配置网络互通和WLAN基本业务，WLAN基本业务的配置可以参见配置FAT AP二层组网示例，AP上行的对端地址为10.23.101.2/24。配置WPA2-802.1X认证# 配置RADIUS服务器模板。<AP> system-view[AP] radius-server template wlan-radius[AP-radius-wlan-radius] radius-server authentication 10.24.100.1 1812[AP-radius-wlan-radius] radius-server shared-key cipher Huawei@123[AP-radius-wlan-radius] radius-server retransmit 2[AP-radius-wlan-radius] undo radius-server user-name domain-included[AP-radius-wlan-radius] quit# 配置AAA认证方案，优先进行RADIUS认证。[AP] aaa[AP-aaa] authentication-scheme wlan-authen[AP-aaa-authen-wlan-authen] authentication-mode radius local[AP-aaa-authen-wlan-authen] quit[AP-aaa] quit# 配置802.1X接入模板，使用eap中继方式。[AP] dot1x-access-profile name wlan-dot1x[AP-dot1x-access-profile-wlan-dot1x] dot1x authentication-method eap[AP-dot1x-access-profile-wlan-dot1x] quit# 配置认证模板，引用已配置的AAA认证方案、RADIUS服务器模板和802.1X接入模板。[AP] authentication-profile name wlan-dot1x[AP-authentication-profile-wlan-dot1x] dot1x-access-profile wlan-dot1x[AP-authentication-profile-wlan-dot1x] authentication-scheme wlan-authen[AP-authentication-profile-wlan-dot1x] radius-server wlan-radius[AP-authentication-profile-wlan-dot1x] quit# 配置WPA2-802.1X-AES安全策略。[AP] wlan[AP-wlan-view] security-profile name wlan-security[AP-wlan-sec-prof-wlan-security] security wpa2 dot1x aes[AP-wlan-sec-prof-wlan-security] quit# 配置到RADIUS服务器的静态路由。[AP] ip route-static 10.24.100.1 32 10.23.101.2配置流量模板，禁止AP转发下行的广播/组播报文[AP-wlan-view] traffic-profile name wlan-traffic[AP-wlan-traffic-prof-wlan-traffic] traffic-optimize arp-proxy enable[AP-wlan-traffic-prof-wlan-traffic] traffic-optimize bcmc deny all[AP-wlan-traffic-prof-wlan-traffic] quit配置Hotspot2.0业务# 根据服务商提供的网络信息参数配置模板，创建名为“wlan-hs2”的Hotspot2.0模板，引用前请确保VAP模板已引用了WPA2-802.1X的安全模板。
[AP-wlan-view] cellular-network-profile name wlan-hs2[AP-wlan-cellular-network-prof-wlan-hs2] plmn-id 46000[AP-wlan-cellular-network-prof-wlan-hs2] quit[AP-wlan-view] connection-capability-profile name wlan-hs2[AP-wlan-co-cap-prof-wlan-hs2] connection-capability tcp-ssh on[AP-wlan-co-cap-prof-wlan-hs2] quit[AP-wlan-view] operator-name-profile name wlan-hs2[AP-wlan-wlan-op-name-prof-wlan-hs2] operator-friendly-name language-code eng name mobileA[AP-wlan-wlan-op-name-prof-wlan-hs2] quit[AP-wlan-view] operating-class-profile name wlan-hs2[AP-wlan-op-class-prof-wlan-hs2] operating-class-indication 81[AP-wlan-op-class-prof-wlan-hs2] quit[AP-wlan-view] operator-domain-profile name wlan-hs2[AP-wlan-op-domain-prof-wlan-hs2] domain-name www.mobileA.com[AP-wlan-op-domain-prof-wlan-hs2] quit[AP-wlan-view] nai-realm-profile name wlan-hs2[AP-wlan-nai-realm-prof-wlan-hs2]  nai-realm realm-name www.mobileA.com[AP-wlan-nai-realm-prof-wlan-hs2] quit[AP-wlan-view] venue-name-profile name wlan-hs2[AP-wlan-ve-na-prof-wlan-hs2] venue-name language-code eng name Coffee[AP-wlan-ve-na-prof-wlan-hs2] quit[AP-wlan-view] roaming-consortium-profile name wlan-hs2[AP-wlan-ro-co-prof-wlan-hs2] roaming-consortium-oi 50-6f-9a in-beacon[AP-wlan-ro-co-prof-wlan-hs2] quit[AP-wlan-view] hotspot2-profile name wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] network-type public-free internet-access[AP-wlan-hotspot2-prof-wlan-hs2] undo p2p-cross-connect disable[AP-wlan-hotspot2-prof-wlan-hs2] venue-type group-code 1 type-code 13[AP-wlan-hotspot2-prof-wlan-hs2] hessid 60de-4476-e360[AP-wlan-hotspot2-prof-wlan-hs2] ipv4-address-avail available[AP-wlan-hotspot2-prof-wlan-hs2] network-authen-type acceptance[AP-wlan-hotspot2-prof-wlan-hs2] cellular-network-profile wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] connection-capability-profile wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] operator-name-profile wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] operating-class-profile wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] operator-domain-profile wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] nai-realm-profile wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] venue-name-profile wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] roaming-consortium-profile wlan-hs2[AP-wlan-hotspot2-prof-wlan-hs2] quit将认证模板、流量模板和Hotspot2.0模板应用到VAP模板。