Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] How to create MAC local authentication in WLC and Web Portal authentication in SmartPass for a single SSID



Article ID: KB34160 KB Last Updated: 21 Mar 2020Version: 2.0

This article explains how to create MAC local authentication in Juniper WLC and Web Portal authentication in SmartPass for a single SSID. The portal page will be served from SmartPass.


Our Radius/SmartPass IP :
VLAN Name: wireless

  1. Sample configuration in the WLC:

    set service-profile MAC-WEB ssid-name MAC-WEB
    set service-profile MAC-WEB ssid-type clear
    set service-profile MAC-WEB web-portal-form
    set service-profile MAC-WEB web-portal-acl webcl
    set service-profile MAC-WEB 11n short-guard-interval disable
    set service-profile MAC-WEB wpa-ie auth-dot1x disable
    set service-profile MAC-WEB rsn-ie auth-dot1x disable
    set service-profile MAC-WEB attr vlan-name wireless
  2. Map the above service-profile to a test Radio-profile:

    # set radio-profile R2 service-profile MAC-WEB
    set radius server SP-li address encrypted-key 130f021c021c0138
    set server group SP1 members SP-li
    set radius dac dac address replay-protect disable encrypted-key 05011301285c4b1b
    set enablepass password 8537402fbbb10ad489e828e043abefe48d77
    set aaa-profile mac-web
    set aaa-profile mac-web mac local
    set aaa-profile mac-web web SP1
    set authorization dynamic ssid MAC-WEB dac
    set authentication profile ssid MAC-WEB mac-web
  3. ACL configuration: 

    set security acl name webcl permit udp eq 68 eq 67
    set security acl name webcl permit ip
    set security acl name webcl deny capture
    commit security acl webcl
  4. Add your controller's IP address as a Radius client in your SmartPass server:

  5. Now you should create a user in your SmartPass server and try radping to the Smartpass server as below:

    #  radping server SP-li request authentication user run password run
    Sending authentication request to server SP-li (
    Received Access-Accept from the server in 22 ms
          ms-mppe-send-key = 0xffffffce7cffffff94ffffffbefffffffc72ffffffccffffffb8ffffff9f494a6f45ffffffdaffffffc1ffffffb4
          ms-mppe-recv-key = 0xffffff9bffffffd002ffffff9b46fffffff11661ffffffa66421ffffffba705c52ffffff97
          encryption-type = 0
          service-type = 2
          session-timeout = 0
          termination-action = 0
          vlan-name = wireless
          start-date = 19/04/09-17:30
          end-date = 19/04/10-17:30
          acct-interim-interval = 1000
  6. Connect to the SSID. Then the client will prompt for the username and password.

  7. Enter the username and password that you have created in the SmartPass server.

  8. After connecting to the SSID, use the following commands:

    #sh sessions
    1 sessions total
    User Name             SessID  Type  Address              VLAN              AP/Rdo
    --------------------- ------  ----- -------------------- --------------    -------
    run                  10510* prof         wireless            9998/2
    9691# sh sess network session-id 10510 verbose
    1 of 1 sessions matched
    Name:               run
    Session ID:         10510
    Global ID:          SESS-10510-428bbd-814741-48d
    Login type:         mac-web (mac,web)
    SSID:               MAC-WEB
    MAC:                28:5a:eb:25:9a:d9
    AP/Radio:           9998/2
    State:              ACTIVE
    Session tag:        1
    Host name:          Vi
    Vlan name:          wireless   (AAA)
    Service type:       2          (dynamic-author)
    End date:           19/04/10-17:30 (dynamic-author)
    Acct int interval:  1000       (dynamic-author)
    Up time:            00:00:24
    Roaming history:
      Switch          AP/Radio     Association time  Duration
      --------------- -----------  ----------------- -------------------    9998/2       04/09/19 18:29:01 00:00:43
    Session Start:      Tue Apr  9 18:29:20 2019 IST
    Last Auth Time:     Tue Apr  9 18:29:20 2019 IST
    Last Activity:      Tue Apr  9 18:29:42 2019 IST  ( <15s ago)
    Session Timeout:    82860
    Idle Time-To-Live:  177
    Protocol:           802.11 WMM
    Session CAC:        disabled
    Stats age:          0 seconds
    Radio type:         802.11a
    Last packet rate:   6.0 Mb/s
    Last packet RSSI:   -82 dBm
    Last packet SNR:    13
    Power Save:         enabled
    Voice Queue:        ACTIVE
                      Packets     Bytes
                      ----------  ------------
    Rx Unicast              1061         74583
    Rx Multicast              35          4568
    Rx Encrypt Err             0             0
    Tx Unicast              1372       1801232
    Rx peak A-MSDU             0             0
    Rx peak A-MPDU             0             0
    Tx peak A-MSDU             0             0
    Tx peak A-MPDU             0             0
    Queue       Tx Packets  Tx Dropped  Re-Transmit  Rx Dropped
    ----------  ----------  ----------  -----------  ----------
    Background           0           0            0           0
    BestEffort        1352           0          321           0
    Video                0           0            0           0
    Voice                0           0            0           0
Modification History:
2020-03-21: Archived
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search