H3C MSR Series Configuration Manual page 55

Figure 21 Network diagram
IP network
Configuration procedure
1. Configure the fat AP:
# Enable port security.
<Sysname> system-view
[Sysname] port-security enable
# Configure the 802.1X authentication mode as EAP.
[Sysname] dot1x authentication-method eap
# Create a RADIUS scheme rad, and specify the extended RADIUS server type.
[Sysname] radius scheme rad
[Sysname-radius-rad] server-type extended
# Configure the IP addresses of the primary authentication server and accounting server as
10.18.1.88.
[Sysname-radius-rad] primary authentication 10.18.1.88
[Sysname-radius-rad] primary accounting 10.18.1.88
# Configure the shared key for RADIUS authentication/accounting packets as 12345678.
[Sysname-radius-rad] key authentication 12345678
[Sysname-radius-rad] key accounting 12345678
[Sysname-radius-rad] user-name-format without-domain
[Sysname-radius-radius1] quit
# Configure AAA domain cams by referencing RADIUS scheme rad.
[Sysname] domain cams
[Sysname-isp-cams] authentication lan-access radius-scheme rad
[Sysname-isp-cams] authorization lan-access radius-scheme rad
[Sysname-isp-cams] accounting lan-access radius-scheme rad
[Sysname-isp-cams] quit
# Specify cams as the default ISP domain.
[Sysname] domain default enable cams
# Configure the port security mode as userlogin-secure-ext, and enable 802.11 key
negotiation on the interface WLAN-BSS 1.
[Sysname] interface wlan-bss 1
[Sysname-WLAN-BSS1] port-security port-mode userlogin-secure-ext
[Sysname-WLAN-BSS1] port-security tx-key-type 11key
# Disable the multicast trigger function and the online user handshake function.
[Sysname-WLAN-BSS1] undo dot1x multicast-trigger
[Sysname-WLAN-BSS1] undo dot1x handshake
[Sysname-WLAN-BSS1] quit
RADIUS server
10.18.1.88/24
FAT AP
L2 switch
10.18.1.1/24
Client
48