Document toolboxDocument toolbox

Configuration Example: Configuring Authenticated DHCP

Owned by Panna .
Jun 20, 2022

In this example, a school (school.edu) has two locations, its main campus, campus1.schoool.edu, and a satellite campus, campus2.school.edu. It has a captive portal server in each location. In the main campus, the Grid Master also functions as a DHCP server and uses a captive portal server to register DHCP clients. In the satellite campus, two members serve DHCP and use the same captive portal server. The captive portal servers use the same RADIUS authentication server group to authenticate users.
Figure 32.4

Create the RADIUS Authentication Server Group

Create the RADIUS authentication server group and add two RADIUS servers to the group.

  1. From the Administration tab, click the Authentication Server Groups tab.
  2. Expand the Toolbar and click Add -> RADIUS Service.
  3. In the Add RADIUS Authentication Service wizard, complete the following:
    • Name: Enter RADIUS ASG.
    • RADIUS Servers: Click the Add icon and enter the following:
      • Server Name or IP Address: Enter the RADIUS server FQDN, which is rs1.school.edu.
      • Authentication Port: Accept the default port (1812).
      • Authentication Type: Select the PAP authentication method.
      • Shared Secret: Enter no1nose.
    • Authentication
      • Timeout: Enter 5 seconds.
      • Retries: Accept the default, which is five.
    • Accounting
      • Timeout: Enter 5 seconds.
      • Retries: Accept the default, which is five.
      • Click Test to validate the configuration and check that the Grid Master can connect to the RADIUS server.
        Grid Manager displays a message confirming the configuration is valid.

Click Add to add another RADIUS server to the group, and then enter the following:

      • Server Name or IP Address: Enter the RADIUS server FQDN, which is rs2.school.edu.
      • Authentication Port: Accept the default port (1812).
      • Authentication Type: Select the PAP authentication method.
      • Shared Secret: Enter no1nose.
    • Authentication
      • Timeout: Enter 5 seconds.
      • Retries: Accept the default, which is five.
    • Accounting
      • Timeout: Enter 5 seconds.
      • Retries: Accept the default, which is five.
      • Click Test to validate the configuration and check that the Grid Master can connect to the RADIUS server.
        Grid Manager displays a message confirming the configuration is valid.

4. Click Save & Close.

Configure the Captive Portal Properties

Configure the captive portal properties of cp1.campus1.school.edu.

  1. From the Grid tab, select the Grid Manager tab.
  2. Click the Captive Portal tab -> Services tab.
  3. Select the member cp1.campus1.school.edu and click the Edit icon.
  4. In the General Basic tab of the Member Captive Portal Properties editor, complete the following:
    • Use This Authentication Server Group for Authenticating Captive Portal Users: Select RADIUS ASG.
    • Captive Portal User Types: Select Both.
    • Portal IP Address: Select 10.2.2.10.
    • Enable SSL on Portal: Select this option.
    • Log Registration Success: Select Informational.
    • Log Registration Failure: Select Informational.
  5. Click Save & Close. 

Configure the captive portal properties of cp2.campus2.school.edu.

  1. From the Grid tab, select the Grid Manager tab.
  2. Click the Captive Portal tab -> Services tab.
  3. Select the member cp2.campus2.school.edu and click the Edit icon.
  4. In the General Basic tab of the Member Captive Portal Properties editor, complete the following:
    • Use This Authentication Server Group for Authenticating Captive Portal Users: Select RADIUS ASG.
    • Captive Portal User Types: Select Both.
    • Portal IP Address: Select 10.1.3.10.
    • Enable SSL on Portal: Select this option.
    • Log Registration Success: Select Informational.
    • Log Registration Failure: Select Informational.
  5. Click Save & Close.

Customize the Captive Portals

Customize the captive portal cp1.campus1.school.edu.

  1. From the Grid tab, select the Grid Manager tab.
  2. Click the Captive Portal tab-> Services tab.
  3. Select cp1.campus1.school.edu and click the Edit icon.
  4. Select the Customization tab of the Member Captive Portal Properties editor.
  5. In the General Captive Portal Customization section, complete the following:
    • Company Name: Enter School.
    • Welcome Message: Type the following: Welcome to School. Please sign in.
    • Help Desk Message: Type: To reach the Helpdesk, call (408) 111-2222 or email helpdesk@school.edu.
    • Logo Image: Click Select beside the logo file and upload it.
  6. In the Guest Users Web Page Customization section, complete the following:
    • Select the checkboxes beside Require First Name, Require Last Name, Require Email.
  7. Click Save & Close.

Select the other captive portal server, cp2.campus2.school.edu, and enter the same information.

Generate a Self-Signed Certificate and Upload It

To generate a self-signed certificate for cp1.campus1.school.edu:

  1. From the Grid tab, select the Grid Manager tab.
  2. Click the Captive Portal tab from the Services tab.
  3. Select cp1.campus1.school.edu, and then click HTTPS Cert -> Generate Self-signed Certificate from the Toolbar.
  4. In the Generate Self-signed Certificate dialog box, complete the following:
    • Secure Hash Algorithm and Key Size: You can select SHA-1 and a RSA key size of 1024 or 2048. SHA-256 (SHA-2) can be selected together with a RSA key size of 2048 or 4096. The default value is SHA-256 2048.
    • Days Valid: Enter 60 days.
    • Common Name: Enter cp1.campus1.school.edu.
  5. Click OK.
  6. Click Save & Close.

