Perform this task to set the antenna type for an AP. The antenna type setting for an AP must be consistent with the type of the antenna used on the AP.

To ensure that the Effective Isotropic Radiated Power (EIRP) is within the correct range, the antenna gain automatically changes after you set the antenna type.

Examples

# Set the antenna type to external.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] type dot11an

[Sysname-WLAN-Radio1/0/1] antenna type external

beacon-interval

Use beacon-interval to set the beacon interval.

Use undo beacon-interval to restore the default.

Syntax

beacon-interval interval

undo beacon-interval

Default

The beacon interval is 100 TUs.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

interval: Specifies the beacon interval in the range of 32 to 8191 TUs.

Examples

# Set the beacon interval to 1000 TUs.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] beacon-interval 1000

channel

Use channel to specify a working channel for a radio.

Use undo channel to restore the default.

Syntax

channel { channel-number | auto }

undo channel

Default

The auto mode is used.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

channel-number: Specifies a channel by its number. The value range for this argument varies by country code and radio mode.

auto: Configures the AP to automatically select a channel.

Examples

# Specify working channel 6.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] channel 6

channel band-width

Use channel band-width to set the bandwidth mode.

Use undo channel band-width to restore the default.

Syntax

channel band-width { 20 | 40 }

undo channel band-width

Default

The bandwidth mode is 40 MHz for 802.11an radios and 20 MHz for 802.11gn radios.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

20: Sets the bandwidth mode to 20 MHz.

40: Sets the bandwidth mode to 40 MHz.

Usage guidelines

If the bandwidth mode is set to 40 MHz, the radio uses the 40 MHz bandwidth if two adjacent channels that can be bound together exist. If there are no adjacent channels that can be bound together, the radio uses the 20 MHz bandwidth.

This command is applicable only to 802.11n radios. When you change the mode of a radio, the default setting of this command for the new radio mode is restored.

Examples

# Set the bandwidth mode to 40 MHz.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] channel band-width 40

Related commands

channel

channel-usage measure

Use channel-usage measure to perform on-demand channel usage measurement.

Syntax

channel-usage measure

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

This feature enables the AP to scan supported channels and display the channel usage after measurement. The measurement of each channel takes about one second.

Examples

# Perform on-demand channel usage measurement on radio interface 2.

<Sysname> system-view

[Sysname] interface WLAN-Radio 1/0/2

[Sysname-WLAN-Radio1/0/2] channel-usage measure

Please wait..............Done.

Channel Usage

1 23%

2 34%

3 26%

4 36%

5 42%

6 39%

7 27%

8 45%

9 29%

10 38%

11 46%

12 30%

13 33%

client dot11b-forbidden

Use client dot11b-forbidden enable to disable access services for 802.11b clients.

Use client dot11b-forbidden disable to enable access services for 802.11b clients.

Use undo client dot11b-forbidden to restore the default.

Syntax

client dot11b-forbidden { disable | enable }

undo client dot11b-forbidden

Default

Access services for 802.11b clients is enabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

Enabling an 802.11g or 802.11gn radio to reject 802.11b clients reduces the impact of low-speed 802.11b clients and speeds up wireless data transmission.

Examples

# Configure WLAN-radio 1/0/2 to reject 802.11b clients.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-wlan-radio-1/0/2] client dot11b-forbidden enable

client dot11n-only

Use client dot11n-only enable to enable the client dot11n-only feature.

Use client dot11n-only disable to disable the client dot11n-only feature.

Use undo client dot11n-only to restore the default.

Syntax

client dot11n-only { disable | enable }

undo client dot11n-only

Default

The client dot11n-only feature is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

After you configure this command on a radio, the radio accepts only the 802.11n clients, and all 802.11a/b/g clients that are associated with the radio are logged off.

Examples

# Enable the client dot11n-only feature.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] client dot11n-only enable

client max-count

Use client max-count to set the maximum number of clients that can associate with an AP.

Use undo client max-count to restore the default.

Syntax

client max-count max-number

undo client max-count

Default

No limit is set for the number of clients that can associate with the AP.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of clients that can associate with the AP, in the range of 1 to 124.

Usage guidelines

When the maximum number of clients is reached on the AP, the AP stops accepting new clients.

Examples

# Set the maximum number of clients that can associate with the AP to 38.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] client max-count 38

continuous-mode

Use continuous-mode to enable the continuous mode for a radio.

Use undo continuous-mode to restore the default.

Syntax

continuous-mode { mcs mcs-index | rate rate-value }

undo continuous-mode

Default

The continuous mode is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

mcs mcs-index: Specifies the MCS index in the range of 0 to 76. This option applies only to 802.11n radios.

rate rate-value: Specifies the transmit rate in Mbps. This option applies to 802.11a, 802.11b, and 802.11g radios.

Usage guidelines

This feature is used for network testing only. Do not use it under any other circumstances.

It enables continuous data packet sending at the specified rate. When the feature is enabled, do not perform any other operations except changing the transmit rate.

Examples

# Enable the continuous mode and set the transmit rate to 6 Mbps.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] continuous-mode rate 6

Related commands

display wlan ap continuous-mode

custom-antenna gain

Use custom-antenna gain to set the antenna gain.

Use undo custom-antenna gain to restore the default.

