Security

Contents

The following scenarios show how to configure WLAN interfaces to use different security modes. All examples will be done using the wifi0 radio module and channel numer 36 to avoid waiting for the cac timer to expire. Note that an external radius server will be required in enterprise scenarios and the testing user with password password must be present in its database.

Open Security

Description

In this example, the wlan1 interface will be configured to use no security.

Scenario

Warning

Note that the traffic will be visible to any attacker. Use OWE or OWE-Transition instead.

Step 1: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm none
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm none
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm none

Step 4: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.38 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.39 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 2.391/4.385/6.380/1.995 ms

Step 5: Run command configure at DUT0 and expect this output: Step 6: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 7: Run command set interfaces bridge br0 at DUT0 and expect this output: Step 8: Run command commit at DUT0 and expect this output:

---

OWE Mode

Description

In this example, the wlan1 interface will be configured to use OWE (Opportunistic Wireless Encryption) security. The main advantage of this mode, compared with open security, is that the traffic is encrypted (making passive sniffing useless).

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm owe
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+tizp6PzsCSIayXcAWBxgn6yEsPT4SrCU=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm owe
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+tizp6PzsCSIayXcAWBxgn6yEsPT4SrCU=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm owe
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security passphrase secret-password
set interfaces wlan wlan0 type station network 1 security pmf required

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.27 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.43 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 2.429/4.349/6.269/1.920 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output: Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm owe
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+p+xdfBK79YtAoj9ujOz3yqTCC/U+j6Zo=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp-256
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm owe
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1/L03ZKMNmiH+oPWaH4SV+TStVtQkKqDPk=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-128
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 14: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 15: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm owe
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX18Cke1eg9UQpn33xTkZ6KN5pjHC2sdg/8Q=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-256
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

OWE-Transition Mode

Description

In this example, the wlan1 interface will be configured to use OWE (Opportunistic Wireless Encryption) security and an additional one, wlan2, will also be configured with open security. The former network is just a transition mechanism to tell WPA3-capable devices to use the OWE network in case they connect to this one.

Scenario

Step 1: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point disable-broadcast-ssid
set interfaces wlan wlan1 type access-point security akm owe transition wlan-ifc wlan2
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz
set interfaces wlan wlan2 bridge-group bridge br0
set interfaces wlan wlan2 phy wifi0
set interfaces wlan wlan2 type access-point security akm none transition wlan-ifc wlan1
set interfaces wlan wlan2 type access-point ssid robotest_5ghz_owe
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command configure at DUT0 and expect this output: Step 3: Run command set interfaces wlan wlan1 type access-point ssid network_5GHz_renamed at DUT0 and expect this output: Step 4: Run command commit at DUT0 and expect this output: .. note:

See **open security** and **owe security** examples for client side configurations

---

WPA-Personal Mode

Description

In this example, the wlan1 interface will be configured in WPA personal mode, where security is ensured by means of pre-shared key secret-password. The aes-ccmp and tkip ciphers will be used for unicast traffic.

Scenario

Warning

WPA-Personal is no longer considered secure. Use WPA/WPA2-Personal instead if legacy devices are present in your deployment.

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX19GXn7BxTNTPmgNplTI1rfUzXY22jg89nM=
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX19GXn7BxTNTPmgNplTI1rfUzXY22jg89nM=
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm psk
set interfaces wlan wlan0 type station network 1 security framework wpav1
set interfaces wlan wlan0 type station network 1 security passphrase secret-password

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=5.49 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.39 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 2.387/3.940/5.493/1.553 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output: Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+5eSOX5y4dA+AZ+ZTZLnDVD/ejWwsDvqE=
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX19ij1U6ns6Ty2PfWzgYwFRkH8HX2aNbtEc=
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA2-Personal Mode

Description

In this example, the wlan1 interface will be configured in WPAv2 personal mode, where security is ensured by means of pre-shared key secret-password. The aes-ccmp and tkip ciphers will be used for unicast traffic.

