Aruba Instant GUI - Virtual Controller WLAN configuration
To configure your HPE access points via the HPE Aruba Instant GUI, log in to your HPE Aruba Master IAP and then follow each of the sections below in order.
WLAN and VLAN settings
Follow the steps below to set up your guest SSID and configure your VLAN:
Under Network at the top left, click on New. Configure with:
SSID Name: your chosen SSID name - e.g. _ Venue Name Guest WiFi
Primary usage: Guest
Click Next and configure with:
Client IP assignment: Virtual Controller managed.
Client VLAN assignment: Default - unless you have a custom VLAN set up.
Click Next to proceed to the Security settings.
Security configuration
Follow the steps below to set up the captive portal settings:
Set the Splash page type: External
From the Captive portal profile dropdown, choose New and enter the following details:
Name: guestwifi
Type: RADIUS Authentication
IP or hostname:
Europe: wifi.wireless-social.com
Americas: wifi-us.wireless-social.com
URL: /login/aruba/iap
Port: 443
Use https: Enabled
Captive portal failure: Deny internet
Automatic URL whitelisting: Disabled
Redirect URL:
Click OK to save.
RADIUS server configuration
To configure the RADIUS servers, follow the below steps.
Click the Auth server 1 dropdown and choose New. Configure with the below details:
Type: RADIUS.
Name: guestwifi1.
IP address: 18.168.231.87.
Auth port: 1812.
Accounting port: 1813.
Shared key: Please contact Support.
Retype key: Please contact Support.
โ ๏ธ Important: Ensure that there are no spaces before and after the RADIUS secret.
Click OK to save.
To configure the second RADIUS server, click the Auth server 2 dropdown and choose New. Configure with:
Type: RADIUS.
Name: guestwifi2.
IP address: 18.134.223.213.
Auth port: 1812.
Acct port: 1813.
Shared key: Please contact Support.
Retype key: Please contact Support.
โ ๏ธ Important: Ensure that there are no spaces before and after the RADIUS secret.
Click OK to save.
Configure the below settings as follows:
Reauth interval: 24 hrs.
Accounting: Enabled.
Accounting mode: Authentication.
Accounting interval: 3 min.
Blacklisting: Disabled.
Click Next to progress to the Access menu.
Access rules configuration
Set the Access Rules to Role-based.
Under Roles click New and enter Preauth as the name.
In the Access Rules for Preauth click New and add the following rules one by one for each of the walled garden domains. There may also be other relevant regional accounts if your venue is outside of the UK or US that you will need to add:
Rule Type: Access control.
Service: Network and select Any from the dropdown.
Action: Allow.
Destination: to a domain name.
Domain name: e.g. *.wireless-social.com
Once you have added all of the walled garden domains to the Preauth rule, enable the Assign pre-authentication role and select Preauth from the dropdown list.
Click Finish to complete the set up.
Insights Plus RTLS configuration
To collect data for Insights Plus, you will need to configure the Real Time Locating System settings. Follow these steps:
Click on More on the top right, and then Services.
Click on the RTLS heading.
Fill in the form that appears as below:
RTLS: Enabled/Ticked.
IP: 18.134.187.121.
Port: 4000.
Passphrase: Secret provided by Wireless Social support.
Update Every: 30.
Include Unassociated Stations: Enabled
Server Compatibility: enabled
Click OK.
This will automatically deploy the settings to the Access Point or network if the Access Point is a controller.
Inform Support that configuration is complete.
Your login and Insights Plus presence data will appear in the Insights portal within 24 hours.