Home | 简体中文 | 繁体中文 | 杂文 | Search | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 作品与服务 | Email

14.6. 用户验证

14.6.1. Telnet

local-user neo
 password simple chen
 service-type telnet

			

14.6.2. WEP

WEP 加密

			
<WA2220E-AG>system-view
System View: return to User View with Ctrl+Z.
[WA2220E-AG]interface WLAN-BSS2
[WA2220E-AG-WLAN-BSS2]wlan service-template 2 crypto
[WA2220E-AG-wlan-st-2]ssid www.example.com
[WA2220E-AG-wlan-st-2]authentication-method open-system
[WA2220E-AG-wlan-st-2]cipher-suite wep40
[WA2220E-AG-wlan-st-2]wep default-key 1 wep40 pass-phrase 123456
[WA2220E-AG-wlan-st-2]service-template enable

[WA2220E-AG]interface WLAN-Radio 1/0/2
[WA2220E-AG-WLAN-Radio1/0/2]service-template 2 interface WLAN-BSS 2
[WA2220E-AG-WLAN-Radio1/0/2]quit
			
			


interface WLAN-BSS2
wlan service-template 2 crypto
ssid www.example.com
authentication-method open-system
cipher-suite wep40
wep default-key 1 wep40 pass-phrase 12345
service-template enable

interface WLAN-Radio 1/0/2
service-template 2 interface WLAN-BSS 2

14.6.3. WAP2

wlan service-template 2 crypto
 ssid www.example.com
 cipher-suite ccmp
 security-ie rsn
 service-template enable


interface WLAN-BSS2
 port-security port-mode psk
 port-security tx-key-type 11key
 port-security preshared-key pass-phrase simple your_password

 interface WLAN-Radio1/0/2
 service-template 2 interface wlan-bss 2
#

			

14.6.4. WAP2 cipher

 wlan service-template 3 crypto
 ssid www.example.com
 cipher-suite ccmp
 security-ie rsn
 service-template enable

interface WLAN-BSS3
 port link-type hybrid
 port hybrid vlan 1 untagged
 port-security port-mode psk
 port-security tx-key-type 11key
 port-security preshared-key pass-phrase cipher wrWR2LZofLw4qvbcs+daVw==
#
interface WLAN-Radio1/0/2
 service-template 3 interface wlan-bss 3
#
			

14.6.5. Mac

配置radius scheme:
radius scheme mac-radius
primary authentication 192.168.30.3
primary accounting 192.168.30.3
secondary authentication 192.168.30.4
secondary accounting 192.168.30.4
key authentication 123456
key accounting 123456
user-name-format without-domain

2、配置MAC认证的域:
domain mac-dom
authentication default radius-scheme mac-radius
authorization default radius-scheme mac-radius
accounting default radius-scheme mac-radius
access-limit disable
state active
idle-cut disable
self-service-url disable

3、配置全局MAC认证:
port-security enable
mac-authentication domain mac-dom

4、开启无线端口的MAC认证
[AP01]  int WLAN-BSS 1
[AP01-WLAN-BSS1]   port-security port-mode mac-authentication
[AP01]  int WLAN-BSS 2
[AP01-WLAN-BSS2]   port-security port-mode mac-authentication
			
comments powered by Disqus