No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
security dot1x

security dot1x

Function

The security dot1x command configures pre-shared key (PSK) authentication and encryption for WPA and WPA2.

The undo security command restores the default security policy.

By default, the security policy is open system.

Format

security { wpa | wpa2 | wpa-wpa2 } dot1x { aes | tkip | aes-tkip }

security wpa-wpa2 dot1x tkip aes

undo security

Parameters

Parameter

Description

Value

wpa

Configures WPA authentication.

-

wpa2

Configures WPA2 authentication.

-

wpa-wpa2

Configures WPA-WPA2 authentication. STAs can be authenticated using WPA or WPA2.

-

aes

Configures AES encryption.

-

tkip

Configures TKIP encryption.

-

aes-tkip

Configures AES-TKIP encryption. After passing the authentication, STAs can use the AES or TKIP algorithm for data encryption.

-

Views

Security profile view

Default Level

2: Configuration level

Usage Guidelines

Application Scenario

WPA/WPA2 authentication includes WPA/WPA2 PSK authentication and 802.1X authentication, which are also called WPA/WPA2 personal edition and WPA/WPA2 enterprise edition respectively. 802.1X authentication is of high security and is applicable to enterprise networks.

To access a WLAN device using WPA or WPA2 802.1X authentication, run the security dot1x command. If multiple types of STAs are available, you can configure the WPA-WPA2 and TKIP-CCMP security policy for authentication and data encryption.

The security wpa-wpa2 dot1x tkip aes command indicates that WPA and WPA2 use TKIP and AES for data encryption, respectively.

Precautions

The following STAs do not support the WPA2 802.1X authentication and cannot access the AP. You must configure other security policies for the STAs.
  • Nokia: N8
  • HP: Pre 3

The authentication type in the security profile and authentication profile must both be set to 802.1X authentication. You can run the display wlan config-errors command to check whether error messages are generated for authentication type mismatch between the security profile and authentication profile.

The system displays the message only when the security profile has been bound to the other profiles.

If 802.1X authentication and TKIP or AES-TKIP encryption for WPA/WPA2 are configured, the access of non-HT STAs fails to be denied.

Example

# Configure WPA (802.1X authentication and TKIP encryption).

<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] security-profile name p1
[Huawei-wlan-sec-prof-p1] security wpa dot1x tkip
Warning:  If the wmm disable command, TKIP, WEP, or radio type of 802.11a/b/g is configured, the function of denying access of legacy STAs cannot take effect. 

# Configure WPA2 (802.1X authentication and TKIP encryption).

<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] security-profile name p1
[Huawei-wlan-sec-prof-p1] security wpa2 dot1x tkip
Warning:  If the wmm disable command, TKIP, WEP, or radio type of 802.11a/b/g is configured, the function of denying access of legacy STAs cannot take effect. 
# Configure WPA/WPA2 (802.1X authentication and AES-TKIP encryption).
<Huawei> system-view
[Huawei] wlan
[Huawei-wlan-view] security-profile name p1
[Huawei-wlan-sec-prof-p1] security wpa-wpa2 dot1x aes-tkip
Warning:  If the wmm disable command, TKIP, WEP, or radio type of 802.11a/b/g is configured, the function of denying access of legacy STAs cannot take effect. 
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 200053

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next