Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

140

Figure 65 Network diagram

Configuration procedure

NOTE:

Make sure that the RADIUS server and the AC can reach each other.

# Create a shared account for MAC authentication users on the RADIUS server, and set the username

aaa and password 123456 for the account. (Details not shown.)
# Configure IP addresses of the interfaces. (Details not shown.)
# Configure a RADIUS scheme.

system-view

[AC] radius scheme 2000

[AC-radius-2000] primary authentication 10.1.1.1 1812

[AC-radius-2000] primary accounting 10.1.1.2 1813

[AC-radius-2000] key authentication abc

[AC-radius-2000] key accounting abc

[AC-radius-2000] user-name-format without-domain

[AC-radius-2000] quit

# Apply the RADIUS scheme to ISP domain 2000 for authentication, authorization, and accounting.

[AC] domain 2000

[AC-isp-2000] authentication default radius-scheme 2000

[AC-isp-2000] authorization default radius-scheme 2000

[AC-isp-2000] accounting default radius-scheme 2000

[AC-isp-2000] quit

# Enable port security.

[AC] port-security enable

# Configure the WLAN port security, using MAC and PSK authentication, and specify the domain 2000
as the authentication domain for MAC authentication users on the port.

[AC] interface wlan-ess 0

[AC-WLAN-ESS0] port-security port-mode mac-and-psk

[AC-WLAN-ESS0] port-security tx-key-type 11key

[AC-WLAN-ESS0] port-security preshared-key pass-phrase 12345678

[AC-WLAN-ESS0] mac-authentication domain 2000

[AC-WLAN-ESS0] quit

Authentication servers
(RADIUS server cluster)

10.1.1.1
10.1.1.2

Internet

AC

Supplicant

AP

L2switch

Client