HPE Community
Comware Wireless / Unified Series
1833648 Members
4589 Online
110062 Solutions
New Discussion

Re: WX 2200 MAC Authentication

 
CleitonLacerda
New Member

‎05-27-2010 08:13 AM

‎05-27-2010 08:13 AM

WX 2200 MAC Authentication

Bom dia senhores, tudo tranqüilo? Espero que sim!


Estou precisando de uma ajuda, preciso configurar uma rede wireless para além da autenticação WPA só aceite conexões de endereços MAC cadastrados.


Configurei como imagem anexo, mas os dispositivos que não tem o MAC cadastrado continuam acessando.


 


Abraço



Good morning gentlemen, all quiet? I hope so!


I need a help, I need to configure a wireless network in addition to WPA only accept connections from MAC addresses registered.


Configured as an image attachment, but the devices that it has registered the MAC continue accessing.


 


HugCAESB_WX# display configuration


# Configuration nvgen'd at 2010-5-25 16:15:34



# Image 7.0.5.6.0



# Model WX2200



# Last change occurred at 2010-5-25 12:19:43



set ip route default 10.195.8.1 1



set system name CAESB_WX



set system ip-address 1.1.1.1



set system countrycode BR



set timezone -3 0 0



set service-profile CAESB_VISITANTES ssid-name WIFI_CONVIDADOS



set service-profile CAESB_VISITANTES ssid-type clear



set service-profile CAESB_VISITANTES auth-fallthru web-portal



set service-profile CAESB_VISITANTES cipher-tkip enable



set service-profile CAESB_VISITANTES auth-dot1x disable



set service-profile CAESB_VISITANTES web-portal-acl portalacl



set service-profile CAESB_VISITANTES attr vlan-name WIFI_CONVIDADOS



set service-profile CAESB_WPA_CEL ssid-name WIFI_CELULAR



set service-profile CAESB_WPA_CEL auth-fallthru last-resort



set service-profile CAESB_WPA_CEL cipher-tkip enable



set service-profile CAESB_WPA_CEL wpa-ie enable



set service-profile CAESB_WPA_CEL psk-encrypted 0357595d0759234f4c0f4d5c4716080e057f72747d3033771203470102020a09010c58071b410e01550b5402055c0a5350080353445555085952097514485b4004



set service-profile CAESB_WPA_CEL auth-psk enable



set service-profile CAESB_WPA_CEL auth-dot1x disable



set service-profile WIFI_CAESB ssid-name WIFI_CAESB



set service-profile WIFI_CAESB cipher-tkip enable



set service-profile WIFI_CAESB wpa-ie enable



set service-profile WIFI_CAESB attr vlan-name USUARIOS



set radius server SERVIDOR_RADIUS_1 address 10.115.1.3 timeout 5 retransmit 3 deadtime 0 encrypted-key 04690a0206345f6e2a18000410