Syntax

custom-antenna gain antenna-gain

undo custom-antenna gain

Default

The antenna gain is 0 dBi.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

antenna-gain: Specifies the antenna gain in the range of 0 to 20 dBi.

Usage guidelines

This command is applicable only when an AP uses a third-party antenna.

Effective Isotropic Radiated Power (EIRP) is the actual transmit power of an antenna, and it is the sum of the antenna gain and the maximum transmit power of the radio. If the configured antenna gain causes the EIRP to exceed the threshold, the antenna gain configuration fails.

Make sure the antenna gain setting is the same as the gain of the antenna used on the AP.

Changing the radio mode automatically changes the antenna gain.

Examples

# Set the antenna gain to 2 dBi.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] type dot11an

[Sysname-WLAN-Radio1/0/2] custom-antenna gain 2

distance

Use distance to set the maximum transmission distance.

Use undo distance to restore the default.

Syntax

distance distance

undo distance

Default

The maximum transmission distance is 1 km (0.62 miles).

Views

Radio interface view

Predefined user roles

network-admin

Parameters

distance: Specifies the maximum transmission distance in the range of 1 to 40 km (0.62 to 24.86 miles).

Examples

# Set the maximum transmission distance to 5 km (3.11 miles).

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] type dot11g

[Sysname-WLAN-Radio1/0/2] distance 5

dot11g protection

Use dot11g protection enable to enable 802.11g protection.

Use dot11g protection disable to disable 802.11g protection.

Use undo dot11g protection to restore the default.

Syntax

dot11g protection { disable | enable }

undo dot11g protection

Default

802.11g protection is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

802.11g or 802.11n devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11b signals are detected on the channel.

802.11g protection automatically takes effect when 802.11b clients associate with an 802.11g or 802.11n (2.4 GHz) AP.

This command is applicable only to 802.11g and 802.11n (2.4 GHz) radios. If you change the mode of a radio to a mode other than 802.11g or 802.11n (2.4 GHz), 802.11g protection configuration is removed.

Examples

# Enable 802.11g protection.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] dot11g protection enable

Related commands

protection-mode

dot11n mandatory maximum-mcs

Use dot11n mandatory maximum-mcs to set the maximum mandatory MCS index.

Use undo dot11n mandatory maximum-mcs to restore the default.

Syntax

dot11n mandatory maximum-mcs index

undo dot11n mandatory maximum-mcs

Default

No maximum mandatory MCS index is set.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

index: Specifies the maximum mandatory MCS index in the range of 0 to 76.

Usage guidelines

CAUTION:

Modifying the maximum mandatory MCS of a radio will log off all associated clients of the radio that do not support the modified MCS.

This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

Before configuring the dot11n multicast-mcs command, you must set the maximum mandatory MCS index.

Examples

# Set the maximum mandatory MCS index to 14.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] dot11n mandatory maximum-mcs 14

dot11n multicast-mcs

Use dot11n multicast-mcs to set the multicast MCS index.

Use undo dot11n multicast-mcs to restore the default.

Syntax

dot11n multicast-mcs index

undo dot11n multicast-mcs

Default

No multicast MCS index is set.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

index: Specifies the multicast MCS index in the range of 0 to 76.

Usage guidelines

This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The multicast MCS index takes effect only when the radio associates only with 802.11n clients.

If non-802.11n clients exist, the AP and clients use the 802.11a/b/g multicast rate to multicast packets.

The multicast MCS index maps to a rate in 20 MHz bandwidth mode regardless of whether the bandwidth mode is 20 MHz or 40 MHz.

Examples

# Set the multicast MCS index to 14.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] dot11n mandatory maximum-mcs 15

[Sysname-WLAN-Radio1/0/1] dot11n multicast-mcs 14

dot11n protection

Use dot11n protection enable to enable 802.11n protection.

Use dot11n protection disable to disable 802.11n protection.

Use undo dot11n protection to restore the default.

Syntax

dot11n protection { disable | enable }

undo dot11n protection

Default

802.11n protection is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

802.11n devices send RTS/CTS or CTS-to-self packets before sending data only when non-802.11n signals are detected on the channel.

802.11n protection automatically takes effect when non-802.11n clients associate with an 802.11n AP.

This command is applicable only to 802.11n radios. If you change the mode of a radio to a mode other than 802.11n, the 802.11n protection configuration is removed.

NOTE:

802.11n devices refer to 802.11n devices.

Examples

# Enable 802.11n protection.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] dot11n protection enable

Related commands

protection-mode

dot11n support maximum-mcs

Use dot11n support maximum-mcs to set the maximum supported MCS index.

Use undo dot11n support maximum-mcs to restore the default.

Syntax

dot11n support maximum-mcs index

undo dot11n support maximum-mcs

Default

The maximum supported MCS index is 76.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

index: Specifies the maximum supported MCS index in the range of 0 to 76.

Usage guidelines

This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The maximum supported MCS index cannot be smaller than the maximum mandatory MCS index.

Examples

# Set the maximum supported MCS index to 14.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] dot11n support maximum-mcs 14

dtim

Use dtim to set the Delivery Traffic Indication Map (DTIM) interval.

Use undo dtim to restore the default.