Scenario

Warning

The tkip unicast cipher is considered not safe. Use aes-ccmp instead.

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+yfzujHhHQq+ocWPoUfM2ae00pqK0fe5k=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+yfzujHhHQq+ocWPoUfM2ae00pqK0fe5k=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm psk
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers tkip
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security passphrase secret-password

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=7.11 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.33 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 2.326/4.720/7.114/2.394 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output: Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+NXbS4P+qwfEmgasXMhOcNcmk19Lp5OD0=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX19dV8AWr69P9sSRLAcYyO1tmzhS5JuMHyc=
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA/WPA2-Personal Mode

Description

In this example, the wlan1 interface will be configured in WPA/WPAv2 personal mode, also known as WPAv2 Mixed mode. Here, security is ensured by means of pre-shared key secret-password. The aes-ccmp and tkip ciphers will be used for unicast traffic.

Scenario

Warning

This mode originally intended to provide WPA2 security while supporting legacy WPA stations. Since stations can connect using WPA security, which is not considered safe, only use this mode if legacy devices are present in your deployment.

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX19/PO+3+CakRVnTxw0Wej1N7idNCCjVy0U=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX19/PO+3+CakRVnTxw0Wej1N7idNCCjVy0U=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm psk
set interfaces wlan wlan0 type station network 1 security framework wpav1
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers tkip
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security passphrase secret-password

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.51 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.32 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 2.322/4.415/6.509/2.094 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output: Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+K4AaBusmt6dYu2vy9oZ42RV+Q9VoM34w=
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX18jg/hJmShZnI1g/MwdzHwiihI0sHuGRRk=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA3-Personal Only Mode

Description

In this example, the wlan1 interface will be configured in WPAv3 personal mode, also known as SAE (Simultaneous Authentication of Equals), the state-of-the-art in PSK mode, where the security is ensured by means of pre-shared key secret-password. The aes-ccmp cipher will be used for unicast traffic. Protected Management Frames or pmf must be set to required in this mode.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX188grkJE4ewQu3VS4kM7lr1D866O6zV3eY=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX188grkJE4ewQu3VS4kM7lr1D866O6zV3eY=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm sae
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security passphrase secret-password
set interfaces wlan wlan0 type station network 1 security pmf required

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.35 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.39 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 2.394/4.372/6.351/1.979 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output: Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+T8p61IT9oMHqJtl1BDCiMd8eId79V4fo=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp-256
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1+w1AYyNwUZlfXfzly/9zFzeDPTKzeO4bI=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-128
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 14: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 15: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1/OK+Q2DWCl6jkQcNGE1mf/vx0jZ7cPXdE=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-256
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA2/WPA3-Personal Transition Mode

Description

In this example, the wlan1 interface will be configured in WPAv2/WPAv3 personal mode, also known as WPAv3 transition mode, where the security is ensured by means of pre-shared key secret-password. The aes-ccmp cipher will be used for unicast traffic. Protected Management Frames or pmf must be set to optional in this mode.

Scenario

Note

This is a transition mode intended to provide connectivity to WPAv2-capable stations. WPAv3-capable stations will use this security mode when connecting to the device.

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security akm psk-256
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1/e8yyvP2DJJU9wGvqUXOnvWcAYjBV3pH0=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security akm psk-256
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1/e8yyvP2DJJU9wGvqUXOnvWcAYjBV3pH0=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm psk
set interfaces wlan wlan0 type station network 1 security akm psk-256
set interfaces wlan wlan0 type station network 1 security akm sae
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security passphrase secret-password
set interfaces wlan wlan0 type station network 1 security pmf required

