Configuration Library
Highlighted
Configuration Library

WLC with web auth and integration with RADIUS server

‎01-29-2014 02:11 AM

Configuration Juniper vWLC

 

WLC-V# show configuration
# Configuration nvgen'd at 2014-1-29 10:03:47
# Image 9.0.1.2.0
# Model WLC-V
# Last change occurred at 2014-1-29 09:55:18
set ip route default 192.168.55.1 1
set ip dns enable
set ip dns server 85.114.32.7 PRIMARY
set dot1x quiet-period 0
set system name WLC-V
set system ip-address x.x.x.x
set system countrycode RU
set timezone CET 1 0
set service-profile guest-wlan ssid-name free_pbz
set service-profile guest-wlan ssid-type clear
set service-profile guest-wlan auth-fallthru web-portal
set service-profile guest-wlan web-portal-acl portalacl
set service-profile guest-wlan load-balancing-exempt enable
set service-profile guest-wlan 11n mode-na required
set service-profile guest-wlan 11n frame-aggregation disable
set service-profile guest-wlan wpa-ie auth-psk enable
set service-profile guest-wlan rsn-ie auth-psk enable
set service-profile guest-wlan transmit-rate 11g mandatory 12.0,18.0,24.0,36.0,4 8.0,54.0 disabled 1.0,2.0,5.5,6.0,9.0,11.0 beacon-rate 36.0 multicast-rate 54.0
set service-profile guest-wlan transmit-rate 11ng mandatory 1.0,2.0,5.5,11.0,24. 0 beacon-rate 2.0 multicast-rate AUTO
set service-profile guest-wlan attr vlan-name 99_net
set vlan-profile 99 vlan 99_net tag 99
set radius client system-ip
set radius server ubnt_freeradius address 192.168.55.50 encrypted-key 121615031b060d557878
set server group storm-radius members ubnt_freeradius
set enablepass password 478617e942fc4d1abeb25879f9febb99363f
set aaa-profile wifi-radius
set aaa-profile wifi-radius dot1x pass-through storm-radius
set authentication web ssid free_pbz ** storm-radius
set user admin password encrypted 0209144f020b0e701e1d
set radio-profile default rf-scanning mode passive
set radio-profile default rf-scanning channel-scope operating
set radio-profile default 11n channel-width-na 20MHz
set radio-profile default power-policy max-coverage
set radio-profile default service-profile guest-wlan
set radio-profile default auto-tune channel-set band 11bg channel 1,6,9
set ap auto mode enable
set ap auto tunnel-affinity 0
set ap auto lldp mode disable
set ap auto remote-ap data-security mode enable
set ap auto ap-tunnel mode enable
set ap auto radio 2 mode disable
set ap auto local-switching mode enable vlan-profile 99
set vlan 1 port 1
set vlan 1 port 3
set vlan 1 port 4
set vlan 99 name 99_net
set vlan 99 port 2
set vlan 99 port 2 tag 99
set interface 1 ip x.x.x.x 255.255.255.0
set interface 99 ip y.y.y.y 255.255.255.0
set security acl name portalacl permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
set security acl name portalacl permit udp :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff eq 546 :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff eq 547
set security acl name portalacl permit icmpv6 :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff type 136
set security acl name portalacl deny 0.0.0.0 255.255.255.255 capture
commit security acl portalacl

 

 

 

FreeRADIUS dictionary configuration

- we must edit dictionary and put Trapeze radius attr

example:

-if we want make redirection after login accept

ATTRIBUTE       Trapeze-URL                      8      string

 

and define in users file Trapeze URL attribut

 

storm         Cleartext-password :="abc123"
                    Trapeze-URL :="http://www.juniper.net"

 

Juniper still use Trapeze attr because they are already defined. You can check in MSS config guid.