Important Note
You must add the MAC address of the Controller to your portal under the Hardware tab. Choose "Alcatel-Lucent AP (Controller based)" as the type. The MAC is printed on the sticker on the back of the Controller, or you can retrieve it by going to the "Monitoring > Controller Summary" page on the Controller web interface.
Login and Initial Setup
Login to your Alcatel-Lucent controller web interface and click Configure.
On the left, under Wizards, choose Campus WLAN.
Under the WLANs box, click New. Enter Guest WiFi as the name (or whatever you want the SSID to be).
WLAN Configuration
Click Next and configure with:
Forwarding Mode: | Tunnel (unless you have an existing setup) |
Click Next and configure with:
Radio Type: | All |
Broadcast SSID: | Yes |
VLAN: | 1 (unless you have a specific VLAN to use) |
Click Next and configure with:
Is this WLAN intended for internal or guest?: | Guest |
Click Next and configure with:
Captive portal with authentication via credentials: | Selected |
Click Next and then Next again on the Captive Portal options page.
Authentication Server Configuration
On the Specify Authentication Server page, click Add and configure with:
Server type: | RADIUS |
Name: | guest1 |
IP Address: | *insert radius_server here* |
Auth port: | 1812 |
Acct port: | 1813 |
Shared key: | *insert radius_secret here* |
Retype key: | as above |
Click OK and then Add again, this time configuring with:
Server type: | RADIUS |
Name: | guest2 |
IP Address: | *insert radius_server2 here* |
Auth port: | 1812 |
Acct port: | 1813 |
Shared key: | *insert radius_secret here* |
Retype key: | as above |
Click OK and then Next and configure with:
Pre-authentication role: | Guest WiFi-guest-logon |
Authenticated role: | guest |
Click Next and then Finish to confirm.
Advanced Services Configuration
Next, under Advanced Services on the left, click on Stateful Firewall. Select the Destination tab and click on Add. Configure with:
IP Version: | IPv4 |
Destination Name: | guestwifi |
Click the Add button and configure with:
Type: | name |
Domain Name: | *insert access_domain here* |
Click Add to save and add all the required domains one by one. Please refer to this list.
Click Apply to save.
Security Configuration
Next, under Security on the left, click Authentication.
Select the L3 Authentication tab and then click on Guest WiFi-cp_prof entry. Configure with the following:
Default Role: | guest |
Default Guest Role: | guest |
Redirect Pause: | 0 |
User Login: | Enabled |
Guest Login: | Disabled |
Logout popup window: | Disabled |
Use HTTP for authentication: | Enabled |
Authentication Protocol: | PAP |
Login page: | *insert access_url here*?acmac=<controller-mac>& |
Welcome page: | *insert redirect_url here*&acmac=<controller-mac>& |
Show Welcome page: | Enabled |
Add switch IP in redirection URL: | Enabled |
White List: | Add guestwifi from the list |
User idle timeout: | 3600 |
Click Apply to save.
AAA Profiles Configuration
Next, select the AAA Profiles tab and click on Guest WiFi-aaa_prof. Configure with:
Initial role: | Guest WiFi-guest-logon |
RADIUS Interim Accounting: | Enabled |
Click Apply to save.
RADIUS Accounting Server Group Configuration
Next, click on the RADIUS Accounting Server Group and configure with:
RADIUS Accounting Server Group: | Guest WiFi-srvgrp-xxx (where xxx is a random number) |
Click Apply to save.
RADIUS Server Configuration
Next, select the Servers tab and click on RADIUS Server then guest1. Leave all settings as they are except:
Mode: | Enabled |
MAC address delimiter: | Dash |
Click Apply to save.
Next, click on RADIUS Server then guest2. Leave all settings as they are except:
Mode: | Enabled |
MAC address delimiter: | Dash |
Click Apply to save.
Save Configuration
Finally, click Save configuration at the top and reload/reboot the controller to ensure all settings take effect.