Aruba Instant (IAP) configuration guide

    The following setup presumes the factory default status of the device, however, the modification of existing hotspot configuration maybe used. This configuration guide takes you through the steps to configure your Aruba IAP with the Captini captive portal service.

    Step1: WLAN Settings

    Set the name for the new network and switch "Primary usage" to "Guest".

    Step2: VLAN

    Switch "Client IP assignment" to  "Virtual Controller managed" and "Client VLAN assignment" to "Default".

    Step3: Security

    Select "External" for "Splash page type" and "New profile" for "Captive portal profile"

    3.1. Captive portal Profile

    Set the Captive portal name (eg. Captini) and then use following settings:

    3.2. Radius server

    Select "New" for "Auth server 1" and fill in the following options: Switch to "RADIUS"

    Repeat the procedure for "Auth server 2” using IP address:  52.210.72.220

    Confirm the Auth server settings, go back to Security Tab and finish the configuration with the following settings:

    Step4: Access

    Set "Access Rules" to "Role-based" on the Access Tab.

    Select Role according to configured SSID. Open the Acces Rule editation. Change the rule settings to  "Access control - Network - any - Allow - to all destinations". This Role can contain just this one rule. Delete the other rules.

    In the  "Role Assignment Rules" field set the edited rule as default.

    In the  "Roles" field create a new preauthentication rules set. Choose the name like pre-

    The first rule is the external Captive Portal redirection:

    Add rules for each FQDN from the Walled Garden list.  "Access control - Network - Allow - to domain name" and enter the FQDN.

    Add the following domans to the walled garden:

      captini.com 

      portal-eu.captini.com 

      portal-us.captini.com  amazonaws.com  cloudfront.net 

      m.facebook.com 

      doubleclick.net 

      developer.facebook.com 

      doubleclick.com 

      facebook.com 

      fbcdn.net 

      akamaihd.net 

      connect.facebook.net 

      facebook.net 

      twitter.com 

      twimg.com 

      api.twitter.com 

      linkedin.com 

      platform.linkedin.com 

      licdn.net 

      licdn.com 

      slicdn.com 

      sr.symcb.com 

      instagram.com

      googleanalytics.com  

      google-analytics.com


Set this role set as "pre-authentization role" by checking this option on the Acces Ta