- Table of Contents
-
- 05-Comware 9 CLI-based configuration examples (AC+fit AP deployment)
- 01-HTTPS Login Configuration Examples
- 02-SSH Configuration Examples
- 03-License Management Configuration Examples
- 04-AP Association with the AC at Layer 2 Configuration Examples
- 05-AP Association with the AC at Layer 2 (IPv6) Configuration Examples
- 06-Auto AP Configuration Examples
- 07-AP Association with the AC at Layer 3 Configuration Examples
- 08-AP Association with the AC at Layer 3 (IPv6) Configuration Examples
- 09-WEP Encryption Configuration Examples
- 10-PSK Encryption Configuration Examples
- 11-WPA3-SAE PSK Encryption Configuration Examples
- 12-WLAN Access (IPv6) Configuration Examples
- 13-Policy-Based Forwarding with Dual Gateways Configuration Examples
- 14-Scheduled Configuration Deployment by AP Group Configuration Examples
- 15-Inter-AC Roaming with Static Client VLAN Allocation Configuration Examples
- 16-Service Template and Radio Binding Configuration Examples
- 17-Scheduled WLAN Access Services Configuration Examples
- 18-Local Portal Authentication Configuration Examples
- 19-HTTPS-Based Local Portal Authentication Configuration Examples
- 20-Remote Portal Authentication Configuration Examples
- 21-Local Portal Authentication through LDAP Server Configuration Examples
- 22-Local Portal Auth and SSID-based Auth Page Pushing Configuration Examples
- 23-Local Portal MAC-Trigger Authentication Configuration Examples
- 24-Portal MAC-Trigger Authentication Configuration Examples
- 25-Local Forwarding Mode and Local Portal MAC-Trigger Auth Configuration Examples
- 26-Local Portal Authentication (IPv6) Configuration Examples
- 27-Local Portal Authentication through LDAP Server (IPv6) Configuration Examples
- 28-Remote Portal Authentication (IPv6) Configuration Examples
- 29-Portal MAC-Trigger Authentication (IPv6) Configuration Example
- 30-Remote Portal Authentication with User Profile Authorization Configuration Examples
- 31-Portal Fail-Permit Configuration Examples
- 32-Local MAC Authentication Configuration Examples
- 33-Remote MAC Authentication Configuration Examples
- 34-Transparent Auth Through Remote MAC and Portal Auth Configuration Examples
- 35-Remote AP, Remote Portal, and MAC-Trigger Authentication Configuration Examples
- 36-MAC Authentication with Guest VLAN Assignment Configuration Examples
- 37-MAC Authentication with Guest VLAN Assignment (IPv6) Configuration Examples
- 38-Local MAC-And-802.1X Authentication Configuration Examples
- 39-Local 802.1X Authentication Configuration Examples
- 40-Local RADIUS-Based 802.1X Authentication in EAP Relay Mode Configuration Examples
- 41-Remote 802.1X Authentication Configuration Examples
- 42-Remote 802.1X Authentication (IPv6) Configuration Examples
- 43-Remote 802.1X Authentication in WPA3-Enterprise Mode Configuration Examples
- 44-802.1X Auth with ACL Assignment Through IMC Server Configuration Examples
- 45-802.1X Auth with User Profile Assignment Through IMC Server Configuration Examples
- 46-EAD Authentication Configuration Examples
- 47-EAD Authentication (IPv6) Configuration Examples
- 48-Local Forwarding Mode and Local Portal Authentication Configuration Examples
- 49-Local Forwarding Mode Direct Portal Authentication Configuration Examples
- 50-Local Forwarding Mode Direct Portal Authentication (IPv6) Configuration Examples
- 51-Local Forwarding Configuration Examples
- 52-Wired Port Local Forwarding through Wireless Terminator Configuration Examples
- 53-Remote AP Configuration Examples
- 54-Downlink VLAN Management for Fit-Mode APs Configuration Examples
- 55-WIPS Configuration Examples
- 56-WIPS Countermeasures Against All SSIDs Configuration Examples
- 57-IP Source Guard (IPv4) Configuration Examples
- 58-IP Source Guard (IPv6) Configuration Examples
- 59-Dual-Link Backup Configuration Examples
- 60-OAuth-Based Portal MAC-Trigger Auth on a Local-Forwarding Dual-Link Backup Configuration Examples
- 61-Dual-Link Backup OAuth-Based Portal Authentication in Local Forwarding Configuration Examples
- 62-Dual-Link Backup Remote Portal MAC-Trigger Authentication in Local Forwarding Configuration Examples
- 63-Dual-Link Backup Remote Portal and Transparent MAC Auth in Local Forwarding Configuration Examples
- 64-Dual-Link Backup Remote Portal Authentication in Local Forwarding Configuration Examples
- 65-Dual-Link Backup Remote Portal and Transparent MAC Auth in Centralized Forwarding Configuration Examples
- 66-Dual-Link Backup Remote Portal Authentication in Centralized Forwarding Configuration Examples
- 67-Dual-Link Backup Lightweight Portal Authentication in Centralized Forwarding Configuration Examples
- 68-Dual-Link Backup OAuth-Based Portal Authentication in Centralized Forwarding Configuration Examples
- 69-Dual-Link Backup Remote Portal MAC-Trigger Auth in Centralized Forwarding Configuration Examples
- 70-Remote 802.1X Authentication on a Dual-Link AC Backup Network Configuration Examples
- 71-Remote MAC Authentication on a Dual-Link AC Backup Network Configuration Examples
- 72-WLAN Probe Configuration Examples
- 73-Multicast Optimization Configuration Examples
- 74-Client Rate Limiting Configuration Examples
- 75-Inter-AC Roaming Configuration Examples
- 76-Inter-AC Roaming (IPv6) Configuration Examples
- 77-Inter-AC Roaming in Local Forwarding Mode Configuration Examples
- 78-H3C Access Controllers Cooperative Roaming for 802.11v Clients Configuration Examples
- 79-WLAN Load Balancing Configuration Examples
- 80-Static Blacklist Configuration Examples
- 81-Client Quantity Control Configuration Examples
- 82-AP License Synchronization Configuration Examples
- 83-BLE Module iBeacon Transmission Configuration Examples
- 84-Medical RFID Tag Management Configuration Examples
- 85-iBeacon Management Configuration Examples
- 86-Mesh Link Establishment Between a Fit AP and a Fat AP Configuration Examples
- 87-Mesh Link Establishment Between Fit APs Configuration Examples
- 88-Auto-DFS and Auto-TPC Configuration Examples
- 89-AP Image Downloading Configuration Examples
- 90-Dual-Uplink Interfaces Configuration Guide
- 91-Internal-to-External Access Through NAT Configuration Examples
- 92-Layer 2 Static Aggregation Configuration Examples
- 93-Layer 2 Multicast Configuration Examples
- 94-Static VLAN Allocation Configuration Examples
- 95-URL Redirection Configuration Examples
- 96-IPv6 URL Redirection Configuration Examples
- Related Documents
-
Title | Size | Download |
---|---|---|
42-Remote 802.1X Authentication (IPv6) Configuration Examples | 228.70 KB |
|
H3C Access Controllers |
Remote 802.1X Authentication (IPv6) |
Configuration Examples |
|
Copyright © 2023 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Introduction
The following information provides an example for configuring remote 802.1X authentication for wireless clients on an IPv6 network.
Prerequisites
The following information applies to Comware-based access controllers and access points. Procedures and information in the examples might be slightly different depending on the software or hardware version of the access controllers and access points.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of IPv6 basics, WLAN access, WLAN security, WLAN authentication, and 802.1X.
Example: Configuring remote authentication for 802.1X clients (IPv6)
Network configuration
As shown in Figure 1, the switch acts as a DHCPv6 server to assign IPv6 addresses to the AP and the client. IMC acts as the RADIUS server.
Configure the AC, the client, the switch, and the RADIUS server to meet the following requirements:
· The AC uses the RADIUS server to perform 802.1X authentication for the wireless client.
· The AC uses the open system authentication for the client at the data link layer. This is the default authentication method.
· The AC uses the 802.1X AKM mode to secure data transmission between the client and the AP.
· The cipher suite is CCMP.
Restrictions and guidelines
When you configure remote 802.1X authentication for wireless clients, follow these restrictions and guidelines:
· Use the serial ID labeled on the AP's rear panel to specify an AP.
· For the IMC server to dynamically change the client authorization information or forcibly disconnect clients, enable the RADIUS session-control feature on the AC.
Procedures
Configuring the AC
1. Configure interfaces on the AC:
# Create VLAN 100 and VLAN-interface 100, and assign an IPv6 address to the VLAN interface. The AC will use this IP address to establish CAPWAP tunnels with the AP.
<AC> system-view
[AC] vlan 100
[AC-vlan100] quit
[AC] interface vlan-interface 100
[AC-Vlan-interface100] ipv6 address 2001::1 64
[AC-Vlan-interface100] quit
# Create VLAN 200 and VLAN-interface 200, and assign an IPv6 address to the VLAN interface. VLAN 200 will be used for client access.
[AC] vlan 200
[AC-vlan200] quit
[AC] interface vlan-interface 200
[AC-Vlan-interface200] ipv6 address 2004::1 64
[AC-Vlan-interface200] quit
# Configure GigabitEthernet 1/0/1 (the port connected to the switch) as a trunk port, and assign the port to VLAN 1, VLAN 100, and VLAN 200.
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port link-type trunk
[AC-GigabitEthernet1/0/1] port trunk permit vlan 1 100 200
[AC-GigabitEthernet1/0/1] quit
2. Configure a RADIUS scheme:
# Create a RADIUS scheme named radius1 and enter its view.
[AC] radius scheme radius1
# Specify the IPv6 addresses of the primary authentication and accounting RADIUS servers.
[AC-radius-radius1] primary authentication ipv6 2003::2
[AC-radius-radius1] primary accounting ipv6 2003::2
# Set the shared key to 12345 in plain text for secure communication with the servers.
[AC-radius-radius1] key authentication simple 12345
[AC-radius-radius1] key accounting simple 12345
# Specify IPv6 address 2001::1 as the source IPv6 address of outgoing RADIUS packets.
[AC-radius-radius1] nas-ip ipv6 2001::1
[AC-radius-radius1] quit
# Create an ISP domain named dom1 and enter its view.
[AC] domain dom1
# Apply RADIUS scheme radius1 to ISP domain dom1 for LAN user authentication, authorization, and accounting.
[AC-isp-dom1] authentication lan-access radius-scheme radius1
[AC-isp-dom1] authorization lan-access radius-scheme radius1
[AC-isp-dom1] accounting lan-access radius-scheme radius1
[AC-isp-dom1] quit
# Enable the RADIUS session-control feature.
[AC] radius session-control enable
# Enable the RADIUS DAS feature and enter RADIUS DAS view.
[AC] radius dynamic-author server
# Specify the RADIUS server at 2003::2 as a DAC and set the shared key to 12345 in plain text for validating DAE packets from the RADIUS server.
[AC-radius-da-server] client ipv6 2003::2 key simple 12345
[AC-radius-da-server] quit
3. Configure the AC to use EAP relay to authenticate 802.1X clients.
[AC] dot1x authentication-method eap
4. Configure a wireless service:
# Create a service template named service and enter its view.
[AC] wlan service-template service
# Set the SSID of the service template to service.
[AC-wlan-st-service] ssid service
# Assign clients coming online through the service template to VLAN 200.
[AC-wlan-st-service] vlan 200
# Set the AKM mode to 802.1X authentication.
[AC-wlan-st-service] akm mode dot1x
# Set the cipher suite to CCMP and enable the RSN-IE in beacon and probe responses.
[AC-wlan-st-service] cipher-suite ccmp
[AC-wlan-st-service] security-ie rsn
# Set the authentication mode to 802.1X authentication.
[AC-wlan-st-service] client-security authentication-mode dot1x
# Specify ISP domain dom1 for authenticating 802.1X clients.
[AC-wlan-st-service] dot1x domain dom1
# Enable snooping DHCPv6 packets and enable snooping ND packets.
[AC-wlan-st-service] client ipv6-snooping dhcpv6-learning enable
[AC-wlan-st-service] client ipv6-snooping nd-learning enable
# Enable the AC to forward client data traffic. If the AC forwards client data traffic by default, skip this step.
[AC-wlan-st-service] client forwarding-location ac
# Enable the service template.
[AC-wlan-st-service] service-template enable
[AC-wlan-st-service] quit
5. Configure AP settings:
IMPORTANT: In a large-scale network, configure AP groups as a best practice. |
# Create a manual AP named ap1, and specify the AP model and serial ID.
[AC] wlan ap ap1 model WA6320
[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T
[AC-wlan-ap-ap1] quit
# Create AP group group1 and create an AP grouping rule by AP names to add AP ap1 to AP group group1.
[AC] wlan ap-group group1
[AC-wlan-ap-group-group1] ap ap1
# Bind service template service to radio 1 in AP group group1.
[AC-wlan-ap-group-group1] ap-model WA6320
[AC-wlan-ap-group-group1-ap-model-WA6320] radio 1
[AC-wlan-ap-group-group1-ap-model-WA6320-radio-1] service-template service
# Enable radio 1.
[AC-wlan-ap-group-group1-ap-model-WA6320-radio-1] radio enable
[AC-wlan-ap-group-group1-ap-model-WA6320-radio-1] quit
[AC-wlan-ap-group-group1-ap-model-WA6320] quit
[AC-wlan-ap-group-group1] quit
6. Configure a static route destined for the RADIUS server.
[AC] ipv6 route-static 2003:: 64 2004::2
Configuring the switch
1. Configure VLAN settings:
# Create VLAN 100. The switch will use this VLAN to forward the traffic on the CAPWAP tunnels between the AC and AP.
<Switch> system-view
[Switch] vlan 100
[Switch-vlan100] quit
# Create VLAN 200. The switch will use this VLAN to forward packets for wireless clients.
[Switch] vlan 200
[Switch-vlan200] quit
# Configure GigabitEthernet 1/0/1 (the port connected to the AC) as a trunk port, and assign the port to VLAN 1, VLAN 100, and VLAN 200.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk permit vlan 1 100 200
[Switch-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 (the port connected to the AP) as an access port, and assign the port to VLAN 100.
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type access
[Switch-GigabitEthernet1/0/2] port access vlan 100
# Enable PoE on GigabitEthernet 1/0/2.
[Switch-GigabitEthernet1/0/2] poe enable
[Switch-GigabitEthernet1/0/2] quit
# Create VLAN-interface 1 and assign an IPv6 address to the VLAN interface.
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ipv6 address 2003::1 64
[Switch-Vlan-interface1] quit
# Create VLAN-interface 100 and assign an IPv6 address to the VLAN interface.
[Switch] interface vlan-interface 100
[Switch-Vlan-interface100] ipv6 address 2001::2 64
[Switch-Vlan-interface100] quit
# Create VLAN-interface 200 and assign an IPv6 address to the VLAN interface.
[Switch] interface vlan-interface 200
[Switch-Vlan-interface200] ipv6 address 2004::2 64
[Switch-Vlan-interface200] quit
2. Configure the DHCPv6 service:
# Create DHCPv6 address pool 1, specify the subnet 2001::/64 in the DHCPv6 address pool, and specify 2001::1 as the gateway address. The switch assigns an IPv6 address to the AP from this pool.
[Switch] ipv6 dhcp pool 1
[Switch-dhcp6-pool-1] network 2001::/64
[Switch-dhcp6-pool-1] gateway-list 2001::1
# Configure Option 52 that specifies the AC's IPv6 address 2001::1 and exclude the IPv6 address from dynamic assignment.
[Switch-dhcp6-pool-1] option 52 hex 20010000000000000000000000000001
[Switch-dhcp6-pool-1] quit
[Switch] ipv6 dhcp server forbidden-address 2001::1
# Apply address pool 1 to VLAN-interface 100 and enable the DHCPv6 server on the VLAN interface.
[Switch] interface vlan-interface 100
[Switch-Vlan-interface100] ipv6 dhcp server apply pool 1
[Switch-Vlan-interface100] ipv6 dhcp select server
# Set the managed address configuration flag (M) and the other stateful configuration flag (O) to 1 in RA advertisements to be sent, and disable RA message suppression on VLAN-interface 100.
[Switch-Vlan-interface100] ipv6 nd autoconfig managed-address-flag
[Switch-Vlan-interface100] ipv6 nd autoconfig other-flag
[Switch-Vlan-interface100] undo ipv6 nd ra halt
[Switch-Vlan-interface100] quit
# Create DHCPv6 address pool 2, specify the subnet 2004::/64 in the DHCPv6 address pool, and specify 2004::2 as the gateway address. The switch assigns an IPv6 address to the client from this pool.
[Switch] ipv6 dhcp pool 2
[Switch-dhcp6-pool-2] network 2004::/64
[Switch-dhcp6-pool-2] gateway-list 2004::2
[Switch-dhcp6-pool-2] quit
# Exclude IPv6 address 2004::1 from dynamic assignment.
[Switch] ipv6 dhcp server forbidden-address 2004::1
# Apply address pool 2 to VLAN-interface 200 and enable the DHCPv6 server on the VLAN interface.
[Switch] interface Vlan-interface 200
[Switch-Vlan-interface200] ipv6 dhcp server apply pool 2
[Switch-Vlan-interface200] ipv6 dhcp select server
# Set the managed address configuration flag (M) and the other stateful configuration flag (O) to 1 in RA advertisements to be sent, and disable RA message suppression on VLAN-interface 200.
[Switch-Vlan-interface200] ipv6 nd autoconfig managed-address-flag
[Switch-Vlan-interface200] ipv6 nd autoconfig other-flag
[Switch-Vlan-interface200] undo ipv6 nd ra halt
[Switch-Vlan-interface200] quit
Configuring the RADIUS server
This example uses IMC PLAT 7.1 and IMC UAM 7.1 to show the procedure.
Make sure the EAP-PEAP certificate has been installed on the server.
1. Add the AC to IMC as an access device:
a. Log in to IMC.
b. Click the User tab.
c. From the navigation tree, select User Access Policy > Access Device Management > Access Device.
d. Click Add.
The Add Access Device page opens.
e. Configure access device parameters, as shown in Figure 2:
- In the Access Configuration area, set the authentication and accounting shared keys to 12345 and use the default settings of other parameters.
- In the Device List area, click Select or Add IPv6 Dev to add the device at 2001::1 to IMC as an access device. If you click Add IPv6 Dev, enter 2001::1 as the start IPv6 address and click OK in the dialog box that opens.
f. Click OK.
Figure 2 Adding an access device
2. Add an access policy:
a. Click the User tab.
b. From the navigation tree, select User Access Policy > Access Policy.
c. Click Add.
d. On the Add Access Policy page, configure the following parameters, as shown in Figure 3:
- Enter dot1x in the Access Policy Name field.
- Select EAP for the Certificate Authentication field.
- Select EAP-PEAP Auth from the Certificate Type list, and select MS-CHAPV2 Auth from the Certificate Sub-Type list.
The certificate sub-type on the IMC server must be the same as the identity authentication method configured on the client.
Figure 3 Adding an access policy
3. Add an access service:
a. Click the User tab.
b. From the navigation tree, select User Access Policy > Access Service.
c. Click Add.
d. On the Add Access Service page, configure the following parameters, as shown in Figure 4:
- Enter dot1x in the Service Name field.
- Select dot1x from the Default Access Policy list.
e. Click OK.
Figure 4 Adding an access service
4. Add an access user:
a. Click the User tab.
b. From the navigation tree, select Access User > Access User.
The access user list opens.
c. Click Add.
The Add Access User page opens.
d. In the Access Information area, configure the following parameters, as shown in Figure 5:
- Click Select or Add User to associate the user with IMC Platform user user.
- Enter dot1x in the Account Name field.
- Enter dot1x123 in the Password and Confirm Password fields.
e. In the Access Service area, select dot1x from the list.
f. Click OK.
Figure 5 Adding an access user account
Configuring the client
Use a mobile phone to connect to the wireless network with SSID service:
1. Select PEAP as the EAP authentication method.
2. Enter dot1x as the identity and enter password dot1x123.
Use the default settings of other parameters.
3. Connect to the wireless network.
Verifying the configuration
1. On the client, verify that the client can pass authentication, associate with the AP, and access the wireless network. (Details not shown.)