Syntax

dtim counter

undo dtim

Default

The DTIM interval is 1. The AP sends buffered broadcast and multicast frames after every beacon frame.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

counter: Specifies the DTIM interval in the range of 1 to 31.

Usage guidelines

An AP periodically broadcasts a beacon compliant with the DTIM. After the AP broadcasts the beacon, it sends buffered broadcast and multicast frames based on the value of the DTIM interval. For example, if you set the DTIM interval to 5, the AP sends buffered broadcast and multicast frames every five beacon frames.

Examples

# Set the DTIM interval to 5.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-wlan-radio1/0/1] dtim 5

fragment-threshold

Use fragment-threshold to set the frame fragmentation threshold.

Use undo fragment-threshold to restore the default.

Syntax

fragment-threshold size

undo fragment-threshold

Default

The fragmentation threshold is 2346 bytes.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

size: Specifies the fragmentation threshold in the range of 256 to 2346 bytes. The value for this argument must be an even number.

Usage guidelines

Frames larger than the fragmentation threshold are fragmented before transmission. Frames smaller than the fragmentation threshold are transmitted without fragmentation.

In a WLAN with great interference, decrease the fragmentation threshold and set the MTU (ip mtu command) of packets sent over the radio to be lower than the fragmentation threshold. This improves the network throughput and efficiency.

Examples

# Set the fragmentation threshold to 2048 bytes.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-wlan-radio1/0/1] fragment-threshold 2048

green-energy-management

Use green-energy-management enable to enable the energy-saving feature.

Use green-energy-management disable to disable the energy-saving feature.

Use undo green-energy-management to restore the default.

Syntax

green-energy-management { disable | enable }

undo green-energy-management

Default

The energy-saving feature is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

After you enable the energy-saving feature, the multiple-input and multiple-output (MIMO) mode of a radio automatically changes to 1x1 if no clients associate with the radio. This reduces power consumption.

Examples

# Enable the energy-saving feature.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] green-energy-management enable

ldpc

Use ldpc enable to enable LDPC.

Use ldpc disable to disable LDPC.

Use undo ldpc to restore the default.

Syntax

ldpc { disable | enable }

undo ldpc

Default

LDPC is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The device can receive but cannot send LDPC packets.

Examples

# Disable LDPC.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-wlan-radio-1/0/1] type dot11an

[Sysname-wlan-radio-1/0/1] ldpc disable

long-retry threshold

Use long-retry threshold to set the maximum number of retransmissions for large frames.

Use undo long-retry threshold to restore the default.

Syntax

long-retry threshold count

undo long-retry threshold

Default

The maximum number of retransmissions is 4 for large frames.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of retransmissions for large frames, in the range of 1 to 15.

Usage guidelines

Perform this task to set the hardware retransmission limit for frames larger than the RTS threshold.

Examples

# Set the maximum number of retransmissions to 5 for large frames.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-wlan-radio-1/0/1] long-retry threshold 5

Related commands

protection-threshold

short-retry threshold

max-power

Use max-power to set the maximum transmit power.

Use undo max-power to restore the default.

Syntax

max-power radio-power

undo max-power

Default

The AP uses the maximum supported transmit power.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

radio-power: Specifies the maximum transmit power. The value range for this argument varies by device model.

Usage guidelines

The transmit power range supported by a radio varies by country code, channel, AP model, radio mode, antenna type, and bandwidth mode. If you change these attributes for a radio after you set the maximum transmit power, the configured maximum transmit power might be out of the supported transmit power range. If this happens, the system automatically adjusts the maximum transmit power to a valid value.

If you enable power lock, the locked power becomes the maximum transmit power.

Examples

# Set the maximum transmit power to 15 dBm.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] type dot11g

[Sysname-WLAN-Radio1/0/2] max-power 15

preamble

Use preamble to set the preamble type.

Use undo preamble to restore the default.

Syntax

preamble { long | short }

undo preamble

Default

The short preamble is used.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

long: Specifies a long preamble. A long preamble ensures compatibility with all wireless devices that use an earlier standard than 802.11n.

short: Specifies a short preamble. A short preamble can improve network performance.

Usage guidelines

This command is applicable only to 802.11b, 802.11g, and 802.11gn radios.

A preamble is a set of bits in a packet header to synchronize transmission signals between sender and receiver.

Examples

# Set the preamble type to long.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] type dot11g

[Sysname-WLAN-Radio1/0/2] preamble long

protection-mode

Use protection-mode to specify a collision avoidance mode.

Use undo protection-mode to restore the default.

Syntax

protection-mode { cts-to-self | rts-cts }

undo protection-mode

Default

The CTS-to-self mode is used.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

cts-to-self: Specifies the CTS-to-self mode.

rts-cts: Specifies the RTS/CTS mode.

Usage guidelines

You can specify either of the following collision avoidance modes for an AP:

· RTS/CTS—An AP sends an RTS packet to a client before sending data to the client. After receiving the RTS packet, the client sends a CTS packet to the AP. The AP begins to send data after receiving the CTS packet, and other devices that detect the RTS or CTS packet do not send data within a specific time period.

· CTS-to-self—An AP sends a CTS packet with its own MAC address as the destination MAC address before sending data to a client. After receiving the CTS-to-self packet, the AP begins to send data, and other devices that detect the CTS-to-self packet do not send data within a specific time period.

