Got it
Huawei Enterprise Support Community
Community Forums WLAN
Huawei Wireless Access Co...

Huawei Wireless Access Controllers V200R003C00 Web Platform Configuration Guide-Example for Configuring MAC Address Authentication

Latest reply: Oct 19, 2017 09:58:01 1641 1 0 0 0
View the author 1#

18.8  Example for Configuring MAC Address Authentication

Networking Requirements

As shown in Figure 18-8, an enterprise connects the AC to the aggregation switch in bypass mode to manage the AP in centralized manner and provide a WLAN with the SSID huawei so that users can access the network anywhere at any time. The AC functions as the DHCP server to assign IP addresses to the AP and STA.

The WLAN authentication client cannot be installed on wireless devices providing public services, such as wireless printers and phones, so use MAC address authentication. The RADIUS server authenticates wireless devices using their MAC addresses. No authentication is required when STAs access the WLAN, facilitating the use of WLAN services.

Figure 18-8  Networking for configuring MAC address authentication 
9c9834d0eeb94c5598262863e6d5a7b9

Data Preparation

ItemData
Management VLAN for the APVLAN 100
Service VLAN for STAsVLAN 101
DHCP serverThe AC functions as the DHCP server for the AP and STAs.
IP address pool for the AP192.168.100.2 to 192.168.100.254/24
IP address pool for STAs

192.168.101.3 to 192.168.101.254/24

DNS: 8.8.8.8

Address that cannot be assigned: 192.168.101.2 of Router

AC ID/Country code0/CN
AC's source interfaceVLANIF 100
WLAN radio profile

Name: radio

WMM profile: wmm

WLAN service set

Name: huawei

SSID: huawei

WLAN ESS interface: WLAN-ESS1

Security profile: security

Traffic profile: traffic

Data forwarding mode: tunnel forwarding

AP's gateway

VLANIF 100: 192.168.100.1

STA's gateway

VLANIF 101: 192.168.101.1

STA user name and password

  • User name: 14cf92089abf
  • Password: 14cf92089abf
  • Authentication scheme: huawei
  • Authentication domain: huawei

RADIUS server

  • Server template: huawei
  • IP address: 192.168.102.1
  • Port number: 1812
  • Shared key: huawei123

Configuration Roadmap

The configuration roadmap is as follows:
  1. Use the configuration wizard to configure the AP to go online on the AC. Configure a management VLAN and a service VLAN.
  2. Configure a DNS server address in the DHCP address pool of the service VLAN to provide the DNS service for the STA.
  3. Configure a static route so that the AC forwards the packet to the router after receiving the packet from the STA.
  4. Configure a RADIUS authentication scheme, reference the scheme in an AAA domain, and enable MAC address authentication.
  5. Use the configuration wizard to configure the WLAN service and deliver the WLAN service to the AP.

Procedure

  1. Configure the switches and router.

    # Add GE0/0/1 and GE0/0/2 on the access switch to VLAN 100 (the default VLAN of GE0/0/1).

    # On the aggregation switch, add GE0/0/1 and GE0/0/2 to the management VLAN 100, and add GE0/0/2 and GE0/0/3 to the service VLAN 101.

    # Assign an IP address 192.168.101.2 to GE0/0/1 on Router and configure the router as the default gateway for the AC.

    # Configure a RADIUS server, set the user name and password to the MAC address of the STA without a delimiter, and set the shared key to huawei123.

  2. Configure the AP to go online on the AC.
    1. Choose Configuration Wizard > Configuration Wizard > AP Online Configuration Wizard. The AP Online Configuration Wizard page is displayed.
      3261ae2f641c405980710c8d72e763d9
    2. Configure the Ethernet interface.

      # On the Configure Ethernet Interface page, click 575354a25edd4421a8b43be075ad3ab5 next to GigabitEthernet0/0/1 to add the interface to VLAN 100 and VLAN 101 in tagged mode.
      acd712a64a9a4ff1a9606f8a535b835d

    3. Configure virtual interfaces.

      # Click Create on the Configure Virtual Interface page. The Create Virtual Interfacepage is displayed.

      # Configure an IP address 192.168.100.1/24 for VLANIF 100.
      aaeac19a85b54793a77f7f1e5cb0ea81

      # Configure an IP address 192.168.101.1/24 for VLANIF101.

      # Click Next.

    4. Configure DHCP.

      # Click Create on the Configure DHCP page. The Create IP Pool page is displayed.

      # Configure an IP address pool for VLANIF 100.
      a4cd27e8762b47189fe0a2dec841ab26

      # Configure an IP address pool for VLANIF 101. Specify that the IP address 192.168.101.2 in this address pool cannot be automatically assigned to STAs.
      4dd76e4d787748ae95521487689f2a7b

      # Click Next.

    5. Configure the AC.


      dbbbc9acb5094c1190e5d94cfab1181f

    6. Confirm the settings.

      On the Confirm Settings page, confirm that the settings are correct and then click Finish.

