ExtremeWireless WiNG 5 WLAN
Renato.neves (Talk | contribs) (→RADIUS Accounting) |
Renato.neves (Talk | contribs) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | The following guide was created using | + | The following guide was created using an Extreme Wireless network running WiNG v5.5 solution. |
== Configuring the RADIUS server == | == Configuring the RADIUS server == | ||
− | Configure the | + | Configure the CoffeeBean RADIUS server by creating a new AAA Policy. |
− | Go to "Configuration > Network > AAA Policy", click in the "Add" button and fill the AAA Policy name, such as "AAA- | + | Go to "Configuration > Network > AAA Policy", click in the "Add" button and fill the AAA Policy name, such as "AAA-COFFEEBEAN": |
[[File:Wing5 add aaa policy.png|800px]] | [[File:Wing5 add aaa policy.png|800px]] | ||
Line 13: | Line 13: | ||
In the "RADIUS Authentication" tab click in the "Add" button and fill the following info: | In the "RADIUS Authentication" tab click in the "Add" button and fill the following info: | ||
− | * Host: | + | * Host: the [[Captive_Portal#RADIUS_Server|primary RADIUS server hostname]] according to your environment/region (Hostname) |
* Port: make sure that the chosen port is 1812 | * Port: make sure that the chosen port is 1812 | ||
* Secret: the provided RADIUS client secret | * Secret: the provided RADIUS client secret | ||
− | * Request Proxy Mode: Through Wireless Controller | + | * Request Proxy Mode: Through Centralized Controller or Through Wireless Controller |
Click "OK" to save these settings and then "Exit". | Click "OK" to save these settings and then "Exit". | ||
+ | |||
+ | Repeat the procedure for the secondary RADIUS server. | ||
[[File:Wing5 add radius authentication server.png|800px]] | [[File:Wing5 add radius authentication server.png|800px]] | ||
Line 26: | Line 28: | ||
In the "RADIUS Accounting" tab click in the "Add" button and fill the following info: | In the "RADIUS Accounting" tab click in the "Add" button and fill the following info: | ||
− | * Host: | + | * Host: the [[Captive_Portal#RADIUS_Server|primary RADIUS server hostname]] according to your environment/region (Hostname) |
* Port: make sure that the chosen port is 1813 | * Port: make sure that the chosen port is 1813 | ||
* Secret: the provided RADIUS client secret | * Secret: the provided RADIUS client secret | ||
Line 32: | Line 34: | ||
Click "OK" to save these settings and then "Exit". | Click "OK" to save these settings and then "Exit". | ||
+ | |||
+ | Repeat the procedure for the secondary RADIUS server. | ||
[[File:Wing5 add radius accounting server.png|800px]] | [[File:Wing5 add radius accounting server.png|800px]] | ||
Line 77: | Line 81: | ||
* Web Page Source: Externally Hosted | * Web Page Source: Externally Hosted | ||
− | * Login URL: the provided captive portal login URL | + | * Login URL: the provided captive portal login URL <span style="color: red">(*)</span> |
* Welcome URL: the provided captive portal welcome URL | * Welcome URL: the provided captive portal welcome URL | ||
* Fail URL: the provided captive portal fail URL | * Fail URL: the provided captive portal fail URL | ||
+ | |||
+ | <span style="color: red">(*) Important:</span> you need to add parameters to the Login URL query string to track client and AP MACs successfully. Example: | ||
+ | |||
+ | http://wifi.socialidnow.com/portals/my-portal/auth?client_mac=WING_TAG_CLIENT_MAC&ap_mac=WING_TAG_AP_MAC&hs_server=WING_TAG_CP_SERVER& | ||
[[File:Wing5 captive portal web page.png|800px]] | [[File:Wing5 captive portal web page.png|800px]] |
Latest revision as of 00:37, 4 September 2021
The following guide was created using an Extreme Wireless network running WiNG v5.5 solution.
Contents |
Configuring the RADIUS server
Configure the CoffeeBean RADIUS server by creating a new AAA Policy.
Go to "Configuration > Network > AAA Policy", click in the "Add" button and fill the AAA Policy name, such as "AAA-COFFEEBEAN":
RADIUS Authentication
In the "RADIUS Authentication" tab click in the "Add" button and fill the following info:
- Host: the primary RADIUS server hostname according to your environment/region (Hostname)
- Port: make sure that the chosen port is 1812
- Secret: the provided RADIUS client secret
- Request Proxy Mode: Through Centralized Controller or Through Wireless Controller
Click "OK" to save these settings and then "Exit".
Repeat the procedure for the secondary RADIUS server.
RADIUS Accounting
In the "RADIUS Accounting" tab click in the "Add" button and fill the following info:
- Host: the primary RADIUS server hostname according to your environment/region (Hostname)
- Port: make sure that the chosen port is 1813
- Secret: the provided RADIUS client secret
- Request Proxy Mode: Through Centralized Controller or Through Wireless Controller
Click "OK" to save these settings and then "Exit".
Repeat the procedure for the secondary RADIUS server.
RADIUS Settings
In the "Settings" tab, double check these settings:
- RADIUS Authentication > Protocol for MAC, Captive Portal Authentication: PAP
- RADIUS Address Format > Attributes: All
You can also configure which type of RADIUS Accounting packets you want to send (Start/Interim/Stop) and the request interval.
Configuring the DNS Whitelist
Go to "Configuration > Services > DNS Whitelist", click in the "Add" button and fill the "Name", such as "SOCIAL-LOGIN":
Create the DNS Entries according to Walled Garden for the Social Login URLs. Add each URL as a "Hostname" and Match Suffix as "Yes"
Configuring the Captive Portal
Go to "Configuration > Services > Captive Portal", click in the "Add" button and fill the Captive Portal Policy name, such as "CP-SOCIAL-ID":
Basic Configuration
Change the following settings in the "Basic Configuration" tab:
- Captive Portal Server Mode: Internal (Self) [you can select a more appropriate option if you prefer]
- AAA Policy: the previously AAA Policy created (e.g.: "AAA-SOCIAL-ID")
- Access Type: RADIUS Authentication
- DNS Whitelist: the previously DNS Whitelist created (e.g.: "SOCIAL-LOGIN")
- Enable RADIUS Accounting checkbox
Click in "OK" to save the settings.
Web Page
Go to the "Web Page" tab to configure the external captive portal:
- Web Page Source: Externally Hosted
- Login URL: the provided captive portal login URL (*)
- Welcome URL: the provided captive portal welcome URL
- Fail URL: the provided captive portal fail URL
(*) Important: you need to add parameters to the Login URL query string to track client and AP MACs successfully. Example:
You can fill the other URLs if you need also. Click in "OK" to save the settings.
Configuring the Wireless LAN
Now you need to associate the Captive Portal previously created to the Wireless LAN. You need to have a Wireless LAN already created and configured in order to proceed with this step.
Select your Wireless LAN in "Configuration > Wireless > Wireless LANs" and go to the "Security" tab:
In order to provide Free Wi-Fi with Captive Portal enabled you need to set the following parameters:
- Select Authentication: PSK / None
- Enforcement: check "Captive Portal Enable"
- Captive Portal Policy: select the previously created Captive Portal Policy (e.g.: "CP-SOCIAL-ID")
- Select Encryption: Open
Configuring the Device Services
You need to add the Captive Portal Policy previously created to the Device Services responsible to perform the RADIUS authentication, such as the Controller or Access Point (AP).
Select you device in "Configuration > Devices > Device Configuration" and go to the "Services" tab:
Check the Captive Portal Policy previously created (e.g.: "CP-SOCIAL-ID").
Also review the device DNS settings in "Network > DNS" tab.