Examples

# Specify the RTS/CTS mode.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] protection-mode rts-cts

Related commands

dot11g protection

dot11n protection

protection-threshold

Use protection-threshold to set the RTS threshold.

Use undo protection-threshold to restore the default.

Syntax

protection-threshold size

undo protection-threshold

Default

The RTS threshold is 2346 bytes.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

size: Specifies the RTS threshold in the range of 0 to 2346 bytes.

Usage guidelines

The system performs collision avoidance only for packets larger than the RTS threshold.

Examples

# Set the RTS threshold to 2048 bytes.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] protection-threshold 2048

Related commands

protection-mode

rate

Use rate to set the transmission rates for a radio.

Use undo rate to restore the default.

Syntax

rate { multicast { auto | rate-value } | { disabled | mandatory | supported } rate-value }

undo rate

Default

· 802.11a/802.11an:

¡ Prohibited rates—None.

¡ Mandatory rates—6, 12, and 24.

¡ Multicast rate—Selected from the mandatory rates.

¡ Supported rates—9, 18, 36, 48, and 54.

· 802.11b:

¡ Prohibited rates—None.

¡ Mandatory rates—1 and 2.

¡ Multicast rate—Selected from the mandatory rates.

¡ Supported rates—5.5 and 11.

· 802.11g/802.11gn:

¡ Prohibited rates—None.

¡ Mandatory rates—1, 2, 5.5, and 11.

¡ Multicast rate—Selected from the mandatory rates.

¡ Supported rates—6, 9, 12, 18, 24, 36, 48, and 54.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

disabled: Specifies rates that cannot be used by an AP.

mandatory: Specifies rates that the clients must support to associate with an AP.

multicast: Specifies the rate at which an AP multicasts packets. The multicast rate must be selected from the mandatory rates.

supported: Specifies rates that an AP supports. After a client associates with an AP, the client can select a higher or lower rate from the supported rates to communicate with the AP.

auto: Automatically selects a mandatory rate as the multicast rate.

rate-value: Specifies the rate value in Mbps. You can set multiple rates and separate them by spaces. The available values for this argument are as follows:

· 802.11a/802.11an—6, 9, 12, 18, 24, 36, 48, and 54.

· 802.11b—1, 2, 5.5, and 11.

· 802.11g/802.11gn—1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54.

Usage guidelines

The mandatory rates and multicast rate cannot be null. When there is only one mandatory rate, you cannot specify the mandatory rate as a supported rate or prohibited rate.

Examples

# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] type dot11g

[Sysname-WLAN-Radio1/0/2] rate mandatory 6 12 24

short-gi

Use short-gi enable to enable short Guard Interval (GI).

Use short-gi disable to disable short GI.

Use undo short-gi to restore the default.

Syntax

short-gi { disable | enable }

undo short-gi

Default

Short GI is enabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

Examples

# Disable short GI.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] short-gi disable

short-retry threshold

Use short-retry threshold to set the maximum number of retransmissions for small frames.

Use undo short-retry threshold to restore the default.

Syntax

short-retry threshold count

undo short-retry threshold

Default

The maximum number of retransmissions is 7 for small frames.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of retransmissions for small frames, in the range of 1 to 15.

Usage guidelines

Perform this task to set the hardware retransmission limit for frames smaller than or equal to the RTS threshold.

Examples

# Set the maximum number of retransmissions to 10 for small frames.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-WLAN-Radio1/0/1] short-retry threshold 10

Related commands

long-retry threshold

protection-threshold

stbc

Use stbc enable to enable Space-Time Block Coding (STBC).

Use stbc disable to disable STBC.

Use undo stbc to restore the default.

Syntax

stbc { disable | enable }

undo stbc

Default

STBC is enabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

Examples

# Enable STBC.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-wlan-radio-1/0/1] stbc enable

type

Use type to specify a radio mode.

Use undo type to restore the default.

Syntax

type { dot11a | dot11an | dot11b | dot11g | dot11gn }

undo type

Default

WLAN-Radio 0/0 operates in dot11an mode and WLAN-Radio 0/1 operates in dot11gn mode.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

dot11a: Specifies the 802.11a radio mode.

dot11an: Specifies the 802.11n (5 GHz) radio mode.

dot11b: Specifies the 802.11b radio mode.

dot11g: Specifies the 802.11g radio mode.

dot11gn: Specifies the 802.11n (2.4 GHz) radio mode.

Usage guidelines

CAUTION:

Modifying the mode of an enabled radio logs off all associated clients.

Examples

# Set the radio mode to 802.11n (5 GHz).

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/2

[Sysname-WLAN-Radio1/0/2] type dot11an

WLAN radio resource measurement commands

WLAN is supported only on the following routers:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· MSR810-W-LM-HK.

The term "AP" in this document refers to MSR routers that support WLAN.

display wlan measure-report

Use display wlan measure-report to display measurement reports for clients.

Syntax

display wlan measure-report interface interface-type interface-number [ client mac-address mac-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies a radio interface by its type and number.

client mac-address mac-address: Specifies a client by its MAC address. If you do not specify a client, this command displays measurement reports for all clients.

