Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

237

Figure 114 Network diagram

Configuration procedure

NOTE:
•

This example covers only some of the required AAA and RADIUS configuration commands. For more
information, see

Security Command Reference.

•

The client-side and RADIUS server-side configuration procedures are not shown in this example.

•

For more information about WLAN configuration information, see

WLAN Configuration Guide.

1.

Enable port security.

system-view

[AC] port-security enable

2.

Configure RADIUS:
# Configure RADIUS scheme 2000.

system-view

[AC] radius scheme 2000

# Specify the IP address of the primary authentication RADIUS server as 192.168.1.2/24, and
that of the primary accounting RADIUS server as 192.168.1.3/24.

[AC-radius-2000] primary authentication 192.168.1.2

[AC-radius-2000] primary accounting 192.168.1.3

# Specify the IP address of the secondary authentication RADIUS server as 192.168.1.3/24, and

that of the secondary accounting RADIUS server as 192.168.1.2/24.

[AC-radius-2000] secondary authentication 192.168.1.3

[AC-radius-2000] secondary accounting 192.168.1.2

# Set the shared key for authenticating RADIUS authentication/accounting packets as name.

[AC-radius-2000] key authentication name

[AC-radius-2000] key accounting money

# Exclude the ISP domain name in the username sent to the RADIUS server.

[AC-radius-2000] user-name-format without-domain

[AC-radius-2000] quit

# Configure ISP domain sun and configure it to use RADIUS scheme 2000 for authentication,

authorization, and accounting of all types of users.

[AC] domain sun

[AC-isp-sun] authentication default radius-scheme 2000

[AC-isp-sun] authorization default radius-scheme 2000

Client A

Client B

SSID 1

AP

AC

RADIUS server

IP network