2. On the AC, perform the following tasks to verify that the user has passed authentication and come online:
# Display detailed WLAN client information.
[AC] display wlan client verbose
Total number of clients: 1
MAC address : 3829-5a40-9589
IPv4 address : N/A
IPv6 address : 2004::4
Username : dot1x
AID : 1
AP ID : 2
AP name : ap1
Radio ID : 1
SSID : service
BSSID : ac74-090a-6421
VLAN ID : 200
Sleep count : 0
Wireless mode : 802.11an
Channel bandwidth : 40MHz
20/40 BSS Coexistence Management : Supported
SM power save : Enabled
SM power save mode : Static
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
STBC RX capability : Supported
STBC TX capability : Not supported
LDPC RX capability : Not supported
Block Ack : N/A
Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7
Supported rates : 6, 9, 12, 18, 24, 36,
48, 54 Mbps
QoS mode : WMM
Listen interval : 2
RSSI : 0
Rx/Tx rate : 0/0 Mbps
Authentication method : Open system
Security mode : RSN
AKM mode : 802.1X
Cipher suite : CCMP
User authentication mode : 802.1X
Authorization ACL ID : N/A
Authorization user profile : N/A
Roam status : N/A
Key derivation : SHA1
PMF status : N/A
Forwarding policy name : Not configured
Online time : 0days 0hours 0minutes 1seconds
FT status : Inactive
# Display online 802.1X client information.
[AC] display dot1x connection
Total connections: 1
User MAC address : 3829-5a40-9589
AP name : ap1
Radio ID : 1
SSID : service
BSSID : ac74-090a-6421
Username : dot1x
Authentication domain : dom1
IPv6 address : 2004::4
Authentication method : EAP
Initial VLAN : 200
Authorization VLAN : 200
Authorization ACL number : N/A
Authorization user profile : N/A
Termination action : Radius-Request
Session timeout period : 86401 s
Online from : 2018/07/18 10:36:00
Online duration : 0h 0m 19s
Configuration files
· AC:
#
dot1x authentication-method eap
#
vlan 1
#
vlan 100
#
vlan 200
#
wlan service-template service
ssid service
vlan 200
client forwarding-location ac
akm mode dot1x
cipher-suite ccmp
security-ie rsn
client-security authentication-mode dot1x
dot1x domain dom1
client ipv6-snooping nd-learning enable
client ipv6-snooping dhcpv6-learning enable
service-template enable
#
interface Vlan-interface100
ipv6 address 2001::1/64
#
interface Vlan-interface200
ipv6 address 2004::1/64
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 100 200
#
ipv6 route-static 2003:: 64 2004::2
#
radius session-control enable
#
radius scheme radius1
primary authentication ipv6 2003::2
primary accounting ipv6 2003::2
key authentication cipher $c$3$Nc0p9aAdEZsigfKkc+BNOVwr1StmtFHa
key accounting cipher $c$3$1UiOGNVopIKWmUamDZBOpK2pSJ9+C7U5
nas-ip ipv6 2001::1
#
radius dynamic-author server
client ipv6 2003::2 key cipher $c$3$mOGMY0tNJT94RiwVyD80JG2zYwSUfpNV
#
domain dom1
authentication lan-access radius-scheme radius1
authorization lan-access radius-scheme radius1
accounting lan-access radius-scheme radius1
#
wlan ap-group group1
ap ap1
ap-model WA6320
radio 1
radio enable
service-template service
radio 2
#
wlan ap ap1 model WA6320
serial-id 219801A28N819CE0002T
#
· Switch:
#
ipv6 dhcp server forbidden-address 2001::1
ipv6 dhcp server forbidden-address 2004::1
#
vlan 1
#
vlan 100
#
vlan 200
#
ipv6 dhcp pool 1
network 2001::/64
option 52 hex 20010000000000000000000000000001
gateway-list 2001::1
#
ipv6 dhcp pool 2
network 2004::/64
gateway-list 2004::2
#
interface Vlan-interface1
ipv6 address 2003::1/64
#
interface Vlan-interface100
ipv6 dhcp select server
ipv6 dhcp server apply pool 1
ipv6 address 2001::2/64
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
undo ipv6 nd ra halt
#
interface Vlan-interface200
ipv6 dhcp select server
ipv6 dhcp server apply pool 2
ipv6 address 2004::2/64
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
undo ipv6 nd ra halt
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/2
port access vlan 100
poe enable
#
Related documentation
· AP and WT Management Configuration Guide in H3C Access Controllers Configuration Guides
· AP and WT Management Command Reference in H3C Access Controllers Command References
· Network Connectivity Configuration Guide in H3C Access Controllers Configuration Guides
· Network Connectivity Command Reference in H3C Access Controllers Command References
· User Access and Authentication Configuration Guide in H3C Access Controllers Configuration Guides
· User Access and Authentication Command Reference in H3C Access Controllers Command References
· WLAN Access Configuration Guide in H3C Access Controllers Configuration Guides
· WLAN Access Command Reference in H3C Access Controllers Command References