Modifying a service policy template – H3C Technologies H3C Intelligent Management Center User Manual

135

{

Layer2 Isolation—Set whether to enable Layer 2 isolation. This parameter must be configured

in combination with the user-isolation vlan command executed on the AC. If the function is
enabled, clients in the permitted MAC address list can communicate with other clients in the

same VLAN. For example, if you execute the user-isolation vlan 1 permit-mac 0000-1111-

2222 command on the AC and enable Layer 2 isolation, client 0000-1111-2222 can visit

other clients in VLAN 1, but other clients cannot visit each other.

NOTE:

To make sure clients can access the internet after Layer 2 isolation is enabled, add the MAC
address of the gateway into the permitted MAC address list first. Otherwise, clients and the

gateway are isolated from each other.

{

Max Clients—Maximum number of clients allowed in the service policy.

8.

If Crypto is selected as the Encryption Mode, set the following security parameters, as needed:

{

Security IE—Select the security IE used in the beacon frames and probe responses sent by
the fit AP. Options are None, RSN, WPA, and All. None indicates no security IE is configured.

All indicates both RSN and WPA are configured.

−

RSN—A robust security network is a security network that only allows the creation of
robust security network associations to provide greater protection than WEP and WPA.

−

WPA—WPA is superior to WEP, which operates in either WPA-PSK (or Personal) mode or
WPA-802.1X (or Enterprise) mode. In Personal mode, a pre-shared key or pass-phrase is

used for authentication. In Enterprise mode, 802.1X and RADIUS servers and the EAP are
used for authentication.

For more information about RSN and WPA, see the related device manual.

{

Cipher Suite—Select the cipher suite used for data frame encryption and decryption. Options
are TKIP, CCMP, WEP40, and WEP104. You can set the key index and key only when you

select WEP40 or WEP104. You cannot select both WEP40 and WEP104.

−

WEP—Includes WEP40 and WEP104, and both are static WEP encryption mechanisms.
A WEP40 key is 40 bits and a WEP104 key is 104 bits. WEP uses RC4 encryption, and

requires that all clients accessing the wireless network use the same key.

−

TKIP—Temporal Key Integrity Protocol uses the RC4 algorithm as WEP does, but provides
more secure protection for WLAN. TKIP enhances the security of pre-802.11i hardware.

−

CCMP—Counter mode with CBC-MAC Protocol is a Counter-Mode/CBC-MAC
mechanism based on AES to provide high security.

{

Key Index—Enter the authentication key index for clients.

{

Key—Enter the authentication key for clients. For WEP40, the key is a string of 5
alphanumeric characters. For WEP104, the key is a string of 13 alphanumeric characters.

9.

Click OK.

Modifying a service policy template

This function cannot modify the SSID of an existing service policy template.
To modify a service policy template:

1.

Click the Service tab.

2.

From the navigation tree, select WLAN Manager > Configuration Management.
The Configuration Management page appears.

3.

Click the Comware-Based tab.