Verifying the configuration, 1x with acl assignment configuration example, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

129

[AC-wlan-st-1] service-template enable

[AC-wlan-st-1] quit

# Create AP template ap1 of model WA2100, and configure the serial ID as

210235A29G007C000020.

[AC] wlan ap ap1 model WA2100

[AC-wlan-ap-ap1] serial-id 210235A29G007C000020

# Bind service template 1 to radio 1.

[AC-wlan-ap-ap1] radio 1 type dot11g

[AC-wlan-ap-ap1-radio-1] service-template 1

[AC-wlan-ap-ap1-radio-1] radio enable

Verifying the configuration

Use the display dot1x interface WLAN-ESS1 command to verify the 802.1X configuration. After an

802.1X user passes RADIUS authentication, use the display connection command to view information

about the user connection. If the user fails RADIUS authentication, local authentication is performed.

802.1X with ACL assignment configuration

example

Network requirements

As shown in

Figure 63

, the client 192.168.1.10 connects to port WLAN-ESS 1 of the AC.

Perform 802.1X authentication on the port. Use the RADIUS server at 10.1.1.1 as the authentication and

authorization server and the RADIUS server at 10.1.1.2 as the accounting server. Assign an ACL to
WLAN-ESS 1 to deny the access of 802.1X users to the FTP server at 10.0.0.1.

Figure 63 Network diagram

Configuration procedure

# Assign IP addresses to interfaces. (Details not shown.)
# Configure the RADIUS scheme.

system-view

[AC] radius scheme 2000

IP network

AC

Client

Authentication servers
(RADIUS server cluster)

192.168.1.10

FTP server

10.0.0.1

10.1.1.1
10.1.1.2

AP