Manualshelf

R2511-HP MSR Router Series WLAN Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
51525354555657585960
47
[Sysname] dot1x authentication-method eap
# Create a RADIUS scheme rad, and specify the extended RADIUS server type.
[Sysname] radius scheme rad
[Sysname-radius-rad] server-type extended
# Configure the IP addresses of the primary authentication/authorization server as 10.18.1.88.
[Sysname-radius-rad] primary authentication 10.18.1.88
[Sysname-radius-rad] primary accounting 10.18.1.88
# Configure the shared key for RADIUS authentication/authorization packets as 12345678.
[Sysname-radius-rad] key authentication 12345678
[Sysname-radius-rad] key accounting 12345678
[Sysname-radius-rad] user-name-format without-domain
[Sysname-radius-radius1] quit
# Configure AAA domain imc by referencing RADIUS scheme rad.
[Sysname] domain imc
[Sysname-isp-imc] authentication lan-access radius-scheme rad
[Sysname-isp-imc] authorization lan-access radius-scheme rad
[Sysname-isp-imc] accounting lan-access radius-scheme rad
[Sysname-isp-imc] quit
# Specify imc as the default ISP domain.
[Sysname] domain default enable imc
# Configure the port security mode as userlogin-secure-ext, and enable 802.11 key negotiation
on the interface WLAN-BSS 1.
[Sysname] interface wlan-bss 1
[Sysname-WLAN-BSS1] port-security port-mode userlogin-secure-ext
[Sysname-WLAN-BSS1] port-security tx-key-type 11key
# Disable the multicast trigger function and the online user handshake function.
[Sysname-WLAN-BSS1] undo dot1x multicast-trigger
[Sysname-WLAN-BSS1] undo dot1x handshake
[Sysname-WLAN-BSS1] quit
# Create crypto-type service template 1, configure its SSID as dot1x, and configure the tkip and
ccmp cipher suite.
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] ssid dot1x
# Enable the RSN-IE in the beacon and probe responses and enable the AES-CCMP cipher suite
in the encryption of frames.
[Sysname-wlan-st-1] authentication-method open-system
[Sysname-wlan-st-1] cipher-suite ccmp
[Sysname-wlan-st-1] security-ie rsn
[Sysname-wlan-st-1] service-template enable
[Sysname-wlan-st-1] quit
# On interface WLAN-radio 2/0, bind service template 1 to interface WLAN-BSS 1.
[Sysname] interface wlan-radio2/0
[Sysname-WLAN-Radio2/0] radio-type dot11g
[Sysname-WLAN-Radio2/0] service-template 1 interface wlan-bss 1
2. Configure the RADIUS server:
See "Configuring the RADIUS server."