Verifying the configuration, Example for configuring fit aps on an ac – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

41

# Create an IPsec policy template with the name pt and the sequence number 1, and configure the IPsec

policy to reference IPsec transform set tran1 and IKE peer ap2.

[AC] ipsec policy-template pt 1

[AC-ipsec-policy-template-pt-1] transform-set tran1

[AC-ipsec-policy-template-pt-1] ike-peer ap2

[AC-ipsec-policy-template-pt-1] quit

# Create an IPsec policy template with the name pt and the sequence number 2, and configure the IPsec
policy to reference IPsec transform set tran1 and IKE peer ap3.

[AC] ipsec policy-template pt 2

[AC-ipsec-policy-template-pt-2] transform-set tran1

[AC-ipsec-policy-template-pt-2] ike-peer ap3

[AC-ipsec-policy-template-pt-2] quit

# Reference IPsec policy template pt to create an IPsec policy with the name map and sequence number
1.

[AC] ipsec policy map 1 isakmp template pt

# Apply the IPsec policy to VLAN-interface 1. CAPWAP tunnel establishment between AP 1 and the AC
is not affected by this configuration.

[AC] interface vlan-interface 1

[AC-Vlan-interface-1] ip address 10.1.1.1 24

[AC-Vlan-interface-1] ipsec policy map

Verifying the configuration

Take AP 2 as an example. If Join requests are transmitted between AP 2 and the AC, IKE is triggered to

establish SAs. You can use the display ipsec sa command to display the established SAs. After SAs are
successfully established, the control packets between AP 2 and the AC are transmitted in cipher text.

Example for configuring fit APs on an AC

Configure settings for AP 1 and AP 2 on an AC so that the AC automatically assigns the settings to the
fit APs over AC-AP tunnel connections. Specify the IP addresses of AP 1 and AP 2 as 1.1.1.1/24 and

1.1.1.2/24. AP 1 and AP 2 can discover AC 1 with the IP address 2.2.2.1/24.

Figure 20 Network diagram