This guide shows how you can set your Aruba access points managed via Aruba Central Cloud Controller to use the Amplespot.

This integration has been tested with the following devices:

  • IAP-204
  • IAP-205

According to Aruba documentation, integration shall also work with following models. However this has not been tested.

  • IAP-105
  • RAP-3WN
  • AP220 Series
  • 130 Series
  • 110 Series
  • 100 Series
  • 270 Series
  • 175 Series
  • RAP-155
  • RAP-100 Series
  • RAP-3

It is strongly recommended to use access point firmware version 6.3.1.1-4.0.0.0_40930 (released on 2013-11-18) or later.  In previous versions, you may encounter problems in communication between the access points and Amplespot.

This guide presumes that you already have knowledge and experience working with Aruba Central.

1. Add your Aruba access points to Amplespot Admin Portal

Note the MAC address(es) of your Aruba access points together with their names.

Head to your Amplespot account and, if you haven't done so already, create Zones where you want to add your access points. Or you can use the default (automatically created) Zone and change your settings later.

Select Access Points in the left-hand menu and then click on Add new Unmanaged Access Point

Select the Access Point Type (Aruba Central) and Model, enter MAC Address and Name, Select the Country where access point is located and the Captive Portal Zone where you would like to add this Access Point. You will be able to add other Zones later.

Complete the form with following settings:

Access Point Type:
Aruba Central

Model:
<the model of your access point>

MAC Address:
The MAC address of your access point

Country:
Select the name of the country where this access point is or will be located

Captive Portal Zone:
Select the captive portal Zone where you want to place this access point. You will be able to add the access point to other Zones later.

Repeat this step for all your access points. Contact Amplespot support if you need help importing large number of access points.

!! IMPORTANT!!
Make sure that the name of the SSID used by the Captive Portal Zone you are selecting exactly corresponds to the name of SSID as it is configured in Aruba Central.

2. Create new network in Aruba Central

This guide presumes that you already added your Virtual Controller into Aruba Central. It will appear in the Virtual Controllers list in the Maintenance section in the Aruba Central.

Head to Wireless Management section and click + to create new network. 

If you already have Guest network you now want to use with Amplespot, click Edit.

On the General page, give your network a name, set type to Wireless and Primary Usage to Guest

Click Next to continue

On the VLANs page, Set Client IP and VLAN Assignments in accordance with your network policy and click Next to continue.

On the Security page set Splash Page Type to External and click on the + sign next to the CAPTIVE PORTAL PROFILE

Set configuration to the following:

Name:
<amplespot>

Captive Portal Proxy Server IP:
Leave this field blank

Captive Portal Proxy Server Port:
Leave this field blank

Type:
Radius Authentication

IP or Hostname:
cp.amplespot.com

URL:
/aruc

Port:
You can set this to 80 or 443.

Use HTTPS:
Check if you set port to 443

Captive Portal Failure:
We recommend setting this to Deny Internet

Automatic URL Whitelisting:
Set this to checked

Click OK to save changes and set Captive Portal profile to the profile you just created (Amplespot).

You can further check your settings by logging into Amplespot
Admin Portal, clicking on Integrations on the left-hand menu, scrolling down to Hardware Integrations and expanding Aruba Central section in Captive Portal Settings section.

Back to the Security page, click on the + sign next to the Primary Server to create new RADIUS server configuration.

On the NEW SERVER page select RADIUS checkbox and head to your account in Amplespot Admin Portal to fetch your settings. 

Once in Amplespot Admin Portal, click on Integrations on the left-hand menu, scroll down to Hardware Integrations and expand one of the geographical locations in RADIUS Settings section. 

You may want to choose North America - Aruba Central servers are located in the US West at the time of writing of this article.

Go back to Aruba Central and configure the RADIUS server with following settings:

Name:
Use name of the RADIUS server as displayed in Amplespot admin portal.
i.e. - r1-usw.amplespot.com

IP Address:
The IP address of that RADIUS server as displayed in Amplespot admin portal.

Shared Key:
The shared secret of that RADIUS server as displayed in Amplespot admin portal.

Timeout:
5 seconds

Retry Count:

NAS IP:
Leave blank

NAS Identifier:
Leave blank

RFC 3576:
Leave unchecked

Auth Port:
1812

Accounting Port:
1813

Dead Time (in mins):
5

RFC 5997
Check both Authentication and Accounting

Service Type Framed User:
Check Captive Portal

Click Save to save your configuration. 

Repeat this step to configure secondary RADIUS server.

Scroll down to the Accounting section and set following:

ACCOUNTING
Set this to ON

Accounting Mode:
Authentication

Accounting Server1:
Select one the RADIUS servers you configured earlier

Accounting Server2:
Select second RADIUS servers you configured earlier

Accounting Interval
5 Min

Click Next to go to the next page

On the Access page set Access Rules to Role Based.

(1) Access Rules
Role Based

(2) Roles
Select the name of the network you are creating (Amplespot Demo in case of this example)

(3) Access Rules for Selected Roles
Delete "Allow any to all destinations" rule and (4) click + to add a new one

You will now enable guest WiFi users to access certain external URLs before they (the users) are authenticated. This is necessary so users can reach Amplespot-hosted sign-in pages as well as pages of third-party social login provides (such as Facebook or Google) you may want to use.

Please open the Walled Gardens page to get the URLs you will now create the access rules for. You must to add URLs from Amplespot Required section and can add any other URLs of your choice (such as social sign in URLs or your company website URL).

Create new Access Rule with following settings:

Rule Type:
Access Control

Service:
Network, Any

Action:
Allow

Destination:
To a Domain Name

Domain Name:
<amplespot.com>

Repeat adding access rules until you created entries for all domains listed in Walled Gardens

Once you created the rules, tick the Assign Pre-authentication role checkbox, make sure that it has your Role selected, and then click Finish.

You have now created a guest network which will use Amplespot for guest WiFi access. Connect to it to test your settings!

Did this answer your question?