Example for Configuring a WPA2-PSK-AES Security Policy
Service Requirements
Because the WLAN is open to users, there are potential security risks if no security policy is configured for the WLAN. Users do not require high WLAN security, so no authentication server is required. A WEP or WPA/WPA2 (pre-shared key) security policy can be configured. STAs support WPA/WPA2, TKIP encryption, and AES encryption, so pre-shared key authentication and AES encryption are used to secure data transmission.
Networking Requirements
- DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to STAs.
Data Preparation
Item |
Data |
|---|---|
Service VLAN for STAs |
VLAN 101 |
DHCP server |
The AP functions as a DHCP server to assign IP addresses to STAs. |
IP address pool for STAs |
10.23.101.2-10.23.101.254/24 |
SSID profile |
|
Security profile |
|
VAP profile |
|
Configuration Roadmap
- Use the WLAN configuration wizard to configure WLAN services. Set the security policy to WPA-WPA2 PSK and AES.
- Configure radio calibration.
- Connect STAs to the WLAN to verify the configuration.
Procedure
- Configure basic WLAN services.
- Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Next. The IP and Rate page is displayed.
# Set IP address parameters.Configure the DNS server address as required.
# Click Finish.
- Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs. As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs communicate with the AP through this interface. You can use the default IP address of the AP to log in to the web platform. If you need to use the default IP address to log in to the web platform, do not delete VLAN 1.
# Click Finish.
- Configure Wi-Fi signals.
- Configure the AP channel and transmit power.
- Disable automatic channel and power calibration functions of AP radios and configure the AP channel and power.
The automatic channel and power calibration functions are enabled by default. The manual channel and power configurations take effect only when these two functions are disabled.
# Choose . The Radio0 page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.
# Disable automatic channel and power calibration functions of Radio 1, and set the AP channel to 20-MHz channel 149 and transmit power to 127 dBm. The configuration of Radio 1 is similar to that of Radio 0, and is not mentioned here.
# Click Apply. In the dialog box that is displayed, click OK.
- Disable automatic channel and power calibration functions of AP radios and configure the AP channel and power.
- Verify the configuration.
- The WLAN with the SSID wlan-net is available.
- The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its gateway address is 10.23.101.1.
- Choose . In User, you can see that STAs go online properly and obtain IP addresses.
- The STA can access the WLAN after the wireless user enters the password.
