beautypg.com

Mac-and-psk authentication configuration example, Network requirements, Configuration procedure – H3C Technologies H3C WA2600 Series WLAN Access Points User Manual

Page 28

background image

5-13

z

You can use the display wlan client and display port-security preshared-key user commands

to view the online clients.

MAC-and-PSK Authentication Configuration Example

Network Requirements

z

As shown in

Figure 5-4

, a fat AP is connected to a RADIUS server through a Layer 2 switch, and

they are in the same network.

z

It is required to perform MAC-and-PSK authentication on the client. After passing the

authentication, the client uses the pre-configured pre-shared key to negotiate with the AP, and

access the WLAN after a successful negotiation.

Figure 5-4 Network diagram for MAC-and-PSK authentication configuration

Configuration procedure

1) Configure the fat AP

# Enable port security.

system-view

[AP] port-security enable

# Configure the authentication mode as mac-and-psk, and the pre-shared key as 12345678, and

specify the key type as 802.11key.

[AP] interface wlan-bss 1

[AP-WLAN-BSS1] port-security port-mode mac-and-psk

[AP-WLAN-BSS1] port-security preshared-key pass-phrase simple 12345678

[AP-WLAN-BSS1] port-security tx-key-type 11key

[AP-WLAN-BSS1] quit

# Create a crypto-type service template, and configure its SSID as mactest.

[AP] wlan service-template 1 crypto

[AP-wlan-st-1] ssid mactest

# Enable the RSN information element in the beacon and probe response frames, and enable the

CCMP cipher suite.

[AP-wlan-st-1] security-ie rsn

[AP-wlan-st-1] cipher-suite ccmp

# Specify the open-system authentication mode, and enable the service template.

[AP-wlan-st-1] authentication-method open-system

[AP-wlan-st-1] service-template enable

# Configure a RADIUS scheme named rad. Configure the IP addresses of both the primary

authentication and authorization servers as 10.1.1.88, the shared key of the authentication,

This manual is related to the following products: