How to configure the WPA and WPA2 security policy on WLAN devices

For V200R003 and V200R005, you can perform the following steps on ACs or Fat APs to configure the WPA/WPA2 security policy:
1. Run the security-profile { id profile-id | name profile-name } * command in the WLAN view to display the security profile view. The variable profile-id specifies the ID of a security profile, and profile-name specifies the name of the security profile.
2. Run the security-policy { wpa | wpa2 | wpa-wpa2 } command in the security profile view to configure a security policy.
- By default, WPA uses 802.1x authentication + TKIP encryption.
- By default, WPA2 uses 802.1x authentication + CCMP encryption.
By default, WPA-WPA2 uses 802.1x authentication + TKIP-CCMP encryption.
After the security policy is specified, you can use its default authentication and encryption mode, or perform the following steps to configure the authentication and encryption modes.
3. Configure the authentication and encryption modes:
- Configure 802.1x authentication + TKIP-CCMP encryption:
Run the { wpa | wpa2 | wpa-wpa2 } authentication-method dot1x encryption-method { tkip | ccmp | tkip-ccmp } command in the security profile view to configure the 802.1x authentication and data encryption algorithm for WPA/WPA2.
- Configure PSK authentication + TKIP-CCMP encryption:
Run the { wpa | wpa2 | wpa-wpa2 } authentication-method psk { pass-phrase | hex } cipher cipher-key encryption-method { tkip | ccmp | tkip-ccmp } command in the security profile view to configure the PSK and data encryption algorithm for WPA/WPA2. The variable cipher-key specifies the password in cipher text.
4. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs (applicable only to the AC). The variable ap-id specifies the AP ID.

Scroll to top