H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 82
70
[AC-WLAN-ESS1] dot1x mandatory-domain cams
# Configure the port security mode as userlogin-secure-ext, and enable 802.11 key negotiation.
[AC-WLAN-ESS1] port-security port-mode userlogin-secure-ext
[AC-WLAN-ESS1] port-security tx-key-type 11key
# Disable the multicast trigger function and the online user handshake function.
[AC-WLAN-ESS1] undo dot1x multicast-trigger
[AC-WLAN-ESS1] undo dot1x handshake
[AC-WLAN-ESS1] quit
# Create service template 1 of crypto type, configure its SSID as dot1x, and configure the tkip and
ccmp cipher suite.
[AC] wlan service-template 1 crypto
[AC-wlan-st-1] ssid dot1x
[AC-wlan-st-1] bind WLAN-ESS 1
[AC-wlan-st-1] authentication-method open-system
[AC-wlan-st-1] cipher-suite tkip
[AC-wlan-st-1] cipher-suite ccmp
[AC-wlan-st-1] security-ie rsn
[AC-wlan-st-1] service-template enable
[AC-wlan-st-1] quit
# Create an AP template named ap1 and its model is WA2100, and configure the serial ID of AP
1 as 210235A29G007C000020.
[AC] wlan ap ap1 model WA2100
[AC-wlan-ap-ap1] serial-id 210235A29G007C000020
# Bind service template 1 to radio 1.
[AC-wlan-ap-ap1] radio 1 type dot11g
[AC-wlan-ap-ap1-radio-1] service-template 1
[AC-wlan-ap-ap1-radio-1] radio enable
2.
Configure the RADIUS server (IMCv3):
NOTE:
The following takes the IMC (the IMC versions are IMC PLAT 3.20-R2602 and IMC UAM 3.60-E6102) as
an example to illustrate the basic configurations of the RADIUS server.
# Add access device.
a.
Log in to the IMC Platform.
b.
Click the Service tab, and then select Access Service > Access Device from the navigation tree
to enter the access device configuration page.
c.
Click Add on the page to enter the configuration page shown in
:
d.
Add 12345678 for Shared Key.
e.
Add ports 1812, and 1813 for Authentication Port and Accounting Port respectively.
f.
Select LAN Access Service for Service Type.
g.
Select H3C for Access Device Type.
h.
Select or manually add an access device with the IP address 10.18.1.1.