No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
Fat AP and Cloud AP V200R019C00 Web-based Configuration Guide

This document describes how to configure and maintain devices through the web NMS client.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring 802.1X Authentication

Example for Configuring 802.1X Authentication

Service Requirements

Due to openness of the WLAN, there are security risks. To meet requirements for high security, 802.1X authentication is used and the RADIUS server authenticates identities of STAs.

Networking Requirements

  • DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to STAs.
Figure 3-6 Networking for configuring 802.1X authentication

Data Planning

Table 3-1 AP data planning

Item

Data

Service VLAN for STAs

VLAN 101

DHCP server

The AP functions as a DHCP server to assign IP addresses to STAs.

IP address pool for STAs

10.23.101.3-10.23.101.254/24

DNS: 8.8.8.8

Address that cannot be assigned: 10.23.101.2 (IP address of the router)

SSID profile

  • Name: wlan-net

  • SSID name: wlan-net

Security profile

  • Name: wlan-net

  • Security policy: WPA-WPA2 802.1X+AES

  • Password: a1234567

Authentication profile

  • Name: wlan-net

  • Referenced profile: 802.1X profile wlan-net, RADIUS Server profile wlan-net and authentication scheme wlan-net

VAP profile

  • Name: wlan-net

  • Service VLAN: VLAN 101

  • Referenced profile: SSID profile wlan-net and security profile wlan-net

STA's gateway

VLANIF101: 10.23.101.1

STA user name and password
  • User name: huawei
  • Password: huawei123

RADIUS server
  • IP address: 10.23.102.1
  • Port number: 1812
  • Shared key: huawei123

Configuration Roadmap

The configuration roadmap is as follows:
  1. Use the WLAN configuration wizard to configure WLAN services. Configure 802.1X and RADIUS authentication and set RADIUS server parameters.
  2. Configure a DNS server address in the DHCP address pool of the service VLAN to provide the DNS service for the STA.
  3. Configure a static route so that the AP forwards the packet to the router after receiving the packet from the STA.
  4. Connect STAs to the WLAN to verify the configuration.

Procedure

  1. Configure the switches and router.

    # Add GE0/0/1 and GE0/0/3 on the aggregation switch to VLAN 101.

    # Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the default gateway for the AP.

    # Configure a RADIUS server, configure a user name and password, and set the shared key to huawei123.

  2. Configure WLAN services.
    1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
    2. Configure Wi-Fi signals.

      # Click Create. The Basic Information page is displayed.

      # Configure basic information about an SSID.

      # Click Next. The IP and Rate page is displayed.

      # Set IP address parameters.

      # Click Finish.

    3. Configure Internet connection parameters.

      # Click Next. The Configure Internet Connection page is displayed.

      # Add an interface to VLAN 101 in tagged mode.

      If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs. As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs communicate with the AP through this interface. You can use the default IP address of the AP to log in to the web platform. If you need to use the default IP address to log in to the web platform, do not delete VLAN 1.



      # Click Finish.

  3. Configure DNS.

    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.

    1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
    2. Configure the DNS server address for the STA and click OK.

  4. Configure a static route.
    1. Choose Configuration > IP Service > Route. The Route page is displayed.
    2. Click Create in Static Route Configuration Table.



    3. Click OK.
  5. Verify the configuration.

    • The WLAN with SSID wlan-net is available for STAs connected to the AP.
    • The wireless PC obtains an IP address after it associates with the WLAN.
    • Use the 802.1X authentication client on a STA and enter the correct user name and password. The STA is authenticated and can access the WLAN. You must configure the client for PEAP authentication.

      • Configuration on the Windows XP operating system:

        1. On the Association tab page of the Wireless network properties dialog box, add SSID wlan-net, set the authentication mode to WPA2, and encryption algorithm to AES.
        2. On the Authentication tab page, set EAP type to PEAP and click Properties. In the Protected EAP Properties dialog box, deselect Validate server certificate and click Configure. In the displayed dialog box, deselect Automatically use my Windows logon name and password and click OK.

      • Configuration on the Windows 7 operating system:

        1. Access the Manage wireless networks page, click Add, and select Manually create a network profile. Add SSID wlan-net. Set the authentication mode to WPA2-Enterprise, and encryption algorithm to AES. Click Next.
        2. Click Change connection settings. On the Wireless Network Properties page that is displayed, select the Security tab page and click Settings. In the Protected EAP Properties dialog box, deselect Validate server certificate and click Configure. In the displayed dialog box, deselect Automatically use my Windows logon name and password and click OK.
        3. On the Wireless Network Properties page, click Advanced settings. On the Advanced settings page that is displayed, select Specify authentication mode, set the identity authentication mode to User authentication, and click OK.

    • After wireless users connect to the network, run the display access-user access-type dot1x command on the AP to view users in 802.1X authentication mode. The user huawei has gone online successfully.

      <HUAWEI> display access-user access-type dot1x 
------------------------------------------------------------------------------
UserID Username                IP address       MAC            Status          
------------------------------------------------------------------------------
460    huawei                  10.23.101.254    8000-6e74-e78a Success 
------------------------------------------------------------------------------
Total: 1, printed: 1

Translation
简体中文
Download
Updated: 2021-11-19

Document ID: EDOC1100096316

Views: 79634

Downloads: 4078

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :