manualshive.com logo in svg

Juniper AX411, Configuration And Deployment Manual

The ABB AX411 User Manual is an essential guide for maximizing the functionality of your ABB AX411 device. With clear instructions and detailed illustrations, this manual provides users with the information they need to operate their device effectively. Download this manual for free from our website to unlock the full potential of your ABB AX411.

Share
Download
background image

10

 

Copyright © 2011, Juniper Networks, Inc.

APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point 

#Enable PoE if you will be using that to power the AX411.

set poe interface all

#DHCP Server config. A different pool per (AP) interface is used

set system services dhcp name-server 4.2.2.2

set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2

set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254

set system services dhcp pool 192.168.1.0/24 router 192.168.1.1

set system services dhcp pool 192.168.2.0/24 address-range low 192.168.2.2

set system services dhcp pool 192.168.2.0/24 address-range high 192.168.2.254

set system services dhcp pool 192.168.2.0/24 router 192.168.2.1

set system services dhcp pool 192.168.3.0/24 address-range low 192.168.3.2

set system services dhcp pool 192.168.3.0/24 address-range high 192.168.3.254

set system services dhcp pool 192.168.3.0/24 router 192.168.3.1

#Interface configurations

set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.1/24

set interfaces ge-0/0/2 unit 0 family inet address 192.168.2.1/24

set interfaces ge-0/0/3 unit 0 family inet address 192.168.3.1/24

#Security Zones and policies configuration. 

#An intra-zone policy is added to allow traffic between clients connected to 

different APs 

set security zones security-zone untrust interfaces ge-0/0/0.0

set security zones security-zone WifiNet interfaces ge-0/0/1.0

set security zones security-zone WifiNet interfaces ge-0/0/1.0 host-inbound-traffic 

system-services dhcp

set security zones security-zone WifiNet interfaces fe-0/0/2.0

set security zones security-zone WifiNet interfaces fe-0/0/2.0 host-inbound-traffic 

system-services dhcp

set security zones security-zone WifiNet interfaces fe-0/0/3.0

set security zones security-zone WifiNet interfaces fe-0/0/3.0 host-inbound-traffic 

system-services dhcp

set security policies from-zone WifiNet to-zone WifiNet policy permit-egress-traffic 

match source-address any

set security policies from-zone WifiNet to-zone WifiNet policy permit-egress-traffic 

match destination-address any

set security policies from-zone WifiNet to-zone WifiNet policy permit-egress-traffic 

match application any

set security policies from-zone WifiNet to-zone WifiNet policy permit-egress-traffic 

then permit

set security policies from-zone WifiNet to-zone untrust policy allow-internet-

access match source-address any

set security policies from-zone WifiNet to-zone untrust policy allow-internet-

access match destination-address any

set security policies from-zone WifiNet to-zone untrust policy allow-internet-

access match application any

set security policies from-zone WifiNet to-zone untrust policy allow-internet-

access then permit

#APs configuration. The APs config is identical to the one in our previous example

set wlan access-point AP-1 mac-address 00:12:cf:c5:4a:40

set wlan access-point AP-1 access-point-options country US

set wlan access-point AP-1 radio 1 virtual-access-point 0 ssid WifiNet

set wlan access-point AP-1 radio 1 virtual-access-point 0 security none

set wlan access-point AP-1 radio 2 virtual-access-point 0 ssid WifiNet

set wlan access-point AP-1 radio 2 virtual-access-point 0 security none

#AP-2

Summary of Contents for AX411

Page 1: ...APPLICATION NOTE Copyright 2011 Juniper Networks Inc 1 Configuring and Deploying the AX411 Wireless Access Point ...

Page 2: ...Networks Using VAPs 14 Creating a Guest Network Using Firewall Authentication 17 RADIUS Based VLAN Assignment 19 Administration and Monitoring 21 Monitoring 21 Firmware Upgrade 23 Summary 23 Appendix AX411 Wireless LAN Access Point Certification Listing 23 Part Numbers Affected 23 About Juniper Networks 25 Table of Figures Figure 1 L2 management mode 4 Figure 2 L3 management mode 5 Figure 3 L2 man...

