H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 108
96
# Create mobility group roam, specify the tunnel source IP as 10.18.1.1, and specify a member
with IP address 10.18.1.2.
[AC1] wlan mobility-group roam
[AC1-wlan-mg-roam] source ip 10.18.1.1
[AC1-wlan-mg-roam] member ip 10.18.1.2
[AC1-wlan-mg-roam] mobility-group enable
2.
Configure AC 2:
# On interface WLAN-ESS 1, configure port security mode as userlogin-secure-ext, and enable key
negotiation of the 11key type.
<AC2> system-view
[AC2] interface wlan-ess 1
[AC2-WLAN-ESS1] port-security port-mode userlogin-secure-ext
[AC2-WLAN-ESS1] port-security tx-key-type 11key
# Disable the multicast trigger function and the online user handshake function.
[AC2-WLAN-ESS1] undo dot1x multicast-trigger
[AC2-WLAN-ESS1] undo dot1x handshake
[AC2-WLAN-ESS1] quit
# Create service template 1 of crypto type, configure its SSID as inter-roam, and bind
WLAN-ESS1 to intra-roam.
[AC2] wlan service-template 1 crypto
[AC2-wlan-st-1] ssid inter-roam
[AC2-wlan-st-1] bind wlan-ess 1
# Configure the authentication method as open-system, use the CCMP cipher suite for frame
encryption, and enable the RSN security IE to be carried in beacon and reply frames. .
[AC2-wlan-st-1] authentication-method open-system
[AC2-wlan-st-1] cipher-suite ccmp
[AC2-wlan-st-1] security-ie rsn
# Enable service template 1.
[AC2-wlan-st-1] service-template enable
[AC2-wlan-st-1] quit
# Enable port security.
[AC2] port-security enable
# Configure the 802.1X authentication method as EAP.
[AC2] dot1x authentication-method eap
# Create RADIUS scheme rad, and specify the server type as extended to exchange extended
messages with the server.
[AC2] radius scheme rad
[AC2-radius-rad] server-type extended
# Specify the IP addresses of the primary authentication and accounting servers as 10.18.1.5.
[AC2-radius-rad] primary authentication 10.18.1.5
[AC2-radius-rad] primary accounting 10.18.1.5
# Configure the authentication and accounting keys as 12345678.
[AC2-radius-rad] key authentication 12345678
[AC2-radius-rad] key accounting 12345678
# Configure the source IP address of RADIUS packets as 10.18.1.2.
[AC2-radius-rad] nas-ip 10.18.1.2