[AP-wlan-view] vap-profile name wlan-vap[AP-wlan-vap-prof-wlan-vap] authentication-profile wlan-dot1x Warning: This action may cause service interruption. Continue?[Y/N]y[AP-wlan-vap-prof-wlan-vap] traffic-profile wlan-traffic Warning: This action may cause service interruption. Continue?[Y/N]y[AP-wlan-vap-prof-wlan-vap] hotspot2-profile wlan-hs2[AP-wlan-vap-prof-wlan-vap] quit[AP-wlan-view] quit验证配置结果配置完成后，通过执行命令display vap ssid wlan-net查看如下信息，当“Status”项显示为“ON”时，表示AP对应的射频上的VAP已创建成功。
[AP] display vap ssid wlan-netWID : WLAN ID--------------------------------------------------------------------------------AP MAC         RfID WID  SSID     BSSID          Status  Auth type   STA--------------------------------------------------------------------------------00bc-da3f-e900 0    1    wlan-net 00BC-DA3F-E900 ON  WPA2-802.1X 0-------------------------------------------------------------------------------Total: 1STA进入AP的覆盖范围后，自动接入WLAN网络，其接入的SSID为“wlan-net”。
[AP] display station allRf/WLAN: Radio ID/WLAN IDRx/Tx: link receive rate/link transmit rate(Mbps)------------------------------------------------------------------------------STA MAC          Ap name        Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address    SSID------------------------------------------------------------------------------14cf-9202-13dc   00bc-da3f-e900 0/2      2.4G  11n   19/13      -63   101   10.23.101.254 wlan-net------------------------------------------------------------------------------Total: 1 2.4G: 1 5G: 0

# sysname AP#vlan batch 101
#authentication-profile name wlan-dot1x dot1x-access-profile wlan-dot1x authentication-scheme wlan-authen radius-server wlan-radius#dot1x-access-profile name wlan-dot1x#dhcp enable#radius-server template wlan-radius radius-server shared-key cipher %^%#3|_'15Yp[3cBVN4*3lB3o&@0%pll(XJ:9@Yw'`(!%^%# radius-server authentication 10.24.100.1 1812 weight 80 radius-server retransmit 2 undo radius-server user-name domain-included#aaa authentication-scheme wlan-authen  authentication-mode radius local#interface Vlanif101 ip address 10.23.101.1 255.255.255.0 dhcp select interface dhcp server excluded-ip-address 10.23.101.2#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 101#wlan traffic-profile name wlan-traffic  traffic-optimize bcmc deny all  traffic-optimize arp-proxy enable security-profile name wlan-security  security wpa2 dot1x aes ssid-profile name wlan-ssid  ssid wlan-net operating-class-profile name wlan-hs2  operating-class-indication 81 roaming-consortium-profile name wlan-hs2  roaming-consortium-oi 50-6f-9a in-beacon cellular-network-profile name wlan-hs2  plmn-id 46000 connection-capability-profile name wlan-hs2  connection-capability tcp-ssh on operator-domain-profile name wlan-hs2  domain-name www.mobileA.com operator-name-profile name wlan-hs2  operator-friendly-name language-code eng name mobileA venue-name-profile name wlan-hs2  venue-name language-code eng name Coffee nai-realm-profile name wlan-hs2  nai-realm realm-name www.mobileA.com hotspot2-profile name wlan-hs2  hessid 60de-4476-e360  network-type public-free internet-access  venue-type group-code 1 type-code 13   ipv4-address-avail available  network-authen-type acceptance  cellular-network-profile wlan-hs2  connection-capability-profile wlan-hs2  operator-name-profile wlan-hs2  operator-domain-profile wlan-hs2  venue-name-profile wlan-hs2  nai-realm-profile wlan-hs2  operating-class-profile wlan-hs2  roaming-consortium-profile wlan-hs2 vap-profile name wlan-vap  authentication-profile wlan-dot1x  service-vlan vlan-id 101  ssid-profile wlan-ssid  security-profile wlan-security  traffic-profile wlan-traffic  hotspot2-profile wlan-hs2#interface Wlan-Radio0/0/0 vap-profile wlan-vap wlan 2 channel 20mhz 6#ip route-static 10.24.100.1 255.255.255.0 10.23.101.2#return