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.39 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.39 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 2.392/4.389/6.386/1.997 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output: Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security akm psk-256
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1/lpiqNoi+Xiecs7sdHPc3+z3YzOh/Oy20=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp-256
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security akm psk-256
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX18h4lXAdDcrMaV33I39yuqD7lpUrhZaazM=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-128
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 14: Set the following configuration in DUT0:

set interfaces bridge br0
set interfaces ethernet eth2 bridge-group bridge br0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 15: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security akm psk
set interfaces wlan wlan1 type access-point security akm psk-256
set interfaces wlan wlan1 type access-point security akm sae
set interfaces wlan wlan1 type access-point security encrypted-passphrase U2FsdGVkX1/4OPILB+YUF/iq+3u99o0QZYph4UKmMFs=
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-256
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA-Enterprise Mode

Description

In this example, the wlan1 interface will be configured in WPA enterprise mode, where security is ensured by means of radius server 10.215.168.1. The aes-ccmp and tkip ciphers will be used for unicast traffic.

Scenario

Warning

WPA-Enterprise is considered no longer secure. Use WPA/WPAv2-Enterprise instead if legacy devices are present in your deployment.

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18OBhbYknL4zXCTS0b3gS3GkUaL4yKzXsr88IsMkLmej9/0JwlTxsSfolMWab58NQ81mMrkM3ClFg==

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18OBhbYknL4zXCTS0b3gS3GkUaL4yKzXsr88IsMkLmej9/0JwlTxsSfolMWab58NQ81mMrkM3ClFg==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm dot1x
set interfaces wlan wlan0 type station network 1 security framework wpav1
set interfaces wlan wlan0 type station network 1 security eap-method mschapv2
set interfaces wlan wlan0 type station network 1 security identity testing
set interfaces wlan wlan0 type station network 1 security passphrase password

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=5.17 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.39 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 2.391/3.779/5.167/1.388 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output:

Show output

Configuration path: [interfaces bridge br0] already exists

Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18OBhbYknL4zXCTS0b3gS3GkUaL4yKzXsr88IsMkLmej9/0JwlTxsSfolMWab58NQ81mMrkM3ClFg==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18OBhbYknL4zXCTS0b3gS3GkUaL4yKzXsr88IsMkLmej9/0JwlTxsSfolMWab58NQ81mMrkM3ClFg==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA2-Enterprise Mode

Description

In this example, the wlan1 interface will be configured in WPAv2 enterprise mode, where security is ensured by means of radius server 10.215.168.1. The aes-ccmp and tkip ciphers will be used for unicast traffic.

Scenario

Warning

The tkip unicast cipher is considered unsafe. Use aes-ccmp instead.

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18nGXkxpSmEodGfcqK13Oefa1ycSg40VXD6duw0Sr9j2vu1DJ5Ff7G4FroF8FTf2gJDs7RGf64oAQ==

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18nGXkxpSmEodGfcqK13Oefa1ycSg40VXD6duw0Sr9j2vu1DJ5Ff7G4FroF8FTf2gJDs7RGf64oAQ==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm dot1x
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers tkip
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security eap-method mschapv2
set interfaces wlan wlan0 type station network 1 security identity testing
set interfaces wlan wlan0 type station network 1 security passphrase password

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.36 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.47 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 2.473/4.416/6.359/1.943 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output:

Show output

Configuration path: [interfaces bridge br0] already exists

Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18nGXkxpSmEodGfcqK13Oefa1ycSg40VXD6duw0Sr9j2vu1DJ5Ff7G4FroF8FTf2gJDs7RGf64oAQ==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18nGXkxpSmEodGfcqK13Oefa1ycSg40VXD6duw0Sr9j2vu1DJ5Ff7G4FroF8FTf2gJDs7RGf64oAQ==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA/WPA2-Enterprise Mode

Description

In this example, the wlan1 interface will be configured in WPA/WPAv2 enterprise mode, also known as WPAv2 mixed mode, where security is ensured by means of radius server 10.215.168.1. The aes-ccmp and tkip ciphers will be used for unicast traffic.

Scenario

Warning

This mode was originally intended to provide WPAv2 security while supporting legacy WPA stations. Since stations can connect using WPA security, which is considered unsafe, only use this mode if legacy devices are present in your deployment.

