Aruba Instant Setup Guide Published April 2015 - Version 1.0

2 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

Disclaimer THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN (“MATERIAL”) IS PROVIDED FOR GENERAL INFORMATION PURPOSES ONLY. GLOBAL REACH AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THE MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE MATERIAL IS ERROR-FREE, ACCURATE OR RELIABLE. GLOBAL REACH RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES TO THE MATERIAL AT ANY TIME.

Limitation of Liability IN NO EVENT SHALL GLOBAL REACH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE MATERIAL.

Published April 2015

3 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

IMPORTANT - BEFORE YOU START Before attempting to integrate your hardware controller in to Odyssys, please ensure that ALL of the following requirements are in place;

You have a controller sat in an environment where Access Points are configured to work with the controller, i.e - DNS, DHCP options configured correctly

Access points should be able to successfully obtain the configuration from controller

Your client environment is configured to allow clients to;

Associate to an Access Point

Obtain an IP address

Access to the internet Components required to be configured and working in your environment before attempting integration with Odyssys;

DHCP Server

DNS Server

Firewall NAT PLEASE NOTE - Odyssys does not use standard RADIUS ports so please make sure you allow the ports in your firewall defined in your manager.odyssys.net Captive Portal settings. This is a technical document and as such, integration of your hardware with Odyssys should only be handled by trained individuals.

4 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

GETTING STARTED WITH ODYSSYS Before you attempt to configure your controller for use with Odyssys, you will need to create your own Captive Portal in order to get the required details. 1. Navigate to the address http://manager.odyssys.net 2. Login using your Customer ID, Username and Password

3. Using the navigation panel on the left side, click Captive Portals -> Captive Portals and then click Create Captive Portal

4. Enter in the following details for your Captive Portal Name: <Enter a name for your captive portal> Description: <Enter a description for your captive portal> RADIUS Shared Secret: <Either keep the current shared secret or create your own> Hardware Vendor: Aruba Click Create to complete initial Captive Portal setup

5 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

5. Click on the newly created Captive Portal and it will display the information required to setup your Aruba Instant Controller

Please Note: The information will differ per Captive Portal created and is unique to each individual Captive Portal.

6 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

CONFIGURING ODYSSYS WITHIN ARUBA INSTANT 1. Login to the Aruba Virtual Cloud Controller

2. Click New

3. Click Create New WLAN with set Primary to Guest

Note: SSID name can be set to anything, however please do not name the SSID “instant” which is the default SSID for the virtual controller.

7 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

4. (Next Screen) Set Client IP assignment to Virtual Controller Assigned or Network Assigned if you have your own DHCP Server

5. Set Splash Page type to External

6. Click the drop down menu for Choose Captive portal profile and select new, it will then prompt you to enter in the below settings

8 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

Captive portal profile: please choose a name, for example Odyssys CP Type: Radius Authentication IP or hostname: manager.odyssys.net URL: /account/captivePortal/XXXXXX Note: XXXXXX means your captive portal 6 digit number Port: 80 Uses https: select Disabled Captive Portal Failure: Deny internet Automatic URL Whitelisting: Disabled Redirect URL: please give any URL you would like to redirect after successful authentication.

Note: When you use redirect URL from AP please do not enable the success page in the Odyssys portal, it can only use one or the other. Always use full URL links, for example (https://www.aruba.com)

7. Click the drop down option for WISPr and set to Enabled (default is disabled)

8. Select the Auth Server 1 drop down list Click “New ” to create a Radius Server

9 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

Name: Choose any name for the primary RADIUS server IP Address: These details are found within manager.odyssys.et under Captive Portals Auth Port: These details are found within manager.odyssys.et under Captive Portals Accounting Port: These details are found within manager.odyssys.et under Captive Portals Shared Key(secret): These details are found within manager.odyssys.et under Captive Portals

9. Create a secondary auth server from the Auth Server 2 (repeat step 7 but change the IP address to the secondary IP in Odyssys)

Load Balancing: Disabled (Default is disabled. Please do not turn on) Reauth interval: 0 min Accounting: please choose disabled Accounting interval: 0 min Blacklisting: Disabled (you can enable if you want to block some websites)

10. Next step please click on Blacklist: 0 Whitelist: 0

Note: 0 means nothing has been added yet. Click on Whitelist new

10 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

Add in the Walled Garden addresses found in Odyssys to the Whitelist

11. Click Next to continue on to the next page

Please choose a Firewall Access Rule setting that is suitable for your company. All settings will work within Odyssys. For more information on each setting, please look at the below link

http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/Chapter12%20Roles%20and%20Policies/Instant%20FirewallIntroSec.htm

12. Click Finish to complete the setup of your Aruba Instant Odyssys setup.

11 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

ACCESS CONTROL LIST ADDRESSES Please note that you will need to do an nslookup for the current ip addresses of the DNS names of some authentication providers due to the provider having changing IP addresses. There may also be more than one IP address per DNS name. Odyssys 54.246.95.205 54.243.42.241 Twitter api.twitter.com *.twimg.com Google 74.125.29.84 74.125.226.243 74.125.228.10 74.125.228.74 74.125.228.111 130.111.19.240 173.194.74.95 Facebook *.facebook.com *.akamaihd.net *.fbcdn.net connect.facebook.com LinkedIn 8.247.88.225 23.202.203.120 64.94.107.57 138.108.7.20 216.52.242.80 216.52.242.86 PayPal Express Checkout 173.0.82.77/32 92.122.246.85/32 66.117.29.34/32 216.113.188.89/32 66.235.147.113/32 If you wish to disable Apple's Captive Assistant please add the following to your walled garden www.apple.com www.airport.us www.ibook.info www.thinkdifferent.us www.itools.info www.appleiphonecell.com captive.apple.com

12 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

FREQUENTLY ASKED QUESTIONS

Q. I want to add different authentication provider types, how do I do this? A. Please see our Odyssys Authentication guide for further information.

Q. I need more information on how to setup Odyssys A. Please see our Odyssys setup guide.

13 Global Reach Technology Limited | @GlobalReachLtd | globalreachtech.com

GLOSSARY

ACL - Access Control List AAA - Authentication, Authorization, and Accounting DHCP - Dynamic Host Configuration Protocol DNS - Domain Name Service NAT - Network Address Translation PORT - A process-specific or an application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP) RADIUS - Remote Authentication Dial In User Service(RADIUS) SHARED SECRET - A single password shared between two devices SSID - Service Set Identifier - A unique identifier for your Wi-Fi service WLAN - Wireless Local Area Network WLC - Wireless Local Area Network Controller

Global Reach Technology Ltd Craven House, 121 Kingsway London WC2B 6PA T +44 (0) 20 7831 5630 info@globalreachtech.com Copyright © Global Reach Technology Limited All rights reserved. Global Reach and the Global Reach logo are registered trademarks.