華爲無線控制器啓用802.1X認證配置

第一步、配置基礎配置

<AC6005>system-view
[AC6005]vlan batch 10 to 14
[AC6005]int vlan 10
[AC6005-Vlanif10]ip address 192.168.10.254 24
[AC6005-Vlanif10]quit

[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6005-GigabitEthernet0/0/1]quit

[AC6005]capwap source interface vlan 10

第二步、wlan配置

[AC6005]wlan
[AC6005-wlan-view]ap auth-mode no-auth

[AC6005-wlan-view]regulatory-domain-profile name CN    
[AC6005-wlan-regulate-domain-CN]country-code CN
[AC6005-wlan-regulate-domain-CN]quit

[AC6005-wlan-view]ap-group name ap-group    
[AC6005-wlan-ap-group-ap-group]regulatory-domain-profile CN
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:Y
[AC6005-wlan-ap-group-ap-group]quit

[AC6005-wlan-view]ssid-profile name wlan-ssid
[AC6005-wlan-ssid-prof-wlan-ssid]ssid 802.1X
Warning: This action may cause service interruption. Continue?[Y/N]y

[AC6005-wlan-view]security-profile name sec_802.1X  #建立終端接入安全模板

[AC6005-wlan-sec-prof-sec_802.1X]security wpa2 dot1x aes #認證方式dot1x

[AC6005-wlan-sec-prof-sec_802.1X]quit

[AC6005-wlan-view]vap-profile name wlan_vap
[AC6005-wlan-vap-prof-wlan_vap]forward-mode direct-forward
[AC6005-wlan-vap-prof-wlan_vap]service-vlan vlan-id 11
[AC6005-wlan-vap-prof-wlan_vap]security-profile sec_802.1X
[AC6005-wlan-vap-prof-wlan_vap]ssid-profile wlan-ssid

第三步、認證部分配置

[AC6005]radius-server template radius_temp #建立radius服務器模板

[AC6005-radius-radius_temp]radius-server authentication 192.168.14.254 1812 #radius認證服務器地址爲192.168.14.254，認證端口1812
[AC6005-radius-radius_temp]radius-server accounting 192.168.14.254 1813

[AC6005-radius-radius_temp]radius-server shared-key cipher 123456 #設置預共享密鑰123456

[AC6005-radius-radius_temp]radius-server user-name original  #設備向RADIUS服務器發送的用戶名爲用戶原始輸入的用戶名

[AC6005-radius-radius_temp]undo radius-server user-name domain-included #輸入用戶名以後不須要附帶域名

[AC6005-radius-radius_temp]quit
[AC6005]radius-server authorization 192.168.14.254 shared-key simple 123456 #radius受權服務器地址爲192.168.14.254

[AC6005]aaa
[AC6005-aaa]authentication-scheme auth_scheme #建立認證方案
[AC6005-aaa-authen-auth_scheme]authentication-mode radius #認證模式爲radius

[AC6005-aaa]accounting-scheme account_scheme #建立計費方案  
[AC6005-aaa-accounting-account_scheme]accounting-mode radius #計費模式爲radius
[AC6005-aaa-accounting-account_scheme]accounting realtime 15 #設置計費週期15分鐘

[AC6005-aaa-accounting-account_scheme]quit

[AC6005-aaa]domain radius_domain #建立域
[AC6005-aaa-domain-radius_domain]authentication-scheme auth_scheme #綁定認證方案
[AC6005-aaa-domain-radius_domain]accounting-scheme account_scheme #綁定計費方案
[AC6005-aaa-domain-radius_domain]radius-server radius_temp #綁定radius服務器模板
[AC6005-aaa-domain-radius_domain]quit

[AC6005]dot1x-access-profile name 802.1X #建立dot1x模板

[AC6005-dot1x-access-profile-802.1X]quit
[AC6005]authentication-profile name authen_802.1X #建立認證模板
[AC6005-authentication-profile-authen_802.1X]dot1x-access-profile 802.1X #應用dot1x模板

[AC6005-authentication-profile-authen_802.1X]authentication-scheme authen_scheme  #應用認證方案

[AC6005-authentication-profile-authen_802.1X]accounting-scheme account-scheme

[AC6005-authentication-profile-authen_802.1X]access-domain raduis_domain  #應用接入域

[AC6005-authentication-profile-authen_802.1X]quit

[AC6005]wlan

[AC6005-wlan-view]vap-profile name wlan_vap

[AC6005-wlan-vap-prof-wlan_vap]authentication-profile 802.1X
[AC6005-wlan-vap-prof-wlan_vap]

display ip pool interface vlanif2 used  查看dhcp使用多少地址

display station offline-record sta-mac 14cf-9208-9abf（終端MAC）#若是緣由是The signal strength is too low表示終端信號低致使掉線display aaa abnormal-offline-record all display ap online-fail-record  all  #上線失敗記錄display ap offline-record all #下線記錄