manualshive.com logo in svg

Juniper AX411, Configuration And Deployment Manual

The ABB AX411 User Manual is an essential guide for maximizing the functionality of your ABB AX411 device. With clear instructions and detailed illustrations, this manual provides users with the information they need to operate their device effectively. Download this manual for free from our website to unlock the full potential of your ABB AX411.

Share
Download
background image

20

 

Copyright © 2011, Juniper Networks, Inc.

APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point 

Figure 9:  RADIuS-based VLAN assignment

INTERNET

OFFICE

ge-0/0/7.0 (trust)
192.198.254.1/24

Radius Server
192.168.254.2

Client

AP-1
00:de:ad:10:75:00

AP-2
00:de:ad:10:76:00

AP-3
00:de:ad:10:77:00

Radius Server

It authenticates the user and returns 
the VLAN tag used for that client

VLAN

Each VLAN is mapped to a different zone
and has different access priviledges

CorpNet SSID

A single SSID is transmitted by both radios. 
Clients are assigned to a different 
VLAN by the radius server

SRX

Series

ge-0/0/0.0 
(untrust)
198.0.0.1/24

set interfaces interface-range APs member ge-0/0/1

set interfaces interface-range APs member-range fe-0/0/2 to fe-0/0/3

set interfaces interface-range APs unit 0 family ethernet-switching port-mode 

trunk

set interfaces interface-range APs unit 0 family ethernet-switching vlan members 

default

set interfaces interface-range APs unit 0 family ethernet-switching vlan members 

WifiNet

set interfaces interface-range APs unit 0 family ethernet-switching vlan members 

GuestNet

set interfaces interface-range APs unit 0 family ethernet-switching native-vlan-

id default

set interfaces vlan unit 1 family inet address 192.168.2.1/24

set interfaces vlan unit 2 family inet address 192.168.2.1/24

set interfaces vlan unit 3 family inet address 192.168.3.1/24

set wlan access-point AP-1 mac-address 00:12:cf:c5:4a:40

set wlan access-point AP-1 radio 1 virtual-access-point 0 ssid WifiNet

set wlan access-point AP-1 radio 1 virtual-access-point 0 vlan 3

set wlan access-point AP-1 radio 1 virtual-access-point 0 security dot1x radius-

server 192.168.254.2

set wlan access-point AP-1 radio 1 virtual-access-point 0 security dot1x radius-

key juniper

set wlan access-point AP-1 radio 2 virtual-access-point 0 ssid WifiNet

set wlan access-point AP-1 radio 2 virtual-access-point 0 vlan 3

set wlan access-point AP-1 radio 2 virtual-access-point 0 security dot1x radius-

server 192.168.254.2

set wlan access-point AP-1 radio 2 virtual-access-point 0 security dot1x radius-

key juniper

By default, users will be placed in vlan 3 (guestNet), unless the rAdIus server assigns the VLAN Id 2, in which case the 
user will access the WifiNet.

Summary of Contents for AX411

Page 1: ...APPLICATION NOTE Copyright 2011 Juniper Networks Inc 1 Configuring and Deploying the AX411 Wireless Access Point ...

Page 2: ...Networks Using VAPs 14 Creating a Guest Network Using Firewall Authentication 17 RADIUS Based VLAN Assignment 19 Administration and Monitoring 21 Monitoring 21 Firmware Upgrade 23 Summary 23 Appendix AX411 Wireless LAN Access Point Certification Listing 23 Part Numbers Affected 23 About Juniper Networks 25 Table of Figures Figure 1 L2 management mode 4 Figure 2 L3 management mode 5 Figure 3 L2 man...

Page 3: ...y SRX Series gateways that support PoE Alternatively an external power supply is provided with each access point that can be used when PoE is not available Hardware Requirements Juniper Networks SRX Series for the branch SRX100 line and SRX200 line of services gateways and the SRX650 Services Gateway Software Requirements Juniper Networks Junos operating system release 10 0 or later Description an...

