Configuration procedure – H3C Technologies H3C MSR 50 User Manual

1-32

Figure 1-22 Client access control configuration diagram

AC

10.100.100.200/24

L2 switch

AP 1

AP 2

RADIUS server
10.100.100.100/24

Client

Client

Configuration procedure

1) Configuration on the AC

# Enable port security.

<AC> system-view

[AC] port-security enable

# Enable EAP authentication mode.

[AC] dot1x authentication-method eap

# Create a RADIUS scheme.

[AC] radius scheme wlan-user-policy

# Specify the RADIUS server and keys for authentication and accounting.

[AC-radius-wlan-user-policy] server-type extended

[AC-radius-wlan-user-policy] primary authentication 10.100.100.100

[AC-radius-wlan-user-policy] primary accounting 10.100.100.100

[AC-radius-wlan-user-policy] key authentication wlan

[AC-radius-wlan-user-policy] key accounting wlan

# Specify the IP address of the AC.

[AC-radius-wlan-user-policy] nas-ip 10.100.100.200

[AC-radius-wlan-user-policy] quit

# Configure an ISP domain named universal by referencing the configured RADIUS scheme.

[AC] domain universal

[AC-isp-universal] authentication default radius-scheme wlan-user-policy

[AC-isp-universal] authorization default radius-scheme wlan-user-policy

[AC-isp-universal] accounting default radius-scheme wlan-user-policy

[AC-isp-universal] quit

# Configure domain universal as the default domain.