Skip to main content

Aruba Mobility Controller Setup Guide (Version 8.x)

F
Written by FansWiFi Marketing
Updated over a month ago

Information required for FansWiFi Manager

  • Mac Addresses of the APs

Tested Model and Firmware Version

  • Standalone Controller

    • Model: Aruba Mobility Controller Aruba7005-US

    • Software Version: ArubaOS 8.10.0.9 LSR

  • Controller managed by Aruba Mobility Conductor / Mobility Master (MM / MD)

    • Software Version: ArubaOS 8.10.0.12 LSR

Setting on Aruba Controller

Step 0: Make sure the controller can successfully connect to both the Internet and FansWiFi radius server

  • a. Goto Diagnostics > Tools > Ping

    • Please ping with the following IP address one-by-one:

      • IP address: 8.8.8.8 (Google's DNS Address)

      • IP address: 103.6.85.240 (radius.fanswifi.com)

      • Click "Ping"

        • If either one IP address is not success, please move to (b)

        • If both IP address are success, please move to step 1

  • b. If (a) does not success (i.e. the controller cannot ping 8.8.8.8 or our radius sever address), the controller is probably do not have correct IP or Default Gateway configuration

    • Make sure your controller have a "Default Gateway" setting if not available

      • A common configuration issue is that the controller do not have the Default Gateway setting by default. If the controller do not have the default gateway setting, it can't communicate with the Internet and also our FansWiFi Radius server

      • Goto Configuration > Interface > IP route

        • Click "+" under Static Default Gateway

          • IP address: "IP Address of your network's gateway"

          • Click "Submit"

          • Try step (a) again to see whether it can connect to both Internet and FansWiFi radius server or not

Step 1: Configuration: WLAN and SSID

  • a. Access the Aruba Mobility Controller by opening a Web Browser

  • b. Click Configuration > WLAN > "+" to configure new WLAN

  • c. In General setting

    • Name (SSID):- FansWiFi Free WiFi -

      • Or any SSID you preferred

    • Primary usage: Guest

    • Click "Next"

  • e. In VLANs setting

  • f. In Security setting

    • Select ClearPass or other external Captive Portal

    • In Auth servers, Click "+" > "+" (Create new server)

      • Select "RADIUS"

      • Configure with following settings:

        • Name: FansWiFi_rad1

        • IP address: 103.6.85.240

        • Auth port: 1812

        • Accounting port: 1813

        • Shared key: social123

        • Retype key: social123

      • Click "Submit"

    • Then, configure with following settings:

    • Click "Next"

  • g. In Access setting, click "Finish"

Step 2: Configuration: Walled Garden

  • a. Select Configuration > Roles & Policies > Aliases

  • b. Click "+" to add a walled garden

  • c. Configure the settings with below settings

    • i. IP Version: IPv4

    • ii. Name: FansWiFi_WalledGarden

  • d. Click "+" to add a rule and configure with below settings

    • i. Rule Type: Name

    • ii. Domain Name: *Enter walled garden domain name*

  • e. Click OK to confirm details and add a new rule

  • f. Configure the walled garden with below settings

Walled Garden List (required)

  1. *.fanswifi.com

i. Walled Garden List (Optional, you may skip this if there is no Facebook Login Enabled)

  1. *.facebook.com

  2. *.facebook.net

  3. *.fbcdn.net

  4. *.fbcdn.com

  5. *.akamaihd.net

  6. www.google.com

  7. *.doubleclick.net

  8. www.google.com.hk (Local Google URL of your Country / Region)

    1. Example:

      1. EU: www.google.eu

      2. UK: www.google.co.uk

      3. Hong Kong: www.google.com.hk

      4. Japan: www.google.co.jp

      5. Taiwan: www.google.com.tw

      6. Thailand: www.google.co.th

      7. Malaysia: www.google.com.my

      8. Myanmar: www.google.com.mm

ii. Walled Garden List (Optional, you may skip this if there is no Weibo Login Enabled)

  1. *.weibo.com

  2. *.weibo.cn

  3. *.sinaapp.com

  4. *.sina.com.cn

  5. *.sinajs.cn

iii. Walled Garden List (Optional, you may skip this if there is no Instagram Login Enabled)

  1. *.instagram.com

  2. *.akamaihd.net

  3. *.cdninstagram.com

vi. Twitter Login (Optional, you may skip this if there is no Twitter Login Enabled)

  1. *.twitter.com

  2. *.twimg.com

vi. LINE Login (Optional, you may skip this if there is no LINE Login Enabled)

  1. *.line.me

  2. *.line-scdn.net

vi. PayPal Login (Optional, you may skip this if there is no PayPal Login Enabled)

  1. *.paypal.com

  2. *.paypalobjects.com

  3. www.google-analytics.com

v. Video Login (Optional, you may skip this if there is no Video Login Enabled)

  1. *.akamaized.net

  2. *.akamaihd.net

  3. ssl.google-analytics.com

    1. *.scorecardresearch.com

    2. *.vimeocdn.com

    3. *.vimeo.com

  • g. Click Submit to save configuration


Step 3: Configuration: Captive Portal

  • a. Click Configuration > Authentication > L3 Authentication

  • b. Select Captive Portal Authentication

  • c. Select - FansWiFi Free WiFi -_cppm_prof

    • a profile will be created automatically by the controller for each SSID you created <ssid-name-you-configured>_cppm_prof in Step 1

  • add configure with below settings

    • i. Default Role: guest

    • ii. Default Guest Role: guest

    • iii. Redirect Pause: 0

    • iv. User Login: Ticked

    • v. Guest Login: Unticked

    • vi. Logout popup window: Unticked

    • vii. Use HTTP for authentication: Ticked

    • viii. Show FQDN: Ticked

    • ix. Authentication Protocol: PAP

    • x. Login page: https://connect-p.fanswifi.com/auth

    • xi. Welcome page: https://connect-p.fanswifi.com/auth?res=success

    • xii.Show Welcome page: Ticked

    • xiii. Add switch IP in redirection URL: Ticked

    • xiv. Adding user vlan in redirection URL: Ticked

    • xv. Adding AP's MAC address in redirection URL: Ticked

    • xvi. Allow only one active user session: Unticked

    • xvii. White List: Add FansWiFi_WalledGarden from the list (by clicking "+")

      • FansWiFi_WalledGarden was defined in Step 2

      • - FansWiFi Free WiFi -_cppm_prof should remain in allow list

    • xviii. Redirect URL: https://connect-p.fanswifi.com/auth?res=success

  • d. Click Submit to save configuration

Step 4: Configuration: AAA profile

  • a. Click Configuration > Authentication > AAA profiles

  • b. Select AAA

  • c. Select - FansWiFi Free WiFi -_aaa_prof

    • a profile will be created automatically by the controller for each SSID you created <ssid-name-you-configured>_aaa_prof in Step 1

  • d. Leave all settings as they are, except:

    • i. RADIUS Roaming Accounting: Ticked

    • ii. RADIUS Interim Accounting: Ticked

  • e. Click Submit to save configuration

Step 5: Configuration: Radius Server

  • a. Click Configuration > Authentication > Auth servers

  • b. From all server, select FansWiFi_rad1

  • c. Leave all settings as they are, except:

    • i. NAS ID: socialnas

    • ii. Mode: Ticked

    • iii. MAC address delimiter: Dash

    • iv. Station ID Type: AP MAC address

    • v. Station ID Delimiter: Dash

    • vi. Include SSID: Ticked

  • e. Click Submit to save configuration

Step 6: Add AP to FansWiFi Admin Panel

  • Login to FansWiFi Admin Panel

  • (8a) Create.png

  • Click Settings -> Hotspots -> Create

    1. Venue: Select the venue of where your Access Point locates

    2. Hotspot Name: Name each Access Point to make it identifiable

    3. AP Type: Select “Aruba Mobility Controller”

    4. Mac Address: Input unique MAC Address of each Access Point in your venue (Not controller)

  • Click Create


FAQ

1. How to deauthorize wifi user to bring user back to the login page after login?

  • During testing, you may want to try different login methods.

  • But after user authorized in any login method, captive portal will not be shown again before the expiry of session time.

  • If you may want to bring the user back to the captive portal page for testing different login methods, you will need to unauthorize the WiFi user.

WiFi User Logout trigger by:

WiFi User's Device

(usually, access a logout url on browser)

Controller Web Admin Interface

Conductor Web Admin Interface

No Information

Last Testing:

Not available

Last Testing:

Available

Last Testing:

WiFi User Logout trigger by Web UI:

Available for Aruba Mobility Conductor / Mobility Master (MM / MD)

  • Navigate to Dashboard > Overview > Clients

    • or the Clients button on top of the Web UI

  • Select the client you want to logout

  • Click Delete wireless client to logout the user

  • ⭐ This button is likely not available in Aruba Mobility Controller in ArubaOS 8.x version

WiFi User Logout trigger by SSH:

Available for both Aruba Conductor and Controller

  • SSH to the controller

ssh admin@<controller-ip-address>

  • After entering the Aruba controller through ssh, you may use following commend to check the user status and mac addresses:

show user-table

  • Or you may also show only captive portal users

show user-table authentication-method web

  • To unearth the user, delete selected WiFi user by the mac address

aaa user delete mac <device-mac-address>

  • You may also delete all the user by the following commend (Use with caution, all WiFI user on the controller would be deauthenticated. This command is only for testing phrase.)

aaa user delete all

2. If VLAN is used in your WLAN / SSID with captive portal, please make sure the controller have an Interface and IP Address on this VLAN

  • ⭐ Please make sure the controller have an IP address on the VLAN

  • Otherwise, the controller will not able to redirect WiFi users to Captive Portal page

  • Select Configuration > Interface > VLANs

    • Choose the VLAN your SSID is configured

    • Configure an IP Address

Did this answer your question?