Page 4: ...ach access point The advantage of using this approach is that access points can be connected to any port or given any IP address while still being correctly identified since MAC addresses are fixed Internet Control Message Protocol ICMP is used as a keepalive protocol between each access point and the SRX Series gateway If an access point detects a failure it automatically stops broadcasting any s...

Page 5: ...client to client traffic Yes Configuration complexity Simpler configuration since a single L3 interface is shared between all access points Complex as each access point is connected to a different L3 interface with each requiring the configuration of an IP address a DHCP server security zones and policies Roaming Client roaming is supported if MAC authentication or no authorization protocol is use...

Page 6: ... Access Point address gateway default gateway dot1x supplicant username username password password access point options country country where the AP is located This is used for regulatory purposes The AP will only transmit in the bands allowed by each country station mac filter Allow and deny list of mac addresses used for local mac authentication radio 1 2 quality of service QoS configuration opt...

Page 7: ...rs allow passing per user configuration options centrally managed by the RADIUS server The following table displays the list of RADIUS attributes that can be passed to the AX411 access point as specified in RFC 3580 Table 3 Supported RADIUS Attributes Attribute Name Value Type Defined In Session Timeout 27 integer RFC2865 Tunnel Type 64 integer RFC2868 Tunnel Medium Type 65 integer RFC2868 Tunnel ...

Page 8: ...68 2 1 24 set vlans default vlan id 2 set vlans default l3 interface vlan 2 Routing is trivial there is only a default route pointing to the Internet set routing options static route 0 0 0 0 0 next hop 10 0 1 1 NAT all traffic from the WifiNet to untrust Use the IP address of the egress interface as the new source set security nat source rule set Internet Access from zone WiFiNet set security nat ...

Page 9: ...ss point AP 3 mac address 00 12 cf c5 4c 40 set wlan access point AP 3 access point options country US set wlan access point AP 3 radio 1 virtual access point 0 ssid WifiNet set wlan access point AP 3 radio 1 virtual access point 0 security none set wlan access point AP 3 radio 2 virtual access point 0 ssid WifiNet The AX411 access points use the concept of a Virtual Access Point VAP A VAP appears...

Page 10: ...raffic system services dhcp set security zones security zone WifiNet interfaces fe 0 0 2 0 set security zones security zone WifiNet interfaces fe 0 0 2 0 host inbound traffic system services dhcp set security zones security zone WifiNet interfaces fe 0 0 3 0 set security zones security zone WifiNet interfaces fe 0 0 3 0 host inbound traffic system services dhcp set security policies from zone Wifi...

Page 11: ...r and management traffic INTERNET OFFICE vlan 1 management 10 0 0 1 24 vlan 2 trust 192 168 1 1 24 VLANID 2 Client AP 1 00 de ad 10 75 00 AP 2 00 de ad 10 76 00 AP 3 00 de ad 10 77 00 CorpNet SSID A single broadcast SSID is advertised SRX Series ge 0 0 0 0 untrust 198 0 0 1 24 DHCP Server config set system services dhcp pool name server 4 2 2 2 This pool is used by the management vlan set system s...

Page 12: ... point AP 1 radio 1 virtual access point 0 vlan 2 set wlan access point AP 1 radio 1 virtual access point 0 security none set wlan access point AP 1 radio 2 virtual access point 0 ssid WifiNet set wlan access point AP 1 radio 2 virtual access point 0 vlan 2 set wlan access point AP 1 radio 2 virtual access point 0 security none AP 2 All the other APs are configured the same way MAC Authentication ...

Page 13: ...warded by the SRX Series but they will neither be generated nor proxied by it Figure 6 RADIUS based MAC authentication This configuration almost identical to the one in our previous example specifies the MAC authentication type as RADIUS on a per VAP basis and specifies the RADIUS parameters INTERNET OFFICE SRX Series ge 0 0 0 0 untrust 198 0 0 1 24 ge 0 0 7 0 trust 192 198 254 1 24 Radius Server ...

Page 14: ...ption using Wi Fi Protected Access WPA and RADIUS authentication The Guest zone with a Guest SSID will be open but will only allow HTTP and Domain Name System DNS traffic to the Internet Two VAPs will be used each with a single SSID and each associated to a VLAN Traffic from clients associated to the WifiNet SSID will be tagged using VLAN tag 2 while traffic for the Guest network will be tagged wi...

Page 15: ...ing vlan members WifiNet set interfaces interface range APs unit 0 family ethernet switching vlan members GuestNet set interfaces interface range APs unit 0 family ethernet switching native vlan id default set interfaces ge 0 0 0 unit 0 family inet address 198 0 0 1 24 set interfaces ge 0 0 7 unit 0 family inet address 192 168 254 1 24 set interfaces vlan unit 1 family inet address 192 168 2 1 24 ...

Page 16: ...ntrust policy allow http dns then permit Allow radius traffic from the APs to the radius server set security policies from zone management to zone trust policy allow radius match source address any set security policies from zone management to zone trust policy allow radius match destination address radius set security policies from zone management to zone trust policy allow radius match applicati...

Page 17: ... ge 0 0 0 0 untrust 198 0 0 1 24 Enable the http connections to the vlan 3 interface where the captive portal will be used set system services web management http interface vlan 3 set system services dhcp name server 4 2 2 2 set system services dhcp pool 192 168 2 0 24 address range low 192 168 2 2 set system services dhcp pool 192 168 2 0 24 address range high 192 168 2 254 set system services dh...

Page 18: ...e 0 0 0 0 set security zones security zone WifiNet interfaces vlan 2 host inbound traffic system services dhcp set security zones security zone management interfaces vlan 1 host inbound traffic system services dhcp set security zones security zone management interfaces vlan 1 host inbound traffic system services ping set security zones security zone GuestNet interfaces vlan 3 host inbound traffic ...

Page 19: ...access point AP 1 radio 1 virtual access point 1 ssid GuestNet set wlan access point AP 1 radio 1 virtual access point 1 vlan 3 set wlan access point AP 1 radio 1 virtual access point 1 security none set wlan access point AP 1 radio 2 virtual access point 0 ssid WifiNet set wlan access point AP 1 radio 2 virtual access point 0 vlan 2 set wlan access point AP 1 radio 2 virtual access point 0 securi...

Page 20: ... interfaces interface range APs unit 0 family ethernet switching vlan members GuestNet set interfaces interface range APs unit 0 family ethernet switching native vlan id default set interfaces vlan unit 1 family inet address 192 168 2 1 24 set interfaces vlan unit 2 family inet address 192 168 2 1 24 set interfaces vlan unit 3 family inet address 192 168 3 1 24 set wlan access point AP 1 mac addre...

Page 21: ...mation about a particular access point show wlan access points AP 1 detail Active access point detail information Access Point AP 1 Type External Location Default Location Serial Number 849001007 Firmware Version 10 1 2 3 Access Interface vlan Packet Capture Disabled Ethernet Port MAC Address 00 12 CF C5 4A 40 IPv4 Address 192 168 2 3 Radio1 Status On MAC Address 00 12 CF C5 4A 40 Mode IEEE 802 11...

Page 22: ... VAP0 SSID WifiNet MAC Address 00 12 CF C5 4A 40 VLAN ID 2 Traffic Statistics Input Bytes 24114 Output Bytes 72798 Input Packets 87 Output Packets 401 VAP1 SSID GuestNet MAC Address 00 12 CF C5 4A 41 VLAN ID 3 Traffic Statistics Input Bytes 1113907 Output Bytes 10631368 Input Packets 8805 Output Packets 9169 Radio2 VAP0 SSID WifiNet MAC Address 00 12 CF C5 4A 50 VLAN ID 2 Traffic Statistics Input ...

Page 23: ...411 TW Due to the fact that certain countries have imposed restrictions on the deployment of wireless technologies this document should be used to determine in which countries the AX411 has been certified for shipment In the table below select the AX411 wireless LAN access point model by SKU that needs to be ordered to support appropriate power and channel settings for a particular country listed ...

Page 24: ...411 E Switzerland Yes AX411 E Ukraine No AX411 E United Kingdom Yes AX411 E World W Mexico No AX411 W Turkey No AX411 W Australia Yes AX411 W New Zealand Yes AX411 W Hong Kong Yes AX411 W India Yes AX411 W Philippines No AX411 W Malaysia Yes AX411 W Thailand Yes AX411 W Argentina No AX411 W Brazil Yes AX411 W Chile No AX411 W Columbia No AX411 W Panama No AX411 W Peru No AX411 W Venezuela No AX411...

Page 25: ...d Airside Business Park Swords County Dublin Ireland Phone 35 31 8903 600 EMEA Sales 00800 4586 4737 Fax 35 31 8903 601 APAC Headquarters Juniper Networks Hong Kong 26 F Cityplaza One 1111 King s Road Taikoo Shing Hong Kong Phone 852 2332 3636 Fax 852 2574 7803 Corporate and Sales Headquarters Juniper Networks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA Phone 888 JUNIPER 888 586 4737 or ...

Reviews:

No comments

Related manuals for AX411

D-Link DWR-730 Configuration Manual preview
DWR-730
Brand: D-Link Pages: 9
D-Link DWL-7100AP Quick Install Manual preview
DWL-7100AP
Brand: D-Link Pages: 52
D-Link DWL-3140AP - Web Smart PoE Thin Access Point Install Manual preview
DWL-3140AP - Web Smart PoE Thin Access Point
Brand: D-Link Pages: 16
D-Link DWL-3140AP - Web Smart PoE Thin Access Point User Manual preview
DWL-3140AP - Web Smart PoE Thin Access Point
Brand: D-Link Pages: 46
D-Link DWL-2100AP - AirPlus Xtreme G Command Line Interface Reference Manual preview
DWL-2100AP - AirPlus Xtreme G
Brand: D-Link Pages: 29
D-Link DWL-2100AP - AirPlus Xtreme G Install Manual preview
DWL-2100AP - AirPlus Xtreme G
Brand: D-Link Pages: 12
D-Link DIR-320NRU Quick Installation Manual preview
DIR-320NRU
Brand: D-Link Pages: 37
D-Link DAP-3220 Install Manual preview
DAP-3220
Brand: D-Link Pages: 10
D-Link DAP-2330 v 1.0 Quick Install Manual preview
DAP-2330 v 1.0
Brand: D-Link Pages: 16
D-Link DAP-1160 Quick Install Manual preview
DAP-1160
Brand: D-Link Pages: 32
D-Link D DWL-8200AP DWL-8200AP Quick Install Manual preview
D DWL-8200AP DWL-8200AP
Brand: D-Link Pages: 10
D-Link D DWL-8200AP DWL-8200AP User Manual preview
D DWL-8200AP DWL-8200AP
Brand: D-Link Pages: 97
D-Link D DWL-8200AP DWL-8200AP Install Manual preview
D DWL-8200AP DWL-8200AP
Brand: D-Link Pages: 16
D-Link D DWL-8200AP DWL-8200AP Manual preview
D DWL-8200AP DWL-8200AP
Brand: D-Link Pages: 129
D-Link AirPremier DWL-7700AP Install Manuals preview
AirPremier DWL-7700AP
Brand: D-Link Pages: 12
D-Link AirPremier DWL-7700AP User Manual preview
AirPremier DWL-7700AP
Brand: D-Link Pages: 84
D-Link DWL-7100AP Manual preview
DWL-7100AP
Brand: D-Link Pages: 76
D-Link DWL-7100AP Quick Installation Manual preview
DWL-7100AP
Brand: D-Link Pages: 8

Brands by name

Popular brands

Load more brands