H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 52
40
[AC-wlan-ap-ap2-prvs] tunnel encryption ipsec pre-shared-key simple 12345
[AC-wlan-ap-ap2-prvs] save wlan ap provision name ap2
[AC-wlan-ap-ap2-prvs] quit
[AC-wlan-ap-ap2] quit
# Create AP 3 and enter AP configuration view, configure the AP to use IPsec key abcde to encrypt the
control and data tunnels, and save the configuration to the wlan_ap_cfg.wcfg file of the AP.
[AC] wlan ap ap3 model WA2620E-AGN
[AC-wlan-ap-ap3] provision
[AC-wlan-ap-ap3-prvs] tunnel encryption ipsec pre-shared-key simple abcde
[AC-wlan-ap-ap3-prvs] data-tunnel encryption enable
[AC-wlan-ap-ap3-prvs] save wlan ap provision name ap3
[AC-wlan-ap-ap3-prvs] return
# Reboot AP 2 and AP 3 to validate the configuration.
<AC> reset wlan ap name ap2
<AC> reset wlan ap name ap3
# Configure an IPsec security proposal.
<AC> system-view
[AC] ipsec transform-set tran1
[AC-ipsec-transform-set-tran1] encapsulation-mode tunnel
[AC-ipsec-transform-set-tran1] transform esp
[AC-ipsec-transform-set-tran1] esp encryption-algorithm des
[AC-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[AC-ipsec-transform-set-tran1] quit
# Create a DPD name dpd.
[AC] ike dpd dpd
# Set the ISAKMP SA keepalive interval to 100 seconds.
[AC] ike sa keepalive-timer interval 100
# Set the ISAKMP SA keepalive timeout to 300 seconds.
[AC] ike sa keepalive-timer timeout 300
# Enable invalid SPI recovery.
[AC] ipsec invalid-spi-recovery enable
# Configure IKE peer ap2, configure the pre-shared key 12345 (the same as that on AP 2), and apply a
DPD detector to AP 2.
[AC] ike peer ap2
[AC-ike-peer-ap2] remote-address 10.1.1.3
[AC-ike-peer-ap2] pre-shared-key 12345
[AC-ike-peer-ap2] dpd dpd
[AC-ike-peer-ap2] quit
# Configure IKE peer ap3, configure the pre-shared key abcde (the same as that on AP 3), and apply a
DPD detector to AP 3.
[AC] ike peer ap3
[AC-ike-peer-ap3] remote-address 10.1.1.4
[AC-ike-peer-ap3] pre-shared-key abcde
[AC-ike-peer-ap3] dpd dpd
[AC-ike-peer-ap3] quit