01-10 Deploying WLAN AP

Huawei AR100-S&AR110-S&AR120-S&AR150-
S&AR160-S&AR200-S&AR1200-S&AR2200-
S&AR3200-S Series Enterprise Routers
CLI-based Typical Configuration Examples 10 Deploying WLAN AP
10 Deploying WLAN AP
About This Chapter
10.1 Example for Configuring Wireless User Access to a WLAN

10.2 Example for Configuring WEP Open System Authentication and WEP Encryption
10.3 Example for Configuring Shared Key Authentication and WEP Encryption
10.4 Example for Configuring 802.1x+PEAP+TKIP(V200R003 and V200R005)
10.5 Example for Configuring 802.1x+TKIP (V200R006 and V200R007)
10.6 Example for Configuring 802.1x+PEAP+CCMP(V200R003 and V200R005)
10.7 Example for Configuring 802.1x+CCMP (V200R006 and V200R007)
10.8 Example for Configuring PSK Authentication and TKIP Encryption
10.9 Example for Configuring PSK Authentication and CCMP Encryption
10.10 Example for Configuring WAPI Authentication
10.11 Example for Configuring a WLAN QoS Policy
10.1 Example for Configuring Wireless User Access to a

WLAN
Specifications
This example applies only to the AR121W-S, AR101W-S, AR101GW-Lc-S, AR151W-P-S,
AR161W-S, and AR1220W-S.
Networking Requirements
As shown in Figure 10-1, an enterprise provides the WLAN service for users. The device
functions as a Fat AP, serves as a DHCP server to allocate IP addresses to users, and provides
wireless network access service using NAT.
Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 572

Copyright © Huawei Technologies Co., Ltd.
S&AR160-S&AR200-S&AR1200-S&AR2200-
NAT is configured on GigabitEthernet1/0/0. The public address of AR GigabitEthernet1/0/0 is

202.169.10.1/24 and the interface address of the AR connected to the carrier device is
100.10.20.2/24.
Figure 10-1 Networking diagram of WLAN service configurations
VLAN 100
STA1 GE 1/0/0
Network
STA2 Router
(FAT AP)
Procedure
Step 1 Configure the Router.
#
dhcp enable
#
vlan batch 100
#
dot1x enable //Enable 802.1X.
#
interface Vlanif100
ip address 192.168.0.1 255.255.255.0
dhcp select interface //Enable DHCP on VLANIF 100.
#
interface Wlan-Bss1 //Configure the WLAN-BSS interface.
port hybrid tagged vlan 100
#
wlan
wmm-profile name wmm id 1 //Create a WMM profile.
traffic-profile name traffic id 1 //Create a traffic profile and retain the
default parameter settings.
security-profile name security id 1 //Create a security profile.
security-policy wpa2 //Configure the WPA2 security policy.
wpa2 authentication-method psk pass-phrase cipher %^%#Q-%d~;.Aj!
<@qOUJ=vMG~rie2vkWOOUq>`5f73RU%^%# encryption-method ccmp //Set the
data encryption mode to CCMP.
service-set name huawei id 0 //Create a service set.
Wlan-Bss 1 //Bind the service set to WLAN-BSS 1.
ssid huawei //Specify the SSID.
traffic-profile id 1 //Bind the service set to the traffic
profile.
security-profile id 1 //Bind the service set to the security
profile.
radio-profile name radio-1 id 1 //Create a radio profile.
wmm-profile id 1 //Bind the radio profile to the WMM
profile.
#
interface Wlan-Radio0/0/0
radio-profile id 1 //Bind the radio interface to the radio profile.
service-set id 0 wlan 1 //Bind the radio interface to the service set.
#
acl number 2000 //Configure ACL 2000.
rule 1 permit source 192.168.0.0 0.0.0.255 //Configure rule 1 to permit packets
with the source IP address of 192.168.0.0.
#
nat address-group 1 202.169.10.100 202.169.10.200 //Configure a public address
pool.
#
interface GigabitEthernet1/0/0

S&AR160-S&AR200-S&AR1200-S&AR2200-
ip address 202.169.10.1 255.255.255.0 //Configure a public IP address.

