Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

78

Figure 47 Network diagram

Configuration procedure

1.

Configure the AC:
# Enable port security.

system-view

[AC] port-security enable

# Configure the 802.1X authentication mode as EAP.

[AC] dot1x authentication-method eap

# Create a RADIUS scheme rad, and specify the extended RADIUS server type.

[AC] radius scheme rad

[AC-radius-rad] server-type extended

# Configure the IP addresses of the primary authentication and accounting servers as 10.18.1.88.

[AC-radius-rad] primary authentication 10.18.1.88

[AC-radius-rad] primary accounting 10.18.1.88

# Configure the shared key for RADIUS authentication/accounting as 12345678.

[AC-radius-rad] key authentication 12345678

[AC-radius-rad] key accounting 12345678

[AC-radius-rad] user-name-format without-domain

[AC-radius-rad] quit

# Configure AAA domain bbb by referencing RADIUS scheme rad.

[AC] domain bbb

[AC-isp-bbb] authentication lan-access radius-scheme rad

[AC-isp-bbb] authorization lan-access radius-scheme rad

[AC-isp-bbb] accounting lan-access radius-scheme rad

[AC-isp-bbb] quit

# Specify the mandatory domain as bbb.

[AC] interface WLAN-ESS 1

[AC-WLAN-ESS1] dot1x mandatory-domain bbb

# Configure the port security mode as userlogin-secure-ext.

[AC-WLAN-ESS1] port-security port-mode userlogin-secure-ext

# Disable the multicast trigger function and the online user handshake function.

[AC-WLAN-ESS1] undo dot1x multicast-trigger

[AC-WLAN-ESS1] undo dot1x handshake

[AC-WLAN-ESS1] quit

10.18.1.88/24

AC

L2 switch

AP

Client

RADIUS server

10.18.1.1/24