Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 90
78
Figure 47 Network diagram
Configuration procedure
1.
Configure the AC:
# Enable port security.
<AC> system-view
[AC] port-security enable
# Configure the 802.1X authentication mode as EAP.
[AC] dot1x authentication-method eap
# Create a RADIUS scheme rad, and specify the extended RADIUS server type.
[AC] radius scheme rad
[AC-radius-rad] server-type extended
# Configure the IP addresses of the primary authentication and accounting servers as 10.18.1.88.
[AC-radius-rad] primary authentication 10.18.1.88
[AC-radius-rad] primary accounting 10.18.1.88
# Configure the shared key for RADIUS authentication/accounting as 12345678.
[AC-radius-rad] key authentication 12345678
[AC-radius-rad] key accounting 12345678
[AC-radius-rad] user-name-format without-domain
[AC-radius-rad] quit
# Configure AAA domain bbb by referencing RADIUS scheme rad.
[AC] domain bbb
[AC-isp-bbb] authentication lan-access radius-scheme rad
[AC-isp-bbb] authorization lan-access radius-scheme rad
[AC-isp-bbb] accounting lan-access radius-scheme rad
[AC-isp-bbb] quit
# Specify the mandatory domain as bbb.
[AC] interface WLAN-ESS 1
[AC-WLAN-ESS1] dot1x mandatory-domain bbb
# Configure the port security mode as userlogin-secure-ext.
[AC-WLAN-ESS1] port-security port-mode userlogin-secure-ext
# Disable the multicast trigger function and the online user handshake function.
[AC-WLAN-ESS1] undo dot1x multicast-trigger
[AC-WLAN-ESS1] undo dot1x handshake
[AC-WLAN-ESS1] quit
10.18.1.88/24
AC
L2 switch
AP
Client
RADIUS server
10.18.1.1/24