This guide shows how you can set your Aruba access points managed via Aruba Central Cloud Controller to use the Amplespot.
This integration has been tested with the following devices:
According to Aruba documentation, integration shall also work with following models. However this has not been tested.
- AP220 Series
- 130 Series
- 110 Series
- 100 Series
- 270 Series
- 175 Series
- RAP-100 Series
It is strongly recommended to use access point firmware version 126.96.36.199-188.8.131.52_40930 (released on 2013-11-18) or later. In previous versions, you may encounter problems in communication between the access points and Amplespot.
This guide presumes that you already have knowledge and experience working with Aruba Central.
1. Add your Aruba access points to Amplespot Admin Portal
Note the MAC address(es) of your Aruba access points together with their names.
Head to your Amplespot account and, if you haven't done so already, create Zones where you want to add your access points. Or you can use the default (automatically created) Zone and change your settings later.
Select Access Points in the left-hand menu and then click on Add new Unmanaged Access Point
Select the Access Point Type (Aruba Central) and Model, enter MAC Address and Name, Select the Country where access point is located and the Captive Portal Zone where you would like to add this Access Point. You will be able to add other Zones later.
Complete the form with following settings:
Access Point Type:
<the model of your access point>
The MAC address of your access point
Select the name of the country where this access point is or will be located
Captive Portal Zone:
Select the captive portal Zone where you want to place this access point. You will be able to add the access point to other Zones later.
Repeat this step for all your access points. Contact Amplespot support if you need help importing large number of access points.
Make sure that the name of the SSID used by the Captive Portal Zone you are selecting exactly corresponds to the name of SSID as it is configured in Aruba Central.
2. Create new network in Aruba Central
This guide presumes that you already added your Virtual Controller into Aruba Central. It will appear in the Virtual Controllers list in the Maintenance section in the Aruba Central.
Head to Wireless Management section and click + to create new network.
If you already have Guest network you now want to use with Amplespot, click Edit.
On the General page, give your network a name, set type to Wireless and Primary Usage to Guest
Click Next to continue
On the VLANs page, Set Client IP and VLAN Assignments in accordance with your network policy and click Next to continue.
On the Security page set Splash Page Type to External and click on the + sign next to the CAPTIVE PORTAL PROFILE
Set configuration to the following:
Captive Portal Proxy Server IP:
Leave this field blank
Captive Portal Proxy Server Port:
Leave this field blank
IP or Hostname:
You can set this to 80 or 443.
Check if you set port to 443
Captive Portal Failure:
We recommend setting this to Deny Internet
Automatic URL Whitelisting:
Set this to checked
Click OK to save changes and set Captive Portal profile to the profile you just created (Amplespot).
You can further check your settings by logging into Amplespot Admin Portal, clicking on Integrations on the left-hand menu, scrolling down to Hardware Integrations and expanding Aruba Central section in Captive Portal Settings section.
Back to the Security page, click on the + sign next to the Primary Server to create new RADIUS server configuration.
On the NEW SERVER page select RADIUS checkbox and head to your account in Amplespot Admin Portal to fetch your settings.
Once in Amplespot Admin Portal, click on Integrations on the left-hand menu, scroll down to Hardware Integrations and expand one of the geographical locations in RADIUS Settings section.
You may want to choose North America - Aruba Central servers are located in the US West at the time of writing of this article.
Go back to Aruba Central and configure the RADIUS server with following settings:
Use name of the RADIUS server as displayed in Amplespot admin portal.
i.e. - r1-usw.amplespot.com
The IP address of that RADIUS server as displayed in Amplespot admin portal.
The shared secret of that RADIUS server as displayed in Amplespot admin portal.
Dead Time (in mins):
Check both Authentication and Accounting
Service Type Framed User:
Check Captive Portal
Click Save to save your configuration.
Repeat this step to configure secondary RADIUS server.
Scroll down to the Accounting section and set following:
Set this to ON
Select one the RADIUS servers you configured earlier
Select second RADIUS servers you configured earlier
Click Next to go to the next page
On the Access page set Access Rules to Role Based.
(1) Access Rules
Select the name of the network you are creating (Amplespot Demo in case of this example)
(3) Access Rules for Selected Roles
Delete "Allow any to all destinations" rule and (4) click + to add a new one
You will now enable guest WiFi users to access certain external URLs before they (the users) are authenticated. This is necessary so users can reach Amplespot-hosted sign-in pages as well as pages of third-party social login provides (such as Facebook or Google) you may want to use.
Please open the Walled Gardens page to get the URLs you will now create the access rules for. You must to add URLs from Amplespot Required section and can add any other URLs of your choice (such as social sign in URLs or your company website URL).
Create new Access Rule with following settings:
To a Domain Name
Repeat adding access rules until you created entries for all domains listed in Walled Gardens.
Once you created the rules, tick the Assign Pre-authentication role checkbox, make sure that it has your Role selected, and then click Finish.
You have now created a guest network which will use Amplespot for guest WiFi access. Connect to it to test your settings!