- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
03-802.11r配置
本章节下载: 03-802.11r配置 (332.58 KB)
1.4.1 FT Over-the-DS方式PSK模式配置举例
1.4.2 FT Over-the-Air方式PSK模式配置举例
1.4.3 FT Over-the-DS方式802.1X模式配置举例
1.4.4 FT Over-the-Air方式802.1X模式配置举例
802.11r协议中定义的FT(Fast BSS Transition,快速BSS切换)功能用来减少客户端在漫游过程中的时间延迟,从而降低连接中断概率、提高漫游服务质量。
FT支持两种实现方式:
· Over-the-Air:客户端直接与目标AP通信,进行漫游前的认证。
· Over-the-DS:客户端通过当前AP与目标AP通信,进行漫游前的认证。
图1-1 AC内over-the-air方式漫游示意图
如图1-1所示,客户端在连接至同一AC的AP间(AP 1到AP 2)漫游时,信息交互过程如下:
(1) 客户端已经与AP 1连接并且要漫游到AP 2;
(2) 客户端向AP 2发送认证请求;
(3) 客户端收到AP 2的认证请求回应;
(4) 客户端向AP 2发送重关联请求;
(5) 客户端收到AP 2的重关联请求回应;
(6) 客户端完成从AP 1到AP 2的漫游。
图1-2 AC间over-the-air方式漫游示意图
如图1-2所示,AP 1和AP 2分别连接AC 1和AC 2,在同一移动域内漫游的信息交互过程如下:
(1) 客户端与AP 1建立连接;
(2) AC 1同步客户端漫游信息(PMK、VLAN等信息)到AC 2;
(3) 客户端准备漫游,发送FT认证请求到AP 2;
(4) 客户端收到AP 2发送的FT认证回复;
(5) 客户端向AP 2发送重关联请求;
(6) 客户端收到AP 2的重关联请求回应;
(7) 客户端完成从AP 1到AP 2的漫游。
图1-3 AC内over-the-ds方式漫游示意图
如图1-3所示,客户端在连接至同一AC的AP间(AP 1到AP 2)漫游时,信息交互过程如下:
(1) 客户端与AP 1建立连接;
(2) AC生成、同步、保存客户端的漫游表项;
(3) 客户端准备漫游,向AP 1发送FT认证请求;
(4) 客户端收到AP 1的FT认证回复;
(5) 客户端向AP 2发送重关联请求;
(6) 客户端收到AP 2的重关联请求回应;
(7) 客户端完成从AP 1到AP 2的漫游。
图1-4 AC间over-the-ds方式漫游示意图
如图1-4所示,AP 1和AP 2分别连接AC 1和AC 2,在同一移动域内漫游的信息交互过程如下
(1) 客户端与AP 1建立连接;
(2) AC 1同步客户端漫游信息(PMK、VLAN等信息)到AC 2;
(3) 客户端准备漫游,发送FT认证请求到AP 1;
(4) 客户端收到AP 1的FT认证回复;
(5) 客户端向AP 2发送重关联请求;
(6) 客户端收到AP 2的重关联请求回应;
(7) 客户端完成从AP 1到AP 2的漫游。
与802.11r相关的协议规范有:
802.11r IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements
配置802.11r的FT功能,需要注意的是:
· 如果有客户端无法关联使能了FT功能的服务,可能是由于客户端的型号较早而不支持FT协议。此时可以创建两个SSID相同的服务,一个使能FT功能,另一个不使能FT功能,而其它配置均相同,以便客户端可以正常使用网络服务。
· 不建议在服务模板下同时开启FT功能和802.1X周期性重认证功能,否则会导致客户端在每次重认证时间间隔到达时重新上线。关于802.1X周期性重认证功能的介绍和配置请参见“用户接入与认证配置指导”中的“WLAN用户接入认证”。
· 快速BSS切换协商成功的客户端,不支持PTK更新。关于PTK更新的介绍和配置请参见“WLAN安全配置指导”中的“WLAN用户安全”。
(1) 进入系统视图。
system-view
(2) 配置WLAN服务模板。
wlan service-template service-template-name
(3) 开启FT功能。
ft enable
缺省情况下,FT功能处于关闭状态。
(4) (可选)配置FT方式。
ft method { over-the-air | over-the-ds }
缺省情况下,FT方式为over-the-air。
(5) (可选)配置重关联超时时间。
ft reassociation-timeout timeout
缺省情况下,重关联超时时间为20秒。
重关联超时时间指的是,客户端在完成认证后,客户端发起重关联请求的最大时间间隔。如果在此时间内客户端没有发起重关联,则会终止此次漫游。
本手册中的AP型号和序列号仅为举例,具体支持的AP型号和序列号请以设备的实际情况为准。
如图1-5所示,客户端在同一AC内的不同AP间进行漫游,使用Over-the-DS方式,通过PSK模式对客户端进行身份认证与密钥管理。
图1-5 FT Over-the-DS方式PSK身份认证与密钥管理模式配置组网图
# 创建无线服务模板acstname。
<AC> system-view
[AC] wlan service-template acstname
# 配置无线服务的SSID为service。
[AC-wlan-st-acstname] ssid service
# 配置身份认证与密钥管理的模式是PSK模式,配置使用明文字符串12345678作为PSK密钥。
[AC-wlan-st-acstname] akm mode psk
[AC-wlan-st-acstname] preshared-key pass-phrase simple 12345678
# 配置AES-CCMP加密套件,配置在AP发送信标和探查响应帧时携带RSN IE。
[AC-wlan-st-acstname] cipher-suite ccmp
[AC-wlan-st-acstname] security-ie rsn
# 开启FT功能。
[AC-wlan-st-acstname] ft enable
# 配置重关联超时时间为50秒。
[AC-wlan-st-acstname] ft reassociation-timeout 50
# 配置FT方式为Over-the-DS。
[AC-wlan-st-acstname] ft method over-the-ds
# 使能无线服务。
[AC-wlan-st-acstname] service-template enable
[AC-wlan-st-acstname] quit
# 创建AP,名称为1,并将无线服务模板acstname绑定到AP 1的Radio1上。
[AC] wlan ap 1 model WA4320i-ACN
[AC-wlan-ap-1] serial-id 210235A1BSC123000050
[AC-wlan-ap-1] radio 1
[AC-wlan-ap-1-radio-1] service-template acstname
[AC-wlan-ap-1-radio-1] radio enable
[AC-wlan-ap-1-radio-1] quit
[AC-wlan-ap-1] quit
# 创建AP,名称为2,并将无线服务模板acstname绑定到AP 2的Radio1上。
[AC] wlan ap 2 model WA4320i-ACN
[AC-wlan-ap-2] serial-id 210235A1BSC123000055
[AC-wlan-ap-2] radio 1
[AC-wlan-ap-2-radio-1] service-template acstname
[AC-wlan-ap-2-radio-1] radio enable
[AC-wlan-ap-2-radio-1] quit
[AC-wlan-ap-2] quit
# 在AC上通过display wlan service-template命令可以查看服务模板的配置情况。
[AC] display wlan service-template acstname verbose
Service template name??????? : acstname
Description????????????????? : Not configured
SSID???????????????????????? : service
SSID-hide??????????????????? : Disabled
User-isolation???????????? ??: Disabled
Service template status????? : Enabled
Maximum clients per BSS????? : Not configured
Frame format???????????????? : Dot3
Seamless-roam status??????? ?: Disabled
Seamless-roam RSSI threshold : 50
Seamless-roam RSSI gap??? ???: 20
VLAN ID????????????????????? : 1
AKM mode???????????????????? : PSK
Security IE????????????????? : RSN
Cipher suite???????????????? : CCMP
TKIP countermeasure time???? : 0 sec
PTK lifetime???????????????? : 43200 sec
GTK rekey??????????????????? : Enabled
GTK rekey method???????????? : Time-based
GTK rekey time?????????????? : 86400 sec
GTK rekey client-offline???? : Disabled
User authentication mode???? : Bypass
Intrusion protection???????? : Disabled
Intrusion protection mode??? : Temporary-block
Temporary block time???????? : 180 sec
Temporary service stop time? : 20 sec
Fail VLAN ID???????????????? : Not configured
802.1X handshake???????????? : Disabled
802.1X handshake secure????? : Disabled
802.1X domain??????????????? : Not configured
MAC-auth domain????????????? : Not configured
Max 802.1X users???????????? : 4096
Max MAC-auth users?????????? : 4096
802.1X re-authenticate?????? : Disabled
Authorization fail mode????? : Online
Accounting fail mode???????? : Online
Authorization??????????????? : Permitted
Key derivation?????????????? : SHA1
PMF status?????????????????? : Disabled
Hotspot policy number??????? : Not configured
Forwarding policy status???? : Disabled
Forwarding policy name?????? : Not configured
Forwarder??????????????????? : AC
FT Status??????????????????? : Enable
FT Method??????????????????? : over-the-ds
FT Reassociation Deadline??? : 50 sec
QoS trust?????????????????? ?: Port
QoS priority??????????????? ?: 0
# 客户端上线后,在AC上通过display wlan client verbose命令可以查看客户端的详细信息。
[AC] display wlan client verbose
Total number of clients: 1
MAC address??? ????????????????????: fc25-3f03-8361
IPv4 address?????????????????????? : 10.1.1.114
IPv6 address?????????????????????? : N/A
Username?????????????????????????? : N/A
AID????????????????????? ??????????: 1
AP ID????????????????????????????? : 1
AP name??????????????????????????? : 1
Radio ID?????????????????????????? : 1
SSID?????????????????????????????? : service
BSSID????????????????????????????? : 000f-e266-7788
VLAN ID???????????????????? ???????: 1
Sleep count??????????????????????? : 242
Wireless mode????????????????????? : 802.11ac
Channel bandwidth????????????????? : 80MHz
SM power save????????????????????? : Enabled
SM power save mode???????????????? : Dynamic
Short GI for 20MHz?????? ??????????: Supported
Short GI for 40MHz???????????????? : Supported
Short GI for 80MHz???????????????? : Supported
Short GI for 160/80+80MHz????? ????: Not supported
STBC RX capability?????????????? ??: Not supported
STBC TX capability?????????????? ??: Not supported
LDPC RX capability?????????????? ??: Not supported
SU beamformee capability???????? ??: Not supported
MU beamformee capability???????? ??: Not supported
Beamformee STS capability??????? ??: N/A
Block Ack????????????????????????? : TID 0 In
Supported VHT-MCS set??????????? ??: NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
??????????????????????????????????? ?NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set?????????????? : 0, 1, 2, 3, 4, 5, 6, 7,
???????????????????????????????????? 8, 9, 10, 11, 12, 13, 14,
???????????????????????????????????? 15, 16, 17, 18, 19, 20,
???????????????????????????????????? 21, 22, 23
Supported rates??????????????????? : 6, 9, 12, 18, 24, 36,
???????????????????????????????????? 48, 54 Mbps
QoS mode?????????????????????????? : WMM
Listen interval ???????????????????: 10
RSSI?????????????????????????????? : 62
Rx/Tx rate???????????????????????? : 130/11
Authentication method????????? ????: Open system
Security mode??????????????????? ??: RSN
AKM mode???????????????????????? ??: PSK
Encryption cipher??????????????? ??: CCMP
User authentication mode?????????? : Bypass
Authorization ACL ID?????????????? : 3001(Not effective)
Authorization user profile???????? : N/A
Roam status??????????????????????? : N/A
Key derivation?????????????? ??????: SHA1
PMF status???????????????????????? : Enabled
Forward policy name???????????? ???: Not configured
Online time??????????????????????? : 0days 0hours 1minutes 13seconds
FT status???????????????????? ?????: Active
# 客户端漫游成功后,在AC上通过display wlan client verbose命令,可以看到结果如下。
[AC] display wlan client verbose
Total number of clients: 1
MAC address??? ????????????????????: fc25-3f03-8361
IPv4 address?????????????????????? : 10.1.1.114
IPv6 address?????????????????????? : N/A
Username????????????????????? ?????: N/A
