• Downloads
• AX411 Access Point Configuration Example: Layer 2 Mode (CLI)    

AX411 Access Point Configuration Example: Layer 2 Mode (CLI)

The following example shows one way to use the JUNOS CLI to configure the services gateway so that access points are in Layer 2 management mode similar to the factory default configuration of the SRX210 and SRX240 Services Gateways. The example shown in the procedure below is based on configuring Gigabit Ethernet ports on a GPIM installed in slot 1 of an SRX650 Services Gateway, but you can adapt it for use in other situations. For information about other configurations see the JUNOS Software WLAN Configuration and Administration Guide and the JUNOS Software Interfaces and Routing Configuration Guide for Security Devices.

1. Establish a CLI session with the services gateway and log in to the device.
2. Enter configuration mode:
   configure [edit]admin@srx650–tp#
3. Create an interface range containing the access point ports:
   admin@srx650–tp# set interfaces interface-range AP-interfaces member ge-1/0/0admin@srx650–tp# set interfaces interface-range AP-interfaces member ge-1/0/1admin@srx650–tp# set interfaces interface-range AP-interfaces member ge-1/0/2admin@srx650–tp# set interfaces interface-range AP-interfaces member ge-1/0/3admin@srx650–tp# set interfaces interface-range AP-interfaces member ge-1/0/4
4. Configure the interface range for family type “ethernet-switching” and make its interfaces members of a VLAN:
   admin@srx650–tp# set interfaces interface-range AP-interfaces unit 0 family ethernet-switching vlan members vlan-trust
5. Configure a logical interface with an IP address for the VLAN:
   admin@srx650–tp# set interfaces vlan unit 0 family inet address 192.168.1.5
6. Add the VLAN logical interface to the Trust security zone:
   admin@srx650–tp# set security zones security-zone trust interfaces vlan.0
7. Configure a DHCP router entry for the VLAN IP address:
   admin@srx650–tp# set system services dhcp router 192.168.1.5
8. Configure a DHCP pool with IP addresses for the access points and wireless clients:
   admin@srx650–tp# set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2 high 192.168.1.254
9. Configure the VLAN with an ID number and designate its Layer 3 interface as the interface you created in Step 5:
   admin@srx650–tp# set vlans vlan-trust vlan-id 3admin@srx650–tp# set vlans vlan-trust l3-interface vlan.0
10. Configure a DHCP pool with IP addresses for the access points and wireless clients:
    admin@srx650–tp# set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2 high 192.168.1.254
11. Enable HTTP and HTTPS Web management services on the VLAN interface:
    admin@srx650–tp# set system services web-management http interface vlan.0admin@srx650–tp# set system services web-management https interface vlan.0
12. Commit your changes:
    admin@srx650–tp# commitcommit complete