set server group GRUPO-SERVIDOR_RADIUS_1 members SERVIDOR_RADIUS_1



set enablepass password 095fe9b3b6eeead79ddaaa598bc087454417



set accounting mac ssid WIFI_CELULAR 00:25:47:ff:10:e0 start-stop local



set authentication web ssid WIFI_CONVIDADOS ** local



set authentication mac ssid WIFI_CELULAR 00:25:47:ff:10:e0 local



set authentication dot1x ssid WIFI_CAESB ** pass-through GRUPO-SERVIDOR_RADIUS_1



set usergroup WIFI-GUEST expire-password-in 24h



set usergroup WIFI-GUEST attr vlan-name WIFI_CONVIDADOS



set user admin password encrypted 011007014809151a315c411b0d



set mac-usergroup MAC_WIFI_CELULAR attr encryption-type 36



set mac-usergroup MAC_WIFI_CELULAR attr ssid WIFI_CELULAR



set mac-usergroup MAC_WIFI_CELULAR attr vlan-name WIFI_CONVIDADOS



set mac-user 00:25:47:ff:10:e0 group MAC_WIFI_CELULAR



set mac-user 00:25:47:ff:10:e0 attr encryption-type 36



set mac-user 00:25:47:ff:10:e0 attr ssid WIFI_CELULAR



set mac-user 00:25:47:ff:10:e0 attr filter-id VISITANTES.in



set mac-user 00:25:47:ff:10:e0 attr filter-id VISITANTES.out



set radio-profile default service-profile WIFI_CAESB



set radio-profile default service-profile CAESB_VISITANTES



set radio-profile default service-profile CAESB_WPA_CEL



set ap auto mode enable



set ap 1 serial-id 9h7cband16780 model AP3150



set ap 1 name MAP01



set ap 1 radio 1 mode enable



set ap 1 radio 2 mode enable



set ap 2 serial-id 9h7cbkp616ac0 model AP3150



set ap 2 name MAP01



set ap 2 radio 1 mode enable



set ap 2 radio 2 mode enable



set ap 3 serial-id 9h7cbkp616780 model AP3150



set ap 3 name MAP03



set ap 3 radio 1 mode enable



set ap 3 radio 2 mode enable



set ap 4 serial-id 9h7cbend40940 model AP3150



set ap 4 name MAP04



set ap 4 radio 1 mode enable



set ap 4 radio 2 mode enable



set ap 5 serial-id 9h7cbend43240 model AP3150



set ap 5 name MAP05



set ap 5 radio 2 mode enable



set ap 6 serial-id 9h7cbkp611b40 model AP3150



set ap 6 name MAP06



set ap 6 radio 1 mode enable



set ap 6 radio 2 mode enable



set ap 7 serial-id 9h7catnc9b680 model AP3150



set ap 7 name MAP07



set ap 7 radio 1 mode enable



set ap 7 radio 2 mode enable



set ap 8 serial-id 9h7cbkp619140 model AP3150



set ap 8 name MAP08



set ap 8 radio 1 mode enable



set ap 8 radio 2 mode enable



set ap 9 serial-id 9h7cbhp5fd040 model AP3150



set ap 9 name MAP09



set ap 9 radio 1 mode enable



set ap 9 radio 2 mode enable



set ap 10 serial-id 9h7cbend40580 model AP3150



set ap 10 name MAP10



set ap 10 radio 1 mode enable



set ap 10 radio 2 mode enable



set ap 11 serial-id 9h7cband16740 model AP3150



set ap 11 radio 1 mode enable



set ap 11 radio 2 mode enable



set ap 12 serial-id 9h7cbend411c0 model AP3150



set ap 12 name MAP12



set ap 12 radio 1 mode enable



set ap 12 radio 2 mode enable



set ap 13 serial-id 9h7cbend42040 model AP3150



set ap 13 name MAP13



set ap 13 radio 1 mode enable



set ap 13 radio 2 mode enable



set ap 14 serial-id 9h7cbkp60fa40 model AP3150



set ap 14 name MAP14



set ap 14 radio 1 mode enable



set ap 14 radio 2 mode enable



set ap 15 serial-id 9h7cbkp619ec0 model AP3150



set ap 15 name MAP15



set ap 15 radio 1 mode enable



set ap 15 radio 2 mode enable



set ap 16 serial-id 9h7cbend3b240 model AP3150



set ap 16 name MAP16



set ap 16 radio 1 mode enable



set ap 16 radio 2 mode enable



set ap 17 name MAP17



set ap 17 radio 1 mode enable



set ap 17 radio 2 mode enable



set ap 18 serial-id 9h7cbkp616940 model AP3150



set ap 18 name MAP18



set ap 18 radio 1 mode enable



set ap 18 radio 2 mode enable



set ap 19 serial-id 9h7cbkp614140 model AP3150



set ap 19 name MAP19



set ap 19 radio 1 mode enable



set ap 19 radio 2 mode enable



set ap 20 serial-id 9h7cbkp612cc0 model AP3150



set ap 20 name MAP20



set ap 20 radio 1 mode enable



set ap 20 radio 2 mode enable



set ip snmp server enable



set snmp protocol v2c enable



set vlan 1 name USUARIOS



set vlan 1 port 1



set vlan 1 port 2



set vlan 1 port 3



set vlan 80 name GERENCIA



set vlan 80 port 2 tag 80



set vlan 80 port 3 tag 80



set vlan 300 name WIFI_CONVIDADOS



set vlan 300 port 1 tag 300



set vlan 300 port 2 tag 300



set vlan 300 port 3 tag 300



set spantree priority  32768 vlan 80



set spantree priority  32768 vlan 300



set interface 1 ip 1.1.1.1 255.255.255.0



set interface 1 ip dhcp-server disable start 192.168.1.1 stop 192.168.1.254



set interface 80 ip 10.195.8.3 255.255.255.0



set interface 80 ip dhcp-server enable start 10.195.8.200 stop 10.195.8.230 default-router 10.195.8.1



set interface 300 ip 10.195.11.2 255.255.255.0



set interface 300 ip dhcp-server enable start 10.195.11.10 stop 10.195.11.200 primary-dns 208.67.222.222 secondary-dns 208.67.220.220 default-router 10.195.11.1



set snmp community name gerenc1a_ca3sb access read-only



set security acl name VISITANTES deny ip 10.195.11.0 0.0.0.255 10.195.1.0 0.0.0.255



set security acl name VISITANTES deny ip 10.195.11.0 0.0.0.255 10.195.2.0 0.0.0.255



set security acl name VISITANTES permit 0.0.0.0 255.255.255.255



commit security acl VISITANTES



set security acl name portalacl permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67



set security acl name portalacl deny 0.0.0.0 255.255.255.255 capture



commit security acl portalacl



CAESB_WX#



 



0 Kudos
1 REPLY 1
anagamine
Advisor

‎06-11-2010 08:37 AM

‎06-11-2010 08:37 AM

Re: WX 2200 MAC Authentication

Olá Cleiton, tente o comando abaixo:



Hi Cleiton, try to perform the command below:



=========



set security acl name <SSID> <permit/deny> mac <mac-address> 00:00:00:00:00:00 00:00:00:00:00:00 ff:ff:ff:ff:ff:ff ethertype any



0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.