Mac-and-psk authentication configuration example, Network requirements, Configuration procedure – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual
Page 28
5-13
z
You can use the display wlan client and display port-security preshared-key user commands
to view the online clients.
MAC-and-PSK Authentication Configuration Example
Network Requirements
z
As shown in
, a fat AP is connected to a RADIUS server through a Layer 2 switch, and
they are in the same network.
z
It is required to perform MAC-and-PSK authentication on the client. After passing the
authentication, the client uses the pre-configured pre-shared key to negotiate with the AP, and
access the WLAN after a successful negotiation.
Figure 5-4 Network diagram for MAC-and-PSK authentication configuration
Configuration procedure
1) Configure the fat AP
# Enable port security.
[AP] port-security enable
# Configure the authentication mode as mac-and-psk, and the pre-shared key as 12345678, and
specify the key type as 802.11key.
[AP] interface wlan-bss 1
[AP-WLAN-BSS1] port-security port-mode mac-and-psk
[AP-WLAN-BSS1] port-security preshared-key pass-phrase simple 12345678
[AP-WLAN-BSS1] port-security tx-key-type 11key
[AP-WLAN-BSS1] quit
# Create a crypto-type service template, and configure its SSID as mactest.
[AP] wlan service-template 1 crypto
[AP-wlan-st-1] ssid mactest
# Enable the RSN information element in the beacon and probe response frames, and enable the
CCMP cipher suite.
[AP-wlan-st-1] security-ie rsn
[AP-wlan-st-1] cipher-suite ccmp
# Specify the open-system authentication mode, and enable the service template.
[AP-wlan-st-1] authentication-method open-system
[AP-wlan-st-1] service-template enable
# Configure a RADIUS scheme named rad. Configure the IP addresses of both the primary
authentication and authorization servers as 10.1.1.88, the shared key of the authentication,