manualshive.com logo in svg

Juniper AX411, Configuration And Deployment Manual

The ABB AX411 User Manual is an essential guide for maximizing the functionality of your ABB AX411 device. With clear instructions and detailed illustrations, this manual provides users with the information they need to operate their device effectively. Download this manual for free from our website to unlock the full potential of your ABB AX411.

Share
Download
background image

12

 

Copyright © 2011, Juniper Networks, Inc.

APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point 

set interfaces interface-range APs unit 0 family ethernet-switching native-vlan-

id 1

set vlans WifiNet vlan-id 2

set vlans WifiNet l3-interface vlan.2

set interfaces vlan unit 2 family inet address 192.168.2.1/24

set vlans default vlan-id 1

set vlans default l3-interface vlan.1

set interfaces vlan unit 1 family inet address 192.168.1.1/24

#Security Zones and policies configuration. Please note that the vlan.0 interface 

MUST be assigned to a zone

set security zones security-zone untrust interfaces ge-0/0/0.0

set security zones security-zone management interfaces vlan.1 host-inbound-traffic 

system-services dhcp

set security zones security-zone management interfaces vlan.1 host-inbound-traffic 

system-services ping

set security zones security-zone management interfaces vlan.1

#Note that ping is not required in the WifiNet zone, as the keepalives are sent 

only over the management vlan

set security zones security-zone trust interfaces vlan.2

#Note that no security policies are required for the management zone as no 

through traffic should be allowed from/to this zone.

#APs configuration.

set wlan access-point AP-1 mac-address 00:12:cf:c5:4a:40

set wlan access-point AP-1 access-point-options country US

set wlan access-point AP-1 radio 1 virtual-access-point 0 ssid WifiNet

set wlan access-point AP-1 radio 1 virtual-access-point 0 vlan 2

set wlan access-point AP-1 radio 1 virtual-access-point 0 security none

set wlan access-point AP-1 radio 2 virtual-access-point 0 ssid WifiNet

set wlan access-point AP-1 radio 2 virtual-access-point 0 vlan 2

set wlan access-point AP-1 radio 2 virtual-access-point 0 security none

#AP-2

#... All the other APs are configured the same way

MAC Authentication

Building on our previous scenario, we will now assume that some basic form of authentication is required. If the number 
of devices in the network is small, and over the air confidentiality is not a requirement, MAC-based authentication 
provides a simple access control method. 

A local database of allowed and denied MAC addresses is created. Whenever a VAP is configured with MAC 
authentication, the access point uses this database to determine if a particular association request will be granted. 
Two mutually exclusive lists are provided—allow lists and deny lists. If the allow list is configured, any station with a 
MAC address not on the list will be denied access. similarly, if the deny list is configured, all stations will be allowed 
with the exception of the ones present on the list.

#AP-1 configuration

set wlan access-point AP-1 mac-address 00:12:00:00:00:00 

set wlan access-point AP-1 mac-address 00:12:00:00:00:01

…  

set wlan access-point AP-1 access-point-options country US

set wlan access-point AP-1 mac-address 00:12:cf:c5:4a:40

set wlan access-point AP-1 access-point-options station-mac-filter allow-list mac-

address 00:16:cb:05:1e:af

set wlan access-point AP-1 radio 1 virtual-access-point 0 ssid WifiNet

Summary of Contents for AX411

Page 1: ...APPLICATION NOTE Copyright 2011 Juniper Networks Inc 1 Configuring and Deploying the AX411 Wireless Access Point ...

Page 2: ...Networks Using VAPs 14 Creating a Guest Network Using Firewall Authentication 17 RADIUS Based VLAN Assignment 19 Administration and Monitoring 21 Monitoring 21 Firmware Upgrade 23 Summary 23 Appendix AX411 Wireless LAN Access Point Certification Listing 23 Part Numbers Affected 23 About Juniper Networks 25 Table of Figures Figure 1 L2 management mode 4 Figure 2 L3 management mode 5 Figure 3 L2 man...

