Knowledge Search


How to configure MAC+Web-Portal authentication on Juniper wireless controller

  [KB34259] Show Article Properties


This article explains how to configure MAC+Web-Portal authentication on Juniper wireless controller.

  1. Create a Web-Portal Service Profile as follows on the WLC controller:

    set service-profile Web-Portal ssid-name corp-guest
    set service-profile Web-Portal ssid-type clear
    set service-profile Web-Portal web-portal-form web/wba_form.html
    set service-profile Web-Portal web-portal-acl portalacl
    set service-profile Web-Portal wpa-ie auth-dot1x disable
    set service-profile Web-Portal rsn-ie auth-dot1x disable
    set service-profile Web-Portal attr vlan-name default
  2. As a next step, create a radio-profile (web) and map it to the service-profile (Web-Portal):

    set radio-profile web
    set radio-profile web service-profile Web-Portal
  3. Create AAA profile (web-mac) and map it to Web-portal/Mac authentication (Local):

    set aaa-profile web-mac
    set aaa-profile web-mac mac local
    set aaa-profile web-mac web local
  4.  Map SSID (corp-guest) to AAA profile (web-mac) by using the following command:

    set authentication profile ssid corp-guest web-mac
  5. Configure MAC-usergroup (mac-auth) and map the SSID (corp-guest)/VLAN (default) to that specific MAC-usergroup:

    set mac-usergroup mac-auth
    set mac-usergroup mac-auth attr ssid corp-guest
    ​set mac-usergroup mac-auth attr vlan-name default
  6. map the mac users (client mac-address) to the MAC-usergroup (mac-auth).

    set mac-user <client mac-address> group mac-auth
  7. Create a Local user on the WLC controller for web-portal authentication and map the user to the SSID (corp-guest).

    set user <user-name> password <password>
    set user <user-name>  attr ssid corp-guest

    Session Output:

    User Name    SessID   Type   Address           VLAN      AP/Rdo
    ---------    ------  ------  ---------------   --------  -------
    test         552*    prof,V6   default   9999/1
Related Links: