43
• You can use the display wlan client command and display port-security preshared-key
user command to view the online clients.
MAC and PSK authentication configuration example
Network requirements
As shown in Figure 14, perform MAC and PSK authentication on the client.
Figure 14 Network diagram
Configuring the fat AP
# Enable port security.
<Sysname> system-view
[Sysname] port-security enable
# Configure the port mode of the WLAN BSS interface as mac-and-psk (with the pre-shared key
12345678) and enable 802.11key negotiation.
[Sysname] interface wlan-bss 1
[Sysname-WLAN-BSS1] port-security port-mode mac-and-psk
[Sysname-WLAN-BSS1] port-security preshared-key pass-phrase 12345678
[Sysname-WLAN-BSS1] port-security tx-key-type 11key
[Sysname-WLAN-BSS1] quit
# Create service template 2 of crypto type and configure its SSID as mactest.
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] ssid mactest
# Enable the RSN-IE in the beacon and probe responses and enable the AES-CCMP cipher suite in
the encryption of frames.
[Sysname-wlan-st-1] security-ie rsn
[Sysname-wlan-st-1] cipher-suite ccmp
# Configure the authentication method as open-system and enable the service template.
[Sysname-wlan-st-1] authentication-method open-system
[Sysname-wlan-st-1] service-template enable
[Sysname-wlan-st-1] quit
# Configure the IP addresses of the primary authentication server and accounting server as
10.18.1.88, the shared key for RADIUS authentication/accounting packets as 12345678, and specify
the extended RADIUS server type.
[Sysname] radius scheme rad
[Sysname-radius-rad] primary authentication 10.18.1.88
[Sysname-radius-rad] primary accounting 10.18.1.88
[Sysname-radius-rad] server-type extended
IP network
L2 switch
FAT AP
Client
10.18.1.88/24
RADIUS server
10.18.1.1/24
To Next Page
Loading...
Need help?
General