Examples

# Display measurement reports for clients associated with the specified radio interface.

<Sysname> display wlan measure-report interface wlan-radio 0/0

Total number of clients: 1

Client MAC address : 0aef-e760-3587

Link measurement:

Link margin : 2 dBm

RCPI : -85 dBm

RSNI : 53 dBm

Noise histogram:

Antenna ID : 3

ANPI : -56 dBm

IPI0 to IPI10 density : 5 12 16 13 8 5 5 15 17 1 3

Spectrum measurement:

Transmit power : 20 dBm

BSS : Detected

OFDM preamble : Detected

Radar : Detected

Unidentified signal : Undetected

CCA busy fraction : 60

RPI0 to RPI7 density : 3 7 11 19 15 23 15 7

Frame report entry:

BSSID : a072-2351-e253

PHY type : fhss

Average RCPI : -10 dBm

Last RSNI : 2 dBm

Last RCPI : -20 dBm

Frames : 1

Dot11BSSAverageAccessDelay group:

Average access delay : 32 ms

BestEffort average access delay : 1 ms

Background average access delay : 1 ms

Video average access delay : 1 ms

Voice average access delay : 1 ms

Clients : 32

Channel utilization rate : 11

Transmit stream:

Traffic ID : 0

Sent MSDUs : 60

Discarded MSDUs : 5

Failed MSDUs : 3

MSDUs resent multiple times : 3

Lost QoS CF-Polls : 2

Average queue delay : 2 ms

Average transmit delay : 1 ms

Bin0 range : 0 to 10 ms

Bin0 to Bin5 : 5 10 10 5 10 10

Table 1 Command output

Field	Description
Link margin	Gap between the received RSSI and the lowest available RSSI.
RCPI	Received Channel Power Indicator.
RSNI	Received Signal to Noise Indicator.
ANPI	Average Noise Power Indicator during the measurement.
IPI0 to IPI10 density	Percentage of time for different IPI ranges to the total measurement period. IPIn represents an IPI range. The value for n is in the range of 1 to 10: · 0: IPI <= –92 dBm. · 1: –92 dBm < IPI <= –89 dBm. · 2: –89 dBm < IPI <= –86 dBm. · 3: –86 dBm < IPI <= –83 dBm. · 4: –83 dBm < IPI <= –80 dBm. · 5: –80 dBm < IPI <= –75 dBm · 6: –75 dBm < IPI <= –70 dBm. · 7: –70 dBm < IPI <= –65 dBm. · 8: –65 dBm < IPI <= –60 dBm. · 9: –60 dBm < IPI <= –55 dBm. · 10: –55 dBm < IPI.
Transmit power	Transmission power of the client.
BSS	Whether the client has detected wireless packets from other BSSs.
OFDM preamble	Whether the client has detected OFDM preambles.
Radar	Whether the client has detected radar signals.
Unidentified signal	Whether the client has detected unknown signals.
CCA busy fraction	CCA utilization is expressed as a percentage of time that the channel is busy (during the measurement period).
RPI0 to RPI7 density	Percentage of time that each RPI was used during the measurement period. RPIn represents a RPI range. The value for n is in the range of 1 to 7: · 0: RPI <= –87 dBm. · 1: –87 dBm < RPI <= –82 dBm. · 2: –82 dBm < RPI <= –77 dBm. · 3: –77 dBm < RPI <= –72 dBm. · 4: –72 dBm < RPI <= –67 dBm. · 5: –67 dBm < RPI <= –62 dBm. · 6: –62 dBm < RPI <= –57 dBm. · 7: –57 dBm < RPI.
PHY type	Physical media type: fhss, dsss, irbaseband, ofdm, hrdsss, or erp.
Frames	Number of frames from the same MAC address and BSSID during the measurement.
Bin0 range	Value range for Bin0.
Bin0 to Bin5	Number of successfully sent MSDUs for each average delay range. Binx represents an average delay range. The value for x is in the range of 0 to 5: · Bin0: Delay< 10 ms. · Bin1: 10 ms <= Delay < 20 ms. · Bin2: 20 ms <= Delay < 40 ms. · Bin3: 40 ms <= Delay < 80 ms. · Bin4: 80 ms <= Delay < 160 ms. · Bin5: 160 ms <= Delay.

measure

Use measure enable to enable the specified measurement feature or all measurement features.

Use measure disable to disable the specified measurement feature or all measurement features.

Use undo measure to restore the default.

Syntax

measure { all | link | neighbor | radio | spectrum | tpc } { disable | enable }

undo measure

Default

Measurement is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

all: Specifies all measurement features.

link: Specifies link measurement. Link measurement measures RCPI, RSNI, and link redundancy for the requested link.

neighbor: Specifies neighbor measurement. Neighbor measurement measures the channel and BSSID of neighbor APs.

radio: Specifies radio measurement. Radio measurement measures channel load, noise histogram, beacons, frames, station statistics, locations, and transmit streams.

spectrum: Specifies spectrum measurement, which includes basic measurement, Clear Channel Assessment (CCA) measurement, and Receive Power Indication (RPI) measurement.

tpc: Specifies TPC measurement. TPC measurement measures link redundancy and transmission power for clients.

Usage guidelines

You must enable radio resource measurement if you enable link, neighbor, or radio measurement.

