Information required for FansWiFi Manager
Mac Addresses of the APs
Tested Model and Firmware Version
Standalone Controller
Model: Aruba Mobility Controller Aruba7005-US
Software Version: ArubaOS 8.10.0.9 LSR
Controller managed by Aruba Mobility Conductor / Mobility Master (MM / MD)
Software Version: ArubaOS 8.10.0.12 LSR
Setting on Aruba Controller
Step 0: Make sure the controller can successfully connect to both the Internet and FansWiFi radius server
a. Goto Diagnostics > Tools > Ping
b. If (a) does not success (i.e. the controller cannot ping 8.8.8.8 or our radius sever address), the controller is probably do not have correct IP or Default Gateway configuration
Make sure your controller have a "Default Gateway" setting if not available
A common configuration issue is that the controller do not have the Default Gateway setting by default. If the controller do not have the default gateway setting, it can't communicate with the Internet and also our FansWiFi Radius server
Goto Configuration > Interface > IP route
Click "+" under Static Default Gateway
IP address: "IP Address of your network's gateway"
Click "Submit"
Try step (a) again to see whether it can connect to both Internet and FansWiFi radius server or not
Step 1: Configuration: WLAN and SSID
a. Access the Aruba Mobility Controller by opening a Web Browser
b. Click Configuration > WLAN > "+" to configure new WLAN
c. In General setting
Name (SSID):- FansWiFi Free WiFi -
Or any SSID you preferred
Primary usage: Guest
Click "Next"
e. In VLANs setting
VLAN: 1 (or any vlan you use)
🚨 Please make sure the controller have an L3 interface and IP address on the VLAN used for Captive Portal SSID 🚨
Otherwise, the controller will not able to redirect WiFi users to Captive Portal page
Please refer to FAQ for more details
click "Next"
f. In Security setting
Select ClearPass or other external Captive Portal
In Auth servers, Click "+" > "+" (Create new server)
Select "RADIUS"
Configure with following settings:
Name: FansWiFi_rad1
IP address: 103.6.85.240
Auth port: 1812
Accounting port: 1813
Shared key: social123
Retype key: social123
Click "Submit"
Then, configure with following settings:
Auth servers: FansWiFi_Radius
Host: connect-p.fanswifi.com
Page: /auth
Redirect URL: https://connect-p.fanswifi.com/auth?res=success
Click "Next"
g. In Access setting, click "Finish"
Step 2: Configuration: Walled Garden
a. Select Configuration > Roles & Policies > Aliases
b. Click "+" to add a walled garden
c. Configure the settings with below settings
i. IP Version: IPv4
ii. Name: FansWiFi_WalledGarden
d. Click "+" to add a rule and configure with below settings
i. Rule Type: Name
ii. Domain Name: *Enter walled garden domain name*
e. Click OK to confirm details and add a new rule
f. Configure the walled garden with below settings
Walled Garden List (required)
i. Walled Garden List (Optional, you may skip this if there is no Facebook Login Enabled)
www.google.com.hk (Local Google URL of your Country / Region)
Example:
EU: www.google.eu
UK: www.google.co.uk
Hong Kong: www.google.com.hk
Japan: www.google.co.jp
Taiwan: www.google.com.tw
Thailand: www.google.co.th
Malaysia: www.google.com.my
Myanmar: www.google.com.mm
ii. Walled Garden List (Optional, you may skip this if there is no Weibo Login Enabled)
iii. Walled Garden List (Optional, you may skip this if there is no Instagram Login Enabled)
vi. Twitter Login (Optional, you may skip this if there is no Twitter Login Enabled)
vi. LINE Login (Optional, you may skip this if there is no LINE Login Enabled)
vi. PayPal Login (Optional, you may skip this if there is no PayPal Login Enabled)
v. Video Login (Optional, you may skip this if there is no Video Login Enabled)
g. Click Submit to save configuration
Step 3: Configuration: Captive Portal
a. Click Configuration > Authentication > L3 Authentication
b. Select Captive Portal Authentication
c. Select - FansWiFi Free WiFi -_cppm_prof
a profile will be created automatically by the controller for each SSID you created <ssid-name-you-configured>_cppm_prof in Step 1
add configure with below settings
i. Default Role: guest
ii. Default Guest Role: guest
iii. Redirect Pause: 0
iv. User Login: Ticked
v. Guest Login: Unticked
vi. Logout popup window: Unticked
vii. Use HTTP for authentication: Ticked
viii. Show FQDN: Ticked
ix. Authentication Protocol: PAP
x. Login page: https://connect-p.fanswifi.com/auth
xi. Welcome page: https://connect-p.fanswifi.com/auth?res=success
xii.Show Welcome page: Ticked
xiii. Add switch IP in redirection URL: Ticked
xiv. Adding user vlan in redirection URL: Ticked
xv. Adding AP's MAC address in redirection URL: Ticked
xvi. Allow only one active user session: Unticked
xvii. White List: Add FansWiFi_WalledGarden from the list (by clicking "+")
FansWiFi_WalledGarden was defined in Step 2
- FansWiFi Free WiFi -_cppm_prof should remain in allow list
xviii. Redirect URL: https://connect-p.fanswifi.com/auth?res=success
d. Click Submit to save configuration
Step 4: Configuration: AAA profile
a. Click Configuration > Authentication > AAA profiles
b. Select AAA
c. Select - FansWiFi Free WiFi -_aaa_prof
a profile will be created automatically by the controller for each SSID you created <ssid-name-you-configured>_aaa_prof in Step 1
d. Leave all settings as they are, except:
i. RADIUS Roaming Accounting: Ticked
ii. RADIUS Interim Accounting: Ticked
e. Click Submit to save configuration
Step 5: Configuration: Radius Server
a. Click Configuration > Authentication > Auth servers
b. From all server, select FansWiFi_rad1
c. Leave all settings as they are, except:
i. NAS ID: socialnas
ii. Mode: Ticked
iii. MAC address delimiter: Dash
iv. Station ID Type: AP MAC address
v. Station ID Delimiter: Dash
vi. Include SSID: Ticked
e. Click Submit to save configuration
Step 6: Add AP to FansWiFi Admin Panel
Login to FansWiFi Admin Panel
Click Settings -> Hotspots -> Create
Venue: Select the venue of where your Access Point locates
Hotspot Name: Name each Access Point to make it identifiable
AP Type: Select “Aruba Mobility Controller”
Mac Address: Input unique MAC Address of each Access Point in your venue (Not controller)
Click Create
FAQ
1. How to deauthorize wifi user to bring user back to the login page after login?
During testing, you may want to try different login methods.
But after user authorized in any login method, captive portal will not be shown again before the expiry of session time.
If you may want to bring the user back to the captive portal page for testing different login methods, you will need to unauthorize the WiFi user.
WiFi User Logout trigger by: | WiFi User's Device (usually, access a logout url on browser) | Controller Web Admin Interface | Conductor Web Admin Interface |
| No Information
Last Testing: | Not available
Last Testing: | Available
Last Testing: |
WiFi User Logout trigger by Web UI:
Available for Aruba Mobility Conductor / Mobility Master (MM / MD)
Navigate to Dashboard > Overview > Clients
or the Clients button on top of the Web UI
Select the client you want to logout
Click Delete wireless client to logout the user
⭐ This button is likely not available in Aruba Mobility Controller in ArubaOS 8.x version
WiFi User Logout trigger by SSH:
Available for both Aruba Conductor and Controller
SSH to the controller
ssh admin@<controller-ip-address>
After entering the Aruba controller through ssh, you may use following commend to check the user status and mac addresses:
show user-table
Or you may also show only captive portal users
show user-table authentication-method web
To unearth the user, delete selected WiFi user by the mac address
aaa user delete mac <device-mac-address>
You may also delete all the user by the following commend (Use with caution, all WiFI user on the controller would be deauthenticated. This command is only for testing phrase.)
aaa user delete all
2. If VLAN is used in your WLAN / SSID with captive portal, please make sure the controller have an Interface and IP Address on this VLAN
⭐ Please make sure the controller have an IP address on the VLAN
Otherwise, the controller will not able to redirect WiFi users to Captive Portal page
Select Configuration > Interface > VLANs
Choose the VLAN your SSID is configured
Configure an IP Address