To generate a self-signed certificate for the captive portal cp2.campus2.school.edu:

  1. From the Grid tab, select the Grid Manager tab.
  2. Click the Captive Portal tab from the Services tab.
  3. Select cp2.campus2.school.edu, and then click HTTPS Cert -> Generate Self-signed Certificate from the Toolbar.
  4. In the Generate Self-signed Certificate dialog box, complete the following:
    • Secure Hash Algorithm and Key Size: You can select SHA-1 and a RSA key size of 1024 or 2048. SHA-256 (SHA-2) can be selected together with a RSA key size of 2048 or 4096. The default value is SHA-256 2048.
    • Days Valid: Enter 60 days.
    • Common Name: Enter cp2.campus2.school.edu.
  5. Click OK.
  6. Click Save & Close.

Start the Captive Portal Service

  1. From the Grid tab, select the Grid Manager tab.
  2. Click the Captive Portal tab from the Services tab.
  3. Select cp1.campus1.school.edu and cp2.campus2.school.edu, and then click the Start icon.

Configure the Networks and DHCP Ranges

Configure the network on the Grid Master.

  1. From the Data Management tab, select the DHCP tab -> Networks tab -> Networks section.
  2. Click the Add drop-down list and select IPv4 Network.
  3. In the Add IPv4 Network wizard, select one of the following and click Next:
    • Add Network: Click this.
  4. Complete the following and click Next:
    • Address: Enter 10.2.1.0/24.

5. Complete the following to assign the network to the Grid Master:

    • Add Infoblox Member: Select gm.campus1.school.edu.

6. Click Save & Close.

Configure the ranges on the Grid Master. To create the authenticated range:

  1. From the Data Management tab, select the DHCP tab -> Networks tab -> Networks section.
  2. Click the 10.2.1.0/24 network link, and then click the Add drop-down list and select DHCP Range.
  3. In the Add IPv4 Range wizard, select Add DHCP Range and click Next:
  4. Complete the following:
    • Network: Click Select Network and select 10.2.1.0/24.
    • Start: Enter 10.2.1.50.End: Enter 10.2.1.150.
    • Name: Enter authenticated range.

5. Click Next and complete the following:

    • Grid Member: Select this option and select gm.campus1.school.edu.

6. Click Save & Close.

To create the guest range:

  1. Click the 10.2.1.0/24 network link, and then click the Add drop-down list and select DHCP Range.
  2. In the Add IPv4 Range wizard, select Add DHCP Range and click Next:
  3. Complete the following:
    • Network: Click Select Network and select 10.2.1.0/24.
    • Start: Enter 10.2.1.151.
    • End: Enter 10.2.1.170.
    • Name: Enter guest range.

4. Click Next and complete the following:

    • Grid Member: Select this option and select gm.campus1.school.edu.

5. Click Save & Close.

To create the quarantine range:

  1. Click the 10.2.1.0/24 network link, and then click the Add drop-down list and select DHCP Range.
  2. In the Add IPv4 Range wizard, select Add DHCP Range and click Next:
  3. Complete the following:
    • Network: Click Select Network and select 10.2.1.0/24.
    • Start: Enter 10.2.1.225.
    • End: Enter 10.2.1.254.
    • Name: Enter quarantine range.

4. Click Next and complete the following:

    • Grid Member: Select this option and select gm.campus1.school.edu.

5. Click Save & Close.

Create the network and DHCP ranges for the DHCP servers ds1.campus1.school.edu and ds2.campus2.school.edu.

Run the Captive Portal Wizard

Run the Captive Portal wizard to associate the Grid Master with its captive portal, and to configure the MAC address filters:

  1. From the Data Management tab, select the DHCP tab, or from the Grid tab, select the Grid Manager tab.
  2. Expand the Toolbar and click Configure Captive Portal.
  3. In the Captive Portal wizard, complete the following and click Next:
    • Member DHCP: Select the Grid Master, gm.campus1.school.edu.
    • Captive Portal: Select cp1.campus1.school.edu.
  4. Complete the following and click Next:
    • Authenticated MAC Filter: Enter Auth_MAC_Filter.
    • Expiration Time: Select Never.
    • Guest MAC Filter: Enter Guest_MAC_Filter.
    • Expiration Time: Select Never.
  5. Complete the following:
    • Network: Select 10.2.1.0/24.
    • Authenticated Range: Select 10.2.1.50 - 10.2.1.150.
    • Guest Range: Select 10.2.1.151 - 10.2.1.170.
    • Quarantine Range: Select 10.2.1.225 - 10.2.1.254.

6. Click Save & Close.

Run the Captive Portal wizard to associate ds1.campus2.school.edu with the captive portal server cp2.campus2.school.edu, and then run it again to associate ds2.campus2.school.edu with the same captive portal server.

Start the DHCP Service

To start the DHCP service on the Grid Master:

  1. From the Data Management tab, select the DHCP tab -> Members tab.
  2. Select the Grid Master gm.campus1.school.edu, and the two members, ds1.campus2.school.edu and ds2.campus2.school.edu.
  3. Expand the Toolbar and click Start.
  4. In the Start Member DHCP Service dialog box, click Yes.
  5. Grid Manager starts DHCP services on the Grid Master and on the selected members.