Page 3: ...y SRX Series gateways that support PoE Alternatively an external power supply is provided with each access point that can be used when PoE is not available Hardware Requirements Juniper Networks SRX Series for the branch SRX100 line and SRX200 line of services gateways and the SRX650 Services Gateway Software Requirements Juniper Networks Junos operating system release 10 0 or later Description an...

Page 4: ...ach access point The advantage of using this approach is that access points can be connected to any port or given any IP address while still being correctly identified since MAC addresses are fixed Internet Control Message Protocol ICMP is used as a keepalive protocol between each access point and the SRX Series gateway If an access point detects a failure it automatically stops broadcasting any s...

Page 5: ...client to client traffic Yes Configuration complexity Simpler configuration since a single L3 interface is shared between all access points Complex as each access point is connected to a different L3 interface with each requiring the configuration of an IP address a DHCP server security zones and policies Roaming Client roaming is supported if MAC authentication or no authorization protocol is use...

Page 6: ... Access Point address gateway default gateway dot1x supplicant username username password password access point options country country where the AP is located This is used for regulatory purposes The AP will only transmit in the bands allowed by each country station mac filter Allow and deny list of mac addresses used for local mac authentication radio 1 2 quality of service QoS configuration opt...

Page 7: ...rs allow passing per user configuration options centrally managed by the RADIUS server The following table displays the list of RADIUS attributes that can be passed to the AX411 access point as specified in RFC 3580 Table 3 Supported RADIUS Attributes Attribute Name Value Type Defined In Session Timeout 27 integer RFC2865 Tunnel Type 64 integer RFC2868 Tunnel Medium Type 65 integer RFC2868 Tunnel ...

Page 8: ...68 2 1 24 set vlans default vlan id 2 set vlans default l3 interface vlan 2 Routing is trivial there is only a default route pointing to the Internet set routing options static route 0 0 0 0 0 next hop 10 0 1 1 NAT all traffic from the WifiNet to untrust Use the IP address of the egress interface as the new source set security nat source rule set Internet Access from zone WiFiNet set security nat ...

Page 9: ...ss point AP 3 mac address 00 12 cf c5 4c 40 set wlan access point AP 3 access point options country US set wlan access point AP 3 radio 1 virtual access point 0 ssid WifiNet set wlan access point AP 3 radio 1 virtual access point 0 security none set wlan access point AP 3 radio 2 virtual access point 0 ssid WifiNet The AX411 access points use the concept of a Virtual Access Point VAP A VAP appears...

Page 10: ...raffic system services dhcp set security zones security zone WifiNet interfaces fe 0 0 2 0 set security zones security zone WifiNet interfaces fe 0 0 2 0 host inbound traffic system services dhcp set security zones security zone WifiNet interfaces fe 0 0 3 0 set security zones security zone WifiNet interfaces fe 0 0 3 0 host inbound traffic system services dhcp set security policies from zone Wifi...

Page 11: ...r and management traffic INTERNET OFFICE vlan 1 management 10 0 0 1 24 vlan 2 trust 192 168 1 1 24 VLANID 2 Client AP 1 00 de ad 10 75 00 AP 2 00 de ad 10 76 00 AP 3 00 de ad 10 77 00 CorpNet SSID A single broadcast SSID is advertised SRX Series ge 0 0 0 0 untrust 198 0 0 1 24 DHCP Server config set system services dhcp pool name server 4 2 2 2 This pool is used by the management vlan set system s...

Page 12: ... point AP 1 radio 1 virtual access point 0 vlan 2 set wlan access point AP 1 radio 1 virtual access point 0 security none set wlan access point AP 1 radio 2 virtual access point 0 ssid WifiNet set wlan access point AP 1 radio 2 virtual access point 0 vlan 2 set wlan access point AP 1 radio 2 virtual access point 0 security none AP 2 All the other APs are configured the same way MAC Authentication ...

