This article explains how to create MAC local authentication in Juniper WLC and Web Portal authentication in SmartPass for a single SSID. The portal page will be served from SmartPass.
Our Radius/SmartPass IP : 10.9.221.185
SSID Name: MAC-WEB
VLAN Name: wireless
-
Sample configuration in the WLC:
set service-profile MAC-WEB ssid-name MAC-WEB
set service-profile MAC-WEB ssid-type clear
set service-profile MAC-WEB web-portal-form https://10.9.221.185:444/gp2/webportal/ext/webPortalAuthLogin
set service-profile MAC-WEB web-portal-acl webcl
set service-profile MAC-WEB 11n short-guard-interval disable
set service-profile MAC-WEB wpa-ie auth-dot1x disable
set service-profile MAC-WEB rsn-ie auth-dot1x disable
set service-profile MAC-WEB attr vlan-name wireless
-
Map the above service-profile to a test Radio-profile:
# set radio-profile R2 service-profile MAC-WEB
set radius server SP-li address 10.9.221.185 encrypted-key 130f021c021c0138
set server group SP1 members SP-li
set radius dac dac address 10.9.221.185 replay-protect disable encrypted-key 05011301285c4b1b
set enablepass password 8537402fbbb10ad489e828e043abefe48d77
set aaa-profile mac-web
set aaa-profile mac-web mac local
set aaa-profile mac-web web SP1
set authorization dynamic ssid MAC-WEB dac
set authentication profile ssid MAC-WEB mac-web
-
ACL configuration:
set security acl name webcl permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
set security acl name webcl permit ip 0.0.0.0 255.255.255.255 10.9.221.185 0.0.0.0
set security acl name webcl deny 0.0.0.0 255.255.255.255 capture
commit security acl webcl
-
Add your controller's IP address as a Radius client in your SmartPass server:

-
Now you should create a user in your SmartPass server and try radping to the Smartpass server as below:
# radping server SP-li request authentication user run password run
Sending authentication request to server SP-li (10.9.221.185:1812)
Received Access-Accept from the server in 22 ms
Attributes:
ms-mppe-send-key = 0xffffffce7cffffff94ffffffbefffffffc72ffffffccffffffb8ffffff9f494a6f45ffffffdaffffffc1ffffffb4
ms-mppe-recv-key = 0xffffff9bffffffd002ffffff9b46fffffff11661ffffffa66421ffffffba705c52ffffff97
encryption-type = 0
service-type = 2
session-timeout = 0
termination-action = 0
vlan-name = wireless
start-date = 19/04/09-17:30
end-date = 19/04/10-17:30
acct-interim-interval = 1000
-
Connect to the SSID. Then the client will prompt for the username and password.
-
Enter the username and password that you have created in the SmartPass server.
-
After connecting to the SSID, use the following commands:
#sh sessions
1 sessions total
User Name SessID Type Address VLAN AP/Rdo
--------------------- ------ ----- -------------------- -------------- -------
run 10510* prof 10.9.221.202 wireless 9998/2
9691#
9691#
9691# sh sess network session-id 10510 verbose
1 of 1 sessions matched
Name: run
Session ID: 10510
Global ID: SESS-10510-428bbd-814741-48d
Login type: mac-web (mac,web)
SSID: MAC-WEB
IP: 10.9.221.202
MAC: 28:5a:eb:25:9a:d9
AP/Radio: 9998/2
State: ACTIVE
Session tag: 1
Host name: Vi
Vlan name: wireless (AAA)
Service type: 2 (dynamic-author)
End date: 19/04/10-17:30 (dynamic-author)
Acct int interval: 1000 (dynamic-author)
Up time: 00:00:24
Roaming history:
Switch AP/Radio Association time Duration
--------------- ----------- ----------------- -------------------
10.9.221.242 9998/2 04/09/19 18:29:01 00:00:43
Session Start: Tue Apr 9 18:29:20 2019 IST
Last Auth Time: Tue Apr 9 18:29:20 2019 IST
Last Activity: Tue Apr 9 18:29:42 2019 IST ( <15s ago)
Session Timeout: 82860
Idle Time-To-Live: 177
Protocol: 802.11 WMM
Session CAC: disabled
Stats age: 0 seconds
Radio type: 802.11a
Last packet rate: 6.0 Mb/s
Last packet RSSI: -82 dBm
Last packet SNR: 13
Power Save: enabled
Voice Queue: ACTIVE
Packets Bytes
---------- ------------
Rx Unicast 1061 74583
Rx Multicast 35 4568
Rx Encrypt Err 0 0
Tx Unicast 1372 1801232
Rx peak A-MSDU 0 0
Rx peak A-MPDU 0 0
Tx peak A-MSDU 0 0
Tx peak A-MPDU 0 0
Queue Tx Packets Tx Dropped Re-Transmit Rx Dropped
---------- ---------- ---------- ----------- ----------
Background 0 0 0 0
BestEffort 1352 0 321 0
Video 0 0 0 0
Voice 0 0 0 0