nat outbound 2000 address-group 1 //Bind the ACL to the address pool.
#
ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 //Configure a static route.
#
Step 2 Verify the configuration.
The WLAN with the SSID huawei is available for STAs connected to the AP, and these STAs
can connect to the WLAN.
Run the display station assoc-info interface wlan-radio0/0/0 [ service-set service-set-id ]

command on the router to view information about all STAs associated with a radio or service
set on a radio.
----End
Configuration Notes
l The default country code of a Router is CN. You can change it based on actual
networking.
l After a WMM profile is created, parameters in the profile use default values.
l After a traffic profile is created, parameters in the profile use default values.
l After a security profile is created, you can select the security policy based on actual
networking. The security policy mode can be WEP, WPA, WPA2, or WAPI.
10.2 Example for Configuring WEP Open System

Authentication and WEP Encryption
Specifications
As shown in Figure 10-2, the device functions as the Fat AP to provide WLAN services and
uses WEP open system authentication and WEP encryption. The WLAN with the SSID
huawei is available for STAs connected to the AR.
Figure 10-2 Networking of WEP open system authentication and WEP encryption
VLAN 10
STA1
Network
STA2 Router
(FAT AP)

S&AR160-S&AR200-S&AR1200-S&AR2200-
Procedure
Step 1 Configure the router.
#
vlan 10
#
dhcp enable //Enable DHCP.
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select interface //Enable the DHCP server function on VLANIF 10.
#
interface Wlan-Bss0 //Configure a WLAN-BSS interface.
#
wlan
wmm-profile name wmm id 1 //Create a WMM profile and use default
settings.
traffic-profile name traffic id 1 //Create a traffic profile and use
default settings.
security-profile name security id 1 //Create a security profile named
security, and use WEP open system authentication and WEP-40 encryption.
security-policy wep //Configure WEP shared key authentication.
wep authentication-method open-system data-encrypt
wep key wep-40 pass-phrase 0 cipher %^%#Q-%d~;.Aj!<@qOUJ=vMG~rie2vkWOOUq>`5f73RU
%^%# //Configure WEP-40 encryption. Only later versions of ARV200R002C01
support cipher.
wep default-key 0 //Set the default key ID for WEP
encryption.
service-set name service-set id 0 //Create a service set.
Wlan-Bss 0 //Bind the service set to the WLAN-BSS 0 interface.
traffic-profile id 1 //Bind the service set to the traffic profile.
security-profile id 1 //Bind the service set to the security profile.
wmm-profile id 1 //Bind the radio profile to the WMM profile.
#
radio-profile id 1 //Bind the radio profile to the radio interface.
service-set id 0 wlan 1 //Bind the service set to the radio interface.

# The WLAN with the SSID huawei is available for STAs connected to the AR. Users can
use WLAN services with WEP share key.
# Run the display station assoc-info interface wlan-radio0/0/0 [ service-set service-set-id ]
set on a radio.
----End
Configuration Notes
l The default country code of the AR router is CN. You can change it based on actual
networking.

S&AR160-S&AR200-S&AR1200-S&AR2200-
10.3 Example for Configuring Shared Key Authentication

and WEP Encryption
Specifications
uses open system authentication and WEP encryption. The WLAN with the SSID huawei is
available for STAs connected to the AR.
Figure 10-3 Networking diagram of security policy configurations
VLAN 10
STA1
Network
STA2 Router
(FAT AP)
Procedure
#
vlan 10
#
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
dhcp select interface //Enable the DHCP server function on VLANIF 10.
#
#
wlan
settings.
default settings.
security, and set the authentication mode to WEP open system authentication and
the encryption mode to WEP-40.
security-policy wep //Configure WEP shared key authentication.
wep authentication-method share-key
wep key wep-40 pass-phrase 1 cipher %^%#Q-%d~;.Aj!<@qOUJ=vMG~rie2vkWOOUq>`5f73RU
%^%# //Configure WEP-40 encryption. Only later versions of ARV200R002C01
support cipher.
wep default-key 1 //Set the
default key ID for WEP encryption.
service-set name service-set id 0 //Create a service set.

S&AR160-S&AR200-S&AR1200-S&AR2200-

#

# The WLAN with the SSID huawei is available for STAs connected to the AR. The STAs
can associate with the AR.
command on the Router to view information about all STAs associated with a radio or service
set on a radio.
NOTE
In shared key authentication and WEP encryption mode, after the PC scans the SSID, if you double-
click the SSID and enter the key, association may fail.
----End
Configuration Notes
l The default country code of the router is CN. You can change it based on actual
networking.
10.4 Example for Configuring 802.1x+PEAP

+TKIP(V200R003 and V200R005)
Specifications
uses 802.1x+PEAP+TKIP. The WLAN with the SSID huawei is available for STAs
connected to the device.

S&AR160-S&AR200-S&AR1200-S&AR2200-
Figure 10-4 Networking of 802.1x+PEAP+TKIP
I n t ernet
VLAN101
STA1 RADIUS Server

10.137.146.163
STA2 Router
(FAT AP)
Network
Procedure
#
dot1x enable //Enable 802.1x authentication globally.
#
vlan batch 101
#
#
interface Vlanif101
ip address 192.168.0.1 255.255.255.0
dhcp select interface //Enable the DHCP server function on a VLANIF interface.
#
dot1x-authentication enable //Enable 802.1x authentication on the WLAN-BSS
interface. The command is dot1x enable in later versions of ARV200R005C00.
dot1x authentication-method eap //Set the authentication mode to EAP.
#
radius-server template peap.radius.com //Create a RADIUS server
template.
radius-server authentication 10.137.146.163 1812 //Configure the IP address and
port number for the RADIUS authentication server.
radius-server accounting 10.137.146.163 1813 //Configure the IP address and
port number for the RADIUS accounting server.
#
aaa
authentication-scheme radius //Create an authentication scheme named RADIUS.
authentication-mode radius //Set the authentication mode to RADIUS.
accounting-scheme radius //Create an accounting scheme named RADIUS.
accounting-mode radius //Set the authentication mode to RADIUS.
domain peap.radius.com //Create a domain peap.radius.com.
authentication-scheme radius //Apply the authentication scheme named RADIUS
to the domain.
accounting-scheme radius //Apply the accounting scheme named RADIUS to
the domain.
radius-server peap.radius.com //Apply the RADIUS server template to the
domain.
#
wlan
settings.
default settings.
security, and use 802.1x+PEAP+TKIP.

S&AR160-S&AR200-S&AR1200-S&AR2200-
security-policy wpa
service-set name ss-1 id 0 //Create a service set.
#
# The WLAN with the SSID huawei is available for STAs connected to the AR. To use
WLAN services, STAs must pass 802.1x authentication.
# Run the display security-profile { id profile-id | name profile-name } command on the

router to view the security profile.
Run the display station assoc-info interface wlan-radio0/0/0 [ service-set service-set-id ]

set on a radio.
----End
Configuration Notes
networking.
l There are reachable routes from the router to the RADIUS server.
l The RADIUS server needs to be configured.
l For security-3, WPA authentication must be used and 802.1x mode and encryption mode
must be enabled.
l When the security policy is set to WPA2, the default authentication mode is 802.1x
+PEAP+CCMP. This default configuration is not provided in the configuration file.
10.5 Example for Configuring 802.1x+TKIP (V200R006 and

V200R007)
Specifications
uses 802.1x+TKIP. The WLAN with the SSID huawei is available for STAs connected to the
device.
NOTE
In V200R006 and later versions, the router does not support PEAP authentication.

S&AR160-S&AR200-S&AR1200-S&AR2200-
Figure 10-5 Networking of 802.1x+TKIP
I n t ernet
VLAN101
STA1 RADIUS Server

10.137.146.163
STA2 Router
(FAT AP)
Network
Procedure
#
#
vlan batch 101
#
#
interface Vlanif101
ip address 192.168.0.1 255.255.255.0
#
#
template.
#
aaa
to the domain.
the domain.
domain.
#
wlan
settings.
default settings.
security, and use 802.1x+TKIP.

S&AR160-S&AR200-S&AR1200-S&AR2200-
security-policy wpa
#


set on a radio.
----End
Configuration Notes
networking.
l For security-3, WPA authentication must be used and 802.1x mode and encryption mode
must be enabled.
+CCMP. This default configuration is not provided in the configuration file.
10.6 Example for Configuring 802.1x+PEAP

+CCMP(V200R003 and V200R005)
Specifications
uses 802.1x+PEAP+CCMP. The WLAN with the SSID huawei is available for STAs
connected to the device.

S&AR160-S&AR200-S&AR1200-S&AR2200-
Figure 10-6 Networking of 802.1x+PEAP+CCMP
I n t ernet
VLAN102
STA1 RADIUS Server

10.137.146.163
STA2 Router
(FAT AP)
Network
Procedure
#
#
vlan batch 102
#
#
interface Vlanif102
ip address 192.168.1.1 255.255.255.0
#
interface Wlan-Bss1 //Configure a WLAN-BSS interface. port hybrid tagged vlan 102
#
template.
radius-server shared-key simple huawei //Configure teh shared key.
The AR and RADIUS server must use the same shared key.
#
aaa
to the domain.

S&AR160-S&AR200-S&AR1200-S&AR2200-
the domain.
domain.
#
wlan
settings.
default settings.
security, and use 802.1x+PEAP+CCMP.
security-policy wpa2
#


set on a radio.
----End
Configuration Notes
networking.
l For security, WPA authentication must be used and 802.1x mode and encryption mode
must be enabled.
+PEAP+CCMP. This default configuration is not provided in the configuration file.
10.7 Example for Configuring 802.1x+CCMP (V200R006

and V200R007)
Specifications

S&AR160-S&AR200-S&AR1200-S&AR2200-
uses 802.1x+CCMP. The WLAN with the SSID huawei is available for STAs connected to
the device.
NOTE
In V200R006 and later versions, the router does not support PEAP authentication.
Figure 10-7 Networking of 802.1x+CCMP
I n t ernet
VLAN102
STA1 RADIUS Server

10.137.146.163
STA2 Router
(FAT AP)
Network
Procedure
#
#
vlan batch 102
#
#
interface Vlanif102
ip address 192.168.1.1 255.255.255.0
#
interface Wlan-Bss1 //Configure a WLAN-BSS interface. port hybrid tagged vlan 102
#
template.

S&AR160-S&AR200-S&AR1200-S&AR2200-
radius-server shared-key simple huawei //Configure teh shared key.

The AR and RADIUS server must use the same shared key.
#
aaa
to the domain.
the domain.
domain.
#
wlan
settings.
default settings.
security, and use 802.1x+CCMP.
#


set on a radio.
----End
Configuration Notes
networking.
l For security, WPA authentication must be used and 802.1x mode and encryption mode
must be enabled.
+CCMP. This default configuration is not provided in the configuration file.

S&AR160-S&AR200-S&AR1200-S&AR2200-
10.8 Example for Configuring PSK Authentication and

TKIP Encryption
Specifications
uses PSK+TKIP. The WLAN with the SSID huawei is available for STAs connected to the
device.
Figure 10-8 Networking of PSK authentication and TKIP encryption
VLAN 102
STA1
Network
STA2 Router
(FAT AP)
Procedure
#
vlan 102
#
#
dot1x enable //Enable 802.1x. The PSK must be transmitted in EAPoL packets;
therefore, 802.1x must be enabled.
#
interface Vlanif102
ip address 192.168.1.1 255.255.255.0
#
#
wlan
settings.
default settings.
security, and use WPA+PSK+TKIP.
security-policy wpa
wpa authentication-method psk pass-phrase cipher %^%#Q-%d~;.Aj!
<@qOUJ=vMG~rie2vkWOOUq>`5f73RU%^%# encryption-method tkip

S&AR160-S&AR200-S&AR1200-S&AR2200-

#

# The WLAN with the SSID huawei is available for STAs connected to the AR. Users must
enter the preshared key 0123456789 to use WLAN services.
set on a radio.
----End
Configuration Notes
networking.
10.9 Example for Configuring PSK Authentication and

CCMP Encryption
Specifications
uses PSK+CCMP. The WLAN with the SSID huawei is available for STAs connected to the
device.
Figure 10-9 Networking of PSK authentication and CCMP encryption
VLAN 101
STA1
Network
STA2 Router
(FAT AP)
Procedure

S&AR160-S&AR200-S&AR1200-S&AR2200-
#
vlan 101
#
#
dot1x enable //Enable 802.1x. The PSK must be transmitted in EAPoL packets;
therefore, 802.1x must be enabled.
#
interface Vlanif101
ip address 192.168.0.1 255.255.255.0
#
#
wlan
settings.
default settings.
security, and use WPA2+PSK+CCMP.
wpa2 authentication-method psk pass-phrase cipher %^%#Q-%d~;.Aj!
<@qOUJ=vMG~rie2vkWOOUq>`5f73RU%^%# encryption-method ccmp
#
# The WLAN with the SSID huawei is available for STAs connected to the AR. Users must
enter the preshared key to use WLAN services.


set on a radio.
----End
Configuration Notes
networking.
10.10 Example for Configuring WAPI Authentication

Specifications

S&AR160-S&AR200-S&AR1200-S&AR2200-
uses WAPI. The WLAN with the SSID huawei is available for STAs connected to the device.
Figure 10-10 Networking of WAPI authentication
I n t ernet
VLAN101
STA1
ASU Server
STA2 Router 10.10.10.1
(FAT AP)
Network
Procedure
#
vlan batch 101
#
#
interface Vlanif101
ip address 192.168.0.1 255.255.255.0
#
#
wlan
settings.
default settings.
security.
security-policy wapi //Configure WAPI authentication.
wapi asu ip 10.10.10.1 //Set the ASU server IP address to
10.10.10.1.
wapi import certificate ap file-name flash:/huawei-ap.cer //Specify
the certificate file path and file name.
wapi import certificate asu file-name flash:/huawei-asu.cer //Specify
the ASU certificate file path and file name.
wapi import certificate issuer file-name flash:/huawei-issuer.cer //Specify
the issuer certificate file path and file name.
wapi import private-key file-name flash:/huawei-ap.cer //Specify
the private key file path and file name.
#

S&AR160-S&AR200-S&AR1200-S&AR2200-


set on a radio.
----End
Configuration Notes
networking.
l There is a reachable route from the router to the ASU server.
l The ASU server needs to be configured.
l Before configuring the policies of security, the AP certificate huawei-ap.cer, ASU
server certificate huawei-asu.cer, issuer certificate huawei-issuer.cer, and AP private
key certificate huawei-ap.cer have been stored on the device.
10.11 Example for Configuring a WLAN QoS Policy

Specifications
As shown in Figure 10-11, STA1 and STA2 are connected to the network through the Router.
The Router functions as a Fat AP, and STA2 is a VIP customer. The requirements are as
follows:
l Video service requirements of STA1 and STA2 are met first.
l Communication requirements of STA2 are met first when the network bandwidth is
insufficient.
Figure 10-11 Networking diagram of WLAN QoS policy configurations
VLAN 101
STA1
Network
VLAN 102
STA2 Router
VIP (FAT AP)

S&AR160-S&AR200-S&AR1200-S&AR2200-
Procedure
#
#
vlan batch 101 to 102
#
interface Vlanif101
ip address 192.168.0.1 255.255.255.0
dhcp select interface //Enable DHCP on the VLANIF interface.
#
interface Vlanif102
ip address 192.168.1.1 255.255.255.0
dhcp select interface
#
interface Wlan-Bss1 //Configure the WLAN-BSS interface.
#
interface Wlan-Bss2
#
wlan
wmm-profile name wmmf id 0
wmm-profile name huawei-vi id 1 // Create a WMM profile huawei-vi.
wmm edca ap ac-vi aifsn 1 ecw ecwmin 1 ecwmax 1 txoplimit 36 //Modify EDCA
parameters for video queues on an
AP to increase
the priority of video services.
wmm edca client ac-vi aifsn 1 ecw ecwmin 1 ecwmax 3 txoplimit 36 //Modify EDCA
parameters for video queues on
a STA to
increase the priority of video services.
traffic-profile name traf id 0
traffic-profile name huawei id 1 //Create a traffic profile huawei.
rate-limit client up 512 //Limit the STA upstream rate to 512 kbit/s.
rate-limit vap up 1024 //Limit the VAP upstream rate to 1024
kbit/s.
traffic-profile name huawei-vip id 2 //Create a traffic profile huawei-vip.
rate-limit client up 1024 //Limit the STA upstream rate to 1024
kbit/s.
rate-limit vap up 2048 //Limit the VAP upstream rate to 2048
kbit/s.
security-profile name secf id 0
security-profile name huawei id 1 //Crate a security profile huawei and use
default parameters.
service-set name huawei-1 id 0 //Create a service set huawei-1.
Wlan-Bss 1
ssid huawei-1 //Configure an SSID huawei-1.
traffic-profile id 1 //Bind the traffic profile huawei to the service set.
security-profile id 1
service-set name huawei-2 id 1 //Create a service set huawei-2.
Wlan-Bss 2
ssid huawei-2 //Configure an SSID huawei-2.
traffic-profile id 2 //Bind the traffic profile huawei-vip to the service set.
security-profile id 1
radio-profile name radiof id 0
wmm-profile id 0
radio-profile name huawei-vi id 1
wmm-profile id 1
#
radio-profile id 1 //Bind the radio profile huawei-vi to the radio
interface.
service-set id 0 wlan 1 //Bind the service set huawei-1 to the radio interface.
service-set id 1 wlan 2 //Bind the service set huawei-2 to the radio interface.

