Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to configure MAC+Web-Portal authentication on Juniper wireless controller

0

0

Article ID: KB34259 KB Last Updated: 24 May 2019Version: 1.0
Summary:

This article explains how to configure MAC+Web-Portal authentication on Juniper wireless controller.

Solution:
  1. Create a Web-Portal Service Profile as follows on the WLC controller:

    set service-profile Web-Portal ssid-name corp-guest
    set service-profile Web-Portal ssid-type clear
    set service-profile Web-Portal web-portal-form web/wba_form.html
    set service-profile Web-Portal web-portal-acl portalacl
    set service-profile Web-Portal wpa-ie auth-dot1x disable
    set service-profile Web-Portal rsn-ie auth-dot1x disable
    set service-profile Web-Portal attr vlan-name default
  2. As a next step, create a radio-profile (web) and map it to the service-profile (Web-Portal):

    set radio-profile web
    set radio-profile web service-profile Web-Portal
  3. Create AAA profile (web-mac) and map it to Web-portal/Mac authentication (Local):

    set aaa-profile web-mac
    set aaa-profile web-mac mac local
    set aaa-profile web-mac web local
  4.  Map SSID (corp-guest) to AAA profile (web-mac) by using the following command:

    set authentication profile ssid corp-guest web-mac
    
  5. Configure MAC-usergroup (mac-auth) and map the SSID (corp-guest)/VLAN (default) to that specific MAC-usergroup:

    set mac-usergroup mac-auth
    set mac-usergroup mac-auth attr ssid corp-guest
    ​set mac-usergroup mac-auth attr vlan-name default
  6. map the mac users (client mac-address) to the MAC-usergroup (mac-auth).

    set mac-user <client mac-address> group mac-auth
    
  7. Create a Local user on the WLC controller for web-portal authentication and map the user to the SSID (corp-guest).

    set user <user-name> password <password>
    set user <user-name>  attr ssid corp-guest

    Session Output:

    User Name    SessID   Type   Address           VLAN      AP/Rdo
    ---------    ------  ------  ---------------   --------  -------
    
    test         552*    prof    10.9.221.201,V6   default   9999/1
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search