Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[WLC] Example - Configuring SSID with Pre-Shared Key and Web Portal Authentication

0

0

Article ID: KB32816 KB Last Updated: 26 Jun 2018Version: 1.0
Summary:

This article provides the steps to configure SSID with Pre-Shared Key and Web Portal Authentication on the WLC.

Solution:

The following steps are used on CLI mode and SmartPass.

  1. Create a service-profile and SSID.

    # set service-profile PSK-PORTAL ssid-name PSK-PORTAL
    # set service-profile PSK-PORTAL ssid-type crypto
    # set service-profile PSK-PORTAL auth-fallthru web-portal
    # set service-profile PSK-PORTAL web-portal-form web/wba_form.html
    # set service-profile PSK-PORTAL web-portal-acl PSK-PORTAL
    # set service-profile PSK-PORTAL wpa-ie auth-dot1x disable
    # set service-profile PSK-PORTAL rsn-ie auth-dot1x disable
    # set service-profile PSK-PORTAL rsn-ie cipher-ccmp enable
    # set service-profile PSK-PORTAL rsn-ie auth-psk enable
    # set service-profile PSK-PORTAL psk-encrypted 135643430e08027b2e712e67317016551555580e0c0d0b575a5b1b41000d040b5705035d5e55545c025415515002585e5823184b504c5241475c0d527f7a752b37
    # set service-profile PSK-PORTAL attr vlan-name default
    # set service-profile PSK-PORTAL rsn-ie enable
    # set radio-profile default service-profile PSK-PORTAL
    
    
  2. Create an ACL.

    #set security acl name PSK-PORTAL permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
    #set security acl name PSK-PORTAL permit ip 0.0.0.0 255.255.255.255 10.9.221.232 0.0.0.0
    #set security acl name PSK-PORTAL deny 0.0.0.0 255.255.255.255 capture
    #commit security acl PSK-PORTAL
    
    
  3. Map the ACL and set authentication rule.

    # set radius server PSK-PORTAL address 10.9.221.231 auth-port 1811 encrypted-key 1312121e0803092f0b757a6061
    # set radius dac PSK-PORTAL address 10.9.221.232 replay-protect disable encrypted-key 0013160a075406032f701e1d5d
    # set authentication web ssid PSK-PORTAL ** local
    # set authorization dynamic ssid PSK-PORTAL PSK-PORTAL
    
    
  4. Check the connectivity between the WLC and the SmartPass.

    # radping server PSK-PORTAL request authentication user PSK-PORTAL password <password>
    
    
  5. Using the WEBGUI Interface of the SmartPass Server create a user. Go to Users > Create User > add USER, USER TYPE, PASSWORD, CONFIRM PASSWORD > Save



    Go to User > User Management to confirm the user properly saved.
  6. Go to Setup > RADIUS Client Settings > Click ADD > IP Address, Shared Secret Key, Vendor: Trapeze > Save.



    To confirm the changes, go to Setup > RADIUS Client Settings. The RADIUS client should be present.
  7. Go to Setup > Web Portal Management > Click ADD Web Portal Configuration > Create SSID (Example name PSK-PORTAL) > Next > Next > Finish.



    NOTE: If you are using Authentication Type > Local then select it and proceed without making any further changes > Finish.



     
    To confirm, go to Setup > Web Portal Management > the SSID.

  8. Go to Setup > RADIUS Servers Management > Click ADD to create the RADIUS server and RADIUS server group.

    NOTE: First, add RADIUS Server > IP Address > Shared Secret key > check for AUTHENTICATION PORT. If required, also check for AUTHORIZATION PORT > add RADIUS Server Group > Finish.



     
    To verify the changes, go to Setup > Radius Servers Management.


Check User Connectivity:

Use the following command at the end to check the user connectivity.

#show sessions

 

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search