Skip to main content

Alcatel-Lucent Enterprise Configuration

This guide explains how to configure Alcatel-Lucent Enterprise (ALE) wireless infrastructure to work with IronWifi for RADIUS authentication and captive portal.

Supported Platforms

  • OmniAccess Stellar - AP1101, AP1201, AP1220 series
  • OmniAccess WLAN - Controller-based deployments
  • Instant Access Points (IAP) - Standalone/cluster mode

Prerequisites

In IronWifi Console (complete these first):

  1. Log in to IronWifi Management Console
  2. Navigate to Networks
  3. Click Create Network or select existing
  4. Note RADIUS details:
    • RADIUS Server IP
    • Authentication Port: 1812
    • Accounting Port: 1813
    • Shared Secret
  5. (Optional) Navigate to Captive Portals and create portal for your network
  6. Note the Splash Page URL

In Alcatel-Lucent Enterprise:

  • Administrative access to OmniVista or controller interface
  • Network connectivity to IronWifi RADIUS servers
  • For captive portal: Access to configure walled garden

Controller-Based Configuration

OmniVista Network Management

Step 1: Configure RADIUS Server

  1. Log in to OmniVista 2500
  2. Navigate to Network > Unified Access > RADIUS Servers
  3. Click Add
  4. Configure:
    • Name: IronWifi
    • IP Address: Your IronWifi RADIUS IP
    • Authentication Port: 1812
    • Accounting Port: 1813
    • Shared Secret: Your RADIUS secret
    • Confirm Secret: Re-enter secret
  5. Click Create

Step 2: Create Authentication Profile

  1. Go to Authentication > Profiles
  2. Click Add
  3. Configure:
    • Profile Name: IronWifi-Auth
    • Primary RADIUS Server: IronWifi
    • Authentication Type: 802.1X or MAC
  4. Click Create

Step 3: Configure WLAN

  1. Navigate to Wireless > WLANs
  2. Click Add WLAN
  3. Configure:
    • SSID Name: Your network name
    • Security: WPA2-Enterprise
    • Authentication Profile: IronWifi-Auth

Step 4: Configure Captive Portal (Optional)

  1. In WLAN settings, go to Captive Portal
  2. Enable External Captive Portal
  3. Configure:
    • Redirect URL: Your IronWifi Splash Page URL
    • Walled Garden: Add IronWifi domains

CLI Configuration

Connect to controller CLI:

# Configure RADIUS server
aaa radius-server IronWifi host <IronWifi-IP> key <secret>

# Configure authentication profile
aaa profile IronWifi-Auth
  authentication server IronWifi
  accounting server IronWifi

# Configure WLAN
wlan ssid-profile IronWifi-SSID
  essid "YourNetworkName"
  encryption wpa2-aes
  aaa-profile IronWifi-Auth

Instant Access Point (IAP) Configuration

Web Interface Configuration

Step 1: Access IAP

  1. Connect to IAP web interface
  2. Log in with admin credentials

Step 2: Configure RADIUS

  1. Navigate to Security > Authentication Servers
  2. Click Add
  3. Configure:
    • Name: IronWifi
    • IP Address: IronWifi RADIUS IP
    • Auth Port: 1812
    • Accounting Port: 1813
    • Shared Key: Your RADIUS secret

Step 3: Create Network

  1. Go to Network > Networks
  2. Click + to add network
  3. Configure Basic Settings:
    • Name: IronWifi-Network
    • SSID: Your network name
    • Type: Employee or Guest

Step 4: Configure Security

  1. In network settings, go to Security
  2. Configure:
    • Security Level: Enterprise
    • Key Management: WPA2-Enterprise
    • Authentication Server: IronWifi

Step 5: Configure Captive Portal (Guest Networks)

  1. In network settings, go to Captive Portal
  2. Select External captive portal
  3. Configure:
    • Server: IronWifi splash page URL
    • URL: Redirect URL

IAP CLI Configuration

# Configure RADIUS
wlan auth-server IronWifi
  ip <IronWifi-IP>
  port 1812
  acctport 1813
  key <your-secret>

# Configure network
wlan ssid-profile IronWifi-SSID
  essid YourNetworkName
  type employee
  opmode wpa2-aes
  auth-server IronWifi

# For guest with captive portal
wlan ssid-profile Guest-SSID
  essid GuestNetwork
  type guest
  captive-portal external
  captive-portal-url https://us-east1.ironwifi.com/captive-portal/...

Stellar Wireless Configuration

OmniVista Cirrus

  1. Log in to OmniVista Cirrus cloud management
  2. Navigate to Network > Wireless
  3. Configure RADIUS and WLAN similar to controller-based setup

Stellar AP Direct Configuration

  1. Access Stellar AP web interface
  2. Configure RADIUS server
  3. Create WLAN with WPA2-Enterprise
  4. Configure captive portal if needed

Walled Garden Configuration

For captive portal networks, add these domains to the walled garden:

Required for IronWifi:

*.ironwifi.com
*.ironwifi.net
splash.ironwifi.com
us-east1.ironwifi.com
eu-west1.ironwifi.com

Authentication Provider Domains:

If using social login providers, add the following domains to your walled garden:

ProviderRequired Entries
Google*.google.com, *.googleapis.com, *.gstatic.com, accounts.google.com
Facebook*.facebook.com, *.fbcdn.net, connect.facebook.net, facebook.com
Twitter*.twitter.com, *.twimg.com, twitter.com
LinkedIn*.linkedin.com, *.licdn.com
Microsoft*.microsoft.com, *.microsoftonline.com, *.live.com, login.live.com

Verification

Check RADIUS Connectivity

  1. In OmniVista, go to Monitoring > RADIUS
  2. Verify server status shows connected
  3. Check for authentication events

Test Authentication

  1. Connect client device to WLAN
  2. Enter credentials (for 802.1X) or wait for captive portal
  3. Verify authentication in IronWifi Console

Debug Commands

# Check RADIUS status
show aaa radius-server

# Check authentication events
show aaa authentication

# Check WLAN status
show wlan ssid-profile

# Check connected clients
show clients

Troubleshooting

IssuePossible CauseSolution
RADIUS timeoutNetwork connectivity issueCheck connectivity between AP/controller and IronWifi RADIUS server; verify firewall allows UDP ports 1812/1813
Authentication rejectedWrong shared secretVerify shared secret matches exactly in both IronWifi Console and device configuration
Portal not redirectingIncorrect portal URL or walled gardenVerify captive portal URL is correct; check walled garden configuration includes all required domains
Cannot complete authenticationMissing walled garden entriesCheck walled garden includes all required domains for IronWifi and social login providers
SSL errorCertificate issueAdd authentication provider domains to walled garden
No redirectPortal URL misconfiguredCheck captive portal configuration and URL
DNS resolution failureDNS not workingEnsure DNS is properly configured for clients

Additional Troubleshooting Steps

  1. Verify RADIUS Configuration

    • Check server IP address is correct
    • Verify shared secret matches exactly
    • Ensure ports 1812/1813 are open

  2. Check Connectivity

    ping <IronWifi-RADIUS-IP>

  3. Review Logs

    • Check controller/AP logs for RADIUS errors
    • Review IronWifi Console authentication logs
    • Look for timeout or rejection messages

Best Practices

  1. Redundancy: Configure secondary RADIUS server
  2. Timeouts: Set appropriate RADIUS timeout values
  3. Logging: Enable detailed logging during setup
  4. Testing: Test with multiple client types
  5. Documentation: Record all configuration settings
  6. Updates: Keep firmware current