Alcatel-Lucent (Controller based)

Alcatel-Lucent (Controller-based)

 

Login to your Alcatel-Lucent controller web interface and click Configure

On the left, under Wizards choose Campus WLAN

Under the WLANs box click New. Enter Guest WiFi as the name (or whatever you want the SSID to be)

 

Click Next and configure with:

  • Forwarding Mode: Tunnel (unless you have an existing setup)

Click Next and configure with:

  • Radio Type: All
  • Broadcast SSID: Yes
  • VLAN: 1 (unless you have a specific VLAN to use)

Click Next and configure with:

  • Is this WLAN intended for internal or guest?: Guest

 

Click Next and configure with:

  • Captive portal with authentication via credentials: Selected

Click Next and and then Next again on the Captive Portal options page.

On the Specify Authentication Server page click Add and configure with:

  • Server type: RADIUS
  • Name: guest1
  • IP Address: *insert radius_server here*
  • Auth port: *insert radius auth port  here*
  • Acct port: *insert radius acct port  here*
  • Shared key: *insert radius_secret here*
  • Retype key: as above

Click OK and then Add again, this time configuring with:

  • Server type: RADIUS
  • Name: guest2
  • IP Address: *insert radius_server2 here*
  • Auth port: *insert radius auth port  here*
  • Acct port: *insert radius acct port  here*
  • Shared key: *insert radius_secret here*
  • Retype key: as above

Click OK and then Next and configure with:

  • Pre-authentication role: Guest WiFi-guest-logon
  • Authenticated role: guest

Click Next and then Finish to confirm.

 

2. 

Next, under Advanced Services on the left click on Stateful Firewall. Select the Destination tab and click on Add. Configure with:

IP Version: IPv4

Destination Name: guestwifi

 

Click the Add button and configure with:

Type: name

Domain Name: *insert access_domain here* (us-east1.ironwifi.com, asia-northeast1.ironwifi.com, etc)

 

Click Add to save and add all the below domains one by one until all are in the list:

*insert access_domain here*. (us-east1.ironwifi.com, asia-northeast1.ironwifi.com, etc)

 

If you wish to support social network logins, you also need to add the domains below for each network you plan to support

 

Facebook Twitter LinkedIn Instagram
facebook.com
fbcdn.net
akamaihd.net
connect.facebook.net
twitter.com
twimg.com
linkedin.com
licdn.net
licdn.com

instagram.com

 

Click Apply to Save

 

3.

Next, under Security on the left, click Authentication.

Select the L3 Authentication tab and then click on Guest WiFi-cp_prof entry. Configure with the following:

  • Default Role: guest
  • Default Guest Role: guest
  • Redirect Pause: 0
  • User Login: Ticked
  • Guest Login: Unticked
  • Logout popup window: Unticked
  • Use HTTP for authentication: Ticked
  • Authentication Protocol: PAP
  • Login page: *insert access_url here*
  • Welcome page: *insert redirect_url here*
  • Show Welcome page: Ticked
  • Add switch IP in redirection URL: Ticked
  • White List: Add guestwifi from the list
  • User idle timeout: 3600

Click Apply to save.

 

4.

Next, select the AAA Profiles tab and click on Guest WiFi-aaa_prof. Configure with:

  • Initial role: Guest WiFi-guest-logon
  • RADIUS Interim Accounting: Ticked

Click Apply to save.

 

5.

Next, click on the RADIUS Accounting Server Group and configure with:

RADIUS Accounting Server Group: Guest WiFi-srvgrp-xxx (where xxx is a random number)

Click Apply to save.

 

6.

Next, select the Servers tab and click on RADIUS Server then guest1. Leave all settings as they are except:

  • Mode: Ticked
  • MAC address delimiter: Dash

Click Apply to save.

 

7.

Next, click on RADIUS Server then guest2. Leave all settings as they are except:

  • Mode: Ticked
  • MAC address delimiter: Dash

Click Apply to save.

 

Finally, click Save configuration at the top and reload/reboot the controller to ensure all settings take effect.