1.配置文件
<AP>displaycurrent-configuration
#
version5.00,0001
#
sysnameAP
#
domaindefaultenablesystem
#
port-securityenable
#
vlan1
#
radiusschemesystem
primaryauthentication127.0.0.1
primaryaccounting127.0.0.1
keyauthenticationh3c
keyaccountingh3c
accounting-onenable
domainsystem
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
#
wlanservice-template2crypto
ssidh3c-wpa2-psk
authentication-methodopen-system
cipher-suiteccmp
security-iersn
service-templateenable
#
interfaceNULL0
#
interfaceVlan-interface1
ipaddress192.168.1.50255.255.255.0
#
interfaceEthernet1/0/1
#
interfaceEthernet1/0/2
#
interfaceWLAN-BSS2
port-securityport-modepsk
port-securitytx-key-type11key
port-securitypreshared-keypass-phrase12345678
4
#
interfaceWLAN-Radio1/0/1
#
interfaceWLAN-Radio1/0/2
service-template2interfacewlan-bss2
#
iproute-static0.0.0.00.0.0.0192.168.1.1
#
user-interfacecon0
user-interfacevty04
#
return


################################################################


2.配置步骤
在RSN接入端(AP)配置RSN
(1)启用port-security
[AP]port-securityenable
(2)配置无线接口,认证方式为PSK
[AP]interfaceWLAN-BSS2
#配置无线端口WLAN-BSS2的端口安全模式为psk。
[AP-WLAN-BSS2]port-securityport-modepsk
#在接口WLAN-BSS2下使能11key类型的密钥协商功能。
[AP-WLAN-BSS2]port-securitytx-key-type11key
#在接口WLAN-BSS2下配置预共享密钥为12345678。
[AP-WLAN-BSS2]port-securitypreshared-keypass-phrase12345678
(3)配置无线服务模板(下面的RSN即WPA2)
#创建一个crypto类型的服务模板2。
[AP-wlan-rp-rp]wlanservice-template2crypto
#设置服务模板2的SSID为h3c-wpa2-psk。
[AP-wlan-st-2]ssidh3c-wpa2-psk

#设置隐藏SSID。
[AP-wlan-st-2]beaconssid-hide

#使能开放式系统认证。
[AP-wlan-st-2]authentication-methodopen-system
#使能CCMP加密套件。
[AP-wlan-st-2]cipher-suiteccmp
#配置信标和探查帧携带RSNIE信息。
[AP-wlan-st-2]security-iersn
#使能服务模板2。
[AP-wlan-st-2]service-templateenable
(4)在射频口WLAN-Radio1/0/2绑定无线服务模板2和无线口WLAN-BSS2。
[AP]interfaceWLAN-Radio1/0/2
[AP-WLAN-Radio1/0/2]service-template2interfaceWLAN-BSS2
5
(5)配置VLAN虚接口
[AP1]interfaceVlan-interface1
[AP-Vlan-interface1]ipaddress192.168.1.50255.255.255.0
(6)配置缺省路由
[AP-Vlan-interface1]iproute-static0.0.0.00.0.0.0192.168.1.1



PS:如需要SSID与VLAN绑定,仅需要建立VLAN,配置VLAN虚接口,把SSID服务模版绑定的无线口划到该Vlan下即可!