09-WLAN Roaming Configuration Guide

HomeSupportConfigure & DeployConfiguration GuidesH3C Anchor Configuration Guide(R5436)-6W10109-WLAN Roaming Configuration Guide
02-802.11r configuration
Title Size Download
02-802.11r configuration 153.28 KB

Configuring 802.11r

About 802.11r

802.11r fast BSS transition (FT) minimizes the delay when a client roams from a BSS to another BSS within the same ESS. During 802.11r FT, a client needs to exchange messages with the target AP.

802.11r operating mechanism

FT provides the following message exchanging methods:

·     Over-the-air—The client communicates directly with the target AP for pre-roaming authentication.

·     Over-the-DS—The client communicates with the target AP through the current AP for pre-roaming authentication.

Intra-AC roaming through over-the-air FT

As shown in Figure 1, the client is associated with AP 1. Intra-AC roaming through over-the-air FT uses the following process:

1.     The client sends an FT authentication request to AP 2.

2.     AP 2 sends an FT authentication response to the client.

3.     The client sends a reassociation request to AP 2.

4.     AP 2 sends a reassociation response to the client.

5.     The client roams to AP 2.

Figure 1 Intra-AC roaming through over-the-air FT

Intra-AC roaming through over-the-DS FT

As shown in Figure 2, the client is associated with AP 1. Intra-AC roaming through over-the-DS FT uses the following process:

1.     After the client comes online, the AC creates a roaming entry and saves it for the client.

2.     The client sends an FT authentication request to AP 1.

3.     AP 1 sends an FT authentication response to the client.

4.     The client sends a reassociation request to AP 2.

5.     AP 2 sends a reassociation response to the client.

6.     The client roams to AP 2.

Figure 2 Intra-AC roaming through over-the-DS FT

Protocols and standards

802.11r IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements

Restrictions and guidelines: 802.11r configuration

When you configure 802.11r, follow these restrictions and guidelines:

·     To enable a client that does not support FT to access the WLAN, create two service templates using the same SSID: one enabled with FT and the other not.

·     To prevent a client from coming online every time the periodic re-authentication timer expires, do not enable FT and 802.1X periodic re-authentication for the same service template. For more information about 802.1X periodic re-authentication, see User Access and Authentication Configuration Guide.

·     PTK updates are not supported for clients that have been associated with a WLAN through FT. For more information about PTK updates, see WLAN Security Configuration Guide.

Configuring 802.11r

1.     Enter system view.

system-view

2.     Enter service template view.

wlan service-template service-template-name

3.     Enable FT.

ft enable

By default, FT is disabled.

4.     (Optional.) Set the FT method.

ft method { over-the-air | over-the-ds }

By default, the FT method is over-the-air.

5.     (Optional.) Set the reassociation timeout timer.

ft reassociation-timeout timeout

By default, the association timeout timer is 20 seconds.

The roaming process is terminated if a client does not send any reassociation requests before the timeout timer expires.

802.11r configuration examples (intra-AC)

Example: Configuring over-the-DS FT and PSK authentication

Network configuration

As shown in Figure 3, configure intra-AC roaming through over-the-DS FT to enable the client to roam between AP 1 and AP 2. Configure PSK as the authentication and key management mode.

