beautypg.com

H3C Technologies H3C WA2600 Series WLAN Access Points User Manual

Page 32

background image

5-17

[AP] dot1x authentication-method eap

# Configure a RADIUS scheme name rad. Configure the IP addresses of both the primary

authentication and authorization servers as 10.18.1.88, the shared key of the authentication,

authorization, and accounting servers as 12345678, and configure the scheme to exclude the ISP

domain name from the usernames sent to the RADIUS server.

[AP] radius scheme rad

[AP-radius-rad] primary authentication 10.18.1.88

[AP-radius-rad] primary accounting 10.18.1.88

[AP-radius-rad] key authentication 12345678

[AP-radius-rad] key accounting 12345678

[AP-radius-rad] user-name-format without-domain

[AP-radius-rad] quit

# Configure AAA domain cams by referencing RADIUS authentication/authorization/accounting

scheme rad.

[AP] domain cams

[AP-isp-cams] authentication lan-access radius-scheme rad

[AP-isp-cams] authorization lan-access radius-scheme rad

[AP-isp-cams] accounting lan-access radius-scheme rad

[AP-isp-cams] quit

# Configure cams as the default ISP domain.

[AP] domain default enable cams

# Configure port security on interface WLAN-BSS 1: specify the port mode as userlogin-secure-ext,

and the key type as 802.11 key.

[AP] interface wlan-bss 1

[AP-WLAN-BSS1] port-security port-mode userlogin-secure-ext

[AP-WLAN-BSS1] port-security tx-key-type 11key

# Disable the multicast trigger function and the online user handshake function.

[AP-WLAN-BSS1] undo dot1x multicast-trigger

[AP-WLAN-BSS1] undo dot1x handshake

[AP-WLAN-BSS1] quit

# Create a crypto-type WLAN service template, configure its SSID as dot1xtest.

[AP] wlan service-template 1 crypto

[AP-wlan-st-1] ssid dot1xtest

# Enable the RSN information element in the beacon and probe response frames, and enable the

CCMP cipher suite.

[AP-wlan-st-1] security-ie rsn

[AP-wlan-st-1] cipher-suite ccmp

# Specify the open-system authentication mode, and enable the WLAN service template.

[AP-wlan-st-1] authentication-method open-system

[AP-wlan-st-1] security-ie rsn

[AP-wlan-st-1] service-template enable

[AP-wlan-st-1] quit

# Configure the radio type as 802.11g for radio interface WLAN-Radio 1/0/2, and bind service template

1 to interface WLAN-BSS1 on the radio interface.

[AP] interface wlan-radio1/0/2

[AP-WLAN-Radio1/0/2] radio-type dot11g

[AP-WLAN-Radio1/0/2] service-template 1 interface wlan-bss 1

This manual is related to the following products: