Juniper AX411, Configuration And Deployment Manual

Page: 16 / 25

16
Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point
#Security Policies
set security policies from-zone WifiNet to-zone untrust policy permit-traffic match
source-address any
set security policies from-zone WifiNet to-zone untrust policy permit-traffic match
destination-address any
set security policies from-zone WifiNet to-zone untrust policy permit-traffic match
application any
set security policies from-zone WifiNet to-zone untrust policy permit-traffic then
permit
set security policies from-zone WifiNet to-zone untrust policy permit-traffic then
count
set security policies from-zone GuestNet to-zone untrust policy allow-http-dns
match source-address any
set security policies from-zone GuestNet to-zone untrust policy allow-http-dns
match destination-address any
set security policies from-zone GuestNet to-zone untrust policy allow-http-dns
match application junos-http
set security policies from-zone GuestNet to-zone untrust policy allow-http-dns
match application junos-dns-udp
set security policies from-zone GuestNet to-zone untrust policy allow-http-dns
then permit
#Allow radius traffic from the APs to the radius server
set security policies from-zone management to-zone trust policy allow-radius
match source-address any
set security policies from-zone management to-zone trust policy allow-radius
match destination-address radius
set security policies from-zone management to-zone trust policy allow-radius
match application junos-radius
set security policies from-zone management to-zone trust policy allow-radius then
permit
#AP-1 configuration, all the APs are identically configured
set wlan access-point AP-1 mac-address 00:12:cf:c5:4a:40
set wlan access-point AP-1 radio 1 virtual-access-point 0 ssid GuestNet
set wlan access-point AP-1 radio 1 virtual-access-point 0 vlan 3
set wlan access-point AP-1 radio 1 virtual-access-point 0 security none
set wlan access-point AP-1 radio 2 virtual-access-point 0 ssid WifiNet
set wlan access-point AP-1 radio 2 virtual-access-point 0 vlan 2
set wlan access-point AP-1 radio 2 virtual-access-point 0 security wpa-enterprise
radius radius-server 192.168.254.2
set wlan access-point AP-1 radio 2 virtual-access-point 0 security wpa-enterprise
radius radius-key juniper
set wlan access-point AP-1 radio 2 virtual-access-point 0 security wpa-enterprise
radius session-key-refresh-rate 60