beautypg.com

H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 107

background image

95

# Configure the authentication method as open-system, and use the CCMP cipher suite for frame

encryption.

[AC1-wlan-st-1] authentication-method open-system

[AC1-wlan-st-1] cipher-suite ccmp

[AC1-wlan-st-1] security-ie rsn

# Enable service template 1.

[AC1-wlan-st-1] service-template enable

[AC1-wlan-st-1] quit

# Enable port security.

[AC1] port-security enable

# Configure the 802.1X authentication method as EAP.

[AC1] dot1x authentication-method eap

# Create a RADIUS scheme rad, and specify the extended RADIUS server type.

[AC1] radius scheme rad

[AC1-radius-rad] server-type extended

# Configure the IP addresses of the primary authentication server and accounting server as

10.18.1.5.

[AC1-radius-rad] primary authentication 10.18.1.5

[AC1-radius-rad] primary accounting 10.18.1.5

# Configure the shared key for RADIUS authentication/accounting packets as 12345678.

[AC1-radius-rad] key authentication 12345678

[AC1-radius-rad] key accounting 12345678

# Configure the source IP address of RADIUS packets sent by the AC as 10.18.1.1.

[AC1-radius-rad] nas-ip 10.18.1.1

[AC1-radius-rad] quit

# Configure ISP domain cams to use RADIUS scheme rad to implement authentication,

authorization, and accounting for all types of users.

[AC1] domain cams

[AC1-isp-cams] authentication default radius-scheme rad

[AC1-isp-cams] authorization default radius-scheme rad

[AC1-isp-cams] accounting default radius-scheme rad

[AC1-isp-cams] quit

#Configure the 802.1X mandatory authentication domain as cams on interface WLAN-ESS 1.

[AC1] interface WLAN-ESS 1

[AC1-WLAN-ESS1] dot1x mandatory-domain cams

[AC1-WLAN-ESS1] quit

# Configure AP 1: Create an AP template named ap1 and its model is WA2100, and configure the
serial ID of AP 1 as 210235A045B05B1236548.

[AC1] wlan ap ap1 model WA2100

[AC1-wlan-ap-ap1] serial-id 210235A045B05B1236548

[AC1-wlan-ap-ap1] radio 1 type dot11g

# Bind service template inter-roam to radio 1.

[AC1-wlan-ap-ap1-radio-1] service-template 1

[AC1-wlan-ap-ap1-radio-1] radio enable

[AC1-wlan-ap-ap1-radio-1] quit

[AC1-wlan-ap-ap1] quit