H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 108
96
# Create mobility group roam, specify the tunnel source IP as 10.18.1.1, and specify a member
with IP address 10.18.1.2.
[AC1] wlan mobility-group roam
[AC1-wlan-mg-roam] source ip 10.18.1.1
[AC1-wlan-mg-roam] member ip 10.18.1.2
[AC1-wlan-mg-roam] mobility-group enable
2.
Configure AC 2:
# On interface WLAN-ESS 1, configure port security mode as userlogin-secure-ext, and enable key
negotiation of the 11key type.
[AC2] interface wlan-ess 1
[AC2-WLAN-ESS1] port-security port-mode userlogin-secure-ext
[AC2-WLAN-ESS1] port-security tx-key-type 11key
# Disable the multicast trigger function and the online user handshake function.
[AC2-WLAN-ESS1] undo dot1x multicast-trigger
[AC2-WLAN-ESS1] undo dot1x handshake
[AC2-WLAN-ESS1] quit
# Create service template 1 of crypto type, configure its SSID as inter-roam, and bind
WLAN-ESS1 to intra-roam.
[AC2] wlan service-template 1 crypto
[AC2-wlan-st-1] ssid inter-roam
[AC2-wlan-st-1] bind wlan-ess 1
# Configure the authentication method as open-system, use the CCMP cipher suite for frame
encryption, and enable the RSN security IE to be carried in beacon and reply frames. .
[AC2-wlan-st-1] authentication-method open-system
[AC2-wlan-st-1] cipher-suite ccmp
[AC2-wlan-st-1] security-ie rsn
# Enable service template 1.
[AC2-wlan-st-1] service-template enable
[AC2-wlan-st-1] quit
# Enable port security.
[AC2] port-security enable
# Configure the 802.1X authentication method as EAP.
[AC2] dot1x authentication-method eap
# Create RADIUS scheme rad, and specify the server type as extended to exchange extended
messages with the server.
[AC2] radius scheme rad
[AC2-radius-rad] server-type extended
# Specify the IP addresses of the primary authentication and accounting servers as 10.18.1.5.
[AC2-radius-rad] primary authentication 10.18.1.5
[AC2-radius-rad] primary accounting 10.18.1.5
# Configure the authentication and accounting keys as 12345678.
[AC2-radius-rad] key authentication 12345678
[AC2-radius-rad] key accounting 12345678
# Configure the source IP address of RADIUS packets as 10.18.1.2.
[AC2-radius-rad] nas-ip 10.18.1.2
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points