H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 157

143
2.
Configure the ACL.
# Configure IP addresses of the interfaces. (Details not shown.)
# Configure ACL 3000 to deny packets destined to 10.0.0.1.
[AC] acl number 3000
[AC-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0
[AC-acl-adv-3000] quit
3.
Configure RADIUS-based MAC authentication on the AC.
# Configure a RADIUS scheme.
[AC] radius scheme 2000
[AC-radius-2000] primary authentication 10.1.1.1 1812
[AC-radius-2000] primary accounting 10.1.1.2 1813
[AC-radius-2000] key authentication abc
[AC-radius-2000] key accounting abc
[AC-radius-2000] user-name-format without-domain
[AC-radius-2000] quit
# Apply the RADIUS scheme to an ISP domain for authentication, authorization, and accounting.
[AC] domain 2000
[AC-isp-2000] authentication default radius-scheme 2000
[AC-isp-2000] authorization default radius-scheme 2000
[AC-isp-2000] accounting default radius-scheme 2000
[AC-isp-2000] quit
# Specify the ISP domain for MAC authentication.
[AC] mac-authentication domain 2000
# Configure the AC to use MAC-based user accounts, the MAC addresses are hyphen separated
and in lower case.
[AC] mac-authentication user-name-format mac-address with-hyphen lowercase
# Enable port security.
[AC] port-security enable
# Configure the WLAN port security, using MAC and PSK authentication, and specify the domain
2000 as the authentication domain for MAC authentication users on the port.
[AC] interface wlan-ess 0
[AC-WLAN-ESS0] port-security port-mode mac-and-psk
[AC-WLAN-ESS0] port-security tx-key-type 11key
[AC-WLAN-ESS0] port-security preshared-key pass-phrase 12345678
[AC-WLAN-ESS0] mac-authentication domain 2000
[AC-WLAN-ESS0] quit
# Create service template 2 of crypto type, configure its SSID as mac-authention-acl, and bind port
WLAN-ESS 0 to service template 2.
[AC] wlan service-template 2 crypto
[AC-wlan-st-2] ssid mac-authention-acl
[AC-wlan-st-2] bind WLAN-ESS 0
[AC-wlan-st-2] authentication-method open-system
[AC-wlan-st-2] cipher-suite ccmp
[AC-wlan-st-2] security-ie rsn
[AC-wlan-st-2] service-template enable
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000