H3C Technologies H3C WA2600 Series WLAN Access Points User Manual
Page 32
5-17
[AP] dot1x authentication-method eap
# Configure a RADIUS scheme name rad. Configure the IP addresses of both the primary
authentication and authorization servers as 10.18.1.88, the shared key of the authentication,
authorization, and accounting servers as 12345678, and configure the scheme to exclude the ISP
domain name from the usernames sent to the RADIUS server.
[AP] radius scheme rad
[AP-radius-rad] primary authentication 10.18.1.88
[AP-radius-rad] primary accounting 10.18.1.88
[AP-radius-rad] key authentication 12345678
[AP-radius-rad] key accounting 12345678
[AP-radius-rad] user-name-format without-domain
[AP-radius-rad] quit
# Configure AAA domain cams by referencing RADIUS authentication/authorization/accounting
scheme rad.
[AP] domain cams
[AP-isp-cams] authentication lan-access radius-scheme rad
[AP-isp-cams] authorization lan-access radius-scheme rad
[AP-isp-cams] accounting lan-access radius-scheme rad
[AP-isp-cams] quit
# Configure cams as the default ISP domain.
[AP] domain default enable cams
# Configure port security on interface WLAN-BSS 1: specify the port mode as userlogin-secure-ext,
and the key type as 802.11 key.
[AP] interface wlan-bss 1
[AP-WLAN-BSS1] port-security port-mode userlogin-secure-ext
[AP-WLAN-BSS1] port-security tx-key-type 11key
# Disable the multicast trigger function and the online user handshake function.
[AP-WLAN-BSS1] undo dot1x multicast-trigger
[AP-WLAN-BSS1] undo dot1x handshake
[AP-WLAN-BSS1] quit
# Create a crypto-type WLAN service template, configure its SSID as dot1xtest.
[AP] wlan service-template 1 crypto
[AP-wlan-st-1] ssid dot1xtest
# Enable the RSN information element in the beacon and probe response frames, and enable the
CCMP cipher suite.
[AP-wlan-st-1] security-ie rsn
[AP-wlan-st-1] cipher-suite ccmp
# Specify the open-system authentication mode, and enable the WLAN service template.
[AP-wlan-st-1] authentication-method open-system
[AP-wlan-st-1] security-ie rsn
[AP-wlan-st-1] service-template enable
[AP-wlan-st-1] quit
# Configure the radio type as 802.11g for radio interface WLAN-Radio 1/0/2, and bind service template
1 to interface WLAN-BSS1 on the radio interface.
[AP] interface wlan-radio1/0/2
[AP-WLAN-Radio1/0/2] radio-type dot11g
[AP-WLAN-Radio1/0/2] service-template 1 interface wlan-bss 1