AID??????????????????????????????? : 1
AP ID????????????????????????????? : 2
AP name??????????????????????????? : 2
Radio ID?????????????????????????? : 1
SSID?????????????????????????????? : service
BSSID????????????????????????????? : 000f-e211-2233
VLAN ID??????????????????????????? : 1
Sleep count??????????????????????? : 242
Wireless mode????????????????????? : 802.11ac
Channel bandwidth????????????????? : 80MHz
SM power save????????????????????? : Enabled
SM power save mode???????? ????????: Dynamic
Short GI for 20MHz???????????????? : Supported
Short GI for 40MHz???????????????? : Supported
Short GI for 80MHz???????????????? : Supported
Short GI for 160/80+80MHz????? ????: Not supported
STBC RX capability?????????????? ??: Not supported
STBC TX capability?????????????? ??: Not supported
LDPC RX capability?????????????? ??: Not supported
SU beamformee capability???????? ??: Not supported
MU beamformee capability???????? ??: Not supported
Beamformee STS capability??????? ??: N/A
Block Ack????????????????????????? : TID 0 In
Supported VHT-MCS set??????????? ??: NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
??????????????????????????????????? ?NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set?????????????? : 0, 1, 2, 3, 4, 5, 6, 7,
?????????????????? ??????????????????8, 9, 10, 11, 12, 13, 14,
???????????????????????????????????? 15, 16, 17, 18, 19, 20,
???????????????????????????????????? 21, 22, 23
Supported rates??????????????????? : 6, 9, 12, 18, 24, 36,
???????????????????????????????????? 48, 54 Mbps
QoS mode?????????????????????????? : WMM
Listen interval ???????????????????: 10
RSSI?????????????????????????????? : 62
Rx/Tx rate???????????????????????? : 130/11
Authentication method????????? ????: FT
Security mode??????????????????? ??: RSN
AKM mode???????????????????????? ??: PSK
Encryption cipher??????????????? ??: CCMP
User authentication mode?????????? : Bypass
Authorization ACL ID?????????????? : 3001(Not effective)
Authorization user profile???????? : N/A
Roam status?????????????????? ?????: Intra-AC roam
Key derivation???????????????????? : SHA1
PMF status???????????????????????? : Enabled
Forward policy name???????????? ???: Not configured
Online time??????????????????????? : 0days 0hours 5minutes 13seconds
FT status?????????????????? ???????: Active
如图1-5所示,客户端在同一AC内的不同AP间进行漫游,使用Over-the-Air方式,通过PSK模式对客户端进行身份认证与密钥管理。
# 创建无线服务模板acstname。
<AC> system-view
[AC] wlan service-template acstname
# 配置无线服务的SSID为service。
[AC-wlan-st-acstname] ssid service
# 配置身份认证与密钥管理的模式是PSK模式,配置使用明文字符串12345678作为PSK密钥。
[AC-wlan-st-acstname] akm mode psk
[AC-wlan-st-acstname] preshared-key pass-phrase simple 12345678
# 配置AES-CCMP加密套件,配置在AP发送信标和探查响应帧时携带RSN IE。
[AC-wlan-st-acstname] cipher-suite ccmp
[AC-wlan-st-acstname] security-ie rsn
# 开启FT功能。
[AC-wlan-st-acstname] ft enable
# 配置重关联超时时间为50秒。
[AC-wlan-st-acstname] ft reassociation-timeout 50
# 使能无线服务模板。
[AC-wlan-st-acstname] service-template enable
[AC-wlan-st-acstname] quit
# 创建AP,名称为1,并将无线服务模板acstname绑定到AP 1的Radio1上。
[AC] wlan ap 1 model WA4320i-ACN
[AC-wlan-ap-1] serial-id 210235A1BSC123000050
[AC-wlan-ap-1] radio 1
[AC-wlan-ap-1-radio-1] service-template acstname
[AC-wlan-ap-1-radio-1] radio enable
[AC-wlan-ap-1-radio-1] quit
[AC-wlan-ap-1] quit
# 创建AP,名称为2,并将无线服务模板acstname绑定到AP 2的Radio1上。
[AC] wlan ap 2 model WA4320i-ACN
[AC-wlan-ap-2] serial-id 210235A1BSC123000055
[AC-wlan-ap-2] radio 1
[AC-wlan-ap-2-radio-1] service-template acstname
[AC-wlan-ap-2-radio-1] radio enable
[AC-wlan-ap-2-radio-1] quit
[AC-wlan-ap-2] quit
# 客户端上线后,在AC通过display wlan client verbose命令可以看到结果如下。
[AC] display wlan client verbose
Total number of clients: 1
MAC address??? ????????????????????: fc25-3f03-8361
IPv4 address?????????????????????? : 10.1.1.114
IPv6 address?????????????????????? : N/A
Username?????????????????????????? : N/A
AID??????????????????????????????? : 1
AP ID????????????????????????????? : 1
AP name??????????????????????????? : 1
Radio ID?????????????????????????? : 1
SSID????????????? ?????????????????: service
BSSID????????????????????????????? : 000f-e266-7788
VLAN ID??????????????????????????? : 1
Sleep count??????????????????????? : 242
Wireless mode????????????????????? : 802.11ac
Channel bandwidth????????????????? : 80MHz
SM power save????????????????????? : Enabled
SM power save mode???????????????? : Dynamic
Short GI for 20MHz???????????????? : Supported
Short GI for 40MHz???????????????? : Supported
Short GI for 80MHz???????????????? : Supported
Short GI for 160/80+80MHz????? ????: Not supported
STBC RX capability?????????????? ??: Not supported
STBC TX capability?????????????? ??: Not supported
LDPC RX capability?????????????? ??: Not supported
SU beamformee capability???????? ??: Not supported
MU beamformee capability???????? ??: Not supported
Beamformee STS capability??????? ??: N/A
Block Ack????????????????????????? : TID 0 In
Supported VHT-MCS set??????????? ??: NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
??????????????????????????????????? ?NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set?????????????? : 0, 1, 2, 3, 4, 5, 6, 7,
???????????????????????????????????? 8, 9, 10, 11, 12, 13, 14,
???????????????????????????????????? 15, 16, 17, 18, 19, 20,
???????????????????????????????????? 21, 22, 23
Supported rates??????????????????? : 6, 9, 12, 18, 24, 36,
???????????????????????????????????? 48, 54 Mbps
QoS mode?????????????????????????? : WMM
Listen interval ???????????????????: 10
RSSI?????????????????????????????? : 62
Rx/Tx rate???????????????????????? : 130/11
Authentication method ?????????????: Open system
Security mode??????????????????? ??: RSN
AKM mode???????????????????????? ??: PSK
Encryption cipher??????????????? ??: CCMP
User authentication mode?????????? : Bypass
Authorization ACL ID?????????????? : 3001(Not effective)
Authorization user profile???????? : N/A
Roam status?????????????????? ?????: N/A
Key derivation???????????????????? : SHA1
PMF status???????????????????????? : Enabled
Forward policy name???????????? ???: Not configured
Online time??????????????????????? : 0days 0hours 1minutes 13seconds
FT status??????????????????????? ??: Active
# 客户端漫游成功后,在AC上通过display wlan client verbose命令可以看到结果如下。
[AC] display wlan client verbose
Total number of clients: 1
MAC address??? ????????????????????: fc25-3f03-8361
IPv4 address ??????????????????????: 10.1.1.114
IPv6 address?????????????????????? : N/A
Username?????????????????????????? : N/A
AID??????????????????????????????? : 1
AP ID????????????????????????????? : 2
AP name??????????????????????????? : 2
Radio ID????????????? ?????????????: 1
SSID?????????????????????????????? : service
BSSID????????????????????????????? : 000f-e211-2233
VLAN ID??????????????????????????? : 1
Sleep count??????????????????????? : 242
Wireless mode????????????????????? : 802.11ac
Channel bandwidth????????????????? : 80MHz
SM power save????????????????????? : Enabled
SM power save mode???????????????? : Dynamic
Short GI for 20MHz???????????????? : Supported
Short GI for 40MHz???????????????? : Supported
Short GI for 80MHz???????????????? : Supported
Short GI for 160/80+80MHz????? ????: Not supported
STBC RX capability?????????????? ??: Not supported
STBC TX capability?????????????? ??: Not supported
LDPC RX capability?????????????? ??: Not supported
SU beamformee capability???????? ??: Not supported
MU beamformee capability???????? ??: Not supported
Beamformee STS capability??????? ??: N/A
Block Ack????????????????????????? : TID 0 In
Supported VHT-MCS set??????????? ??: NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
??????????????????????????????????? ?NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set?????????????? : 0, 1, 2, 3, 4, 5, 6, 7,
???????????????????????????????????? 8, 9, 10, 11, 12, 13, 14,
???????????????????????????????????? 15, 16, 17, 18, 19, 20,
???????????????????????????????????? 21, 22, 23
Supported rates??????????????????? : 6, 9, 12, 18, 24, 36,
???????????????????????????????????? 48, 54 Mbps
QoS mode?????????????????????????? : WMM
Listen interval ???????????????????: 10
RSSI?????????????????????????????? : 62
Rx/Tx rate??????????????????? ?????: 130/11
Authentication method????????? ????: FT
Security mode??????????????????? ??: RSN
AKM mode???????????????????????? ??: PSK
Encryption cipher??????????????? ??: CCMP
User authentication mode?????????? : Bypass
Authorization ACL ID????????????? ?: 3001(Not effective)
Authorization user profile???????? : N/A
Roam status?????????????????? ?????: Intra-AC roam
Key derivation???????????????????? : SHA1
PMF status???????????????????????? : Enabled
Forward policy name???????????? ???: Not configured
Online time??????????????????????? : 0days 0hours 5minutes 13seconds
FT status??????????????????????? ??: Active
如图1-5所示,客户端在同一AC内的不同AP间进行漫游,使用Over-the-DS方式,通过802.1X模式对客户端进行身份认证与密钥管理。
# 创建无线服务模板stname。
<AC> system-view
[AC] wlan service-template stname
# 配置无线服务的SSID为service。
[AC-wlan-st-stname] ssid service
# 配置身份认证与密钥管理的模式是802.1X模式。
[AC-wlan-st-stname] akm mode dot1x
# 配置AES-CCMP加密套件,配置在AP发送信标和探查响应帧时携带RSN IE。
[AC-wlan-st-stname] cipher-suite ccmp
[AC-wlan-st-stname] security-ie rsn
# 配置客户端安全认证方式为802.1X。
[AC-wlan-st-stname] client-security authentication-mode dot1x
[AC-wlan-st-stname] dot1x domain imc
# 开启FT功能。
[AC-wlan-st-stname] ft enable
# 配置FT方法为Over-the-DS。
[AC-wlan-st-stname] ft method over-the-ds
# 使能无线服务。
[AC-wlan-st-stname] service-template enable
[AC-wlan-st-stname] quit
# 配置802.1X认证方式为EAP。
[AC] dot1x authentication-method eap
# 创建RADIUS方案imcc。配置主认证服务器的IP地址为10.1.1.3,与认证服务器交互报文时的共享密钥为明文12345678。配置主计费服务器的IP地址为10.1.1.3,与计费服务器交互报文时的共享密钥为明文12345678。配置发送给RADIUS服务器的用户名不带ISP域名。
[AC] radius scheme imcc
[AC-radius-imcc] primary authentication 10.1.1.3
[AC-radius-imcc] primary accounting 10.1.1.3
[AC-radius-imcc] key authentication simple 12345678
[AC-radius-imcc] key accounting simple 12345678
[AC-radius-imcc] user-name-format without-domain
[AC-radius-imcc] quit
# 创建认证域并配置使用RADIUS方案进行认证、授权、计费。
[AC] domain imc
[AC-isp-imc] authentication lan-access radius-scheme imcc
[AC-isp-imc] authorization lan-access radius-scheme imcc
[AC-isp-imc] accounting lan-access radius-scheme imcc
[AC-isp-imc] quit
# 创建AP,名称为1,并将无线服务模板acstname绑定到AP 1的Radio1上。
[AC] wlan ap 1 model WA4320i-ACN
[AC-wlan-ap-1] serial-id 210235A1BSC123000050
[AC-wlan-ap-1] radio 1
[AC-wlan-ap-1-radio-1] service-template acstname
[AC-wlan-ap-1-radio-1] radio enable
[AC-wlan-ap-1-radio-1] quit
[AC-wlan-ap-1] quit
# 创建AP,名称为2,并将无线服务模板acstname绑定到AP 2的Radio1上。
[AC] wlan ap 2 model WA4320i-ACN
[AC-wlan-ap-2] serial-id 210235A1BSC123000055
[AC-wlan-ap-2] radio 1
[AC-wlan-ap-2-radio-1] service-template acstname
[AC-wlan-ap-2-radio-1] radio enable
[AC-wlan-ap-2-radio-1] quit
[AC-wlan-ap-2] quit
# 在AC上通过display wlan service-template命令可以查看服务模板的配置情况。
[AC] display wlan service-template stname verbose
Service template name????? ??: stname
Description????????????????? : Not configured
SSID???????????????????????? : service
SSID-hide??????????????????? : Disabled
User-isolation???????????? ??: Disabled
Service template status????? : Enabled
Maximum clients per BSS????? : Not configured
Frame format???????????????? : Dot3
Seamless-roam status???????? : Disabled
Seamless-roam RSSI threshold : 50
Seamless-roam RSSI gap??? ???: 20
VLAN ID????????????????????? : 1
AKM mode???????????????????? : 802.1X
Security IE????????????????? : RSN
Cipher suite???????????????? : CCMP
TKIP countermeasure time???? : 0 sec
PTK lifetime???????????????? : 43200 sec
GTK rekey??????????????????? : Enabled
GTK rekey method???????????? : Time-based
GTK rekey time?????????????? : 86400 sec
GTK rekey client-offline???? : Disabled
User authentication mode???? : 802.1X
Intrusion protection???????? : Disabled
Intrusion protection mode??? : Temporary-block
Temporary block time???????? : 180 sec
Temporary service stop time? : 20 sec
Fail VLAN ID??????????? ?????: Not configured
802.1X handshake???????????? : Disabled
802.1X handshake secure????? : Disabled
802.1X domain??????????????? : imc
MAC-auth domain????????????? : Not configured
Max 802.1X users???????????? : 4096
Max MAC-auth users?????????? : 4096
802.1X re-authenticate?????? : Disabled
Authorization fail mode????? : Online
Accounting fail mode???????? : Online
Authorization??????????????? : Permitted
Key derivation?????????????? : SHA1
PMF status?????????????????? : Disabled
Hotspot policy number?? ?????: Not configured
Forwarding policy status???? : Disabled
Forwarding policy name?????? : Not configured
Forwarder??????????????????? : AC
FT Status??????????????????? : Enable
FT Method??????????????????? : over-the-ds
FT Reassociation Deadline??? : 20 sec
QoS trust?????????????????? ?: Port
QoS priority??????????????? ?: 0
# 客户端上线后,在AC上通过display wlan client verbose命令可以看到结果如下。
[AC] display wlan client verbose
Total number of clients: 1
MAC address??? ????????????????????: fc25-3f03-8361
IPv4 address?? ????????????????????: 10.1.1.114
IPv6 address?????????????????????? : N/A
Username?????????????????????????? : N/A
AID??????????????????????????????? : 1
AP ID????????????????????????????? : 1
AP name??????????????????????????? : 1
Radio ID??????????????? ???????????: 1
SSID?????????????????????????????? : service
BSSID????????????????????????????? : 000f-e266-7788
VLAN ID??????????????????????????? : 1
Sleep count??????????????????????? : 242
Wireless mode????????????????????? : 802.11ac
Channel bandwidth ?????????????????: 80MHz
SM power save????????????????????? : Enabled
SM power save mode???????????????? : Dynamic
Short GI for 20MHz???????????????? : Supported
Short GI for 40MHz???????????????? : Supported
Short GI for 80MHz???????????????? : Supported
Short GI for 160/80+80MHz????? ????: Not supported
STBC RX capability?????????????? ??: Not supported
STBC TX capability?????????????? ??: Not supported
LDPC RX capability?????????????? ??: Not supported
SU beamformee capability???????? ??: Not supported
MU beamformee capability???????? ??: Not supported
Beamformee STS capability??????? ??: N/A
Block Ack????????????????????????? : TID 0 In
Supported VHT-MCS set??????????? ??: NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
??????????????????????????????????? ?NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set?????????????? : 0, 1, 2, 3, 4, 5, 6, 7,
???????????????????????????????????? 8, 9, 10, 11, 12, 13, 14,
???????????????????????????????????? 15, 16, 17, 18, 19, 20,
???????????????????????????????????? 21, 22, 23
Supported rates??????????????????? : 6, 9, 12, 18, 24, 36,
???????????????????????????????????? 48, 54 Mbps
QoS mode?????????????????????????? : WMM
Listen interval ???????????????????: 10
RSSI?????????????????????????????? : 62
Rx/Tx rate???????????????? ????????: 130/11
Authentication method?????????? ???: Open system
Security mode??????????????????? ??: RSN
AKM mode???????????????????????? ??: 802.1X
Encryption cipher??????????????? ??: CCMP
User authentication mode???????? ??: 802.1X
Authorization ACL ID?????????????? : 3001(Not effective)
Authorization user profile???????? : N/A
Roam status?????????????????? ?????: N/A
Key derivation???????????????????? : SHA1
PMF status???????????????????????? : Enabled
Forward policy name???????????? ???: Not configured
Online time??????????????????????? : 0days 0hours 1minutes 13seconds
FT status??????????????????????? ??: Active
# 客户端漫游成功后,在AC上通过display wlan client verbose命令可以看到结果如下。
[AC] display wlan client verbose
Total number of clients: 1
MAC address??? ????????????????????: fc25-3f03-8361
IPv4 address?????????????????????? : 10.1.1.114
IPv6 address?????????????????????? : N/A
Username?????????????????????????? : N/A
AID??????????????????????????????? : 1
AP ID????????????????????????????? : 2
AP name??? ????????????????????????: 2
Radio ID?????????????????????????? : 1
SSID?????????????????????????????? : service
BSSID????????????????????????????? : 000f-e211-2233
VLAN ID??????????????????????????? : 1
Sleep count??????????????????????? : 242
Wireless mode????????????????????? : 802.11ac
Channel bandwidth????????????????? : 80MHz
SM power save????????????????????? : Enabled
SM power save mode???????????????? : Dynamic
Short GI for 20MHz???????????????? : Supported
Short GI for 40MHz???????????????? : Supported
Short GI for 80MHz???????????????? : Supported
Short GI for 160/80+80MHz????? ????: Not supported
STBC RX capability?????????????? ??: Not supported
STBC TX capability?????????????? ??: Not supported
LDPC RX capability?????????????? ??: Not supported
SU beamformee capability???????? ??: Not supported
MU beamformee capability???????? ??: Not supported
Beamformee STS capability??????? ??: N/A
Block Ack????????????????????????? : TID 0 In
Supported VHT-MCS set??????????? ??: NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
