Control of temporary access of wireless users, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 112
98
# Disable the online user handshake function.
[AC-WLAN-ESS1] undo dot1x handshake
# Disable the 802.1X multicast trigger function.
[AC-WLAN-ESS1] undo dot1x multicast-trigger
# Configure the port to use mandatory authentication domain bbb. Then, the AC will use the
authentication, authorization, and accounting methods of this domain for all users accessing this port.
This step is optional.
[AC-WLAN-ESS1] dot1x mandatory-domain bbb
[AC-WLAN-ESS1] quit
# Configure the WLAN service template.
[AC] wlan service-template 1 crypto
[AC-wlan-st-1] ssid sectest
[AC-wlan-st-1] bind WLAN-ESS 1
[AC-wlan-st-1] authentication-method open-system
[AC-wlan-st-1] cipher-suite tkip
[AC-wlan-st-1] security-ie wpa
[AC-wlan-st-1] service-template enable
3.
Verify the configuration
After completing the configuration, use the display dot1x interface wlan-ess 1 command to check the
configuration. After the 802.1X user passes certificate-based EAP authentication, check the user's
connectivity status by using the display connection command.
Control of Temporary Access of Wireless Users
Network requirements
Some wireless clients need to temporarily access the network through an AP with the ID
210235A29G007C000020. The AC uses local EAP authentication (EAP-TLS) for user authentication. For
simplicity, configure a guest account on the AC for the users and configure the following limitations:
•
The expiration time of the guest account is 12:00:00 on August 8, 2011.
•
Only users with the SSID aabbcc can use the guest account for login.
Figure 51 Network diagram
Internet
AC
AP
Client
L2 switch
Client