Guest access – Aruba

In this topic, you will learn how to configure Aruba wireless controllers to work together with the Portnox™ Cloud captive portal for guest user authentication.

Aruba Central

In this section, you will learn how to configure access points managed using Aruba Central to work together with the Portnox™ Cloud captive portal for guest user authentication.

Note: This configuration was tested using the Aruba AP-505 Access Point.
  1. In the left-hand side main menu, click on the Devices option and then, in the right-hand side pane, click on the name of the device that you want to configure.

  2. In the left-hand side menu for the selected device, click on the Device option. Then, in the right-hand side pane, make sure that the WLANs tab is active, and under the Wireless SSIDs list, click on the Add SSID button to add a new SSID.

    Note: You can also edit an existing SSID by clicking on its name on the Wireless SSIDs list.
  3. In the Create a New Network wizard, fill in the fields as required for your new SSID until you get to the Security step.
  4. In the Security step:

    1. Set the Security Level slider to the Visitors position.
    2. In the Type field, select the External Captive Portal option.
    3. Click on the  +  icon to the right of the Captive Portal Profile label to create a captive portal profile.
  5. In the External Captive Portal – New window:

    1. In the Name field, enter a name for this captive portal configuration.
    2. In the IP or Hostname field, enter guests.portnox.com.
    3. In the URL field, paste the value of the Captive Portal URL without the leading https://guests.portnox.com but with the leading slash.
      Note: You saved the value of Captive Portal URL when you configured the Portnox Cloud guest network.

      For example, the URL field could look like: /b2973887-1274-45c4-91d0-53d1a5eacf20-yoursuffix.

    4. You can leave the default values of the remaining fields or configure them as needed. Then, click on the OK button to save your captive portal configuration.
  6. Back in the Create a New Network wizard’s Security step, click on the  +  icon to the right of the Primary Server label to create a RADIUS server configuration.

    Note: If you already created a RADIUS server profile, for example, when configuring wireless access for employees, you can use the existing profile instead of creating a new one.
  7. In the New Server window:

    1. In the Server Type field, select the RADIUS option.
    2. In the Name field, enter a name for this RADIUS server configuration.
    3. In the IP Address/FQDN field, enter your Cloud RADIUS IP, which you obtained when you created the cloud RADIUS server.
    4. In the Shared Key and Retype Keyfields, paste your Shared Secret, also obtained when you created the cloud RADIUS server.
    5. In the Auth Port field, enter your Authentication port number, also obtained when you created the cloud RADIUS server.
    6. In the Accounting Port field, enter your Accounting port number, also obtained when you created the cloud RADIUS server.
    7. In the Timeout (in secs) field, enter 30 to avoid timeouts due to any intermittent Internet connection delays.
    8. Click on the OK button to save your configuration.
  8. Optional: Back in the Create a New Network wizard’s Security step, click on the  +  icon to the right of the Secondary Server label to create a second RADIUS server configuration.

    Note: Do this only if your Portnox Cloud tenant is configured with two cloud RADIUS servers or if you’re using a local RADIUS server in addition to the cloud RADIUS server. If you already created a secondary RADIUS server profile, for example, when configuring wireless access for employees, you can use the existing profile instead of creating a new one.
  9. Proceed to the Access step of the Create a New Network wizard:

    1. Set the Access rules slider to the Role Based position.
    2. Click on the Add Role button below the Role table to create a new role.
  10. In the Add Role window, enter a name for the new role.

    This role will be used to control network access before the user authenticates with the captive portal, so we recommend to use a name such as Pre_Authentication.

  11. In the Access rules table, in the Role column, click on the newly created role. In the Access Rules For Selected Roles column, click on the Allow any to all destinations entry. Then, click on the  ✎  icon to edit the rule.

  12. In the Access rules window, in the Destination field, select the To a Domain Name option, and in the Domain Name field, enter guests.portnox.com. Then, click on the OK button to save the edited rule.

  13. Scroll all the way to the bottom of the Access rules pane, activate the checkbox next to the Assign Pre-Authentication Role field, and in the selection field, select the name of the pre-authentication role that you just created and configured.

  14. Complete the remaining steps of the Create a New Network wizard.

Aruba Mobility Controller

In this section, you will learn how to configure an Aruba Mobility Controller to work together with the Portnox™ Cloud captive portal for guest user authentication.

Before you begin configuring your access point, you must configure the guest network in Portnox Cloud and note down the values of the fields: IP (for walled garden) and Captive Portal URL.

Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models. Therefore, to get the most accurate and current configuration guidance, we strongly recommend that you refer to the documentation provided by the manufacturer. If you need help setting up newer equipment that does not match the description in this topic, contact us at support@portnox.com.
  1. In the Aruba Mobility Controller web interface, navigate to Configuration > Authentication > Auth Servers, and add a new server. Then, enter the details of the Portnox Cloud RADIUS server that you created earlier: the IP Address, the Auth port, the Acct port, and the Shared key.

  2. Optional: Repeat for the other Portnox Cloud RADIUS server, if needed.
  3. Navigate to Configuration > WLAN and add a new SSID or edit an existing SSID.
    1. In the General tab, in Primary usage, select Guest.

    2. In the Security tab, select ClearPass or other external Captive Portal.
    3. In Auth servers, select the RADIUS server or servers that you configured earlier.
    4. In Host, enter https://guests.portnox.com.
    5. In Page, enter the remaining part of the Captive Portal URL that you obtained when you configured the guest network in Portnox Cloud.

      For example, if Captive Portal URL is https://guests.portnox.com/12345-12345-12345, in Page, enter /12345-12345-12345.