18 Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - Configuring and Deploying the AX411 Wireless Access Point
WiNet
set interfaces interface-range APs unit 0 family ethernet-switching vlan members
GuestNet
set interfaces interface-range APs unit 0 family ethernet-switching native-vlan-
id default
set interfaces ge-0/0/0 unit 0 family inet address 198.0.0.1/24
set interfaces ge-0/0/7 unit 0 family inet address 192.168.254.1/24
set interfaces vlan unit 1 family inet address 192.168.2.1/24
set interfaces vlan unit 2 family inet address 192.168.2.1/24
set interfaces vlan unit 3 family inet address 192.168.3.1/24
set vlans WiNet vlan-id 2
set vlans WiNet l3-interface vlan.2
set vlans GuestNet vlan-id 3
set vlans GuestNet l3-interface vlan.3
set vlans default vlan-id 1
set vlans default l3-interface vlan.1
#The address 192.168.3.2 is where the local captive portal listens for http
requests
set interfaces vlan unit 3 family inet address 192.168.3.2/24 web-authentication
http
#Security Zones conguration.
#The host-inbound http must be allowed for the local captive portal
set security zones security-zone untrust host-inbound-traic system-services any-
service
set security zones security-zone untrust host-inbound-traic protocols all
set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone WiNet interfaces vlan.2 host-inbound-traic
system-services dhcp
set security zones security-zone management interfaces vlan.1 host-inbound-traic
system-services dhcp
set security zones security-zone management interfaces vlan.1 host-inbound-traic
system-services ping
set security zones security-zone GuestNet interfaces vlan.3 host-inbound-traic
system-services dhcp
set security zones security-zone GuestNet interfaces vlan.3 host-inbound-traic
system-services http
set security zones security-zone trust address-book address radius
192.168.254.2/32
set security zones security-zone trust interfaces ge-0/0/7.0
#The Security policies conguration is identical to the one in our previous
example, with the exception of the
#GuestNet->Untrust policy that has rewall auth enabled which, as shown below
set security policies from-zone GuestNet to-zone untrust policy allow-egress
match source-address any
set security policies from-zone GuestNet to-zone untrust policy allow-egress
match destination-address any
set security policies from-zone GuestNet to-zone untrust policy allow-egress
match application junos-http
set security policies from-zone GuestNet to-zone untrust policy allow-egress
match application junos-dns-udp
set security policies from-zone GuestNet to-zone untrust policy allow-egress then
permit rewall-authentication pass-through access-prole fw-auth
set security policies from-zone GuestNet to-zone untrust policy allow-egress then
To Next Page
Loading...
Need help?
General
