save configuration

Screen Shot 2018-07-18 at 4.22.03 PM.png

Step 4: Configuration: XML API Server

  • a. Click Configuration > SECURITY > Authentication > XML API Server

screencapture-172-16-0-81-4343-screens-switch-config_controller-html-2018-12-21-16_16_12.png

  • b. Under XML API Server, add either of the following ip address:

    • i. 52.220.226.90

    • ii. 52.220.206.125

    • iii. 52.77.30.253

    • iv. 52.220.219.128

    • v. 52.220.215.219

    • vi. 52.220.208.185

  • c. Click Add and then click Apply to save configuration

screencapture-172-16-0-81-4343-screens-switch-config_controller-html-2018-12-21-16_19_51.png

  • d. Then click the configured IP address

screencapture-172-16-0-81-4343-screens-switch-config_controller-html-2018-12-21-16_42_02.png

  • e. Under the selected XML API Server, configure with below settings:

    • Key: aruba123

    • Retype: aruba123

  • f. Click Apply to save configuration

screencapture-172-16-0-81-4343-screens-switch-config_controller-html-2018-12-21-16_42_27.png

Step 5: Configuration: AAA Profile

  • a. Click Configuration > SECURITY > Authentication > AAA Profiles

  • b. Click FansWiFi-aaa_prof and configure with below settings

    • Initial role: FansWiFi-guest-logon

    • RADIUS Interim Accounting: Ticked

  • c. Click Apply to save configuration

Screen Shot 2018-07-13 at 6.13.19 PM.png

  • d. Under FansWiFi-aaa_prof, click RADIUS Accounting Server Group

  • e. Select FansWiFi-srvgrp-xxx (where xxx is a random number)

  • f. Click Apply to save configuration

Screen Shot 2018-07-13 at 6.14.33 PM.png

  • g. Under FansWiFi-aaa_prof, click XML_API Server

  • h. Select the XML API Server IP address you configured (e.g. 52.220.226.90) and click Add

  • i. Click Apply to save configuration

screencapture-172-16-0-81-4343-screens-switch-config_controller-html-2018-12-21-16_36_42.png

Step 6: Configuration: Radius Server

  • a. Click Configuration > SECURITY > Authentication > Servers > RADIUS Server

Screen Shot 2018-07-13 at 6.18.48 PM.png

  • b. Click FansWiFi_rad1 and configure with below settings

    • First Radius Server

      • i. NAS ID: Aruba_*mac address of aruba controller*

      • ii. Mode: Ticked

      • iii. MAC address delimiter: dash

  • c. Click Apply to save configuration

  • d. Click FansWiFi_rad2 and configure with below settings

    • Second Radius Server

      • i. NAS ID: Aruba_*mac address of aruba controller*

      • ii. Mode: Ticked

      • iii. MAC address delimiter: dash

  • e. Click Apply to save configuration

Finally, click Save Configuration at the top and reboot the controller to ensure all settings take effect

Step 7: Configure Aruba Mobility Controller Address to FansWiFi Admin Panel

*** Please send this information to your FansWiFi account manager

(required for WeChat WiFi, you may skip this step if there is no WeChat WiFi Enabled)

FansWiFi Admin Panel (Setting > Venue Setting)

2017-09-11_18h42_35.png

  1. Send below information to FansWiFi

    • Public IP Addresses / Domain Name of Mobility Controller

    • Radius CoA Port: 3799

2017-09-11_18h44_46.png

Exceptional Case: Controller behinds Router / Firewall

If the Controller is behind Router / Firewall, it is not directly accessible via FansWiFi Radius Server via Internet. In this case, you need to configure port forwarding on your Router / Firewall to forward the port to the Controller.

2017-09-11_18h44_46.png

Please see below example:

Assume the Public IP of the Router is 1.1.1.1 in this example

  1. Configure Port Forwarding to forward Router’s 50000 Port to Controller’s CoA Port (Default: 3799)

    • Inbound port: 50000 (You can replace any port you want in your setup)

    • Destination IP: 192.168.1.100 (Controller's IP in your network)

    • Destination Port: 3799

2. Send below information to FansWiFi

    • Public IP Addresses of Router: 1.1.1.1 or Domain Name (URL)

    • Radius CoA Port: 50000 (You can replace any port you want in your setup)

Setting in FansWiFi Admin Panel

2017-09-11_18h45_51.png

Step 8: Add AP to FansWiFi Admin Panel

  • Login to FansWiFi Admin Panel

  • Click Settings -> Hotspots -> Add Hotspot

    1. Venue: Select the venue of where your Access Point locates

    2. Hotspot Name: Name each Access Point to make it identifiable

    3. AP Type: Select “Aruba Mobility Controller”

    4. Mac Address: Input unique MAC Address of each Access Point in your venue

  2. Click Save

2017-09-11_17h50_05.png

FAQ

1. How to deauthorize wifi user to bring user back to the login page after login?

  • During testing, you may want to try different login methods.

  • But after user authorized in any login method, captive portal will not be shown again before the expiry of session time.

  • If you may want to bring the user back to the captive portal page for testing different login methods, you will need to unauthorize the WiFi user.

WiFi User Logout trigger by:

WiFi User's Device

(usually, access a logout url on browser)

Controller Web Admin Interface

No Information

Last Testing: 11-9-2017

Available

Last Testing: 18 Jul 2018

WiFi User Logout trigger by:

Controller

  • Navigate to Monitoring > CONTROLLER > Clients

  • Select the client you want to logout

  • Click Disconnect to logout the user

Screen Shot 2018-07-18 at 5.21.09 PM.png

Did this answer your question?