Context
AP authentication includes non-authentication, MAC address authentication, and SN authentication. If AP authentication mode is set to non-authentication, an AC allows all APs to go online, but security risks exist. If AP authentication mode is set to MAC address authentication or SN authentication, only APs that have passed the authentication can go online.
Procedure
- Check current AP authentication mode.
Operation in V200R005:
<AC6605> display ap-auth-mode AP authentication mode: MAC-auth //The AP authentication mode is MAC address authentication.
Operation in V200R006:
<AC6605> display ap global configuration -------------------------------------------------------------------------------- AP auth-mode : MAC-auth //The AP authentication mode is MAC address authentication. AP LLDP swtich : disable AP username/password : -/****** AP data collection : disable AP data collection interval(minute): 5 --------------------------------------------------------------------------------
If AP authentication mode is set to MAC address authentication or SN authentication, check whether the AP that fails to go online is in the unauthorized AP list.
Operation in V200R005:
<AC6605> display unauthorized-ap record Unauthorized AP record: Total number: 1 ------------------------------------------------------------------------------ AP type: AP7110DN-AGN AP sn: 210235555310D1000067 AP mac address: dcd2-fc22-d880 //The AP with MAC address dcd2-fc22-d880 is in the unauthorized AP list. AP ip address: 192.168.40.253 Record time: 2013-09-14 16:32:26 ------------------------------------------------------------------------------
Operation in V200R006:
<AC6605> display ap unauthorized record Unauthorized AP record: -------------------------------------------------------------------------------- AP type: AP7110DN-AGN AP SN: 210235555310D1000067 AP MAC address: dcd2-fc22-d880 //The AP with MAC address dcd2-fc22-d880 is in the unauthorized AP list. AP IP address: 10.1.7.251 Record time: 2015-11-17 10:36:43 -------------------------------------------------------------------------------- AP type: AP3010DN-AGN P MAC address: dcd2-fc9a-c800 AP IP address: 10.1.7.249 Record time: 2015-11-17 10:36:43 -------------------------------------------------------------------------------- Total number: 2
If an AP exists in the unauthorized AP list, perform any of the following operations to allow the AP to pass the authentication:
Operation in V200R005:- Confirm unauthenticated APs and allow them to go online.
<AC6605> system-view [AC6605] wlan [AC6605-wlan-view] ap-confirm mac dcd2-fc22-d880
- Add the AP to the whitelist.
<AC6605> system-view [AC6605] wlan [AC6605-wlan-view] ap-whitelist mac dcd2-fc22-d880
- Add the AP offline.
<AC6605> system-view [AC6605] wlan [AC6605-wlan-view] ap id 10 ap-type ap7110dn-agn mac dcd2-fc22-d880
Operation in V200R006:- Confirm unauthenticated APs and allow them to go online.
<AC6605> system-view [AC6605] wlan [AC6605-wlan-view] ap-confirm mac dcd2-fc22-d880
- Add the AP to the whitelist.
<AC6605> system-view [AC6605] wlan [AC6605-wlan-view] ap whitelist mac dcd2-fc22-d880
- Add the AP offline.
<AC6605> system-view [AC6605] wlan [AC6605-wlan-view] ap-id 10 ap-mac dcd2-fc22-d880
- If the AP still fails to go online, check whether the AP model is supported by the AC.
<AC6605> display ap-type all -------------------------------------------------------------------------------- ID Type -------------------------------------------------------------------------------- 17 AP6010SN-GN 19 AP6010DN-AGN 21 AP6310SN-GN 23 AP6510DN-AGN 25 AP6610DN-AGN 27 AP7110SN-GN 28 AP7110DN-AGN 29 AP5010SN-GN 30 AP5010DN-AGN 31 AP3010DN-AGN 33 AP6510DN-AGN-US 34 AP6610DN-AGN-US 35 AP5030DN 36 AP5130DN 37 AP7030DE 38 AP2010DN 39 AP8130DN 40 AP8030DN 42 AP9330DN 43 AP4030DN 44 AP4130DN 45 AP3030DN 46 AP2030DN 47 AP9131DN 48 AP9132DN 49 AP5030DN-S 50 AP3010DN-V2 51 AP4030DN-E 52 AD9430DN-24 53 AD9430DN-12 54 R230D 55 R240D -------------------------------------------------------------------------------- Total: 32
If the AP model is not in the above list, it is not supported by the AC. Upgrade the AC version following the instructions in the Upgrade Guide.
To obtain the Upgrade Guide, log in to Huawei enterprise support website (http://support.huawei.com/enterprise), and obtain the Upgrade Guide for the specified product model and version.