Page 3: ...y SRX Series gateways that support PoE Alternatively an external power supply is provided with each access point that can be used when PoE is not available Hardware Requirements Juniper Networks SRX Series for the branch SRX100 line and SRX200 line of services gateways and the SRX650 Services Gateway Software Requirements Juniper Networks Junos operating system release 10 0 or later Description an...

Page 4: ...ach access point The advantage of using this approach is that access points can be connected to any port or given any IP address while still being correctly identified since MAC addresses are fixed Internet Control Message Protocol ICMP is used as a keepalive protocol between each access point and the SRX Series gateway If an access point detects a failure it automatically stops broadcasting any s...

Page 5: ...client to client traffic Yes Configuration complexity Simpler configuration since a single L3 interface is shared between all access points Complex as each access point is connected to a different L3 interface with each requiring the configuration of an IP address a DHCP server security zones and policies Roaming Client roaming is supported if MAC authentication or no authorization protocol is use...

Page 6: ... Access Point address gateway default gateway dot1x supplicant username username password password access point options country country where the AP is located This is used for regulatory purposes The AP will only transmit in the bands allowed by each country station mac filter Allow and deny list of mac addresses used for local mac authentication radio 1 2 quality of service QoS configuration opt...

Page 7: ...rs allow passing per user configuration options centrally managed by the RADIUS server The following table displays the list of RADIUS attributes that can be passed to the AX411 access point as specified in RFC 3580 Table 3 Supported RADIUS Attributes Attribute Name Value Type Defined In Session Timeout 27 integer RFC2865 Tunnel Type 64 integer RFC2868 Tunnel Medium Type 65 integer RFC2868 Tunnel ...

Page 8: ...68 2 1 24 set vlans default vlan id 2 set vlans default l3 interface vlan 2 Routing is trivial there is only a default route pointing to the Internet set routing options static route 0 0 0 0 0 next hop 10 0 1 1 NAT all traffic from the WifiNet to untrust Use the IP address of the egress interface as the new source set security nat source rule set Internet Access from zone WiFiNet set security nat ...

Page 9: ...ss point AP 3 mac address 00 12 cf c5 4c 40 set wlan access point AP 3 access point options country US set wlan access point AP 3 radio 1 virtual access point 0 ssid WifiNet set wlan access point AP 3 radio 1 virtual access point 0 security none set wlan access point AP 3 radio 2 virtual access point 0 ssid WifiNet The AX411 access points use the concept of a Virtual Access Point VAP A VAP appears...

Page 10: ...raffic system services dhcp set security zones security zone WifiNet interfaces fe 0 0 2 0 set security zones security zone WifiNet interfaces fe 0 0 2 0 host inbound traffic system services dhcp set security zones security zone WifiNet interfaces fe 0 0 3 0 set security zones security zone WifiNet interfaces fe 0 0 3 0 host inbound traffic system services dhcp set security policies from zone Wifi...

Page 11: ...r and management traffic INTERNET OFFICE vlan 1 management 10 0 0 1 24 vlan 2 trust 192 168 1 1 24 VLANID 2 Client AP 1 00 de ad 10 75 00 AP 2 00 de ad 10 76 00 AP 3 00 de ad 10 77 00 CorpNet SSID A single broadcast SSID is advertised SRX Series ge 0 0 0 0 untrust 198 0 0 1 24 DHCP Server config set system services dhcp pool name server 4 2 2 2 This pool is used by the management vlan set system s...

Page 12: ... point AP 1 radio 1 virtual access point 0 vlan 2 set wlan access point AP 1 radio 1 virtual access point 0 security none set wlan access point AP 1 radio 2 virtual access point 0 ssid WifiNet set wlan access point AP 1 radio 2 virtual access point 0 vlan 2 set wlan access point AP 1 radio 2 virtual access point 0 security none AP 2 All the other APs are configured the same way MAC Authentication ...

Page 13: ...warded by the SRX Series but they will neither be generated nor proxied by it Figure 6 RADIUS based MAC authentication This configuration almost identical to the one in our previous example specifies the MAC authentication type as RADIUS on a per VAP basis and specifies the RADIUS parameters INTERNET OFFICE SRX Series ge 0 0 0 0 untrust 198 0 0 1 24 ge 0 0 7 0 trust 192 198 254 1 24 Radius Server ...

Page 14: ...ption using Wi Fi Protected Access WPA and RADIUS authentication The Guest zone with a Guest SSID will be open but will only allow HTTP and Domain Name System DNS traffic to the Internet Two VAPs will be used each with a single SSID and each associated to a VLAN Traffic from clients associated to the WifiNet SSID will be tagged using VLAN tag 2 while traffic for the Guest network will be tagged wi...

Page 15: ...ing vlan members WifiNet set interfaces interface range APs unit 0 family ethernet switching vlan members GuestNet set interfaces interface range APs unit 0 family ethernet switching native vlan id default set interfaces ge 0 0 0 unit 0 family inet address 198 0 0 1 24 set interfaces ge 0 0 7 unit 0 family inet address 192 168 254 1 24 set interfaces vlan unit 1 family inet address 192 168 2 1 24 ...

Page 16: ...ntrust policy allow http dns then permit Allow radius traffic from the APs to the radius server set security policies from zone management to zone trust policy allow radius match source address any set security policies from zone management to zone trust policy allow radius match destination address radius set security policies from zone management to zone trust policy allow radius match applicati...

Page 17: ... ge 0 0 0 0 untrust 198 0 0 1 24 Enable the http connections to the vlan 3 interface where the captive portal will be used set system services web management http interface vlan 3 set system services dhcp name server 4 2 2 2 set system services dhcp pool 192 168 2 0 24 address range low 192 168 2 2 set system services dhcp pool 192 168 2 0 24 address range high 192 168 2 254 set system services dh...

Page 18: ...e 0 0 0 0 set security zones security zone WifiNet interfaces vlan 2 host inbound traffic system services dhcp set security zones security zone management interfaces vlan 1 host inbound traffic system services dhcp set security zones security zone management interfaces vlan 1 host inbound traffic system services ping set security zones security zone GuestNet interfaces vlan 3 host inbound traffic ...

Page 19: ...access point AP 1 radio 1 virtual access point 1 ssid GuestNet set wlan access point AP 1 radio 1 virtual access point 1 vlan 3 set wlan access point AP 1 radio 1 virtual access point 1 security none set wlan access point AP 1 radio 2 virtual access point 0 ssid WifiNet set wlan access point AP 1 radio 2 virtual access point 0 vlan 2 set wlan access point AP 1 radio 2 virtual access point 0 securi...

Page 20: ... interfaces interface range APs unit 0 family ethernet switching vlan members GuestNet set interfaces interface range APs unit 0 family ethernet switching native vlan id default set interfaces vlan unit 1 family inet address 192 168 2 1 24 set interfaces vlan unit 2 family inet address 192 168 2 1 24 set interfaces vlan unit 3 family inet address 192 168 3 1 24 set wlan access point AP 1 mac addre...

Page 21: ...mation about a particular access point show wlan access points AP 1 detail Active access point detail information Access Point AP 1 Type External Location Default Location Serial Number 849001007 Firmware Version 10 1 2 3 Access Interface vlan Packet Capture Disabled Ethernet Port MAC Address 00 12 CF C5 4A 40 IPv4 Address 192 168 2 3 Radio1 Status On MAC Address 00 12 CF C5 4A 40 Mode IEEE 802 11...