Figure 3 Network diagram

Procedure

# Create service template acstname.

<AC> system-view

[AC] wlan service-template acstname

# Set the SSID to service.

[AC-wlan-st-acstname] ssid service

# Set the authentication and key management mode to PSK, and configure simple string 12345678 as the PSK.

[AC-wlan-st-acstname] akm mode psk

[AC-wlan-st-acstname] preshared-key pass-phrase simple 12345678

# Set the CCMP cipher suite and enable the RSN IE in the beacon and probe responses.

[AC-wlan-st-acstname] cipher-suite ccmp

[AC-wlan-st-acstname] security-ie rsn

# Enable FT.

[AC-wlan-st-acstname] ft enable

# Set the reassociation timeout timer to 50 seconds.

[AC-wlan-st-acstname] ft reassociation-timeout 50

# Set the FT method to over-the-DS.

[AC-wlan-st-acstname] ft method over-the-ds

# Enable the service template.

[AC-wlan-st-acstname] service-template enable

[AC-wlan-st-acstname] quit

# Create AP 1, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 1 model WA536-WW

[AC-wlan-ap-1] serial-id 210235A1BSC123000050

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template acstname

[AC-wlan-ap-1-radio-1] radio enable

[AC-wlan-ap-1-radio-1] quit

[AC-wlan-ap-1] quit

# Create AP 2, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 2 model WA536-WW

[AC-wlan-ap-2] serial-id 210235A1BSC123000055

[AC-wlan-ap-2] radio 1

[AC-wlan-ap-2-radio-1] service-template acstname

[AC-wlan-ap-2-radio-1] radio enable

[AC-wlan-ap-2-radio-1] quit

[AC-wlan-ap-2] quit

Verifying the configuration

# Verify that the service template is correctly configured.

[AC] display wlan service-template acstname verbose

Service template name        : acstname

Description                  : Not configured

SSID                         : service

SSID-hide                    : Disabled

User-isolation               : Disabled

Service template status      : Enabled

Maximum clients per BSS      : Not configured

Frame format                 : Dot3

Seamless-roam status         : Disabled

Seamless-roam RSSI threshold : 50

Seamless-roam RSSI gap       : 20

VLAN ID                      : 1

AKM mode                     : PSK

Security IE                  : RSN

Cipher suite                 : CCMP

TKIP countermeasure time     : 0 sec

PTK lifetime                 : 43200 sec

GTK rekey                    : Enabled

GTK rekey method             : Time-based

GTK rekey time               : 86400 sec

GTK rekey client-offline     : Disabled

User authentication mode     : Bypass

Intrusion protection         : Disabled

Intrusion protection mode    : Temporary-block

Temporary block time         : 180 sec

Temporary service stop time  : 20 sec

Fail VLAN ID                 : Not configured

802.1X handshake             : Disabled

802.1X handshake secure      : Disabled

802.1X domain                : Not configured

MAC-auth domain              : Not configured

Max 802.1X users             : 4096

Max MAC-auth users           : 4096

802.1X re-authenticate       : Disabled

Authorization fail mode      : Online

Accounting fail mode         : Online

Authorization                : Permitted

Key derivation               : SHA1

PMF status                   : Disabled

Hotspot policy number        : Not configured

Forwarding policy status     : Disabled

Forwarding policy name       : Not configured

Forwarder                    : AC

FT Status                    : Enable

FT Method                    : over-the-ds

FT Reassociation Deadline    : 50 sec

QoS trust                    : Port

QoS priority                 : 0

# Verify that the roaming status is N/A and the FT status is Active.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : 1

Radio ID                           : 1

SSID                               : service

BSSID                              : 000f-e266-7788

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : Open system

Security mode                      : RSN

AKM mode                           : PSK

Encryption cipher                  : CCMP

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Active

# Move the client to the coverage of AP 2. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 2

AP name                            : 2

Radio ID                           : 1

SSID                               : service

BSSID                              : 000f-e211-2233

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : FT

Security mode                      : RSN

AKM mode                           : PSK

Encryption cipher                  : CCMP

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : Intra-AC roam

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 5minutes 13seconds

FT status                          : Active

Example: Configuring over-the-air FT and PSK authentication

Network configuration

As shown in Figure 3, configure intra-AC roaming through over-the-air FT to enable the client to roam between AP 1 and AP 2. Configure PSK as the authentication and key management mode.

Procedure

# Create service template acstname.

<AC> system-view

[AC] wlan service-template acstname

# Set the SSID to service.

[AC-wlan-st-acstname] ssid service

# Set the authentication and key management mode to PSK, and configure simple string 12345678 as the PSK.

[AC-wlan-st-acstname] akm mode psk

[AC-wlan-st-acstname] preshared-key pass-phrase simple 12345678

# Enable the RSN IE in the beacon and probe responses.

[AC-wlan-st-acstname] cipher-suite ccmp

[AC-wlan-st-acstname] security-ie rsn

# Enable FT.

[AC-wlan-st-acstname] ft enable

# Set the reassociation timeout timer to 50 seconds.

[AC-wlan-st-acstname] ft reassociation-timeout 50

# Enable the service template.

[AC-wlan-st-acstname] service-template enable

[AC-wlan-st-acstname] quit

# Create AP 1, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 1 model WA536-WW

[AC-wlan-ap-1] serial-id 210235A1BSC123000050

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template acstname

[AC-wlan-ap-1-radio-1] radio enable

[AC-wlan-ap-1-radio-1] quit

[AC-wlan-ap-1] quit

# Create AP 2, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 2 model WA536-WW

[AC-wlan-ap-2] serial-id 210235A1BSC123000055

[AC-wlan-ap-2] radio 1

[AC-wlan-ap-2-radio-1] service-template acstname

[AC-wlan-ap-2-radio-1] radio enable

[AC-wlan-ap-2-radio-1] quit

[AC-wlan-ap-2] quit

Verifying the configuration

# Verify the following information:

·     RSN IE is enabled.

·     The AKM mode is PSK.

·     The cipher suite is CCMP.

·     The FT status is Active.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : 1

Radio ID                           : 1

SSID                               : service

BSSID                              : 000f-e266-7788

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : Open system

Security mode                      : RSN

AKM mode                           : PSK

Encryption cipher                  : CCMP

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Active

# Move the client to the coverage of AP 2. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 2

AP name                            : 2

Radio ID                           : 1

SSID                               : service

BSSID                              : 000f-e211-2233

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : FT

Security mode                      : RSN

AKM mode                           : PSK

Encryption cipher                  : CCMP

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : Intra-AC roam

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 5minutes 13seconds

FT status                          : Active

Example: Configuring over-the-DS FT and 802.1X authentication

Network configuration

As shown in Figure 3, configure intra-AC roaming through over-the-DS FT to enable the client to roam between AP 1 and AP 2. Configure 802.1X as the authentication and key management mode.

Procedure

# Create service template acstname.

<AC> system-view

[AC] wlan service-template acstname

# Set the SSID to service.

[AC-wlan-st-acstname] ssid service

# Set the AKM mode to 802.1X.

[AC-wlan-st-acstname] akm mode dot1x

# Enable the RSN IE in the beacon and probe responses.

[AC-wlan-st-acstname] cipher-suite ccmp

[AC-wlan-st-acstname] security-ie rsn

# Set the authentication mode to 802.1X for clients.

[AC-wlan-st-acstname] client-security authentication-mode dot1x

[AC-wlan-st-acstname] dot1x domain imc

# Enable FT.

[AC-wlan-st-acstname] ft enable

# Set the FT method to over-the-DS.

[AC-wlan-st-acstname] ft method over-the-ds

# Enable the service template.

[AC-wlan-st-acstname] service-template enable

[AC-wlan-st-acstname] quit

# Set the 802.1X authentication mode to EAP.

[AC] dot1x authentication-method eap

# Create RADIUS scheme imcc.

[AC] radius scheme imcc

# Set the IP address of the primary authentication and accounting servers to 10.1.1.3.

[AC-radius-imcc] primary authentication 10.1.1.3

[AC-radius-imcc] primary accounting 10.1.1.3

# Set the shared key for the AC to exchange packets with the authentication and accounting servers to 12345678.

[AC-radius-imcc] key authentication simple 12345678

[AC-radius-imcc] key accounting simple 12345678

# Configure the AC to remove the ISP domain name from usernames sent to the RADIUS server.

[AC-radius-imcc] user-name-format without-domain

[AC-radius-imcc] quit

# Create ISP domain imc, and configure the domain to use the RADIUS scheme imcc for authentication, authorization, and accounting.

[AC] domain imc

[AC-isp-imc] authentication lan-access radius-scheme imcc

[AC-isp-imc] authorization lan-access radius-scheme imcc

[AC-isp-imc] accounting lan-access radius-scheme imcc

[AC-isp-imc] quit

# Create AP 1, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 1 model WA536-WW

[AC-wlan-ap-1] serial-id 210235A1BSC123000050

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template acstname

[AC-wlan-ap-1-radio-1] radio enable

[AC-wlan-ap-1-radio-1] quit

[AC-wlan-ap-1] quit

# Create AP 2, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 2 model WA536-WW

[AC-wlan-ap-2] serial-id 210235A1BSC123000055

[AC-wlan-ap-2] radio 1

[AC-wlan-ap-2-radio-1] service-template acstname

[AC-wlan-ap-2-radio-1] radio enable

[AC-wlan-ap-2-radio-1] quit

[AC-wlan-ap-2] quit

Verifying the configuration

# Verify that the service template is correctly configured.

[AC] display wlan service-template acstname verbose

Service template name        : acstname

Description                  : Not configured

SSID                         : service

SSID-hide                    : Disabled

User-isolation               : Disabled

Service template status      : Enabled

Maximum clients per BSS      : Not configured

Frame format                 : Dot3

Seamless-roam status         : Disabled

Seamless-roam RSSI threshold : 50

Seamless-roam RSSI gap       : 20

VLAN ID                      : 1

AKM mode                     : 802.1X

Security IE                  : RSN

Cipher suite                 : CCMP

TKIP countermeasure time     : 0 sec

PTK lifetime                 : 43200 sec

GTK rekey                    : Enabled

GTK rekey method             : Time-based

GTK rekey time               : 86400 sec

GTK rekey client-offline     : Disabled

User authentication mode     : 802.1X

Intrusion protection         : Disabled

Intrusion protection mode    : Temporary-block

Temporary block time         : 180 sec

Temporary service stop time  : 20 sec

Fail VLAN ID                 : Not configured

802.1X handshake             : Disabled

802.1X handshake secure      : Disabled

802.1X domain                : imc

MAC-auth domain              : Not configured

Max 802.1X users             : 4096

Max MAC-auth users           : 4096

802.1X re-authenticate       : Disabled

Authorization fail mode      : Online

Accounting fail mode         : Online

Authorization                : Permitted

Key derivation               : SHA1

PMF status                   : Disabled

Hotspot policy number        : Not configured

Forwarding policy status     : Disabled

Forwarding policy name       : Not configured

Forwarder                    : AC

FT Status                    : Enable

FT Method                    : over-the-ds

FT Reassociation Deadline    : 20 sec

QoS trust                    : Port

QoS priority                 : 0

# Verify that the roaming status is N/A and the FT status is Active.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : 1

