H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 104
92
# Create service template 1 of crypto type, configure its SSID as intra-roam, and bind
WLAN-ESS1 to intra-roam.
[AC] wlan service-template 1 crypto
[AC-wlan-st-1] ssid intra-roam
[AC-wlan-st-1] bind wlan-ess 1
# Configure the authentication method as open-system, and use the CCMP cipher suite for frame
encryption.
[AC-wlan-st-1] authentication-method open-system
[AC-wlan-st-1] cipher-suite ccmp
[AC-wlan-st-1] security-ie rsn
# Enable service template 1.
[AC-wlan-st-1] service-template enable
[AC-wlan-st-1] quit
# Enable port security.
[AC] port-security enable
# Configure the 802.1X authentication method as EAP.
[AC] dot1x authentication-method eap
# Create a RADIUS scheme rad, and specify the extended RADIUS server type.
[AC] radius scheme rad
[AC-radius-rad] server-type extended
# Configure the IP addresses of the primary authentication server and accounting server as
10.18.1.5.
[AC-radius-rad] primary authentication 10.18.1.5
[AC-radius-rad] primary accounting 10.18.1.5
# Configure the shared key for RADIUS authentication/accounting packets as 12345678.
[AC-radius-rad] key authentication 12345678
[AC-radius-rad] key accounting 12345678
# Configure the source IP address of RADIUS packets sent by the AC as 10.18.1.1.
[AC-radius-rad] nas-ip 10.18.1.1
[AC-radius-rad] quit
# Create ISP domain cams and configure the ISP domain cams to use RADIUS scheme rad to
implement authentication, authorization, and accounting for all types of users.
[AC] domain cams
[AC-isp-cams] authentication default radius-scheme rad
[AC-isp-cams] authorization default radius-scheme rad
[AC-isp-cams] accounting default radius-scheme rad
[AC-isp-cams] quit
#Configure the 802.1X mandatory authentication domain as cams on interface WLAN-ESS 1.
[AC] interface WLAN-ESS 1
[AC-WLAN-ESS1] dot1x mandatory-domain cams
[AC-WLAN-ESS1] quit
# Configure AP 1: Create an AP template named ap1 and its model is WA2100, and configure the
serial ID of AP 1 as 210235A045B05B1236548.
[AC] wlan ap ap1 model WA2100
[AC-wlan-ap-ap1] serial-id 210235A045B05B1236548
[AC-wlan-ap-ap1] radio 1 type dot11g
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points