Page 22: ... VAP0 SSID WifiNet MAC Address 00 12 CF C5 4A 40 VLAN ID 2 Traffic Statistics Input Bytes 24114 Output Bytes 72798 Input Packets 87 Output Packets 401 VAP1 SSID GuestNet MAC Address 00 12 CF C5 4A 41 VLAN ID 3 Traffic Statistics Input Bytes 1113907 Output Bytes 10631368 Input Packets 8805 Output Packets 9169 Radio2 VAP0 SSID WifiNet MAC Address 00 12 CF C5 4A 50 VLAN ID 2 Traffic Statistics Input ...

Page 23: ...411 TW Due to the fact that certain countries have imposed restrictions on the deployment of wireless technologies this document should be used to determine in which countries the AX411 has been certified for shipment In the table below select the AX411 wireless LAN access point model by SKU that needs to be ordered to support appropriate power and channel settings for a particular country listed ...

Page 24: ...411 E Switzerland Yes AX411 E Ukraine No AX411 E United Kingdom Yes AX411 E World W Mexico No AX411 W Turkey No AX411 W Australia Yes AX411 W New Zealand Yes AX411 W Hong Kong Yes AX411 W India Yes AX411 W Philippines No AX411 W Malaysia Yes AX411 W Thailand Yes AX411 W Argentina No AX411 W Brazil Yes AX411 W Chile No AX411 W Columbia No AX411 W Panama No AX411 W Peru No AX411 W Venezuela No AX411...

Page 25: ...d Airside Business Park Swords County Dublin Ireland Phone 35 31 8903 600 EMEA Sales 00800 4586 4737 Fax 35 31 8903 601 APAC Headquarters Juniper Networks Hong Kong 26 F Cityplaza One 1111 King s Road Taikoo Shing Hong Kong Phone 852 2332 3636 Fax 852 2574 7803 Corporate and Sales Headquarters Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 4737 or ...

Reviews:

No comments

Related manuals for AX411

D-Link DIR-850L Quick Install Manual preview
DIR-850L
Brand: D-Link Pages: 4
D-Link DIR-830L Quick Install Manual preview
DIR-830L
Brand: D-Link Pages: 12
D-Link DIR-803 Manual Configuration Manual preview
DIR-803
Brand: D-Link Pages: 6
D-Link DIR-640L Quick Install Manual preview
DIR-640L
Brand: D-Link Pages: 12
D-Link DIR-626L User Manual preview
DIR-626L
Brand: D-Link Pages: 140
D-Link DIR-605L Quick Install Manual preview
DIR-605L
Brand: D-Link Pages: 2
D-Link DIR-514 Faq preview
DIR-514
Brand: D-Link Pages: 48
D-Link DIR-510L Quick Install Manual preview
DIR-510L
Brand: D-Link Pages: 16
D-Link DIR-506L Configuration Manual preview
DIR-506L
Brand: D-Link Pages: 16
D-Link DIR-1750 Quick Installation Manual preview
DIR-1750
Brand: D-Link Pages: 2
D-Link DIR-2680 User Manual preview
DIR-2680
Brand: D-Link Pages: 178
Ebyte E30-400M30S User Manual preview
E30-400M30S
Brand: Ebyte Pages: 11
TP-Link Omada EAP620 User Manual preview
Omada EAP620
Brand: TP-Link Pages: 105
H3C MSR900-E Routers Installation, Quick Start preview
MSR900-E Routers
Brand: H3C Pages: 2
Alcatel-Lucent AOS-W 3.4 Quick Start Manual preview
AOS-W 3.4
Brand: Alcatel-Lucent Pages: 7
Ruijie Networks RG-AP130-W Quick Installation Manual preview
RG-AP130-W
Brand: Ruijie Networks Pages: 12
Atlantis Land A07-WA6102X-2 Specification Sheet preview
A07-WA6102X-2
Brand: Atlantis Land Pages: 2
VKOM 403NR User Manual preview
403NR
Brand: VKOM Pages: 20

Brands by name

Popular brands

Load more brands