Skip to main content

Aruba Instant On

Configure Aruba Instant On cloud-managed access points with IronWifi for small business WiFi. This guide covers the cloud portal configuration for external captive portal, RADIUS authentication, allowed destinations (walled garden), and WPA2-Enterprise setup - all managed through the intuitive web portal or mobile app interface.

Prerequisites

In Aruba Instant On:

In IronWifi Console (complete these first):

  1. Create a Network and note the RADIUS details:
    • Primary server IP address
    • Authentication port (1812)
    • Shared secret
  2. Create a Captive Portal with vendor set to Aruba Instant On and note the Splash Page URL

Instant On Configuration

Access the Portal

  1. Go to portal.arubainstanton.com
  2. Log in with your account
  3. Select your site

Step 1: Create Guest Network

  1. Navigate to Networks
  2. Click + Add Network
  3. Configure:
FieldValue
Network TypeGuest
NameGuest-WiFi
SecurityOpen

Step 2: Configure Captive Portal

  1. In the network settings, find Captive Portal
  2. Enable Captive Portal
  3. Select External portal type
  4. Configure:
FieldValue
Server URL107.178.250.42
Port443
Use HTTPSEnabled
Custom splash page URL{Splash URL from IronWifi}

Step 3: Configure Allowed Destinations (Walled Garden)

Add entries to allow access before authentication.

Required Entry

Always add the IronWifi server:

107.178.250.42

Additional Entries by Authentication Provider

Only add entries for authentication methods you've enabled in IronWifi:

ProviderRequired Allowed Destinations
Google*.google.com, *.googleapis.com, *.gstatic.com, accounts.google.com
Facebook*.facebook.com, *.fbcdn.net, connect.facebook.net, facebook.com
LinkedIn*.linkedin.com, *.licdn.com, linkedin.com
Twitter/X*.twitter.com, *.twimg.com, twitter.com, *.x.com, x.com
Apple*.apple.com, *.icloud.com, appleid.apple.com
Microsoft/Azure AD*.microsoft.com, *.microsoftonline.com, *.msftauth.net, login.microsoftonline.com
Stripe*.stripe.com, js.stripe.com
PayPal*.paypal.com, *.paypalobjects.com
Twilio (SMS)*.twilio.com

Step 4: Configure RADIUS (Optional)

If using RADIUS authentication for session tracking:

  1. Navigate to Network Security
  2. Add RADIUS server:
FieldValue
IP Address{Primary IP from IronWifi}
Port1812
Shared Secret{Shared secret from IronWifi}

Alternative: WPA-Enterprise (No Captive Portal)

For 802.1X authentication where users enter credentials in their device WiFi settings:

  1. Create new network
  2. Set Security to WPA2 Enterprise
  3. Configure RADIUS servers with IronWifi details
  4. Save and deploy to access points

Testing and Verification

After completing the configuration, verify everything works correctly.

Test Captive Portal Flow

  1. Connect a device to the Guest-WiFi network
  2. Open a browser and navigate to http://example.com
  3. Verify redirect to IronWifi splash page
  4. Complete authentication
  5. Confirm internet access is granted

Verify in Instant On Portal

  1. Navigate to Clients in the Instant On portal
  2. Find your test device
  3. Verify it shows as connected and authorized

Troubleshooting

If testing reveals issues, use this section to diagnose common problems.

No Splash Page

SymptomCauseSolution
No redirectCaptive portal disabledEnable captive portal in network settings
Wrong pageIncorrect external portal URLVerify URL matches IronWifi Console
Blank pageMissing allowed destinationAdd 107.178.250.42 to allowed destinations

Authentication Failed

SymptomCauseSolution
Login errorRADIUS misconfiguredVerify server IP, port, and secret
TimeoutServer unreachableCheck firewall allows UDP 1812
RejectWrong credentialsTest credentials in IronWifi Console

Connectivity Issues

SymptomCauseSolution
AP offlineNo internetEnsure AP has internet connectivity
Config not applyingSync issueWait for config to push, or restart AP
DNS failuresDNS not allowedEnsure DNS is permitted before auth