Page 13: ...warded by the SRX Series but they will neither be generated nor proxied by it Figure 6 RADIUS based MAC authentication This configuration almost identical to the one in our previous example specifies the MAC authentication type as RADIUS on a per VAP basis and specifies the RADIUS parameters INTERNET OFFICE SRX Series ge 0 0 0 0 untrust 198 0 0 1 24 ge 0 0 7 0 trust 192 198 254 1 24 Radius Server ...

Page 14: ...ption using Wi Fi Protected Access WPA and RADIUS authentication The Guest zone with a Guest SSID will be open but will only allow HTTP and Domain Name System DNS traffic to the Internet Two VAPs will be used each with a single SSID and each associated to a VLAN Traffic from clients associated to the WifiNet SSID will be tagged using VLAN tag 2 while traffic for the Guest network will be tagged wi...

Page 15: ...ing vlan members WifiNet set interfaces interface range APs unit 0 family ethernet switching vlan members GuestNet set interfaces interface range APs unit 0 family ethernet switching native vlan id default set interfaces ge 0 0 0 unit 0 family inet address 198 0 0 1 24 set interfaces ge 0 0 7 unit 0 family inet address 192 168 254 1 24 set interfaces vlan unit 1 family inet address 192 168 2 1 24 ...

Page 16: ...ntrust policy allow http dns then permit Allow radius traffic from the APs to the radius server set security policies from zone management to zone trust policy allow radius match source address any set security policies from zone management to zone trust policy allow radius match destination address radius set security policies from zone management to zone trust policy allow radius match applicati...

Page 17: ... ge 0 0 0 0 untrust 198 0 0 1 24 Enable the http connections to the vlan 3 interface where the captive portal will be used set system services web management http interface vlan 3 set system services dhcp name server 4 2 2 2 set system services dhcp pool 192 168 2 0 24 address range low 192 168 2 2 set system services dhcp pool 192 168 2 0 24 address range high 192 168 2 254 set system services dh...

Page 18: ...e 0 0 0 0 set security zones security zone WifiNet interfaces vlan 2 host inbound traffic system services dhcp set security zones security zone management interfaces vlan 1 host inbound traffic system services dhcp set security zones security zone management interfaces vlan 1 host inbound traffic system services ping set security zones security zone GuestNet interfaces vlan 3 host inbound traffic ...

Page 19: ...access point AP 1 radio 1 virtual access point 1 ssid GuestNet set wlan access point AP 1 radio 1 virtual access point 1 vlan 3 set wlan access point AP 1 radio 1 virtual access point 1 security none set wlan access point AP 1 radio 2 virtual access point 0 ssid WifiNet set wlan access point AP 1 radio 2 virtual access point 0 vlan 2 set wlan access point AP 1 radio 2 virtual access point 0 securi...

Page 20: ... interfaces interface range APs unit 0 family ethernet switching vlan members GuestNet set interfaces interface range APs unit 0 family ethernet switching native vlan id default set interfaces vlan unit 1 family inet address 192 168 2 1 24 set interfaces vlan unit 2 family inet address 192 168 2 1 24 set interfaces vlan unit 3 family inet address 192 168 3 1 24 set wlan access point AP 1 mac addre...

Page 21: ...mation about a particular access point show wlan access points AP 1 detail Active access point detail information Access Point AP 1 Type External Location Default Location Serial Number 849001007 Firmware Version 10 1 2 3 Access Interface vlan Packet Capture Disabled Ethernet Port MAC Address 00 12 CF C5 4A 40 IPv4 Address 192 168 2 3 Radio1 Status On MAC Address 00 12 CF C5 4A 40 Mode IEEE 802 11...

Page 22: ... VAP0 SSID WifiNet MAC Address 00 12 CF C5 4A 40 VLAN ID 2 Traffic Statistics Input Bytes 24114 Output Bytes 72798 Input Packets 87 Output Packets 401 VAP1 SSID GuestNet MAC Address 00 12 CF C5 4A 41 VLAN ID 3 Traffic Statistics Input Bytes 1113907 Output Bytes 10631368 Input Packets 8805 Output Packets 9169 Radio2 VAP0 SSID WifiNet MAC Address 00 12 CF C5 4A 50 VLAN ID 2 Traffic Statistics Input ...

