华为无线设备安全策略配置命令

[huawei]wlan
[huawei-wlan-view]security-profile name s1 //进入指定的安全模板视图
[huawei-wlan-sec-prof-s1]security open //配置安全策略为开放认证, 缺省为open
[huawei-wlan-sec-prof-s1]security wep //配置安全策略为WEP
[huawei-wlan-sec-prof-s1]wep key 0 wep-40 pass-phrase abc@1234 //配置WEP的共享密钥和密钥索引,缺省使用WEP-40方式认证，密钥为Admin
[huawei-wlan-sec-prof-s1]wep key 0 wep-104 pass-phrase abc@1234
[huawei-wlan-sec-prof-s1]wep key 0 wep-128 pass-phrase abc@1234
[huawei-wlan-sec-prof-s1]wep default-key 0 //配置WEP使用的共享密钥的密钥索引,缺省使用索引为0的密钥
[huawei-wlan-sec-prof-s1]security wpa psk pass-phrase abc@1234 aes //配置安全策略为WPA/WPA2-PSK
[huawei-wlan-sec-prof-s1]security wpa2 psk pass-phrase abc@1234 tkip
[huawei-wlan-sec-prof-s1]security wpa-wpa2 psk pass-phrase abc@1234 aes-tkip
[huawei-wlan-sec-prof-s1]wpa ptk-update ptk-update-interval 43200 //配置PTK的定时更新周期,缺省为43200秒
[huawei-wlan-sec-prof-s1]pmf optional //配置PMF功能
[huawei-wlan-sec-prof-s1]pmf mandatory
[huawei-wlan-sec-prof-s1]security wpa dot1x aes //配置安全策略为WPA/WPA2-802.1X
[huawei-wlan-sec-prof-s1]security wpa2 dot1x tkip
[huawei-wlan-sec-prof-s1]security wpa-wpa2 dot1x aes-tkip
[huawei-wlan-sec-prof-s1]security wapi psk pass-phrase abc@1234 //配置安全策略为WAPI-PSK认证
[huawei-wlan-sec-prof-s1]wapi bk-threshold 70 //配置基密钥BK（Base Key）生存期百分比,缺省为70%
[huawei-wlan-sec-prof-s1]wapi bk-update-interval 43200 ///配置基密钥BK（Base Key）更新间隔,缺省为43200秒
[huawei-wlan-sec-prof-s1]wapi sa-timeout 60 //配置建立安全关联的超时时间,缺省为60秒
[huawei-wlan-sec-prof-s1]wapi usk key-update time-based //配置WAPI的USK的更新方式,缺省基于时间更新
[huawei-wlan-sec-prof-s1]wapi msk key-update time-based 配置WAPI的MSK的更新方式,缺省基于时间更新
[huawei-wlan-sec-prof-s1]wapi usk-update-interval 86400 //配置USK的更新间隔,缺省为86400秒
[huawei-wlan-sec-prof-s1]wapi usk-retrans-count 3 //配置USK的密钥协商报文重传次数,缺省为3次
[huawei-wlan-sec-prof-s1]wapi msk-update-interval 86400 //配置MSK的更新间隔,缺省为86400秒
[huawei-wlan-sec-prof-s1]wapi msk-retrans-count 3 //配置MSK的密钥协商报文重传次数,缺省为3次
[huawei-wlan-sec-prof-s1]security wapi certificate //配置安全策略为WAPI-证书认证
[huawei-wlan-sec-prof-s1]wapi import certificate ac format pkcs12 file-name f1 password abc@1234 //配置导入AC的证书文件、AC证书颁布者的证书以及ASU的证书文件
[huawei-wlan-sec-prof-s1]wapi import certificate asu format pkcs12 file-name f1 password abc@1234
[huawei-wlan-sec-prof-s1]wapi import certificate issuer format pkcs12 file-name f1 password abc@1234
[huawei-wlan-sec-prof-s1]wapi import certificate ac format pem file-name f1
[huawei-wlan-sec-prof-s1]wapi import certificate asu format pem file-name f1
[huawei-wlan-sec-prof-s1]wapi import certificate issuer format pem file-name f1
[huawei-wlan-sec-prof-s1]wapi import private-key format pkcs12 file-name f1 password abc@1234 //配置导入AC的私钥文件
[huawei-wlan-sec-prof-s1]wapi import private-key format pem file-name f1
[huawei-wlan-sec-prof-s1]wapi asu ip 10.1.1.1 //配置ASU服务器的IP地址
[huawei-wlan-sec-prof-s1]wapi cert-retrans-count 3 //配置证书认证鉴别报文的重传次数,缺省为3
[huawei]display wlan wapi certificate file-name f1 //查看WAPI-证书认证时导入的证书内容