You must enable spectrum management if you enable spectrum or TPC measurement.

Examples

# Enable spectrum measurement.

<Sysname> system-view

[Sysname] interface wlan-radio 0/0

[Sysname-WLAN-Radio0/0] measure spectrum enable

Related commands

measure-duration

measure-interval

resource-measure

spectrum-management

measure-duration

Use measure-duration to set the measurement duration.

Use undo measure-duration to restore the default.

Syntax

measure-duration time

undo measure-duration

Default

The measurement duration is 500 TUs.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

time: Specifies the measurement duration in the range of 1 to 10000 TUs. One TU is equal to 1024 microseconds.

Usage guidelines

When measurement is enabled on an AP, the AP adds the measurement duration in the measurement requests sent to clients.

Examples

# Set the measurement duration to 512 TUs.

<Sysname> system-view

[Sysname] interface wlan-radio 0/0

[Sysname-WLAN-Radio0/0] measure-duration 512

Related commands

measure

measure-interval

Use measure-interval to set the measurement interval for an AP to send measurement requests to clients.

Use undo measure-interval to restore the default.

Syntax

measure-interval interval

undo measure-interval

Default

The measurement interval is 30 seconds.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

interval: Specifies the measurement interval in the range of 10 to 60 seconds.

Examples

# Set the measurement interval to 35 seconds.

<Sysname> system-view

[Sysname] interface wlan-radio 0/0

[Sysname-WLAN-Radio0/0] measure-interval 35

Related commands

measure

measure-duration

resource-measure

Use resource-measure enable to enable radio resource measurement.

Use resource-measure disable to disable radio resource measurement.

Use undo resource-measure to restore the default.

Syntax

resource-measure { disable | enable }

undo resource-measure

Default

Radio resource measurement is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

When radio measurement is enabled on an AP, the AP sets the Radio Measurement field to 1 in beacons, probe responses, association responses, or reassociation responses. It notifies the clients that they can send measurement requests. These frames also carry measurement capabilities of the AP to inform clients of measurement types that the AP supports.

The AP periodically sends Measurement Pilot frames to help clients fast discover the AP. Measurement Pilot frames are sent more frequently than beacons and carry less information.

Examples

# Enable radio resource measurement.

<Sysname> system-view

[Sysname] interface wlan-radio 0/0

[Sysname-WLAN-Radio0/0] resource-measure enable

rm-capability mode

Use rm-capability mode to set the match mode for client radio resource measurement capabilities.

Use undo rm-capability mode to restore the default.

Syntax

rm-capability mode { all | none | partial }

undo rm-capability mode

Default

The match mode is none for client radio resource measurement capabilities.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

all: Specifies the all mode. A client is allowed to associate with an AP only when all its radio resource measurement capabilities match the AP's radio resource measurement capabilities.

none: Specifies the none mode. The AP does not check client radio resource measurement capabilities.

partial: Specifies the partial mode. A client is allowed to associate with an AP as long as one of its radio resource measurement capabilities matches any of the AP's radio resource measurement capabilities.

Usage guidelines

The configuration takes effect only when radio resource measurement is enabled.

Examples

# Set the match mode to partial for client radio resource measurement capabilities.

<Sysname> system-view

[Sysname] interface wlan-radio 0/0

[Sysname-WLAN-Radio0/0] rm-capability mode partial

Related commands

resource-measure

Band navigation commands

The term "AP" in this document refers to MSR routers that support WLAN.

WLAN is supported only on the following routers:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· 810-W-LM-HK.

· MSR810-W-LM-GL.

wlan band-navigation aging-time

Use wlan band-navigation aging-time to set the client information aging time.

Use undo wlan band-navigation aging-time to restore the default.

Syntax

wlan band-navigation aging-time aging-time

undo wlan band-navigation aging-time

Default

The client information aging time is 180 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the client information aging time in the range of 10 to 600 seconds.

Usage guidelines

When an AP receives an association request from a client, the AP records the client's information and starts the client information aging timer. If the AP receives a probe request or association request from the client before the aging timer expires, the AP refreshes the client information and resets the client information aging timer. If the AP does not receive any probe requests or association requests from the client before the aging timer expires, the AP deletes the client's information.

Configure an appropriate client information aging time to ensure both client association and system resource efficiency.

Examples

# Set the client information aging time to 50 seconds.

<Sysname> system-view

[Sysname] wlan band-navigation aging-time 50

wlan band-navigation balance access-denial

Use wlan band-navigation balance access-denial to set the maximum number of denials for 5 GHz association requests.

Use undo wlan band-navigation balance access-denial to restore the default.

Syntax

wlan band-navigation balance access-denial access-denial

undo wlan band-navigation balance access-denial

Default

The maximum number of denials is 1 for 5 GHz association requests.

Views

System view

Predefined user roles

network-admin

Parameters

access-denial: Specifies the maximum number of denials for 5 GHz association requests, in the range of 1 to 10.

Usage guidelines

If the number of times that a 5 GHz radio rejects a client reaches the specified maximum number, the radio accepts the association request of the client.

Examples

# Set the maximum number of denials to 5 for 5 GHz association requests.

<Sysname> system-view

[Sysname] wlan band-navigation balance access-denial 5

wlan band-navigation balance session

Use wlan band-navigation balance session to configure load balancing for band navigation.

