Configuration procedure, Configuring radio parameters – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

21

with the ike sa keepalive-timer timeout command, and enable invalid security parameter index

(SPI) recovery with the ipsec invalid-spi-recovery enable command.

5.

Apply the IPsec policy to VLAN interfaces.

Configuration procedure

To enable CAPWAP/LWAPP tunnel encryption with IPsec:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter AP template view.

wlan ap ap-name [ model
model-name [ id ap-id ] ]

The AP model name is needed
only when you create an AP

template.

3.

Enter AP configuration view. provision

N/A

4.

Configure the AP to use IPsec
to encrypt the control tunnel.

tunnel encryption ipsec
pre-shared-key { cipher | simple }

key

By default, the AP does not
encrypt the control tunnel.

5.

Configure the AP to use IPsec
to encrypt the data tunnel.

data-tunnel encryption enable

By default, the AP does not
encrypt the data tunnel.

6.

Save the configuration in AP
configuration view to the

wlan_ap_cfg.wcfg file of the

specified APs.

save wlan ap provision { all | name
ap-name }

This command takes effect only
on APs in Run state.
For more information about the
command, see WLAN Command

Reference.

Configuring radio parameters

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter AP template view.

wlan ap ap-name [ model
model-name [ id ap-id ] ]

The AP model name is needed
only when you create an AP

template.

3.

Enter radio view.

radio radio-number [ type { dot11a |
dot11an | dot11b | dot11g |

dot11gn } ]

The default varies depending on
the AP model.

4.

Apply a service template on
the radio.

service-template
service-template-number [ vlan-id
vlan-id1 [ vlan-id2 ] ] [ nas-port-id

nas-port-id | nas-id nas-id ]

[ ssid-hide ]

Multiple service templates can be
applied on a radio.