Configuring ac 2 – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

362

# Save the AP configuration to the AP's configuration file.

[AC1-wlan-ap-ap-prvs] save wlan ap provision name ap

[AC1-wlan-ap-ap-prvs] quit

[AC1] quit

# Reboot all APs.

reset wlan ap all

This command will reset all master connection AP's.

Do you want to continue [Y/N]:y

Configuring AC 2

# Configure an IP address for VLAN-interface 1.

system-view

[AC2] interface Vlan-interface 1

[AC2-Vlan-interface1] ip address 133.1.1.2 16

[AC2-Vlan-interface1] quit

# Enable stateful failover and set the stateful failover heartbeat interval.

[AC2] hot-backup enable

[AC2] hot-backup hellointerval 100

# Set the IKE SA keepalive interval.

[AC2] ike sa keepalive-timer interval 20

# Set the IKE SA keepalive timeout.

[AC2] ike sa keepalive-timer timeout 60

# Enable invalid SPI recovery.

[AC2] ipsec invalid-spi-recovery enable

# Create an IPsec proposal named tran1.

[AC2] ipsec proposal tran1

# Configure the IPsec proposal to use security protocol ESP and authentication algorithm SHA-1.

[AC2-ipsec-proposal-tran1] esp authentication-algorithm sha1

[AC2-ipsec-proposal-tran1] quit

# Create a DPD named dpd.

[AC2] ike dpd dpd

[AC2-ike-dpd-dpd] quit

# Create an IKE peer named peer1.

[AC2] ike peer peer1

# Apply dpd to IKE peer peer1.

[AC2-ike-peer-peer1] dpd dpd

# Configure a plaintext pre-shared key 123456 for IKE negotiation.

[AC2-ike-peer-peer1] pre-shared-key simple 123456

# Specify the security gateway IP address as 133.1.1.33.

[AC2-ike-peer-peer1] remote-address 133.1.1.33

[AC2-ike-peer-peer1] quit

# Create an IPsec policy template named pt with the sequence number 1.

[AC2] ipsec policy-template pt 1