Use undo wlan band-navigation balance session to restore the default.

Syntax

wlan band-navigation balance session session [ gap gap ]

undo wlan band-navigation balance session

Default

Load balancing is disabled for band navigation.

Views

System view

Predefined user roles

network-admin

Parameters

session: Specifies the client number threshold for the 5 GHz radio, in the range of 2 to 40.

gap: Specifies the threshold for the client number gap between the 5 GHz radio and the radio that has the fewest clients. The value range for this argument is 1 to 8 and the default value is 4.

Usage guidelines

If you enable band navigation but do not enable load balancing, the AC directs dual-band clients to the 5 GHz radio.

The AP rejects the 5 GHz association request of a client when the following conditions are met:

· The number of clients on the 5 GHz radio reaches the specified threshold.

· The client number gap between the 5 GHz radio and the radio that has the fewest clients reaches the specified threshold.

Examples

# Enable load balancing for band navigation, and set the client number threshold and session gap threshold to 10 and 5, respectively.

<Sysname> system-view

[Sysname] wlan band-navigation balance session 10 gap 5

wlan band-navigation enable

Use wlan band-navigation enable to enable band navigation globally.

Use undo wlan band-navigation enable to restore the default.

Syntax

wlan band-navigation enable

undo wlan band-navigation enable

Default

Band navigation is disabled globally.

Views

System view

Predefined user roles

network-admin

Examples

# Enable band navigation globally.

<Sysname> system-view

[Sysname] wlan band-navigation enable

Related commands

band-navigation

quick-association enable

wlan band-navigation rssi-threshold

Use wlan band-navigation rssi-threshold to set the received signal strength indicator (RSSI) threshold for band navigation.

Use undo wlan band-navigation rssi-threshold to restore the default.

Syntax

wlan band-navigation rssi-threshold rssi-threshold

undo wlan band-navigation rssi-threshold

Default

The RSSI threshold for band navigation is 15.

Views

System view

Predefined user roles

network-admin

Parameters

rssi-threshold: Specifies the RSSI threshold for band navigation, in the range of 5 to 100.

Usage guidelines

A client might be detected by multiple radios. A 5 GHz radio rejects the association request of a client if the client's RSSI is lower than the band navigation RSSI threshold.

Examples

# Set the RSSI threshold for band navigation to 40.

<Sysname> system-view

[Sysname] wlan band-navigation rssi-threshold 40

WLAN access commands

WLAN is supported only on the following routers:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· MSR810-W-LM-HK.

· MSR810-W-LM-GL.

The term "AP" in this document refers to MSR routers that support WLAN.

beacon ssid-hide

Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames.

Use undo beacon ssid-hide to restore the default.

Syntax

beacon ssid-hide

undo beacon ssid-hide

Default

The SSID is advertised in beacon frames.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command disables a radio from carrying SSIDs in the beacon frames and responding to probe requests after the specified service template is bound to the radio.

Examples

# Disable advertising the SSID in beacon frames.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] beacon ssid-hide

client max-count

Use client max-count to set the maximum number of associated clients for a service template.

Use undo client max-count to restore the default.

Syntax

client max-count max-number

undo client max-count

Default

The number of associated clients for a service template is not limited.

Views

Service template view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of clients in the range of 1 to 2007.

Usage guidelines

When this feature is configured, new clients cannot access the WLAN when the maximum number is reached.

Examples

# Set the maximum number of associated clients to 38 for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client max-count 38

customlog format wlan

Use customlog format wlan to enable the device to generate client logs in the specified format.

Use undo customlog format wlan to restore the default.

Syntax

customlog format wlan { normal | sangfor }

undo customlog format wlan

Default

The device generates client logs only in H3C format.

Views

System view

Predefined user roles

network-admin

Parameters

normal: Specifies normal format.

sangfor: Specifies sangfor format.

Usage guidelines

By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.

You can configure the device to generate client logs in one of the following formats:

· normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.

· sangfor—Logs AP MAC address, client IP address, and client MAC address.

This feature does not affect the generation of client logs in H3C format.

Examples

# Enable the device to generate client logs in sangfor format.

<Sysname> system-view

[Sysname] customlog format wlan sangfor

description

Use description to configure a description for a service template.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 64 characters.

Examples

# Configure a description for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] description wlanst

display wlan ap all radio client-number

Use display wlan ap all radio client-number to display the number of online clients and channel information for each radio.

Syntax

display wlan ap all radio client-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of online clients and channel information for each radio.

<Sysname> display wlan ap all radio client-number

AP name RID Channel Clients

1 1 44 12

1 2 11 4

display wlan ap all client-number

Use display wlan ap all client-number to display the number of online clients at both the 2.4 GHz and 5 GHz bands.

Syntax

display wlan ap all client-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of online clients at both the 2.4 GHz and 5 GHz bands.

<System> display wlan ap all client-number

AP name Clients 2.4GHz 5GHz

ap1 3 2 1

Table 2 Command output

Field	Description
Clients	Total number of online clients.
2.4GHz	Number of online clients at the 2.4 GHz band.
5GHz	Number of online clients at the 5 GHz band.

display wlan blacklist

Use display wlan blacklist to display blacklist entries.

