Juniper AX411 Configuration And Deployment Manual
  1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Wireless Access Point
  5. AX411
  6. Configuration and deployment manual
Juniper AX411 Configuration And Deployment Manual

Juniper AX411 Configuration And Deployment Manual

Hide thumbs Also See for AX411:
Table of Contents

Advertisement

Quick Links

Download this manual
APPLICATION NOTE
CONfIgurINg ANd
dEPLOyINg ThE AX411

WIrELEss ACCEss POINT

1
Copyright © 2011, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper AX411

Summary of Contents for Juniper AX411

  • Page 1: Wireless Access Point

    APPLICATION NOTE CONfIgurINg ANd dEPLOyINg ThE AX411 WIrELEss ACCEss POINT Copyright © 2011, Juniper Networks, Inc.

  • Page 2: Table Of Contents

    Appendix: AX411 Wireless LAN Access Point Certification Listing ....... . .

  • Page 3: Introduction

    Wi-fi solution for the branch. This application note begins by detailing the capabilities of the Juniper Networks AX411 Wireless Access Point and how it is configured. The final sections of this application note provide some typical deployment scenarios and their configurations.

  • Page 4: Operational Model

    • Configuration management: The entire configuration for all AX411s are performed within JunOs at the branch gateway and pushed to the access points using a secure connection to the AX411 device. The Junos Os infrastructure is used to provide configuration backup and restore, auditing, scripting, role-based authentication, etc.

  • Page 5: L3 Management Mode

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point L3 Management Mode In this mode, each access point is connected to a different subnet on the branch services gateway. Traffic between access points is routed and inspected by the branch device.
  • Page 6 APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point wlan { access-point <AP name> { mac-address <ap mac address>; #This attribute is mandatory and can be found on rear- label of AX411 description <AP description>; location <AP location>;...

  • Page 7: Radius Support

    These parameters allow passing per-user configuration options, centrally managed by the rAdIus server. The following table displays the list of rAdIus attributes that can be passed to the AX411 access point, as specified in rfC 3580.
  • Page 8 Internet are included in this configuration To avoid unnecessary repetitions and unless explicitly noted, our next examples will omit these sections from the configuration. #Enable PoE if you will be using that to power the AX411. set poe interface all #DHCP Server config set system services dhcp name-server 4.2.2.2...

  • Page 9: L3 Management Mode

    AP-3 radio 2 virtual-access-point 0 ssid WifiNet The AX411 access points use the concept of a Virtual Access Point (VAP). A VAP appears to the wireless client as a single independent access point, advertising a single service set identifier (ssId). In our first configuration, only a single ssId is advertised and this signifies that a single VAP on each radio is being used.
  • Page 10 APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point #Enable PoE if you will be using that to power the AX411. set poe interface all #DHCP Server config. A different pool per (AP) interface is used set system services dhcp name-server 4.2.2.2 set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2...

  • Page 11: Segregating User And Management Traffic

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point set wlan access-point AP-2 mac-address 00:12:cf:c5:4b:40 set wlan access-point AP-2 access-point-options country US set wlan access-point AP-2 radio 1 virtual-access-point 0 ssid WifiNet set wlan access-point AP-2 radio 1 virtual-access-point 0 security none...

  • Page 12: Mac Authentication

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point set interfaces interface-range APs unit 0 family ethernet-switching native-vlan- id 1 set vlans WifiNet vlan-id 2 set vlans WifiNet l3-interface vlan.2 set interfaces vlan unit 2 family inet address 192.168.2.1/24 set vlans default vlan-id 1 set vlans default l3-interface vlan.1...

  • Page 13: Radius-Based Mac Authentication

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point set wlan access-point AP-1 radio 1 virtual-access-point 0 vlan 2 set wlan access-point AP-1 radio 1 virtual-access-point 0 security mac- authentication-type local set wlan access-point AP-1 radio 1 virtual-access-point 0 security none...

  • Page 14: Creating Multiple Wireless Networks Using Vaps

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point The access request message contains the following attributes, which can be used by the rAdIus server to grant or deny access to clients (in particular, note the access point MAC, IP address, and ssId info).
  • Page 15 APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point #DHCP configuration set system services dhcp name-server 4.2.2.2 #Pool used for the management network set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2 set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254 set system services dhcp pool 192.168.1.0/24 router 192.168.1.1...
  • Page 16 APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point #Security Policies set security policies from-zone WifiNet to-zone untrust policy permit-traffic match source-address any set security policies from-zone WifiNet to-zone untrust policy permit-traffic match destination-address any set security policies from-zone WifiNet to-zone untrust policy permit-traffic match...

  • Page 17: Creating A Guest Network Using Firewall Authentication

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point Creating a Guest Network using Firewall Authentication In our final example, we will use firewall authentication to authenticate users trying to access a guest network. New users will be redirected to a local portal running in the srX series where they will be authenticated. The user database can be local or, as in the previous examples, rAdIus authentication can be used.
  • Page 18 APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point WifiNet set interfaces interface-range APs unit 0 family ethernet-switching vlan members GuestNet set interfaces interface-range APs unit 0 family ethernet-switching native-vlan- id default set interfaces ge-0/0/0 unit 0 family inet address 198.0.0.1/24 set interfaces ge-0/0/7 unit 0 family inet address 192.168.254.1/24...

  • Page 19: Radius-Based Vlan Assignment

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point permit firewall-authentication pass-through web-redirect #The access profile configuration specifies the address and secret of the radius server set access profile fw-auth authentication-order radius set access profile fw-auth radius-server 192.168.254.2 port 1812 set access profile fw-auth radius-server 192.168.254.2 secret “$9$lI6v87wYojHm-...

  • Page 20: Figure 9: Radius-Based Vlan Assignment

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point CorpNet SSID VLAN A single SSID is transmitted by both radios. Clients are assigned to a di erent Each VLAN is mapped to a di erent zone VLAN by the radius server...

  • Page 21: Administration And Monitoring

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point Administration and Monitoring Monitoring The branch srX series gateways also provide monitoring commands, allowing users to obtain real-time information of the status of access points and associated clients. When an access point monitoring command is invoked, the srX series connects to the appropriate access point and pulls the required status information.
  • Page 22 APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point 00:24:01:dc:a2:7b Mace Net 00:1e:52:7b:96:58 Zippy’s Network 00:1d:7e:6e:69:ff blitz 00:0c:41:f6:11:28 Leadermed 00:12:17:29:70:d7 linksys 00:16:b6:db:1e:7f Crown Capital Advisors use the “show wlan access-points AP-1 virtual-access-points” to display the list of configured VAPs and their traffic statistics.

  • Page 23: Firmware Upgrade

    AX411 has been certified for shipment. In the table below, select the AX411 wireless LAN access point model, by sKu, that needs to be ordered to support appropriate power and channel settings for a particular country listed as “yes.”...
  • Page 24 APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point Monaco AX411-E Netherlands AX411-E Norway AX411-E Poland AX411-E Portugal AX411-E saudi Arabia AX411-E slovak republic AX411-E slovenia AX411-E south Africa AX411-E spain AX411-E sweden AX411-E switzerland AX411-E ukraine AX411-E...

  • Page 25: About Juniper Networks

    APPLICATION NOTE - Configuring and deploying the AX411 Wireless Access Point About Juniper Networks Juniper Networks is in the business of network innovation. from devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking.

Table of Contents