Alcatel-Lucent Enterprise Configuration
Alcatel-Lucent Enterprise (ALE) OmniAccess Stellar, OmniAccess WLAN, and Instant Access Points authenticate WiFi clients against IronWiFi cloud RADIUS using WPA2/WPA3-Enterprise (802.1X), with an optional external captive portal for guest networks. Configuration is done through OmniVista 2500 for controller-based deployments or directly in the AP cluster UI for Instant APs.
Supported Platforms
- OmniAccess Stellar - AP1101, AP1201, AP1220 series
- OmniAccess WLAN - Controller-based deployments
- Instant Access Points (IAP) - Standalone/cluster mode
Prerequisites
In IronWiFi Console (complete these first):
- Log in to IronWiFi Management Console
- Navigate to Networks
- Click Create Network or select existing
- Note RADIUS details:
- RADIUS Server IP
- Authentication Port: Customer Authentication Port
- Accounting Port: Customer Accounting Port
- Shared Secret
- (Optional) Navigate to Captive Portals and create portal for your network
- Note the Splash Page URL
In Alcatel-Lucent Enterprise:
- Administrative access to OmniVista or controller interface
- Network connectivity to IronWiFi RADIUS servers
- For captive portal: Access to configure walled garden
Controller-Based Configuration
OmniVista Network Management
Step 1: Configure RADIUS Server
- Log in to OmniVista 2500
- Navigate to Network > Unified Access > RADIUS Servers
- Click Add
- Configure:
- Name: IronWiFi
- IP Address: Your IronWiFi RADIUS IP
- Authentication Port: Customer Authentication Port
- Accounting Port: Customer Accounting Port
- Shared Secret: Your RADIUS secret
- Confirm Secret: Re-enter secret
- Click Create
Step 2: Create Authentication Profile
- Go to Authentication > Profiles
- Click Add
- Configure:
- Profile Name: IronWiFi-Auth
- Primary RADIUS Server: IronWiFi
- Authentication Type: 802.1X or MAC
- Click Create
Step 3: Configure WLAN
- Navigate to Wireless > WLANs
- Click Add WLAN
- Configure:
- SSID Name: Your network name
- Security: WPA2-Enterprise
- Authentication Profile: IronWiFi-Auth
Step 4: Configure Captive Portal (Optional)
- In WLAN settings, go to Captive Portal
- Enable External Captive Portal
- Configure:
- Redirect URL: Your IronWiFi Splash Page URL
- Walled Garden: Add IronWiFi domains
CLI Configuration
Connect to controller CLI:
Instant Access Point (IAP) Configuration
Web Interface Configuration
Step 1: Access IAP
- Connect to IAP web interface
- Log in with admin credentials
Step 2: Configure RADIUS
- Navigate to Security > Authentication Servers
- Click Add
- Configure:
- Name: IronWiFi
- IP Address: IronWiFi RADIUS IP
- Auth Port: Customer Authentication Port
- Accounting Port: Customer Accounting Port
- Shared Key: Your RADIUS secret
Step 3: Create Network
- Go to Network > Networks
- Click + to add network
- Configure Basic Settings:
- Name: IronWiFi-Network
- SSID: Your network name
- Type: Employee or Guest
Step 4: Configure Security
- In network settings, go to Security
- Configure:
- Security Level: Enterprise
- Key Management: WPA2-Enterprise
- Authentication Server: IronWiFi
Step 5: Configure Captive Portal (Guest Networks)
- In network settings, go to Captive Portal
- Select External captive portal
- Configure:
- Server: IronWiFi splash page URL
- URL: Redirect URL
IAP CLI Configuration
Stellar Wireless Configuration
OmniVista Cirrus
- Log in to OmniVista Cirrus cloud management
- Navigate to Network > Wireless
- Configure RADIUS and WLAN similar to controller-based setup
Stellar AP Direct Configuration
- Access Stellar AP web interface
- Configure RADIUS server
- Create WLAN with WPA2-Enterprise
- Configure captive portal if needed
Walled Garden Configuration
For captive portal networks, add these domains to the walled garden:
Required for IronWiFi:
Authentication Provider Domains:
If using social login providers, add the following domains to your walled garden:
| Provider | Required Entries |
|---|---|
| |
| |
| |
| |
| Microsoft | |
Verification
Check RADIUS Connectivity
- In OmniVista, go to Monitoring > RADIUS
- Verify server status shows connected
- Check for authentication events
Test Authentication
- Connect client device to WLAN
- Enter credentials (for 802.1X) or wait for captive portal
- Verify authentication in IronWiFi Console
Debug Commands
Troubleshooting
| Issue | Possible Cause | Solution |
|---|---|---|
| RADIUS timeout | Network connectivity issue | Check connectivity between AP/controller and IronWiFi RADIUS server; verify firewall allows UDP ports |
| Authentication rejected | Wrong shared secret | Verify shared secret matches exactly in both IronWiFi Console and device configuration |
| Portal not redirecting | Incorrect portal URL or walled garden | Verify captive portal URL is correct; check walled garden configuration includes all required domains |
| Cannot complete authentication | Missing walled garden entries | Check walled garden includes all required domains for IronWiFi and social login providers |
| SSL error | Certificate issue | Add authentication provider domains to walled garden |
| No redirect | Portal URL misconfigured | Check captive portal configuration and URL |
| DNS resolution failure | DNS not working | Ensure DNS is properly configured for clients |
Additional Troubleshooting Steps
-
Verify RADIUS Configuration
- Check server IP address is correct
- Verify shared secret matches exactly
- Ensure ports /
{AUTH_PORT}are open{ACCT_PORT}
-
Check Connectivity
ping <IronWiFi-RADIUS-IP> -
Review Logs
- Check controller/AP logs for RADIUS errors
- Review IronWiFi Console authentication logs
- Look for timeout or rejection messages
Best Practices
- Redundancy: Configure secondary RADIUS server
- Timeouts: Set appropriate RADIUS timeout values
- Logging: Enable detailed logging during setup
- Testing: Test with multiple client types
- Documentation: Record all configuration settings
- Updates: Keep firmware current
Related Topics
Shared configuration
Was this page helpful?