ExtremeWireless WiNG 5 WLAN

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
The following guide was created using a Zebra Wireless network running Wing v5.5 solution.
+
The following guide was created using an Extreme Wireless network running WiNG v5.5 solution.
  
 
== Configuring the RADIUS server ==
 
== Configuring the RADIUS server ==

Revision as of 14:24, 18 December 2019

The following guide was created using an Extreme Wireless network running WiNG v5.5 solution.

Contents

Configuring the RADIUS server

Configure the CoffeeBean RADIUS server by creating a new AAA Policy.

Go to "Configuration > Network > AAA Policy", click in the "Add" button and fill the AAA Policy name, such as "AAA-COFFEEBEAN":

Wing5 add aaa policy.png

RADIUS Authentication

In the "RADIUS Authentication" tab click in the "Add" button and fill the following info:

  • Host: radius.socialidnow.com (Hostname)
  • Port: make sure that the chosen port is 1812
  • Secret: the provided RADIUS client secret
  • Request Proxy Mode: Through Centralized Controller or Through Wireless Controller

Click "OK" to save these settings and then "Exit".

Wing5 add radius authentication server.png

RADIUS Accounting

In the "RADIUS Accounting" tab click in the "Add" button and fill the following info:

  • Host: radius.socialidnow.com (Hostname)
  • Port: make sure that the chosen port is 1813
  • Secret: the provided RADIUS client secret
  • Request Proxy Mode: Through Centralized Controller or Through Wireless Controller

Click "OK" to save these settings and then "Exit".

Wing5 add radius accounting server.png

RADIUS Settings

In the "Settings" tab, double check these settings:

  • RADIUS Authentication > Protocol for MAC, Captive Portal Authentication: PAP
  • RADIUS Address Format > Attributes: All

You can also configure which type of RADIUS Accounting packets you want to send (Start/Interim/Stop) and the request interval.

Wing5 aaa policy settings.png

Configuring the DNS Whitelist

Go to "Configuration > Services > DNS Whitelist", click in the "Add" button and fill the "Name", such as "SOCIAL-LOGIN":

Wing5 dns whitelist.png

Create the DNS Entries according to Walled Garden for the Social Login URLs. Add each URL as a "Hostname" and Match Suffix as "Yes"

Configuring the Captive Portal

Go to "Configuration > Services > Captive Portal", click in the "Add" button and fill the Captive Portal Policy name, such as "CP-SOCIAL-ID":

Wing5 add captive portal.png

Basic Configuration

Change the following settings in the "Basic Configuration" tab:

  • Captive Portal Server Mode: Internal (Self) [you can select a more appropriate option if you prefer]
  • AAA Policy: the previously AAA Policy created (e.g.: "AAA-SOCIAL-ID")
  • Access Type: RADIUS Authentication
  • DNS Whitelist: the previously DNS Whitelist created (e.g.: "SOCIAL-LOGIN")
  • Enable RADIUS Accounting checkbox

Click in "OK" to save the settings.

Web Page

Go to the "Web Page" tab to configure the external captive portal:

  • Web Page Source: Externally Hosted
  • Login URL: the provided captive portal login URL (*)
  • Welcome URL: the provided captive portal welcome URL
  • Fail URL: the provided captive portal fail URL

(*) Important: you need to add parameters to the Login URL query string to track client and AP MACs successfully. Example:

http://wifi.socialidnow.com/portals/my-portal/auth?client_mac=WING_TAG_CLIENT_MAC&ap_mac=WING_TAG_AP_MAC&hs_server=WING_TAG_CP_SERVER&

Wing5 captive portal web page.png

You can fill the other URLs if you need also. Click in "OK" to save the settings.

Configuring the Wireless LAN

Now you need to associate the Captive Portal previously created to the Wireless LAN. You need to have a Wireless LAN already created and configured in order to proceed with this step.

Select your Wireless LAN in "Configuration > Wireless > Wireless LANs" and go to the "Security" tab:

Wing5 wireless lan security.png

In order to provide Free Wi-Fi with Captive Portal enabled you need to set the following parameters:

  • Select Authentication: PSK / None
  • Enforcement: check "Captive Portal Enable"
  • Captive Portal Policy: select the previously created Captive Portal Policy (e.g.: "CP-SOCIAL-ID")
  • Select Encryption: Open

Configuring the Device Services

You need to add the Captive Portal Policy previously created to the Device Services responsible to perform the RADIUS authentication, such as the Controller or Access Point (AP).

Select you device in "Configuration > Devices > Device Configuration" and go to the "Services" tab:

Wing5 device services.png

Check the Captive Portal Policy previously created (e.g.: "CP-SOCIAL-ID").

Also review the device DNS settings in "Network > DNS" tab.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox