Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

338

# Create AP template 2100 with the model WA2100 and serial number

210235A29G007C000020.

[AC] wlan ap 2100 model WA2100

[AC-wlan-ap-2100] serial-id 210235A29G007C000020

# Bind the WLAN service template to radio 1, and enable the radio.

[AC-wlan-ap-2100] radio 1

[AC-wlan-ap-2100-radio-1] service-template 1

[AC-wlan-ap-2100-radio-1] radio enable

# The ports connecting the AC and APs reside in VLAN 1 by default. Configure the IP address for

the VLAN interface on the AC and APs. (Details not shown.)
# Add local access user test.

[AC] local-user test

[AC-luser-test] service-type lan-access

[AC-luser-test] password simple test

[AC-luser-test] quit

# Enable ARP detection for VLAN 10 to check user validity based on 802.1X entries.

[AC] vlan 10

[AC-vlan10] arp detection enable

# Configure the upstream port as a trusted port. The downstream WLAN-ESS port uses the default

setting untrusted.

[AC-vlan10] interface GigabitEthernet 1/0/1

[AC-GigabitEthernet 1/0/1] arp detection trust

[AC-GigabitEthernet 1/0/1] quit

After the configuration, the AC checks ARP packets received on WLAN-ESS 0 against 802.1X

entries.

User validity check and ARP packet validity check
configuration example

Network requirements

•

Configure the switch as a DHCP server.

•

Enable DHCP snooping on the AC.

•

Configure Client 1 as a DHCP client. Configure Client 2's IP address 10.1.1.6 and MAC address
0001-0203-0607.

•

Enable user validity check and ARP packet validity check in VLAN 10.