Aruba Instant AP

This guide walks through configuring Aruba Instant Configuration. This is the GUI or web-based interface that sits on the IAP itself. 

Note: Before getting started, please verify you have IAP version 6.3 or higher, as this is required.

Note 2: Before getting started, please make sure the Access Point is named the MAC address.  For example, instead of "Dining Room" as the AP name, the AP name should be 00:11:22:AA:BB:CC.

 

1. Log in via your Aruba IAP, through the web-based browser. In the top left under 'Network', click 'New'.

 

2. Under 'WLAN Settings':

  • Enter your desired network name (SSID)
  • 'Primary usage' as 'Guest'

 

3. Under 'VLAN Settings':

  • 'Client IP assignment' as 'Virtual Controller managed'
  • 'Client VLAN assignment' as 'Default
    • *Note, custom VLAN assignment configurations are also acceptable

 

4.  Under 'Security':

a.'Splash page type' as 'External' 

 

b. Create a new 'Captive portal profile' 

  • 'Name' as 'Turnstyle Captive Portal'
  • 'Type' as 'Radius authentication'
  • 'IP or hostname' as 'wifi.getturnstyle.com'
  • 'URL' as '/'
  • 'Port' as '443'
  • 'Use https' as 'Enabled'
  • 'Captive Portal failure' as 'Deny Internet'
  • 'Automatic URL Whitelisting' as 'Disabled'
  • 'Redirect URL' as 'http://wifi.getturnstyle.com/success'

 

c. Create two new 'Auth server' 

Auth Server 1

  • 'Name' as 'Turnstyle-RADIUS'
  • 'Server address' as '52.20.198.151'
  • 'RadSac' as 'Disabled'
  • 'Auth port' as '1812'
  • 'Accounting port' as '1813'
  • 'Shared key' as '*contact support@getturnstyle.com'
  • 'Retype key' as '*contact support@getturnstyle.com'

Auth Server 2

  • 'Name' as 'Turnstyle-RADIUS-2'
  • 'Server address' as '52.22.120.222'
  • 'RadSac' as 'Disabled'
  • 'Auth port' as '1812'
  • 'Accounting port' as '1813'
  • 'Shared key' as '*Contact support@getturnstyle.com'
  • 'Retype key' as '*Contact support@getturnstyle.com'

d. 'Reauth interval' as '0'

 

e. Click 'Blacklist, Walled garden'

In 'Whitelist', click 'New' and add each URL in the list below:

.getturnstyle.com
s3.amazonaws.com
.nr-data.net
.newrelic.com
.bootstrapcdn.com
.akamaihd.net
.fbcdn.net
.facebook.com
connect.facebook.net
.twitter.com
.twimg.com
.linkedin.com
.licdn.com

 Note: The above walled garden does not support Google+ as an authentication method.  For full details please see here.

 

5. Under 'Access':

  • 'Access Rules' as 'Role-based'
  • Under 'Roles', select 'New' and enter 'Preauth' as the name
    • Under 'Access Rules' for 'Preauth', select 'New' and create the following rule:

      • Rule type: Access control
      • Service: Network - any
      • Action: Allow
      • Destination: to domain name
      • Domain name: *WALLED GARDEN DOMAIN FROM LIST*
  • Like you did above, you'll need to add a rule, for all the below domains:

.getturnstyle.com
s3.amazonaws.com
.nr-data.net
.newrelic.com
.bootstrapcdn.com
.akamaihd.net
.fbcdn.net
.facebook.com
connect.facebook.net
.twitter.com
.twimg.com
.linkedin.com
.licdn.com

 

 

  • Under 'Roles', select the role with the same name as the SSID name you previously created. At the bottom, check 'Assign pre-authentication role' and select 'Preauth' from the drop-down menu. 

 

Click 'Finish' to complete the process! 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments