This article explains how to create MAC local authentication in Juniper WLC and Web Portal authentication in SmartPass for a single SSID. The portal page will be served from SmartPass.

Our Radius/SmartPass IP : 10.9.221.185
SSID Name: MAC-WEB
VLAN Name: wireless

1. Sample configuration in the WLC:

   set service-profile MAC-WEB ssid-name MAC-WEB
   set service-profile MAC-WEB ssid-type clear
   set service-profile MAC-WEB web-portal-form https://10.9.221.185:444/gp2/webportal/ext/webPortalAuthLogin
   set service-profile MAC-WEB web-portal-acl webcl
   set service-profile MAC-WEB 11n short-guard-interval disable
   set service-profile MAC-WEB wpa-ie auth-dot1x disable
   set service-profile MAC-WEB rsn-ie auth-dot1x disable
   set service-profile MAC-WEB attr vlan-name wireless

2. Map the above service-profile to a test Radio-profile:

   # set radio-profile R2 service-profile MAC-WEB
   
   set radius server SP-li address 10.9.221.185 encrypted-key 130f021c021c0138
   set server group SP1 members SP-li
   set radius dac dac address 10.9.221.185 replay-protect disable encrypted-key 05011301285c4b1b
   set enablepass password 8537402fbbb10ad489e828e043abefe48d77
   set aaa-profile mac-web
   set aaa-profile mac-web mac local
   set aaa-profile mac-web web SP1
   set authorization dynamic ssid MAC-WEB dac
   set authentication profile ssid MAC-WEB mac-web

3. ACL configuration: 

   set security acl name webcl permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
   set security acl name webcl permit ip 0.0.0.0 255.255.255.255 10.9.221.185 0.0.0.0
   set security acl name webcl deny 0.0.0.0 255.255.255.255 capture
   commit security acl webcl

4. Add your controller's IP address as a Radius client in your SmartPass server:

   

5. Now you should create a user in your SmartPass server and try radping to the Smartpass server as below:

   

   #  radping server SP-li request authentication user run password run
   Sending authentication request to server SP-li (10.9.221.185:1812)
   Received Access-Accept from the server in 22 ms
      Attributes:
         ms-mppe-send-key = 0xffffffce7cffffff94ffffffbefffffffc72ffffffccffffffb8ffffff9f494a6f45ffffffdaffffffc1ffffffb4
         ms-mppe-recv-key = 0xffffff9bffffffd002ffffff9b46fffffff11661ffffffa66421ffffffba705c52ffffff97
         encryption-type = 0
         service-type = 2
         session-timeout = 0
         termination-action = 0
         vlan-name = wireless
         start-date = 19/04/09-17:30
         end-date = 19/04/10-17:30
         acct-interim-interval = 1000

6. Connect to the SSID. Then the client will prompt for the username and password.

7. Enter the username and password that you have created in the SmartPass server.

8. After connecting to the SSID, use the following commands:

   #sh sessions
   
   1 sessions total
   
   User Name             SessID  Type  Address              VLAN              AP/Rdo
   --------------------- ------  ----- -------------------- --------------    -------
   run                  10510* prof  10.9.221.202         wireless            9998/2
   
   9691#
   9691#
   9691# sh sess network session-id 10510 verbose
   
   1 of 1 sessions matched
   
   Name:               run
   Session ID:         10510
   Global ID:          SESS-10510-428bbd-814741-48d
   Login type:         mac-web (mac,web)
   SSID:               MAC-WEB
   IP:                 10.9.221.202
   MAC:                28:5a:eb:25:9a:d9
   AP/Radio:           9998/2
   State:              ACTIVE
   Session tag:        1
   Host name:          Vi
   Vlan name:          wireless   (AAA)
   Service type:       2          (dynamic-author)
   End date:           19/04/10-17:30 (dynamic-author)
   Acct int interval:  1000       (dynamic-author)
   Up time:            00:00:24
   
   Roaming history:
     Switch          AP/Radio     Association time  Duration
     --------------- -----------  ----------------- -------------------
     10.9.221.242    9998/2       04/09/19 18:29:01 00:00:43
   
   Session Start:      Tue Apr  9 18:29:20 2019 IST
   Last Auth Time:     Tue Apr  9 18:29:20 2019 IST
   Last Activity:      Tue Apr  9 18:29:42 2019 IST  ( <15s ago)
   Session Timeout:    82860
   Idle Time-To-Live:  177
   Protocol:           802.11 WMM
   Session CAC:        disabled
   Stats age:          0 seconds
   Radio type:         802.11a
   Last packet rate:   6.0 Mb/s
   Last packet RSSI:   -82 dBm
   Last packet SNR:    13
   Power Save:         enabled
   Voice Queue:        ACTIVE
   
                     Packets     Bytes
                     ----------  ------------
   Rx Unicast              1061         74583
   Rx Multicast              35          4568
   Rx Encrypt Err             0             0
   Tx Unicast              1372       1801232
   Rx peak A-MSDU             0             0
   Rx peak A-MPDU             0             0
   Tx peak A-MSDU             0             0
   Tx peak A-MPDU             0             0
   
   Queue       Tx Packets  Tx Dropped  Re-Transmit  Rx Dropped
   ----------  ----------  ----------  -----------  ----------
   Background           0           0            0           0
   BestEffort        1352           0          321           0
   Video                0           0            0           0
   Voice                0           0            0           0

2020-03-21: Archived