Kiwire 2.0 Documentation

  1. Home
  2. Docs
  3. Kiwire 2.0 Documentation
  4. Device & Controller Setup Guide
  5. Aruba iAP Virtual Controller Configuration for Kiwire

Aruba iAP Virtual Controller Configuration for Kiwire

A. Aruba iAP Virtual Controller Configuration Step 1

  • Go to Security > Authentication Servers
  • Set IP address to Kiwire IP address
  • Set RadSec to Disabled in the dropdown option
  • Set Auth port to 1812
  • Set Accounting port to 1813
  • Set Shared key to the same key with Kiwire NAS shared key
  • Retype key (shared key above) in the input box and proceed
  • Set Timeout to 5 sec
  • Set Retry count to 3
  • Set RFC 3576 to Enabled in the dropdown option
  • Set Air Group CoA port to 3799
  • At RFC 5997 place a checkmark for Authentication and Accounting
  • Set NAS IP address to the iAP Virtual Controller IP
  • Set NAS identifier to the iAP Virtual Controller MAC address
  • At Service type framed user place a checkmark for Captive Portal

Step 2

  • Go to Security > Roles
  • Allow any to all destinations
  • Allow any to domain facebook.com
  • Allow any to domain akamaihd.net
  • Allow any to domain akamai.net
  • Allow any to domain twitter.com
  • Allow any to domain twimg.com
  • Allow any to domain fbcdn.net
  • Allow any to domain Instagram.com
  • Allow any to domain cdninstagram.com
  • Allow any to domain socialgate.kiwire.net
  • Allow any to domain socialgate.synchroweb.com

Step 3

  • Go to Security > External Captive Portal
  • Type: RADIUS Authentication
  • IP or Hostname: Kiwire IP address
  • URL: /user/aruba_login.php
  • Port: 80
  • Use https: Disabled
  • Captive Portal Failure: Deny Internet
  • Automatic URL Whitelisting: Enabled
  • Server offload: Disabled
  • Prevent frame overlay: Disabled
  • Use VC IP in Redirect URL: Disabled
  • Redirect URL: post-login redirection

Step 4

  • Go to System > General
  • Virtual Controller IP: iAP Virtual Controller IP address
  • Dynamic Proxy: RADIUS ticked

Step 5

  • You are now at the WLAN Settings menu tab
  • Toggle Primary usage to select Guest on the radio button
  • Press Next on the menu below to proceed

Step 6

  • Proceed with the following settings in VLAN menu tab
  • Toggle Client IP assignment to select Virtual Controller managed
  • Toggle Client VLAN assignment to select Default
  • Press Next on the menu below to proceed

Step 7

  • Proceed with the following settings in the Security menu tab
  • Set Splash page type to External in the dropdown option
  • Set Captive portal profile to Kiwire profile
  • Set WISPr to Enabled in the dropdown option
  • Set Auth server 1 to select Kiwire profile
  • Set Reauth interval to 5 and select min. for the interval type
  • Set Accounting to Use authentication servers in the dropdown option
  • Set Accounting mode to Authentication in the dropdown option
  • Set Accounting interval to 5 min
  • Press Next on the menu below to proceed

Step 8

  • Proceed with the following settings in the Access menu tab
  • Toggle Access Rules to Role-Based in the control ruler
  • Assign pre-authentication role: Kiwire role profile
  • Press Finish on the menu below to complete

B. Kiwire ConfigurationStep 1

  • Go to Devices > NAS
  • Set Device Type to Aruba
  • Set NAS Identifier to iAP Virtual Controller MAC address (NAS identifier from iAP Virtual Controller)
  • Set IP Address to iAP Virtual Controller IP address
  • Set Shared Secret Key to the same with iAP Virtual Controller shared key configured earlier in Section (A)
  • Set COA Port to 3799

C. Speed limit configurationStep 1

  • Add a Bandwidth Contract Rule Type

Step 2

  • Assign Role Assignment Rule with:
    • Attribute: Aruba-User-Role
    • Operator: contains
    • String: Role name
    • Role: bandwidth contract role

Step 3

  • Go to Policies > Radius Attribute
  • Set Profile to the configured user profile
  • Set Attribute to Aruba-User-Role
  • Set Operator to := from the dropdown option
  • Set Value to assign a role name

D. Configuration is now complete

Was this article helpful to you? Yes No

How can we help?