Configuring a psk, Ignoring authorization information from the server, Enabling remote authentication proxy – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

231

•

If key negotiation is disabled, a user can directly access the port after passing authentication.

To enable key negotiation:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Enable key negotiation of the
11key type.

port-security tx-key-type 11key

Disabled by default.

Configuring a PSK

A PSK pre-configured on the device is used to negotiate the session key between the user and the device.
To configure a PSK:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Configure a PSK.

port-security preshared-key
{ pass-phrase | raw-key } [ cipher

| simple ] key

By default, no PSK is configured.

Ignoring authorization information from the server

The authorization information is delivered by the authentication server to the device after an 802.1X user

or MAC authenticated user passes authentication. You can configure a port to ignore the authorization

information from the authentication server.
To configure a port to ignore the authorization information from the server:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Ignore the authorization
information from the

authentication server.

port-security authorization ignore

By default, a port uses the
authorization information from the

authentication server.

Enabling remote authentication proxy

Perform this task to enable the remote authentication proxy function on a WLAN-ESS interface. After this
function is enabled, the access device does not process 802.1X authentication requests received on the

WLAN-ESS interface but transport the requests to the upstream device (the IAG card) for processing.