Page 23: ...411 TW Due to the fact that certain countries have imposed restrictions on the deployment of wireless technologies this document should be used to determine in which countries the AX411 has been certified for shipment In the table below select the AX411 wireless LAN access point model by SKU that needs to be ordered to support appropriate power and channel settings for a particular country listed ...

Page 24: ...411 E Switzerland Yes AX411 E Ukraine No AX411 E United Kingdom Yes AX411 E World W Mexico No AX411 W Turkey No AX411 W Australia Yes AX411 W New Zealand Yes AX411 W Hong Kong Yes AX411 W India Yes AX411 W Philippines No AX411 W Malaysia Yes AX411 W Thailand Yes AX411 W Argentina No AX411 W Brazil Yes AX411 W Chile No AX411 W Columbia No AX411 W Panama No AX411 W Peru No AX411 W Venezuela No AX411...

Page 25: ...d Airside Business Park Swords County Dublin Ireland Phone 35 31 8903 600 EMEA Sales 00800 4586 4737 Fax 35 31 8903 601 APAC Headquarters Juniper Networks Hong Kong 26 F Cityplaza One 1111 King s Road Taikoo Shing Hong Kong Phone 852 2332 3636 Fax 852 2574 7803 Corporate and Sales Headquarters Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 4737 or ...

Reviews:

No comments

Related manuals for AX411

Cambium Networks PMP 450 Configuration And User'S Manual preview
PMP 450
Brand: Cambium Networks Pages: 196
Cambium Networks ePMP 1000 User Manual preview
ePMP 1000
Brand: Cambium Networks Pages: 478
Cambium PMP 450 AP User Manual preview
PMP 450 AP
Brand: Cambium Pages: 301
Cambium Networks PMP 450 AP Planning And Installation Manual preview
PMP 450 AP
Brand: Cambium Networks Pages: 287
Tenda W541R User Manual preview
W541R
Brand: Tenda Pages: 57
MikroTik RouterBOARD 750 Quick Setup Manual And Warranty Information preview
RouterBOARD 750
Brand: MikroTik Pages: 2
NETGEAR WNR3500 - RangeMax Next Wireless-N Gigabit Router Wireless User Manual preview
WNR3500 - RangeMax Next Wireless-N Gigabit Router Wireless
Brand: NETGEAR Pages: 124
Cisco MERAKI MR56 Installation Manual preview
MR56
Brand: Cisco MERAKI Pages: 19
Ubiquiti PBE-M5-300-US Quick Start Manual preview
PBE-M5-300-US
Brand: Ubiquiti Pages: 13
Edimax EW-7203APg Specifications preview
EW-7203APg
Brand: Edimax Pages: 2
PROLiNK PRT7010L Quick Installation Manual preview
PRT7010L
Brand: PROLiNK Pages: 28
Zonet ZSR0104UP User Manual preview
ZSR0104UP
Brand: Zonet Pages: 51
Arista AP-O235E Getting Started Manual preview
AP-O235E
Brand: Arista Pages: 4
Gemtek Systems WLTMS-110_384041 Quick Installation Manual preview
WLTMS-110_384041
Brand: Gemtek Systems Pages: 14
Linksys MAX-STREAM EA9350 User Manual preview
MAX-STREAM EA9350
Brand: Linksys Pages: 45
Ubiquiti AirWire Quick Start Manual preview
AirWire
Brand: Ubiquiti Pages: 12
Ubiquiti UniFi XG UAP-XG Quick Start Manual preview
UniFi XG UAP-XG
Brand: Ubiquiti Pages: 23
Ubee DVW2110 User Manual preview
DVW2110
Brand: Ubee Pages: 34

Brands by name

Popular brands

Load more brands