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1/wbr3jIPVDxU9ZvefgQvavp+GdL5HkpcKwNCWRA+cbyx24hvQqr72nXGT9cjXCUyJGlereQejWnw==

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1/wbr3jIPVDxU9ZvefgQvavp+GdL5HkpcKwNCWRA+cbyx24hvQqr72nXGT9cjXCUyJGlereQejWnw==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm dot1x
set interfaces wlan wlan0 type station network 1 security framework wpav1
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers tkip
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security eap-method mschapv2
set interfaces wlan wlan0 type station network 1 security identity testing
set interfaces wlan wlan0 type station network 1 security passphrase password

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.32 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.36 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 2.359/4.341/6.324/1.983 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output:

Show output

Configuration path: [interfaces bridge br0] already exists

Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1/wbr3jIPVDxU9ZvefgQvavp+GdL5HkpcKwNCWRA+cbyx24hvQqr72nXGT9cjXCUyJGlereQejWnw==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers tkip
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1/wbr3jIPVDxU9ZvefgQvavp+GdL5HkpcKwNCWRA+cbyx24hvQqr72nXGT9cjXCUyJGlereQejWnw==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security wpav1 pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA3-Enterprise Only Mode

Description

In this example, the wlan1 interface will be configured in WPAv3 enterprise mode, where security is ensured by means of radius server 10.215.168.1. The aes-ccmp cipher will be used for unicast traffic. Protected Management Frames or pmf must be set to required in this mode.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1+cqVTif8vRRAabp/W9CU3iE7uZhB7rDTSd+6ysXqSpBUc/OoiTnonize3roMwdDANCwZa8sAD31A==

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1+cqVTif8vRRAabp/W9CU3iE7uZhB7rDTSd+6ysXqSpBUc/OoiTnonize3roMwdDANCwZa8sAD31A==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm dot1x-256
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security eap-method mschapv2
set interfaces wlan wlan0 type station network 1 security identity testing
set interfaces wlan wlan0 type station network 1 security passphrase password
set interfaces wlan wlan0 type station network 1 security pmf required

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=7.32 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.38 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 2.379/4.849/7.319/2.470 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output:

Show output

Configuration path: [interfaces bridge br0] already exists

Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1+cqVTif8vRRAabp/W9CU3iE7uZhB7rDTSd+6ysXqSpBUc/OoiTnonize3roMwdDANCwZa8sAD31A==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp-256
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1+cqVTif8vRRAabp/W9CU3iE7uZhB7rDTSd+6ysXqSpBUc/OoiTnonize3roMwdDANCwZa8sAD31A==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-128
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 14: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX1+cqVTif8vRRAabp/W9CU3iE7uZhB7rDTSd+6ysXqSpBUc/OoiTnonize3roMwdDANCwZa8sAD31A==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 15: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-256
set interfaces wlan wlan1 type access-point security pmf required
set interfaces wlan wlan1 type access-point ssid network_5GHz

---

WPA2/WPA3-Enterprise Transition Mode

Description

In this example, the wlan1 interface will be configured in WPAv2/WPAv3 enterprise mode, also known as WPAv3 transition mode, where security is ensured by means of radius server 10.215.168.1. The aes-ccmp cipher will be used for unicast traffic. Protected Management Frames or pmf must be set to optional in this mode.

Scenario

Note

This is a transition mode aimed at providing connectivity to WPAv2-capable stations. WPAv3-capable stations will use this security mode when connecting to the device.

