WiFi-based check-in: Aruba virtual controller
Last updated
Was this helpful?
Last updated
Was this helpful?
Before you configure the controller make sure you have set up your .
Use the guide below to configure your Aruba virtual controller and the external Captive Portal with RADIUS authentication.
Sign in to the Aruba Administration console at and type your email and pin-code.
Go to Network > Edit and open the settings of a network that you should configure to use the Captive Portal with RADIUS authentication. Our example network is aruba qa.
Configure Client IP & VLAN Assignment. In our example, we keep the default settings.
From the Splash page type drop-down list, select External.
From the Captive portal profile drop-down list, select your network. In our example, the network is qa.
From the Auth server 1 drop-down list, select your network.
Set Accounting to Use authentication servers.
Set Encryption to Disabled.
Number
Description
1
The Captive portal profile Edit button
Next to Captive portal profile, click Edit.
From the Type drop-down list, select Radius Authentication.
In the URL text box, type /en/splash.
In the Port text box, type 443.
From the Use https drop-down list, select Enabled.
From the Captive Portal failure drop-down list, select Deny internet.
From the Automatic URL Whitelisting drop-down list, select Enabled.
Leave the Redirect URL text box empty.
Number
Description
1
The Auth server 1 Edit button
Next to Auth server 1, click Edit.
In the IP address text box, type the IP address you want to allow access to.
In the Auth port text box, type 5701.
In the Accounting port text box, type 5702.
In the Shared key text box, type your personal key.
Click the Walled garden tab and enter the values from the RADIUS server.
Number
Description
1
The Walled Garden tab
2
The Whitelist section
By default, your Aruba controller intercepts HTTPS traffic to all external servers breaking SSL connections. To prevent this, we need to create a new role permitting TCP connections to port 443 on external servers, for example, splash.ironwifi.com, google.com, or facebook.com.
Select the Assign pre-authentication role checkbox.
From the drop-down list, select create role.
Create new roles that you can see in the screenshots.
Click Finish to apply new settings.
Number
Description
1
New role added
2
Defining access rules for a role
3
Assigning pre-authentication role
Number
Description
1
New role added
2
Defining access rules for a role
3
Assigning pre-authentication role
4
The Finish button
To fix the SSL error, you need to replace the default invalid certificate.
Upload this file to your Aruba IAP and then do the following:
Click on Maintenance > Certificates.
From the Certificate type drop-down list, select Captive portal server.
From the Certificate format drop-down list, select PAM.
Click Upload Certificate to apply new settings.
Number
Description
1
The Certificates tab
2
Certificate type and format drop-down lists
3
The Upload Certificate button
In the IP or hostname text box, type , where XYZ is the default domain name you can find in Settings > Webiste > General on your Nexudus account.
Add all IP addresses and host-names above, including / to the whitelist.
You can generate a valid SSL certificate for free . You can let the page generate a request to sign a certificate for you. You can also visit for detailed instructions on how to generate a request manually. Don't use a wildcard SSL certificate.
