beautypg.com

H3C Technologies H3C MSR 50 User Manual

Page 58

background image

49

[Sysname-radius-rad] server-type extended

# Configure the IP addresses of the primary authentication server and accounting server as

10.18.1.88.

[Sysname-radius-rad] primary authentication 10.18.1.88

[Sysname-radius-rad] primary accounting 10.18.1.88

# Configure the shared key for RADIUS authentication/accounting packets as 12345678.

[Sysname-radius-rad] key authentication 12345678

[Sysname-radius-rad] key accounting 12345678

[Sysname-radius-rad] user-name-format without-domain

[Sysname-radius-radius1] quit

# Configure AAA domain cams by referencing RADIUS scheme rad.

[Sysname] domain cams

[Sysname-isp-cams] authentication lan-access radius-scheme rad

[Sysname-isp-cams] authorization lan-access radius-scheme rad

[Sysname-isp-cams] accounting lan-access radius-scheme rad

[Sysname-isp-cams] quit

# Specify cams as the default ISP domain.

[Sysname] domain default enable cams

# Configure the port security mode as userlogin-secure-ext, and enable 802.11 key negotiation
on the interface WLAN-BSS 1.

[Sysname] interface wlan-bss 1

[Sysname-WLAN-BSS1] port-security port-mode userlogin-secure-ext

[Sysname-WLAN-BSS1] port-security tx-key-type 11key

# Disable the multicast trigger function and the online user handshake function.

[Sysname-WLAN-BSS1] undo dot1x multicast-trigger

[Sysname-WLAN-BSS1] undo dot1x handshake

[Sysname-WLAN-BSS1] quit

# Create crypto-type service template 1, configure its SSID as dot1x, and configure the tkip and
ccmp cipher suite.

[Sysname] wlan service-template 1 crypto

[Sysname-wlan-st-1] ssid dot1x

# Enable the RSN-IE in the beacon and probe responses and enable the AES-CCMP cipher suite
in the encryption of frames.

[Sysname-wlan-st-1] authentication-method open-system

[Sysname-wlan-st-1] cipher-suite ccmp

[Sysname-wlan-st-1] security-ie rsn

[Sysname-wlan-st-1] service-template enable

[Sysname-wlan-st-1] quit

# On interface WLAN-radio 2/0, bind service template 1 to interface WLAN-BSS 1.

[Sysname] interface wlan-radio2/0

[Sysname-WLAN-Radio2/0] radio-type dot11g

[Sysname-WLAN-Radio2/0] service-template 1 interface wlan-bss 1

2.

Configure the RADIUS server (IMCv3):
See "

Configuring the RADIUS server (IMCv3)

."

3.

Configure the RADIUS server (IMCv5):
See "

Configuring the RADIUS server (IMCv5)

."

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: