Express method – H3C Technologies H3C Intelligent Management Center User Manual

104

{

Synchronize AC—Apply the service policy to all ACs in the specified AC group. To apply the

service policy only to the current AC, do not select this option. This option is available only
when the AC belongs to at least one AC group.

{

AC Group—Select an AC group. Options are all AC groups to which the current AC belongs.
This option is available only when Synchronize AC Configuration is selected.

{

Layer2 Isolation—Set whether to enable Layer 2 isolation. This parameter must be configured
in combination with the user-isolation vlan command executed on the AC. If the function is

enabled, clients in the permitted MAC address list can communicate with other clients in the

same VLAN. For example, if you execute the user-isolation vlan 1 permit-mac 0000-1111-
2222 command on the AC and enable Layer 2 isolation, client 0000-1111-2222 can visit

other clients in VLAN 1, but other clients cannot visit each other.

NOTE:

To make sure clients can access the internet after layer 2 isolation is enabled, add the MAC
address of the gateway into the permitted MAC address list first. Otherwise, clients and the
gateway are isolated from each other.

7.

If Crypto is selected as the Encryption Mode, set the following security parameters as needed:

{

Security IE—Select the security IE used in the beacon frames and probe responses sent by
the fit AP. Options are None, RSN, WPA, and All. None indicates no security IE is configured.

All indicates both RSN and WPA are configured.

−

RSN—A robust security network is a security network that only allows the creation of
robust security network associations to provide greater protection than WPA.

−

WPA—WPA operates in either WPA-PSK (or Personal) mode or WPA-802.1X (or
Enterprise) mode. In Personal mode, a pre-shared key or pass-phrase is used for

authentication. In Enterprise mode, 802.1X and RADIUS servers and the EAP are used for

authentication.

For more information about RSN and WPA, see the related device manual.

{

Cipher Suite—Select the cipher suite used for data frame encryption and decryption. Options
are TKIP, CCMP, WEP40, and WEP104. You can set the key index and key only when you

select WEP40 or WEP104. You cannot select both WEP40 and WEP104.

−

WEP—Includes WEP40 and WEP104, and they both are static WEP encryption
mechanisms. A WEP40 key is 40 bits and a WEP104 key is 104 bits. WEP uses RC4

encryption and requires that all clients accessing the wireless network use the same key.

−

TKIP—Temporal Key Integrity Protocol uses the RC4 algorithm as WEP does, but provides
more secure protection for WLAN.

−

CCMP—Counter mode with CBC-MAC Protocol is a Counter-Mode/CBC-MAC
mechanism based on advanced encryption standard (AES) to provide high security.

{

Key Index—Enter the authentication key index for clients.

{

Key—Enter the authentication key for clients. For WEP40, the key is a string of 5
alphanumeric characters. For WEP104, the key is a string of 13 alphanumeric characters.

8.

Click OK.

Express method

To add a service policy by using the express method:

1.

Click the Service tab.

2.

From the navigation tree, select WLAN Manager > Resource Management > ACs.