Configuring the fat ap – H3C Technologies H3C MSR 50 User Manual
Page 53
44
Figure 14 Network diagram
Configuring the fat AP
# Enable port security.
[Sysname] port-security enable
# Configure the port mode of the WLAN BSS interface as mac-and-psk (with the pre-shared key
12345678) and enable 802.11key negotiation.
[Sysname] interface wlan-bss 1
[Sysname-WLAN-BSS1] port-security port-mode mac-and-psk
[Sysname-WLAN-BSS1] port-security preshared-key pass-phrase 12345678
[Sysname-WLAN-BSS1] port-security tx-key-type 11key
[Sysname-WLAN-BSS1] quit
# Create service template 2 of crypto type and configure its SSID as mactest.
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] ssid mactest
# Enable the RSN-IE in the beacon and probe responses and enable the AES-CCMP cipher suite in the
encryption of frames.
[Sysname-wlan-st-1] security-ie rsn
[Sysname-wlan-st-1] cipher-suite ccmp
# Configure the authentication method as open-system and enable the service template.
[Sysname-wlan-st-1] authentication-method open-system
[Sysname-wlan-st-1] service-template enable
[Sysname-wlan-st-1] quit
# Configure the IP addresses of the primary authentication server and accounting server as 10.18.1.88,
the shared key for RADIUS authentication/accounting packets as 12345678, and specify the extended
RADIUS server type.
[Sysname] radius scheme rad
[Sysname-radius-rad] primary authentication 10.18.1.88
[Sysname-radius-rad] primary accounting 10.18.1.88
[Sysname-radius-rad] server-type extended
# Configure the shared key for RADIUS authentication/accounting packets as 12345678.
[Sysname-radius-rad] key authentication 12345678
[Sysname-radius-rad] key accounting 12345678
[Sysname-radius-rad] user-name-format without-domain
[Sysname-radius-rad] quit
IP network
L2 switch
FAT AP
Client
10.18.1.88/24
RADIUS server
10.18.1.1/24