Aruba Instant (IAP)
The following setup presumes the factory default status of the device, however, the modification of existing hotspot configuration maybe used. This configuration guide takes you through the steps to configure your Aruba IAP with the Captini captive portal service.
Step1: WLAN Settings
Set the name for the new network and switch "Primary usage" to "Guest".
Step2: VLAN
Switch "Client IP assignment" to "Virtual Controller managed" and "Client VLAN assignment" to "Default".
Step3: Security
Select "External" for "Splash page type" and "New profile" for "Captive portal profile"
3.1. Captive portal Profile
Set the Captive portal name (eg. Captini) and then use following settings:
3.2. Radius server
Select "New" for "Auth server 1" and fill in the following options: Switch to "RADIUS"
Repeat the procedure for "Auth server 2” using IP address: 52.210.72.220
Confirm the Auth server settings, go back to Security Tab and finish the configuration with the following settings:
Step4: Access
Set "Access Rules" to "Role-based" on the Access Tab.
Select Role according to configured SSID. Open the Acces Rule editation. Change the rule settings to "Access control - Network - any - Allow - to all destinations". This Role can contain just this one rule. Delete the other rules.
In the "Role Assignment Rules" field set the edited rule as default.
In the "Roles" field create a new preauthentication rules set. Choose the name like pre-
The first rule is the external Captive Portal redirection:
Add rules for each FQDN from the Walled Garden list. "Access control - Network - Allow - to domain name" and enter the FQDN.
Add the following domans to the walled garden:
captini.com
portal-eu.captini.com
portal-us.captini.com amazonaws.com cloudfront.net
m.facebook.com
doubleclick.net
developer.facebook.com
doubleclick.com
facebook.com
fbcdn.net
akamaihd.net
connect.facebook.net
facebook.net
twitter.com
twimg.com
api.twitter.com
linkedin.com
platform.linkedin.com
licdn.net
licdn.com
slicdn.com
sr.symcb.com
instagram.com
googleanalytics.com
google-analytics.com
Set this role set as "pre-authentization role" by checking this option on the Acces Ta