Radio ID                           : 1

SSID                               : service

BSSID                              : 000f-e266-7788

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : Open system

Security mode                      : RSN

AKM mode                           : 802.1X

Encryption cipher                  : CCMP

User authentication mode           : 802.1X

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Active

# Move the client to the coverage of AP 2. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 2

AP name                            : 2

Radio ID                           : 1

SSID                               : service

BSSID                              : 000f-e211-2233

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : FT

Security mode                      : RSN

AKM mode                           : 802.1X

Encryption cipher                  : CCMP

User authentication mode           : 802.1X

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : Intra-AC roam

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 5minutes 13seconds

FT status                          : Active

Example: Configuring over-the-air FT and 802.1X authentication

Network configuration

As shown in Figure 3, configure intra-AC roaming through over-the-air FT to enable the client to roam between AP 1 and AP 2. Configure 802.1X as the authentication and key management mode.

Procedure

# Create service template acstname.

<AC> system-view

[AC] wlan service-template acstname

# Set the SSID to service.

[AC-wlan-st-acstname] ssid service

# Set the AKM mode to 802.1X.

[AC-wlan-st-acstname] akm mode dot1x

# Enable the RSN IE in the beacon and probe responses.

[AC-wlan-st-acstname] cipher-suite ccmp

[AC-wlan-st-acstname] security-ie rsn

# Set the authentication mode to 802.1X for clients.

[AC-wlan-st-acstname] client-security authentication-mode dot1x

[AC-wlan-st-acstname] dot1x domain imc

# Enable FT.

[AC-wlan-st-acstname] ft enable

# Enable the service template.

[AC-wlan-st-acstname] service-template enable

[AC-wlan-st-acstname] quit

# Set the 802.1X authentication mode to EAP.

[AC] dot1x authentication-method eap

# Create RADIUS scheme imcc.

[AC] radius scheme imcc

# Set the IP address of the primary authentication and accounting servers to 10.1.1.3.

[AC-radius-imcc] primary authentication 10.1.1.3

[AC-radius-imcc] primary accounting 10.1.1.3

# Set the shared key for the AC to exchange packets with the authentication and accounting servers to 12345678.

[AC-radius-imcc] key authentication simple 12345678

[AC-radius-imcc] key accounting simple 12345678

# Configure the AC to remove the ISP domain name from usernames sent to the RADIUS server.

[AC-radius-imcc] user-name-format without-domain

[AC-radius-imcc] quit

# Create ISP domain imc, and configure the domain to use RADIUS scheme imcc for authentication, authorization, and accounting.

[AC] domain imc

[AC-isp-imc] authentication lan-access radius-scheme imcc

[AC-isp-imc] authorization lan-access radius-scheme imcc

[AC-isp-imc] accounting lan-access radius-scheme imcc

[AC-isp-imc] quit

# Create AP 1, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 1 model WA536-WW

[AC-wlan-ap-1] serial-id 210235A1BSC123000050

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template acstname

[AC-wlan-ap-1-radio-1] radio enable

[AC-wlan-ap-1-radio-1] quit

[AC-wlan-ap-1] quit

# Create AP 2, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 2 model WA536-WW

[AC-wlan-ap-2] serial-id 210235A1BSC123000055

[AC-wlan-ap-2] radio 1

[AC-wlan-ap-2-radio-1] service-template acstname

[AC-wlan-ap-2-radio-1] radio enable

[AC-wlan-ap-2-radio-1] quit

[AC-wlan-ap-2] quit

Verifying the configuration

# Verify the following information:

·     RSN IE is enabled.

·     The AKM mode is 802.1X.

·     The cipher suite is CCMP.

·     The FT status is Active.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : 1

Radio ID                           : 1

SSID                               : service

BSSID                              : 000f-e266-7788

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : Open system

Security mode                      : RSN

AKM mode                           : 802.1X

Encryption cipher                  : CCMP

User authentication mode           : 802.1X

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Active

# Move the client to the coverage of AP 2. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 2

AP name                            : 2

Radio ID                           : 1

SSID                               : service

BSSID                              : 000f-e211-2233

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : FT

Security mode                      : RSN

AKM mode                           : 802.1X

Encryption cipher                  : CCMP

User authentication mode           : 802.1X

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : Intra-AC roam

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 5minutes 13seconds

FT status                          : Active

 

 

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网