How to configure the WAPI security policy on WLAN devices

For V200R003 and V200R005, you can perform the following steps on ACs or Fat APs to configure the WAPI security policy:

1. Run the security-profile { id profile-id | name profile-name } * command in the WLAN view to display the security profile view. The variable profile-id specifies the ID of a security profile, and profile-name specifies the name of the security profile.

2. Run the security-policy wapi command in the security profile view to set the security policy to WAPI.

By default, WAPI uses WAPI-CERT authentication + WPI encryption.

3. Configure the authentication mode for WAPI:

- Set the authentication mode to WAPI-PSK, that is, PSK authentication.

Run the wapi authentication-method psk { pass-phrase | hex } cipher cipher-key command in the security profile view to set the authentication mode to PSK authentication for WAPI and configure the shared key. The variable cipher-key specifies the password in cipher text.

- Set the authentication mode to WAPI-CERT, that is, certificate authentication.

a. Run the wapi authentication-method certificate command in the security profile view to set the authentication mode to certificate authentication for WAPI.

b. For ACs: Run the wapi import certificate { ac | asu | issuer } file-name file-name [ password cipher cipher-password ] command in the security profile view to import the AC certificate file, certificate of the AC certificate issuer, and ASU certificate file. The variable file-name specifies the AC certificate file name, and cipher-password specifies the AC certificate key in cipher text.

For Fat APs: Run the wapi import certificate { ap | asu | issuer } file-name file-name [ password cipher cipher-password ] command in the security profile view to import the AP certificate file, certificate of the AP certificate issuer, and ASU certificate file. The variable file-name specifies the AP certificate file name, and cipher-password specifies the AP certificate key in cipher text.

c. For ACs: Run the wapi import private-key file-name file-name [ password cipher cipher-password ] command in the security profile view to import the AC private key file. The variable file-name specifies the name of the AC private key file, and cipher-password specifies the AC private key file in cipher text.

For Fat APs: Run the wapi import private-key file-name file-name [ password cipher cipher-password ] command in the security profile view to import the AP private key file. The variable file-name specifies the name of the AP private key file, and cipher-password specifies the AP private key file in cipher text.

d. Run the wapi asu ip ip-address command in the security profile view to configure the IP address of the ASU server. The variable ip-address specifies the IP address of the ASU server.

4. Run the commit { all | ap ap-id } command in the WLAN view to deliver configurations to the APs (applicable only to the AC). The variable ap-id specifies the AP ID.

Scroll to top