Example for Configuring WEP Authentication (Share-key Authentication and WEP Encryption)

NetEngine AR V300R019 CLI-based Configuration Guide - WLAN-FAT AP

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Networking Requirements

As shown in Figure 4-13, Router functions as a fat AP to provide wireless Internet access service and as a DHCP server to allocate IP addresses to STAs.

The administrator wants to use WEP shared key authentication to authenticate STAs and ensure data confidentiality for authorized STAs in the huawei WLAN.

Figure 4-13 Networking diagram for configuring WEP Authentication (Share-key Authentication and WEP Encryption)

Configuration Roadmap

The configuration roadmap is as follows:

Configure basic attributes for the AP, including the country code and DHCP server address, so that the AP can assign IP addresses to STAs.
Configure a WMM profile and a radio profile on the AP and bind the radio profile to a radio interface so that STAs can communicate with the AP.
Configure a WLAN-BSS interface and bind it to a service set so that radio packets can be sent to the WLAN service module after reaching the AP.
Configure a security profile, traffic profile file, and a service set on the AP, and bind the security profile and traffic profile to the service set to ensure access security and QoS for STAs.
Configure a VAP and deliver VAP parameters so that STAs can access the WLAN.

In shared key authentication and WEP encryption mode, after the PC scans an SSID, if you double-click the SSID and enter the key, association may fail.
By default, wireless network adapters use the open system authentication mode. When the shared key authentication mode is configured on the AP, you must manually configure the authentication mode on the network adapters.
Configure the WEP key, and key itself. When WEP encryption is used, the default key index on the Windows client is 1, and default-key is set to 0 on the AP. If default-key is set to 1 on the AP, you must manually set the key index to 2 on the Windows client.

Procedure

Configure basic AP attributes.
# Configure the country code for the AP.
```
<Huawei> system-view
[Huawei] wlan global country-code cn 
```
# Create a VLANIF interface, assign an IP address to it for Layer 3 packet forwarding, and enable the DHCP server function on the VLANIF interface. In this example, an address pool is configured on VLANIF 100 to assign IP addresses to STAs.
```
[Huawei] dhcp enable
[Huawei] vlan 100
[Huawei-vlan100] quit
[Huawei] interface vlanif 100
[Huawei-Vlanif100] ip address 10.10.10.1 24
[Huawei-Vlanif100] dhcp select interface
[Huawei-Vlanif100] quit
```

Configure radios for APs.

# Create a WMM profile named wmm-1 and retain the default parameter settings.

[Huawei] wlan
[Huawei-wlan-view] wmm-profile name wmm-1 id 1
[Huawei-wlan-wmm-prof-wmm-1] quit

# Create a radio profile named radio-1 and bind the WMM profile wmm-1 to it.

[Huawei-wlan-view] radio-profile name radio-1 
[Huawei-wlan-radio-prof-radio-1] wmm-profile name wmm-1 
[Huawei-wlan-radio-prof-radio-1] quit
[Huawei-wlan] quit

# Bind the radio profile radio-1 to a radio interface.

[Huawei] interface wlan-radio 0/0/0                                              
[Huawei-Wlan-Radio0/0/0] radio-profile name radio-1
[Huawei-Wlan-Radio0/0/0] quit

Configure service sets for APs.

# Configure a WLAN-BSS interface so that radio packets can be sent to the WLAN service module after reaching the AP.

[Huawei] interface wlan-bss 1  
[Huawei-Wlan-Bss1] port hybrid tagged vlan 100                                   
[Huawei-Wlan-Bss1] quit

# Configure a security profile named security-1 and set the authentication mode to shared key authentication and WEP encryption.

Configure WEP authentication for the security profile; set the WEP authentication mode to preshared key authentication; set the WEP key length to WEP-104, the key index to 0, and the key to 0123456789abc; and set the default key index for WEP authentication and encryption to 0.

[Huawei] wlan
[Huawei-wlan-view] security-profile name security-1 id 1
[Huawei-wlan-sec-prof-security-1] security-policy wep
[Huawei-wlan-sec-prof-security-1] wep key wep-104 pass-phrase 0 cipher 0123456789abc
[Huawei-wlan-sec-prof-security-1] wep authentication-method share-key
[Huawei-wlan-sec-prof-security-1] wep default-key 0
[Huawei-wlan-sec-prof-security-1] quit

# Create a traffic profile named traffic-1 and retain the default parameter settings.

[Huawei-wlan-view] traffic-profile name traffic-1 id 1
[Huawei-wlan-traffic-prof-traffic-1] quit

# Create a service set and set the SSID to huawei, bind the traffic profile, security profile, and WLAN-BSS interface to the service set.

[Huawei-wlan-view] service-set name huawei-1 id 1
[Huawei-wlan-service-set-huawei-1] ssid huawei
[Huawei-wlan-service-set-huawei-1] traffic-profile name traffic-1
[Huawei-wlan-service-set-huawei-1] security-profile name security-1
[Huawei-wlan-service-set-huawei-1] wlan-bss 1
[Huawei-wlan-service-set-huawei-1] quit
[Huawei-wlan-view] quit

Configure a VAP.

# Bind the service set huawei-1 to a radio interface.

[Huawei] interface wlan-radio 0/0/0  
[Huawei-Wlan-Radio0/0/0] service-set name huawei-1   
[Huawei-Wlan-Radio0/0/0] quit

Verify the configurations.
# The WLAN with SSID huawei is available for STAs connected to the AP.

# If a STA has an incorrect shared key configured, the STA cannot access the Internet.

# After the PC scans an SSID, if you double-click the SSID and enter the key, association may fail. You must manually configure the authentication mode and key index.
- Configuration on the Windows XP operating system:
  1. On the Association tab page of the Wireless network properties dialog box, add SSID huawei, set the network authentication mode to shared-key mode and encryption mode to WEP, and configure the network key and corresponding key index.
- Configuration on the Windows 7 operating system:
  1. Access the Manage wireless networks page, click Add, and select Manually create a network profile. Add SSID huawei, set the encryption and authentication modes, and click Next.
  2. Scan SSIDs to search WLANs. Double-click SSID huawei, click the Security tab, and set the key index on the Security tab page.

Configuration Files

Configuration file of the Router

#
 vlan batch 100
#
 dhcp enable
#
interface Vlanif100
 ip address 10.10.10.1 255.255.255.0
 dhcp select interface
#
interface Wlan-Bss1
 port hybrid tagged vlan 100
#
wlan
 wmm-profile name wmmf id 0
 wmm-profile name wmm-1 id 1
 traffic-profile name traf id 0
 traffic-profile name traffic-1 id 1
 security-profile name secf id 0
 security-profile name security-1 id 1
  wep authentication-method share-key
  wep key wep-104 pass-phrase 0 cipher %^%#Q-%d~;.Aj!<@qOUJ=vMG~rie2vkWOOUq>`5f73RU%^%#
 service-set name huawei-1 id 1
  Wlan-Bss 1
  ssid huawei
  traffic-profile id 1
  security-profile id 1
 radio-profile name radiof id 0
  wmm-profile id 0
 radio-profile name radio-1 id 1
  wmm-profile id 1
#
interface Wlan-Radio0/0/0
 radio-profile id 1
 service-set id 1 wlan 1
#
return

Translation

简体中文

Download

Updated: 2021-11-30

Document ID: EDOC1100112363

Downloads: 213

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate