Juniper AX411, Configuration And Deployment Manual

Page: 15 / 25

Copyright © 2011, Juniper Networks, Inc.
15
APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point
#DHCP configuration
set system services dhcp name-server 4.2.2.2
#Pool used for the management network
set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
set system services dhcp pool 192.168.1.0/24 router 192.168.1.1
#Pool used for WifiNet
set system services dhcp pool 192.168.2.0/24 address-range low 192.168.2.2
set system services dhcp pool 192.168.2.0/24 address-range high 192.168.2.254
set system services dhcp pool 192.168.2.0/24 router 192.168.2.1
#Pool used for GuestNet
set system services dhcp pool 192.168.3.0/24 address-range low 192.168.3.2
set system services dhcp pool 192.168.3.0/24 address-range high 192.168.3.254
set system services dhcp pool 192.168.3.0/24 router 192.168.3.1
#Interfaces and VLANs
set interfaces interface-range APs member ge-0/0/1
set interfaces interface-range APs member-range fe-0/0/2 to fe-0/0/3
set interfaces interface-range APs unit 0 family ethernet-switching port-mode
trunk
set interfaces interface-range APs unit 0 family ethernet-switching vlan members
default
set interfaces interface-range APs unit 0 family ethernet-switching vlan members
WifiNet
set interfaces interface-range APs unit 0 family ethernet-switching vlan members
GuestNet
set interfaces interface-range APs unit 0 family ethernet-switching native-vlan-
id default
set interfaces ge-0/0/0 unit 0 family inet address 198.0.0.1/24
set interfaces ge-0/0/7 unit 0 family inet address 192.168.254.1/24
set interfaces vlan unit 1 family inet address 192.168.2.1/24
set interfaces vlan unit 2 family inet address 192.168.2.1/24
set interfaces vlan unit 3 family inet address 192.168.3.1/24
set vlans WifiNet vlan-id 2
set vlans WifiNet l3-interface vlan.2
set vlans GuestNet vlan-id 3
set vlans GuestNet l3-interface vlan.3
set vlans default vlan-id 1
set vlans default l3-interface vlan.1
#Security Zones,It is required to allow DHCP traffic into each zone and PING into
the management zone
set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone management interfaces vlan.1 host-inbound-traffic
system-services dhcp
set security zones security-zone management interfaces vlan.1 host-inbound-traffic
system-services ping
set security zones security-zone WifiNet interfaces vlan.2 host-inbound-traffic
system-services dhcp
set security zones security-zone GuestNet interfaces vlan.3 host-inbound-traffic
system-services dhcp
#The radius server is attached to the trust zone
set security zones security-zone trust address-book address radius
192.168.254.2/32
set security zones security-zone trust interfaces ge-0/0/7.0