H3C Technologies H3C WX3000E Series Wireless Switches User Manual

40

[AC-wlan-ap-ap2-prvs] tunnel encryption ipsec pre-shared-key simple 12345

[AC-wlan-ap-ap2-prvs] save wlan ap provision name ap2

[AC-wlan-ap-ap2-prvs] quit

[AC-wlan-ap-ap2] quit

# Create AP 3 and enter AP configuration view, configure the AP to use IPsec key abcde to encrypt the

control and data tunnels, and save the configuration to the wlan_ap_cfg.wcfg file of the AP.

[AC] wlan ap ap3 model WA2620E-AGN

[AC-wlan-ap-ap3] provision

[AC-wlan-ap-ap3-prvs] tunnel encryption ipsec pre-shared-key simple abcde

[AC-wlan-ap-ap3-prvs] data-tunnel encryption enable

[AC-wlan-ap-ap3-prvs] save wlan ap provision name ap3

[AC-wlan-ap-ap3-prvs] return

# Reboot AP 2 and AP 3 to validate the configuration.

reset wlan ap name ap2

reset wlan ap name ap3

# Configure an IPsec security proposal.

system-view

[AC] ipsec transform-set tran1

[AC-ipsec-transform-set-tran1] encapsulation-mode tunnel

[AC-ipsec-transform-set-tran1] transform esp

[AC-ipsec-transform-set-tran1] esp encryption-algorithm des

[AC-ipsec-transform-set-tran1] esp authentication-algorithm sha1

[AC-ipsec-transform-set-tran1] quit

# Create a DPD name dpd.

[AC] ike dpd dpd

# Set the ISAKMP SA keepalive interval to 100 seconds.

[AC] ike sa keepalive-timer interval 100

# Set the ISAKMP SA keepalive timeout to 300 seconds.

[AC] ike sa keepalive-timer timeout 300

# Enable invalid SPI recovery.

[AC] ipsec invalid-spi-recovery enable

# Configure IKE peer ap2, configure the pre-shared key 12345 (the same as that on AP 2), and apply a
DPD detector to AP 2.

[AC] ike peer ap2

[AC-ike-peer-ap2] remote-address 10.1.1.3

[AC-ike-peer-ap2] pre-shared-key 12345

[AC-ike-peer-ap2] dpd dpd

[AC-ike-peer-ap2] quit

# Configure IKE peer ap3, configure the pre-shared key abcde (the same as that on AP 3), and apply a
DPD detector to AP 3.

[AC] ike peer ap3

[AC-ike-peer-ap3] remote-address 10.1.1.4

[AC-ike-peer-ap3] pre-shared-key abcde

[AC-ike-peer-ap3] dpd dpd

[AC-ike-peer-ap3] quit