Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 107
93
[AC-WLAN-ESS1] dot1x mandatory-domain bbb
[AC-WLAN-ESS1] quit
# Configure the WLAN service template.
[AC] wlan service-template 1 crypto
[AC-wlan-st-1] ssid sectest
[AC-wlan-st-1] bind WLAN-ESS 1
[AC-wlan-st-1] authentication-method open-system
[AC-wlan-st-1] cipher-suite tkip
[AC-wlan-st-1] security-ie wpa
[AC-wlan-st-1] service-template enable
6.
Verify the configuration
Use the display radius scheme radoff and display domain bbb commands to view AAA configuration,
and use the display dot1x interface wlan-ess1 command to view 802.1X configuration. After the 802.1X
user passes EAP authentication by using the username in the
username@bbb format and successfully
logs in, use the display connection command to display the user's connection information.
Level switching authentication for Telnet users by an
HWTACACS server
Network requirements
As shown in
, the Telnet user communicates with the AC through the AP and the AC connects
to the HWTACACS server. Configure the AC to use the HWTACACS server for level switching
authentication of the Telnet user:
•
Configure an ACS server to act as an HWTACACS server for Telnet user authentication. The IP
address of the server is 10.1.1.1/24.
•
Set the shared key for authenticating authentication packets to expert and specify that usernames
sent to the HWTACACS server carry no domain name.
•
Configure the AC to use local authentication for the Telnet user and assign the privilege level of 0
for the user after login.
•
Configure the AC to use the HWTACACS server and, if HWTACACS authentication is not available,
use local authentication for level switching authenticate of the Telnet user.
Figure 48 Network diagram