Table of Contents
Advertisement
Figure 18 802.1x authentication configuration
RADIUS server
10.18.1.88/24
IP network
FAT AP
L2 switch
Client
10.18.1.1/24
Configuration procedure
Configure the fat AP.
1.
# Enable port security and configure the 802.1X authentication mode as EAP.
<Sysname> system-view
[Sysname] port-security enable
[Sysname] dot1x authentication-method eap
# Configure a RADIUS scheme name rad and configure the IP addresses of the primary authentication server
and accounting server as 10.18.1.88.
[Sysname] radius scheme rad
[Sysname-radius-rad] primary authentication 10.18.1.88
[Sysname-radius-rad] primary accounting 10.18.1.88
# Configure the shared key for RADIUS authentication/accounting packets as 12345678.
[Sysname-radius-rad] key authentication 12345678
[Sysname-radius-rad] key accounting 12345678
[Sysname-radius-rad] user-name-format without-domain
[Sysname-radius-radius1] quit
# Configure AAA domain imc by referencing RADIUS scheme rad.
[Sysname] domain imc
[Sysname-isp-imc] authentication lan-access radius-scheme rad
[Sysname-isp-imc] authorization lan-access radius-scheme rad
[Sysname-isp-imc] accounting lan-access radius-scheme rad
[Sysname-isp-imc] quit
# Configure the default ISP domain.
[Sysname] domain default enable imc
# Set the port mode for WLAN-ESS 1 to userlogin-secure-ext, and enable 802.1 1 key negotiation.
[Sysname] interface wlan-bss 1
[Sysname-WLAN-BSS1] port-security port-mode userlogin-secure-ext
[Sysname-WLAN-BSS1] port-security tx-key-type 11key
# Disable the multicast trigger function and the online user handshake function.
[Sysname-WLAN-BSS1] undo dot1x multicast-trigger
[Sysname-WLAN-BSS1] undo dot1x handshake
[Sysname-WLAN-BSS1] quit
# Create service template 1 of crypto type and configure its SSID as dot1x.
42
Advertisement
Table of Contents
