To Next Page

To Previous Page

APPLICATION NOTE - Configuring and Deploying the AX411 Wireless Access Point

permit rewall-authentication pass-through web-redirect

#The access prole conguration species the address and secret of the radius

server

set access prole fw-auth authentication-order radius

set access prole fw-auth radius-server 192.168.254.2 port 1812

set access prole fw-auth radius-server 192.168.254.2 secret “$9$lI6v87wYojHm-

VHmfT/9evW”

#FW Auth settings

set access rewall-authentication pass-through default-prole fw-auth

set access rewall-authentication web-authentication default-prole fw-auth

set access rewall-authentication web-authentication banner success “Welcome to

GuestNet”

#AP1 conguration

set wlan access-point AP-1 mac-address 00:12:cf:c5:4a:40

set wlan access-point AP-1 radio 1 virtual-access-point 0 ssid WiNet

set wlan access-point AP-1 radio 1 virtual-access-point 0 vlan 2

set wlan access-point AP-1 radio 1 virtual-access-point 0 security mac-

authentication-type radius

set wlan access-point AP-1 radio 1 virtual-access-point 0 security none

set wlan access-point AP-1 radio 1 virtual-access-point 1 ssid GuestNet

set wlan access-point AP-1 radio 1 virtual-access-point 1 vlan 3

set wlan access-point AP-1 radio 1 virtual-access-point 1 security none

set wlan access-point AP-1 radio 2 virtual-access-point 0 ssid WiNet

set wlan access-point AP-1 radio 2 virtual-access-point 0 vlan 2

set wlan access-point AP-1 radio 2 virtual-access-point 0 security mac-

authentication-type radius

set wlan access-point AP-1 radio 2 virtual-access-point 0 security none

set wlan access-point AP-1 radio 2 virtual-access-point 1 vlan 3

set wlan access-point AP-1 radio 2 virtual-access-point 1 security none

RADIUS-Based VLAN Assignment

When using RADIUS authentication, it is possible to send a RADIUS attribute to instruct each access point to tag the

traffic from the client with a VLAN tag. This allows segmentation of the network into multiple domains, while still

broadcasting a single SSID. Network administrators can give users access to each domain, while users do not have to

choose a particular SSID.

In this example, we will use 802.1X authentication with RADIUS-based VLAN assignment. The RADIUS attributes used

to signal which VLAN to use for a particular client are the following:

Tunnel-Type = 13 (VLAN Tunnels)

Tunnel-Medium-Type = 6 (802 medium)

Tunnel-Private-Group-ID = <vlan id>

Juniper AX411 Configuration And Deployment Guide

Other manuals for Juniper AX411