Huawei Ap6010dn-agn Configuration (Raidus certification)

The environment is broadly as follows:

Win Server 2008 as RADIUS and DHCP server, Raidus server only as a pure authentication server, not configured with authorization and accounting function, IP address is 192.168.1.1

AP6010 through a network cable to the development VLAN, through DHCP to assign IP address to the client, IFVLAN10 virtual interface address is: 192.168.0.254,VLAN10 Gateway to 192.168.0.1

I'll comment on the main parts of the configuration code.

Configuration essentials:

VLAN 10 \ \ Here is the VLAN for the wireless network

Domain defalut_admin \ \ Configure Default Domain

Dot1x enable \ \ must open dot1x to communicate with the RADIUS server

DHCP enable \ \ Open DHCP service

IP Relay Address cycle

DHCP relay detect enable \\DHCP to relay mode, which allows IP to be obtained from the DHCP server

Raidus-server template test \ \ Create a stencil named Test

Raidus-server shared-key cipher 1234567 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ 1234567. Note: The shared secret key is recommended for use with a strong secret key.

Raidus-server Authentication 192.168.1.1 1812 Weight \\raidus Server Authentication IP address, port number, weight

Undo Radius-server User-name Domain-included

Aaa

Authentication-scheme Test

Authentication-mode radius local \ \ Authentication Mode Raidus Server account authentication priority, local second

Service-scheme Test

Admin-user Privilege Level 15

Domain Default_admin

Authentication-scheme Test

Radius-server Test

Domain Csxinao

Authentication-scheme Csxinao

Radius-server Csxinao

Local-user admin password cipher 12345678 \ \ Local account number and password

Local-user admin privilege level 15 \ \ Permissions Registration

Local-user admin service-type telnet terminal ssh web \ \ Support Service type

Interface VLANIF10 \ \ Virtual Interface VLAN10

IP address 192.168.0.1 255.255.255.0 \\IP addresses that need to be in the same VLAN as the upstream interface

DHCP Select relay \\DHCP for Ultimate mode

Address of DHCP relay SERVER-IP 192.168.1.1 \\DHCP Server

Interface gigabitethernet0/0/0 \ \ Configure WAN ports

Port hybrid Pvid VLAN 10 \ \ port for promiscuous mode with VLAN10 binding

Port hybrid untagged VLAN 10

Interface WLAN-BSS0 \ \ Configure the Wireless interface 0

Port Hybrid Pvid VLAN 10

Port hybrid untagged VLAN 10

Dot1x Enable

DOT1X Authentication-method EAP \ \ Wireless network authentication mode for EAP

Permit-domain name test \ \ is bound to domain name

Force-domain name Test

IP route-static 0.0.0.0 0.0.0.0 192.168.0.1 \ config default route to Gateway

User-interface con 0 \ \ Configure the authentication mode when the console is connected, select Password Authentication here

Authentication-mode Password

Set Authentication password cipher \ Enter the authentication password after you press ENTER

User-interface vty 0 4 \ \ Remote Access mode is set to AAA authentication, through the account password authentication on the RADIUS server.

Authentication-mode AAA

User Privilege Level 15

WLAN \ \ Configure WLAN templates

Wmm-profile name TEST-WMM ID 0

Traffic-profile name test-traffic ID 0

Security-profile name test-security ID 0

Security-policy WPA2 \ \ Security Policy encryption method is WPA2

WPA2 authentication-method dot1x encryption-method tkip \\WPA2 Authentication mode and encryption method

Service-set name Test-service ID 0

WLAN-BSS 0 \ \ wlan-bss0 Bind the

SSID TEST \ \ declared SSID name

Traffic-profile ID 0

Security-profile ID 0

Radio-profile name Test-radio ID 0

Channel-switch announcement Enable

Wmm-profile ID 0

Interface wlan-radio0/0/0 \ \ Enter the wireless No. 0 interface (generally according to the number of Wlan-radio can be judged without a line by a few SSIDs can be loaded)

Radio-profile ID 0 \ \ radio-profile Bind ID 0 to the Wireless interface

Service-set ID 0 WLAN 1 \ \ Binds server-set ID 0 and WLAN 1 to the interface

This article is from the "Boundless" blog, please make sure to keep this source http://7492110.blog.51cto.com/7482110/1696688

Huawei Ap6010dn-agn Configuration (Raidus certification)