H3C Technologies H3C WX3000E Series Wireless Switches User Manual

244

# Configure RADIUS scheme 2000.

system-view

[AC] radius scheme 2000

[AC-radius-2000] primary authentication 10.11.1.1 1812

[AC-radius-2000] primary accounting 10.11.1.1 1813

[AC-radius-2000] key authentication abc

[AC-radius-2000] key accounting abc

[AC-radius-2000] user-name-format without-domain

[AC-radius-2000] quit

# Create ISP domain test, and set it as the default ISP domain. (Optional. By default, the system default
ISP domain is system.)

[AC] domain test

[AC-isp-test] quit

[AC] domain default enable test

# And apply RADIUS scheme 2000 to the domain test.

[AC] domain test

[AC-isp-test] authentication lan-access radius-scheme 2000

[AC-isp-test] authorization lan-access radius-scheme 2000

[AC-isp-test] accounting lan-access radius-scheme 2000

[AC-isp-test] quit

# Enable port security in system view.

[AC] port-security enable

# Set the 802.1X authentication method to PAP.

[AC] dot1x authentication-method pap

# Configure wireless port WLAN-ESS 1.

[AC] interface WLAN-ESS 1

[AC-WLAN-ESS1] port link-type hybrid

[AC-WLAN-ESS1] port hybrid vlan 1 to 2 5 10 untagged

[AC-WLAN-ESS1] port-security port-mode userlogin-secure-ext

[AC-WLAN-ESS1] mac-vlan enable

[AC-WLAN-ESS1] dot1x guest-vlan 10

[AC-WLAN-ESS1] dot1x mandatory-domain test

[AC-WLAN-ESS1] quit

# Configure service template 1. The template must be in clear text mode.

[AC] wlan service-template 1 clear

[AC-wlan-st-1] ssid dot1x

[AC-wlan-st-1] bind WLAN-ESS 1

[AC-wlan-st-1] authentication-method open-system

[AC-wlan-st-1] service-template enable

[AC-wlan-st-1] quit

# Configure template AP 1.

[AC] wlan ap 1 model WA2100

[AC-wlan-ap-1] serial-id 210235A29G007C000020

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template 1

[AC-wlan-ap-1-radio-1] radio enable