Device & Controller Setup Guide - Aruba iAP Virtual Controller Configuration for Kiwire

A. Aruba iAP Virtual Controller Configuration Step 1

• Go to Security > Authentication Servers

• Set IP address to Kiwire IP address

• Set RadSec to Disabled in the dropdown option

• Set Auth port to 1812

• Set Accounting port to 1813

• Set Shared key to the same key with Kiwire NAS shared key

• Retype key (shared key above) in the input box and proceed

• Set Timeout to 5 sec

• Set Retry count to 3

• Set RFC 3576 to Enabled in the dropdown option

• Set Air Group CoA port to 3799

• At RFC 5997 place a checkmark for Authentication and Accounting

• Set NAS IP address to the iAP Virtual Controller IP

• Set NAS identifier to the iAP Virtual Controller MAC address

• At Service type framed user place a checkmark for Captive Portal

Step 3

• Go to Security > External Captive Portal

• Type: RADIUS Authentication

• IP or Hostname: Kiwire IP address

• URL: /user/aruba_login.php

• Port: 80

• Use https: Disabled

• Captive Portal Failure: Deny Internet

• Automatic URL Whitelisting: Enabled

• Server offload: Disabled

• Prevent frame overlay: Disabled

• Use VC IP in Redirect URL: Disabled

• Redirect URL: post-login redirection

Step 4

• Go to System > General

• Virtual Controller IP: iAP Virtual Controller IP address

• Dynamic Proxy: RADIUS ticked
  

Step 5

• You are now at the WLAN Settings menu tab

• Toggle Primary usage to select Guest on the radio button

• Press Next on the menu below to proceed
  

Step 6

• Proceed with the following settings in VLAN menu tab

• Toggle Client IP assignment to select Virtual Controller managed

• Toggle Client VLAN assignment to select Default

• Press Next on the menu below to proceed

Step 7

• Proceed with the following settings in the Security menu tab

• Set Splash page type to External in the dropdown option

• Set Captive portal profile to Kiwire profile

• Set WISPr to Enabled in the dropdown option

• Set Auth server 1 to select Kiwire profile

• Set Reauth interval to 5 and select min. for the interval type

• Set Accounting to Use authentication servers in the dropdown option

• Set Accounting mode to Authentication in the dropdown option

• Set Accounting interval to 5 min

• Press Next on the menu below to proceed

Step 8

• Proceed with the following settings in the Access menu tab

• Toggle Access Rules to Role-Based in the control ruler

• Assign pre-authentication role: Kiwire role profile

• Press Finish on the menu below to complete

B. Kiwire Configuration

Step 1

• Go to Devices > NAS

• Set Device Type to Aruba

• Set NAS Identifier to iAP Virtual Controller MAC address (NAS identifier from iAP Virtual Controller)

• Set IP Address to iAP Virtual Controller IP address

• Set Shared Secret Key to the same with iAP Virtual Controller shared key configured earlier in Section (A)

• Set COA Port to 3799

C. Speed limit configurationStep 1

• Add a Bandwidth Contract Rule Type
  

Step 2

• Assign Role Assignment Rule with:

  • Attribute: Aruba-User-Role

  • Operator: contains

  • String: Role name

  • Role: bandwidth contract role

Step 3

• Go to Policies > Radius Attribute

• Set Profile to the configured user profile

• Set Attribute to Aruba-User-Role

• Set Operator to := from the dropdown option

• Set Value to assign a role name

D. Configuration is now complete