S&AR160-S&AR200-S&AR1200-S&AR2200-
# Two WLANs with SSIDs huawei-1 and huawei-2 are available for STAs connected to the
Router. STA 1 and STA2 select WLANs with SSIDs huawei-1 and huawei-2.
command on the Router to view information about all STAs associated with a radio or service
set on a radio.
----End
Configuration Notes
l The default country code of a Router is CN. You can change it based on actual
networking.
l You can improve the priority of video services by modifying the following parameters
for the AC_VI queue in the WMM profile: arbitration inter frame spacing number
(AIFSN), exponent form of minimum contention window (ECWmin), exponent form of
maximum contention window (ECWmax), and transmission opportunity limit
(TXOPlimit).


Sprache

Willkommen bei Scribd!

01-10 Deploying WLAN AP

Hochgeladen von

Dokumentinformationen

Beschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Beschreibung:

Copyright:

Verfügbare Formate

01-10 Deploying WLAN AP

Hochgeladen von

Beschreibung:

Copyright:

Verfügbare Formate

Verwandte Titel

Huawei AR100-S&AR110-S&AR120-S&AR150-

About This Chapter

10.1 Example for Configuring Wireless User Access to a WLAN

10.1 Example for Configuring Wireless User Access to a

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 572

NAT is configured on GigabitEthernet1/0/0. The public address of AR GigabitEthernet1/0/0 is

Figure 10-1 Networking diagram of WLAN service configurations

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 573

ip address 202.169.10.1 255.255.255.0 //Configure a public IP address.

Step 2 Verify the configuration.

Run the display station assoc-info interface wlan-radio0/0/0 [ service-set service-set-id ]

10.2 Example for Configuring WEP Open System

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 574

Step 2 Verify the configuration.

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 575

10.3 Example for Configuring Shared Key Authentication

Figure 10-3 Networking diagram of security policy configurations

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 576

ssid huawei //Specify the SSID.

Step 2 Verify the configuration.

10.4 Example for Configuring 802.1x+PEAP

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 577

Figure 10-4 Networking of 802.1x+PEAP+TKIP

STA1 RADIUS Server

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 578

Step 2 Verify the configuration.

# Run the display security-profile { id profile-id | name profile-name } command on the

Run the display station assoc-info interface wlan-radio0/0/0 [ service-set service-set-id ]

10.5 Example for Configuring 802.1x+TKIP (V200R006 and

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 579

Figure 10-5 Networking of 802.1x+TKIP

STA1 RADIUS Server

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 580

Step 2 Verify the configuration.

# Run the display security-profile { id profile-id | name profile-name } command on the

# Run the display station assoc-info interface wlan-radio0/0/0 [ service-set service-set-id ]

10.6 Example for Configuring 802.1x+PEAP

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 581

Figure 10-6 Networking of 802.1x+PEAP+CCMP

STA1 RADIUS Server

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 582

Step 2 Verify the configuration.

# Run the display security-profile { id profile-id | name profile-name } command on the

# Run the display station assoc-info interface wlan-radio0/0/0 [ service-set service-set-id ]

10.7 Example for Configuring 802.1x+CCMP (V200R006

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 583

Figure 10-7 Networking of 802.1x+CCMP

STA1 RADIUS Server

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 584

radius-server shared-key simple huawei //Configure teh shared key.

Step 2 Verify the configuration.

# Run the display security-profile { id profile-id | name profile-name } command on the

# Run the display station assoc-info interface wlan-radio0/0/0 [ service-set service-set-id ]

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 585

10.8 Example for Configuring PSK Authentication and

Figure 10-8 Networking of PSK authentication and TKIP encryption

Issue V2.6 (2018-07-06) Huawei Proprietary and Confidential 586

security-profile id 1 //Bind the service set to the security profile.