H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 102
88
[AC] port-security enable
# Specify the 802.1X authentication method.
[AC] dot1x authentication-method eap
# Create a WLAN-ESS interface and configure the port security mode as userLoginSecureExt.
[AC] interface wlan-ess 1
[AC-WLAN-ESS1] port-security port-mode userlogin-secure-ext
# Enable the key negotiation function for the port.
[AC-WLAN-ESS1] port-security tx-key-type 11key
# Disable the online user handshake function.
[AC-WLAN-ESS1] undo dot1x handshake
# Disable the 802.1X multicast trigger function.
[AC-WLAN-ESS1] undo dot1x multicast-trigger
# Configure the port to use mandatory authentication domain bbb. Then, the AC will use the
authentication, authorization, and accounting methods of this domain for all users accessing this port.
This step is optional.
[AC-WLAN-ESS1] dot1x mandatory-domain bbb
[AC-WLAN-ESS1] quit
# Configure the WLAN service template.
[AC] wlan service-template 1 crypto
[AC-wlan-st-1] ssid sectest
[AC-wlan-st-1] bind WLAN-ESS 1
[AC-wlan-st-1] authentication-method open-system
[AC-wlan-st-1] cipher-suite tkip
[AC-wlan-st-1] security-ie wpa
[AC-wlan-st-1] service-template enable
4.
Verify the configuration
NOTE:
•
If the 802.1X client of Windows XP is used, the properties of the 802.1X connection should be specifically
configured in the Authentication tab on the Properties page, where you must select the Enable IEEE
802.1X authentication for this network option and select PEAP as the EAP authentication type.
•
If the iNode client is used, no advanced authentication options need to be enabled.
When using the iNode client, the user can pass authentication after entering username dot1x@bbb and
the correct password in the client property page. When using the Windows XP 802.1X client, the user
can pass authentication after entering the correct username and password in the pop-up authentication
page. After the user passes authentication, the server assigns the port connecting the client to VLAN 4.
Use the display connect command to view the connection information on the AC.
[AC] display connection
Index=22 , Username=dot1x@bbb
MAC=0015-e9a6-7cfe
IP=192.168.1.58
IPv6=N/A
Total 1 connection(s) matched.
# View the information of the specified connection on the AC.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000