  3. Configure DNS.

    # Choose IP Service > DHCP > IP Pool and click 575354a25edd4421a8b43be075ad3ab5 next to Vlanif101 in IP Pool List to configure the DNS server address for the STA.

    47c735a0af4e4bbea94ca2c1e4479df6

  4. Configure a static route.

    # Choose IP Service > Route > Static Route Configuration to create a static route.
    b3260dafbcc44411868395065dcf6beb

  5. Configure RADIUS authentication.

    # Choose Security Management > AAA > AAA Schemes to create an authentication scheme.

    a9c1f34fb3db4e199d023fac731b5d84

    # Click the RADIUS Setting tab page to create a server template and set the shared key to the same as that configured on the RADIUS server.

    8b517160e1774e2595dac7cfe14088f1

    # Configure an authentication server.

    5c6bfa59033f423ab2994a7f466bd632

    # Click the Domain Management tab page to create a domain, and then bind the authentication scheme and RADIUS server template to the domain.

    490bc4d388d842228c96861be9609cbd

  6. Enable MAC address authentication globally.

    # Choose Security Management > MAC Authentication > Global MAC Authentication Configuration to enable MAC address authentication, and click Apply.

    eeea794338744e63a2c2ac210d1a3040

  7. Configure the WLAN service.
    1. Choose Configuration Wizard > Configuration Wizard > WLAN Configuration Wizard. The WLAN Configuration Wizard page is displayed.
      778f6d2d31f34716969a21fbc3bc373b
    2. Select Common WLAN Service and click Next.
    3. Add the AP.

      # Click Create on the Configure AP page. The Create AP page is displayed.

      # Set AP type to AP6010DN-AGN and MAC address to 60de-4476-e360 on the Create AP page to add the AP. 
      92a5d52d12b74cc8a5bdc3a0f50ee3c3

      Select the AP and click Next.

    4. Configure the radio.

      # Select 2.4 GHz.

      # Create a radio profile named radio. Create a WMM profile named wmm and use the default settings in the profile.
      55767d1124314e47a0e53ecc499b3a8f

      # Click Next.

    5. Configure the WLAN service.

      # On the Configure WLAN Service page, click Create to create a service set.
      03131ea295694ac88337ad6f9989e844

      # Create a traffic profile named traffic.
      af65b8a9692043c7a7f653effc6e195d

      # Create a security profile named security.
      dd6f4fd8c4744e73a0b94a45c84c7266

      # Create an ESS interface.
      71e684d1cd28462b83ece7ecffc17760

      # Select the created security profile, traffic profile, ESS interface, click Advanced, and set Forwarding mode to Tunnel.
      73874585a3424118920f49fd93d3310a

      # Click OK and then click Next.

    6. Confirm the settings.

      # Confirm that the settings are correct, and then click Finish. In the message that is displayed, confirm that the configuration is to be delivered to the AP.

  8. Verify the configuration.
    1. The WLAN with the SSID huawei is available for the STA.
    2. The STA can associate with the WLAN and obtain an IP address 192.168.101.x/24 and its gateway address is 192.168.101.1.
      4ad7b297fadf46c78e718eb16456f8d8
    3. Choose Terminal Management > Terminal Management > STA Management. You can see that the STA goes online successfully and obtains an IP address.
      590c9857fe9f4dd7b4244080673e9d26
From group: WLAN

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Huawei Wireless Access Controllers V200R003C00 Web Platform Configuration Guide-Example for Configuring Portal Authentication
Next: Huawei Wireless Access Controllers V200R003C00 Web Platform Configuration Guide-Example for Configuring 802.1x Authentication
(0) (0)
2#
WoodWood
Created Oct 19, 2017 09:58:01

Huawei Wireless Access Controllers V200R003C00 Web Platform Configuration Guide-Example for Configuring MAC Address Authentication
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.