当前位置:网站首页>Configuring WAPI certificate security policy for Huawei wireless devices

Configuring WAPI certificate security policy for Huawei wireless devices

2022-07-24 15:36:00 51CTO

 

Huawei wireless device configuration WAPI- Certificate security policy _WLAN

1. To configure LSW and AC, send AP And AC Can transmit between CAPWAP message

[LSW1]vlan batch 100

[LSW1-GigabitEthernet0/0/1]port link-type trunk  

[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

[LSW1-GigabitEthernet0/0/2]port link-type trunk          

[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100

[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100

[LSW1-GigabitEthernet0/0/2]port-isolate enable

[AC1]vlan batch 100

[AC1-GigabitEthernet0/0/1]port link-type trunk  

[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

2. To configure AC Interworking with the upper network equipment

[AC1]vlan batch 101 102 103

[AC1-Vlanif101]ip add 10.1.101.1 24

[AC1-Vlanif102]ip add 10.1.102.1 24

[AC1-Vlanif103]ip add 10.1.103.1 24

[AC1-GigabitEthernet0/0/2]port link-type access  

[AC1-GigabitEthernet0/0/2]port default vlan 102

[AC1-GigabitEthernet0/0/3]port link-type trunk  

[AC1-GigabitEthernet0/0/3]port trunk allow-pass vlan 103

[AC1-GigabitEthernet0/0/3]port trunk pvid vlan 103

[AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.102.2

3. To configure AC to AP Distribute IP Address ,AR to STA Distribute IP Address

[AC1]dhcp enable  

[AC1-Vlanif100]ip add 10.1.100.1 24

[AC1-Vlanif100]dhcp select interface

[AC1-Vlanif101]dhcp select relay  

[AC1-Vlanif101]dhcp relay server-ip 10.1.102.2

[AR1]dhcp enable  

[AR1-ip-pool-sta]gateway-list 10.1.101.1

[AR1-ip-pool-sta]dns-list 8.8.8.8

[AR1-ip-pool-sta]network 10.1.101.0 mask 24

[AR1-GigabitEthernet0/0/0]ip add 10.1.102.2 24

[AR1-GigabitEthernet0/0/0]dhcp select global  

[AR1]ip route-static 10.1.101.0 24 10.23.102.1

4. To configure AP go online

  establish AP Group

[AC1]wlan

[AC1-wlan-view]ap-group name ap-group1  

  Create domain management template , Configure... Under the domain management template AC Country code and in AP Reference domain management template under group

[AC1-wlan-view]regulatory-domain-profile name domain1

[AC1-wlan-regulate-domain-domain1]country-code cn

[AC1-wlan-view]ap-group name ap-group1                

[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1

[AC1]capwap source interface Vlanif 100

  stay AC Import online and offline AP, And will AP Join in AP Group

[AC1-wlan-view]ap auth-mode mac-auth  

[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc19-7cf0

[AC1-wlan-ap-0]ap-name ap1

[AC1-wlan-ap-0]ap-group ap-group1

 

Huawei wireless device configuration WAPI- Certificate security policy _WLAN_02

5. To configure WLAN Business parameters

  Create a security template , And configure the security policy

[AC1]wlan  

[AC1-wlan-view]security-profile name wlan-security

[AC1-wlan-sec-prof-wlan-security]security wapi certificate  

[AC1-wlan-sec-prof-wlan-security]wapi asu ip 10.1.103.2

[AC1-wlan-sec-prof-wlan-security]wapi import certificate ac format pem file-name flash:/as.cer

[AC1-wlan-sec-prof-wlan-security]wapi import certificate asu format pem file-name flash:/as.cer  

[AC1-wlan-sec-prof-wlan-security]wapi import certificate issuer format pem file-name flash:/as.cer

[AC1-wlan-sec-prof-wlan-security]wapi import private-key format pem file-name flash:/ae.cer  

establish SSID Templates , And configuration SSID name

[AC1-wlan-view]ssid-profile name wlan-ssid

[AC1-wlan-ssid-prof-wlan-ssid]ssid wlan-net

  establish VAP Templates , Configure business data forwarding mode 、 Business VLAN, And reference the security template 、 Certification templates and SSID Templates

[AC1-wlan-view]vap-profile name wlan-vap

[AC1-wlan-vap-prof-wlan-vap]forward-mode tunnel  

[AC1-wlan-vap-prof-wlan-vap]service-vlan vlan-id 101

[AC1-wlan-vap-prof-wlan-vap]security-profile wlan-security

[AC1-wlan-vap-prof-wlan-vap]ssid-profile wlan-ssid

  To configure AP Group reference VAP Templates ,AP RF on 0 And RF 1 All use VAP Template configuration

[AC1-wlan-view]ap-group name ap-group1

[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 0

[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio 1

6. To configure AP RF channel and power

  Turn off the RF channel and power auto tuning function

[AC1-wlan-view]rrm-profile name default

[AC1-wlan-rrm-prof-default]calibrate auto-channel-select disable  

[AC1-wlan-rrm-prof-default]calibrate auto-txpower-select disable

  To configure AP RF channel and power

[AC1-wlan-view]ap-id 0

[AC1-wlan-ap-0]radio 0

[AC1-wlan-radio-0/0]channel 20mhz 6

[AC1-wlan-radio-0/0]eirp 127

[AC1-wlan-ap-0]radio 1        

[AC1-wlan-radio-0/1]channel 20mhz 149

[AC1-wlan-radio-0/1]eirp 127

原网站

版权声明
本文为[51CTO]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/205/202207241532357812.html

边栏推荐

猜你喜欢

随机推荐