H3C Technologies H3C WX3000E Series Wireless Switches User Manual

138

system-view

[AC] local-user 00-e0-fc-12-34-56

[AC-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56

[AC-luser-00-e0-fc-12-34-56] service-type lan-access

[AC-luser-00-e0-fc-12-34-56] quit

# Configure ISP domain aabbcc.net to perform local authentication for access users.

[AC] domain aabbcc.net

[AC-isp-aabbcc.net] authentication lan-access local

[AC-isp-aabbcc.net] quit

# Specify the ISP domain for MAC authentication.

[AC] mac-authentication domain aabbcc.net

# Set the MAC authentication timers.

[AC] mac-authentication timer offline-detect 180

[AC] mac-authentication timer quiet 180

# Configure MAC authentication to use MAC-based accounts. The MAC address usernames and

passwords are hyphenated and in lower case.

[AC] mac-authentication user-name-format mac-address with-hyphen lowercase

# Enable port security.

[AC] port-security enable

# Configure WLAN port security, using MAC and PSK authentication.

[AC] interface wlan-ess 0

[AC-WLAN-ESS0] port-security port-mode mac-and-psk

[AC-WLAN-ESS0] port-security tx-key-type 11key

[AC-WLAN-ESS0] port-security preshared-key pass-phrase 12345678

[AC-WLAN-ESS0] quit

# Create service template 2 of crypto type, configure its SSID as mac-authentication-local, and bind port
WLAN-ESS 0 to service template 2.

[AC] wlan service-template 2 crypto

[AC-wlan-st-2] ssid mac-authentication-local

[AC-wlan-st-2] bind WLAN-ESS 0

[AC-wlan-st-2] authentication-method open-system

[AC-wlan-st-2] cipher-suite ccmp

[AC-wlan-st-2] security-ie rsn

[AC-wlan-st-2] service-template enable

[AC-wlan-st-2] quit

# Create an AP template named ap1, specify the AC model as WA2100 and AP 1 serial number as
210235A29G007C000020.

[AC] wlan ap ap1 model WA2100

[AC-wlan-ap-ap1] serial-id 210235A29G007C000020

# Bind service template 2 to radio 1.

[AC-wlan-ap-ap1] radio 1 type dot11g

[AC-wlan-ap-ap1-radio-1] service-template 2

[AC-wlan-ap-ap1-radio-1] radio enable

[AC-wlan-ap-ap1-radio-1] return