??????????????????????????????????? ?NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set?????????????? : 0, 1, 2, 3, 4, 5, 6, 7,
???????????????????????????????????? 8, 9, 10, 11, 12, 13, 14,
???????????????????????????????????? 15, 16, 17, 18, 19, 20,
???????????????????????????????????? 21, 22, 23
Supported rates??????????????????? : 6, 9, 12, 18, 24, 36,
???????????????????????????????????? 48, 54 Mbps
QoS mode?????????????????????????? : WMM
Listen interval ???????????????????: 10
RSSI?????????????? ????????????????: 62
Rx/Tx rate???????????????????????? : 130/11
Authentication method?????? ???????: FT
Security mode????????????????? ????: RSN
AKM mode??????????????????????? ???: 802.1X
Encryption cipher?????????????? ???: CCMP
User authentication mode??????? ???: 802.1X
Authorization ACL ID?????????????? : 3001(Not effective)
Authorization user profile???????? : N/A
Roam status?????????????????? ?????: Intra-AC roam
Key derivation???????????????????? : SHA1
PMF status???????????????????????? : Enabled
Forward policy name???????????? ???: Not configured
Online time??????????????????????? : 0days 0hours 5minutes 13seconds
FT status??????????????????????? ??: Active
如图1-5所示,客户端在同一AC内的不同AP间进行漫游,使用Over-the-Air方式,通过802.1X模式对客户端进行身份认证与密钥管理。
# 创建无线服务模板stname。
<AC> system-view
[AC] wlan service-template stname
# 配置无线服务的SSID为service。
[AC-wlan-st-stname] ssid service
# 配置身份认证与密钥管理的模式是802.1X模式。
[AC-wlan-st-stname] akm mode dot1x
# 配置AES-CCMP加密套件,配置在AP发送信标和探查响应帧时携带RSN IE。
[AC-wlan-st-stname] cipher-suite ccmp
[AC-wlan-st-stname] security-ie rsn
# 配置客户端安全认证方式为802.1X。
[AC-wlan-st-stname] client-security authentication-mode dot1x
[AC-wlan-st-stname] dot1x domain imc
# 开启FT功能。
[AC-wlan-st-stname] ft enable
# 使能无线服务。
[AC-wlan-st-stname] service-template enable
[AC-wlan-st-stname] quit
# 配置802.1X认证方式为EAP。
[AC] dot1x authentication-method eap
# 创建RADIUS方案imcc。配置主认证服务器的IP地址为10.1.1.3,与认证服务器交互报文时的共享密钥为明文12345678。配置主计费服务器的IP地址为10.1.1.3,与计费服务器交互报文时的共享密钥为明文12345678。配置发送给RADIUS服务器的用户名不带ISP域名。
[AC] radius scheme imcc
[AC-radius-imcc] primary authentication 10.1.1.3
[AC-radius-imcc] primary accounting 10.1.1.3
[AC-radius-imcc] key authentication simple 12345678
[AC-radius-imcc] key accounting simple 12345678
[AC-radius-imcc] user-name-format without-domain
[AC-radius-imcc] quit
# 创建认证域并配置使用RADIUS方案进行认证、授权、计费。
[AC] domain imc
[AC-isp-imc] authentication lan-access radius-scheme imcc
[AC-isp-imc] authorization lan-access radius-scheme imcc
[AC-isp-imc] accounting lan-access radius-scheme imcc
[AC-isp-imc] quit
# 创建AP,名称为1,并将无线服务模板acstname绑定到AP 1的Radio1上。
[AC] wlan ap 1 model WA4320i-ACN
[AC-wlan-ap-1] serial-id 210235A1BSC123000050
[AC-wlan-ap-1] radio 1
[AC-wlan-ap-1-radio-1] service-template acstname
[AC-wlan-ap-1-radio-1] radio enable
[AC-wlan-ap-1-radio-1] quit
[AC-wlan-ap-1] quit
# 创建AP,名称为2,并将无线服务模板acstname绑定到AP 2的Radio1上。
[AC] wlan ap 2 model WA4320i-ACN
[AC-wlan-ap-2] serial-id 210235A1BSC123000055
[AC-wlan-ap-2] radio 1
[AC-wlan-ap-2-radio-1] service-template acstname
[AC-wlan-ap-2-radio-1] radio enable
[AC-wlan-ap-2-radio-1] quit
[AC-wlan-ap-2] quit
# 客户端上线后,在AC上通过display wlan client verbose命令可以看到结果如下。
[AC] display wlan client verbose
Total number of clients: 1
MAC address??? ????????????????????: fc25-3f03-8361
IPv4 address?????????????????????? : 10.1.1.114
IPv6 address?????????????????????? : N/A
Username?????????????????????????? : N/A
AID??????????????????????????????? : 1
AP ID????????????????????????????? : 1
AP name??????????????????????????? : 1
Radio ID ??????????????????????????: 1
SSID?????????????????????????????? : service
BSSID????????????????????????????? : 000f-e266-7788
VLAN ID??????????????????????????? : 1
Sleep count??????????????????????? : 242
Wireless mode????????????????????? : 802.11ac
Channel bandwidth????????????????? : 80MHz
SM power save????????????????????? : Enabled
SM power save mode???????????????? : Dynamic
Short GI for 20MHz???????????????? : Supported
Short GI for 40MHz???????????????? : Supported
Short GI for 80MHz???????????????? : Supported
Short GI for 160/80+80MHz????? ????: Not supported
STBC RX capability?????????????? ??: Not supported
STBC TX capability?????????????? ??: Not supported
LDPC RX capability?????????????? ??: Not supported
SU beamformee capability???????? ??: Not supported
MU beamformee capability???????? ??: Not supported
Beamformee STS capability??????? ??: N/A
Block Ack????????????????????????? : TID 0 In
Supported VHT-MCS set??????????? ??: NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
??????????????????????????????????? ?NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set?????????????? : 0, 1, 2, 3, 4, 5, 6, 7,
???????????????????????????????????? 8, 9, 10, 11, 12, 13, 14,
???????????????????????????????????? 15, 16, 17, 18, 19, 20,
?? ??????????????????????????????????21, 22, 23
Supported rates??????????????????? : 6, 9, 12, 18, 24, 36,
???????????????????????????????????? 48, 54 Mbps
QoS mode?????????????????????????? : WMM
Listen interval ???????????????????: 10
RSSI????????????????? ?????????????: 62
Rx/Tx rate???????????????????????? : 130/11
Authentication method?????????? ???: Open system
Security mode??????????????????? ??: RSN
AKM mode???????????????????????? ??: 802.1X
Encryption cipher??????????????? ??: CCMP
User authentication mode???????? ??: 802.1X
Authorization ACL ID?????????????? : 3001(Not effective)
Authorization user profile???????? : N/A
Roam status?????????????????? ?????: N/A
Key derivation???????????????????? : SHA1
PMF status???????????????????????? : Enabled
Forward policy name???????????? ???: Not configured
Online time??????????????????????? : 0days 0hours 1minutes 13seconds
FT status??????????????????????? ??: Active
# 客户端漫游成功后,在AC上通过display wlan client verbose命令可以看到结果如下。
[AC] display wlan client verbose
Total number of clients: 1
MAC address??? ????????????????????: fc25-3f03-8361
IPv4 address?????????????????????? : 10.1.1.114
IPv6 address?????????????????????? : N/A
Username?????????????????????????? : N/A
AID??????????????????????????????? : 1
AP ID? ????????????????????????????: 2
AP name??????????????????????????? : 2
Radio ID?????????????????????????? : 1
SSID?????????????????????????????? : service
BSSID????????????????????????????? : 000f-e211-2233
VLAN ID??????????????????????????? : 1
Sleep count??????????????????????? : 242
Wireless mode????????????????????? : 802.11ac
Channel bandwidth????????????????? : 80MHz
SM power save????????????????????? : Enabled
SM power save mode???????????????? : Dynamic
Short GI for 20MHz???????????????? : Supported
Short GI for 40MHz???????????????? : Supported
Short GI for 80MHz???????????????? : Supported
Short GI for 160/80+80MHz????? ????: Not supported
STBC RX capability?????????????? ??: Not supported
STBC TX capability?????????????? ??: Not supported
LDPC RX capability?????????????? ??: Not supported
SU beamformee capability???????? ??: Not supported
MU beamformee capability???????? ??: Not supported
Beamformee STS capability??????? ??: N/A
Block Ack????????????????????????? : TID 0 In
Supported VHT-MCS set??????????? ??: NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
??????????????????????????????????? ?NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set?????????????? : 0, 1, 2, 3, 4, 5, 6, 7,
???????????????????????????????????? 8, 9, 10, 11, 12, 13, 14,
????????? ???????????????????????????15, 16, 17, 18, 19, 20,
???????????????????????????????????? 21, 22, 23
Supported rates??????????????????? : 6, 9, 12, 18, 24, 36,
???????????????????????????????????? 48, 54 Mbps
QoS mode?????????????????????????? : WMM
Listen interval ???????????????????: 10
RSSI?????????????????????????????? : 62
Rx/Tx rate???????????????????????? : 130/11
Authentication method????? ????????: FT
Security mode??????????????? ??????: RSN
AKM mode????????????????????? ?????: 802.1X
Encryption cipher????????????? ????: CCMP
User authentication mode??????? ???: 802.1X
Authorization ACL ID?????????????? : 3001(Not effective)
Authorization user profile???????? : N/A
Roam status?????????????????? ?????: Intra-AC roam
Key derivation???????????????????? : SHA1
PMF status???????????????????????? : Enabled
Forward policy name???????????? ???: Not configured
Online time??????????????????????? : 0days 0hours 5minutes 13seconds
FT status??????????????????????? ??: Active
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