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf optional
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18CZhzDUC1yei3h7UPGWuSqbB5GY+bRWfV2i5GSIDt2nytIVYoNNgIQ/3viFLDXjiB1n4yyJHwq6Q==

Step 3: Set the following configuration in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces bridge br0 address 10.215.168.64/24
set interfaces bridge br0 address 192.168.100.1/24
set interfaces ethernet eth2 bridge-group bridge br0
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp
set interfaces wlan wlan1 type access-point security pmf optional
set interfaces wlan wlan1 type access-point ssid network_5GHz
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18CZhzDUC1yei3h7UPGWuSqbB5GY+bRWfV2i5GSIDt2nytIVYoNNgIQ/3viFLDXjiB1n4yyJHwq6Q==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Configure the MON device to connect to network_5GHz using the following configuration:

set controllers wlan installation indoor
set controllers wlan radios wifi1 bandwidth 20MHz
set interfaces wlan wlan0 phy wifi1
set interfaces wlan wlan0 type station network 1 bssid 12:68:38:c6:f4:7b
set interfaces wlan wlan0 type station network 1 ssid network_5GHz
set system wlan log-level configuration debug
set interfaces wlan wlan0 address 192.168.100.10/24
set interfaces wlan wlan0 type station network 1 security akm dot1x
set interfaces wlan wlan0 type station network 1 security akm dot1x-256
set interfaces wlan wlan0 type station network 1 security pairwise-ciphers aes-ccmp
set interfaces wlan wlan0 type station network 1 security framework rsn
set interfaces wlan wlan0 type station network 1 security eap-method mschapv2
set interfaces wlan wlan0 type station network 1 security identity testing
set interfaces wlan wlan0 type station network 1 security passphrase password
set interfaces wlan wlan0 type station network 1 security pmf optional

Step 5: Ping IP address 192.168.100.1 from MON:

admin@MON$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.34 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.41 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 2.409/4.373/6.337/1.964 ms

Step 6: Run command configure at DUT0 and expect this output: Step 7: Run command delete interfaces bridge br0 address 192.168.100.1/24 at DUT0 and expect this output: Step 8: Run command set interfaces bridge br0 at DUT0 and expect this output:

Show output

Configuration path: [interfaces bridge br0] already exists

Step 9: Run command commit at DUT0 and expect this output: Step 10: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18CZhzDUC1yei3h7UPGWuSqbB5GY+bRWfV2i5GSIDt2nytIVYoNNgIQ/3viFLDXjiB1n4yyJHwq6Q==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 11: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-ccmp-256
set interfaces wlan wlan1 type access-point security pmf optional
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 12: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18CZhzDUC1yei3h7UPGWuSqbB5GY+bRWfV2i5GSIDt2nytIVYoNNgIQ/3viFLDXjiB1n4yyJHwq6Q==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 13: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-128
set interfaces wlan wlan1 type access-point security pmf optional
set interfaces wlan wlan1 type access-point ssid network_5GHz

Step 14: Set the following configuration in DUT0:

set interfaces bridge br0 address 10.215.168.64/24
set interfaces ethernet eth2 bridge-group bridge br0
set system aaa group radius radius_group server radius_server
set system aaa list radius_list method 1 group radius radius_group
set system aaa server radius radius_server address 10.215.168.1
set system aaa server radius radius_server encrypted-key U2FsdGVkX18CZhzDUC1yei3h7UPGWuSqbB5GY+bRWfV2i5GSIDt2nytIVYoNNgIQ/3viFLDXjiB1n4yyJHwq6Q==
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 15: Modify the following configuration lines in DUT0:

set controllers wlan installation indoor
set controllers wlan radios wifi0 band 5GHz
set controllers wlan radios wifi0 bandwidth 80MHz
set controllers wlan radios wifi0 channel 36
set controllers wlan radios wifi0 mode 802.11ac
set controllers wlan radios wifi0 mode 802.11ax
set controllers wlan radios wifi0 mode 802.11n
set interfaces wlan wlan1 bridge-group bridge br0
set interfaces wlan wlan1 phy wifi0
set interfaces wlan wlan1 type access-point security aaa authentication radius_list
set interfaces wlan wlan1 type access-point security akm dot1x
set interfaces wlan wlan1 type access-point security akm dot1x-256
set interfaces wlan wlan1 type access-point security pairwise-ciphers aes-gcmp-256
set interfaces wlan wlan1 type access-point security pmf optional
set interfaces wlan wlan1 type access-point ssid network_5GHz

---