Alcatel-Lucent (Controller-based)
Login to your Alcatel-Lucent controller web interface and click Configure
On the left, under Wizards choose Campus WLAN
Under the WLANs box click New. Enter Guest WiFi as the name (or whatever you want the SSID to be)
Click Next and configure with:
- Forwarding Mode: Tunnel (unless you have an existing setup)
Click Next and configure with:
- Radio Type: All
- Broadcast SSID: Yes
- VLAN: 1 (unless you have a specific VLAN to use)
Click Next and configure with:
- Is this WLAN intended for internal or guest?: Guest
Click Next and configure with:
- Captive portal with authentication via credentials: Selected
Click Next and and then Next again on the Captive Portal options page.
On the Specify Authentication Server page click Add and configure with:
- Server type: RADIUS
- Name: guest1
- IP Address: *insert radius_server here*
- Auth port: *insert radius auth port here*
- Acct port: *insert radius acct port here*
- Shared key: *insert radius_secret here*
- Retype key: as above
Click OK and then Add again, this time configuring with:
- Server type: RADIUS
- Name: guest2
- IP Address: *insert radius_server2 here*
- Auth port: *insert radius auth port here*
- Acct port: *insert radius acct port here*
- Shared key: *insert radius_secret here*
- Retype key: as above
Click OK and then Next and configure with:
- Pre-authentication role: Guest WiFi-guest-logon
- Authenticated role: guest
Click Next and then Finish to confirm.
2.
Next, under Advanced Services on the left click on Stateful Firewall. Select the Destination tab and click on Add. Configure with:
IP Version: IPv4
Destination Name: guestwifi
Click the Add button and configure with:
Type: name
Domain Name: *insert access_domain here* (us-east1.ironwifi.com, asia-northeast1.ironwifi.com, etc)
Click Add to save and add all the below domains one by one until all are in the list:
*insert access_domain here*. (us-east1.ironwifi.com, asia-northeast1.ironwifi.com, etc)
If you wish to support social network logins, you also need to add the domains below for each network you plan to support
| facebook.com fbcdn.net akamaihd.net connect.facebook.net |
twitter.com twimg.com |
linkedin.com licdn.net licdn.com |
instagram.com |
Click Apply to Save
3.
Next, under Security on the left, click Authentication.
Select the L3 Authentication tab and then click on Guest WiFi-cp_prof entry. Configure with the following:
- Default Role: guest
- Default Guest Role: guest
- Redirect Pause: 0
- User Login: Ticked
- Guest Login: Unticked
- Logout popup window: Unticked
- Use HTTP for authentication: Ticked
- Authentication Protocol: PAP
- Login page: *insert access_url here*
- Welcome page: *insert redirect_url here*
- Show Welcome page: Ticked
- Add switch IP in redirection URL: Ticked
- White List: Add guestwifi from the list
- User idle timeout: 3600
Click Apply to save.
4.
Next, select the AAA Profiles tab and click on Guest WiFi-aaa_prof. Configure with:
- Initial role: Guest WiFi-guest-logon
- RADIUS Interim Accounting: Ticked
Click Apply to save.
5.
Next, click on the RADIUS Accounting Server Group and configure with:
RADIUS Accounting Server Group: Guest WiFi-srvgrp-xxx (where xxx is a random number)
Click Apply to save.
6.
Next, select the Servers tab and click on RADIUS Server then guest1. Leave all settings as they are except:
- Mode: Ticked
- MAC address delimiter: Dash
Click Apply to save.
7.
Next, click on RADIUS Server then guest2. Leave all settings as they are except:
- Mode: Ticked
- MAC address delimiter: Dash
Click Apply to save.
Finally, click Save configuration at the top and reload/reboot the controller to ensure all settings take effect.