beautypg.com

H3C Technologies H3C MSR 50 User Manual

Page 34

background image

1-33

[AC] domain default enable universal

# Configure port security on interface WLAN-ESS 1.

[AC] interface wlan-ess 1

[AC-WLAN-ESS1] port-security port-mode userlogin-secure-ext

[AC-WLAN-ESS1] port-security tx-key-type 11key

[AC-WLAN-ESS1] undo dot1x multicast-trigger

[AC-WLAN-ESS1] undo dot1x handshake

[AC-WLAN-ESS1] quit

# Configure a service template.

[AC] wlan service-template 1 crypto

[AC-wlan-st-1] ssid test

[AC-wlan-st-1] bind wlan-ess 1

[AC-wlan-st-1] authentication-method open-system

[AC-wlan-st-1] cipher-suite ccmp

[AC-wlan-st-1] security-ie rsn

[AC-wlan-st-1] service-template enable

[AC-wlan-st-1] quit

# Configure AP1.

[AC] wlan ap ap1 model wa2100

[AC-wlan-ap-ap1] radio 1 type dot11g

[AC-wlan-ap-ap1-radio1] service-template 1

[AC-wlan-ap-ap1-radio1] radio enable

[AC-wlan-ap-ap1-radio1] return

# Add AP1 to AP group 11, apply the AP group to user profile management and enable the user profile.

system-view

[AC] wlan ap-group 11

[AC-ap-group11] ap ap1

[AC-ap-group11] quit

[AC] user-profile management

[AC-user-profile-management] wlan permit-ap-group 11

[AC-user-profile-management] quit

[AC] user-profile management enable

2) Configuration

on

the RADIUS server

# Specify the name of the user profile in the external group checkbox on the RADIUS server.

Log in to the CAMS management platform. On the left navigation tree, select Service Management >

Service Config. Then click Add on the page to enter the following configuration page.

Select the Access Control checkbox and add name management.

If no user profile name is specified, all APs are permitted.