Syntax

display wlan blacklist { dynamic | static }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Specifies the dynamic blacklist.

static: Specifies the static blacklist.

Examples

# Display static blacklist entries.

<Sysname> display wlan blacklist static

Total number of clients: 3

MAC addresses:

000e-35b2-000e

0019-5b8e-b709

001c-f0bf-9c92

# Display dynamic blacklist entries.

<Sysname> display wlan blacklist dynamic

Total number of clients: 3

MAC address APID Lifetime (s) Duration (hh:mm:ss)

000f-e2cc-0001 1 300 00:02:11

000f-e2cc-0002 2 300 00:01:17

000f-e2cc-0003 3 300 00:02:08

Table 3 Command output

Field	Description
MAC address	Client MAC address.
APID	ID of the AP that detects the rogue client.
Lifetime (s)	Lifetime of the entry in seconds.
Duration (hh:mm:ss)	Duration for the entry since the entry was added to the dynamic blacklist.

display wlan bss

Use display wlan bss to display basic service set (BSS) information.

Syntax

display wlan bss { all | bssid bssid } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all BSSs.

bssid bssid: Specifies a BSS by its ID. The value is a 48-bit hexadecimal number in the format of H-H-H.

verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.

Examples

# Display brief information about all BSSs.

<Sysname> display wlan bss all

Total number of BSSs: 4

AP name RID SSID BSSID

ap1 1 SSID1 001c-f08f-f804

ap1 2 SSID1 001c-f08f-f806

# Display detailed information about the BSS with ID 001c-f08f-f804.

<Sysname> display wlan bss bssid 001c-f08f-f804 verbose

AP name : ap1

BSSID : 001c-f08f-f804

Radio ID : 1

Service template name : servcie1

SSID : SSID1

VLAN ID : 1

AKM mode : Not configured

User authentication mode : Bypass

Table 4 Command output

Field	Description
AKM mode	AKM mode: · 802.1X. · PSK. · Not configured.
User authentication mode	User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI.

Field

Description

AKM mode

AKM mode:

· 802.1X.

· PSK.

· Not configured.

User authentication mode

User authentication mode:

· Bypass—No client authentication.

· MAC.

· 802.1X.

· OUI.

display wlan client

Use display wlan client to display client information.

Syntax

display wlan client [ interface wlan-radio interface-number | mac-address mac-address | service-template service-template-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

wlan-radio interface-number: Displays information about clients that are connected to the specified radio interface.

mac-address mac-address: Specifies a client by its MAC address.

service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.

verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.

Examples

# Display brief information about all clients.

<Sysname> display wlan client

Total number of clients: 3

MAC address Username AP name RID IPv4 address VLAN

000f-e265-6400 N/A ap1 1 1.1.1.1 100

84db-ac14-dd08 N/A ap1 1 5.5.5.3 1

Table 5 Command output

Field	Description
MAC address	Client MAC address.
Username	Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client.
AP name	Name of the AP that the client is associated with.
RID	ID of the radio that the client is associated with.
IPv4 address	IPv4 address of the client.
VLAN ID	ID of the VLAN to which the client belongs.

# Display detailed information about all clients on the specified member device.

<Sysname> display wlan client distributed-sys slot 1 verbose

Total number of clients: 1

MAC address : 000f-e265-6400

IPv4 address : 10.1.1.114

IPv6 address : 2001::1234:5678:0102:0304

Username : N/A

AID : 1

AP ID : 1

AP name : ap1

Radio ID : 1

SSID : office

BSSID : 0026-3e08-1150

VLAN ID : 3

Sleep count : 3

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/195 Mpbs

Authentication method : Open system

Security mode : PRE-RSNA

AKM mode : Not configured

Cipher suite : N/A

User authentication mode : Bypass

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : N/A

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 1minutes 13seconds

FT status : Inactive

Table 6 Command output

Field	Description
MAC address	Client MAC address.
IPv4 address	Client IPv4 address.
IPv6 address	Client IPv6 address.
Username	Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client.
AID	Association ID.
AP ID	ID of the AP that the client is associated with.
AP name	Name of the AP that the client is associated with.
Radio ID	ID of the radio that the client is associated with.
SSID	SSID with which the client is associated.
VLAN ID	ID of the VLAN to which the client belongs.
Sleep count	Client sleep times.
Wireless mode	Wireless mode: · 802.11a. · 802.11b. · 802.11g. · 802.11gn. · 802.11an. · 802.11ac.
Channel bandwidth	Channel bandwidth: · 20 MHz. · 40 MHz. · 80 MHz. · 160 MHz.
SM Power Save	SM Power Save status: · Enabled—Only one antenna of a client operates in active state, and others operate in sleep state to save power. · Disabled.
SM power save mode	Power saving mode: · Dynamic. · Static.
Short GI for 20MHz	Whether the client supports short GI when its channel bandwidth is 20 MHz: · Supported. · Not supported.
Short GI for 40MHz	Whether the client supports short GI when its channel bandwidth is 40 MHz: · Supported. · Not supported.
Short GI for 80MHz	Whether the client supports short GI when its channel bandwidth is 80 MHz: · Supported. · Not supported.
Short GI for 160/80+80MHz	Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz: · Supported. · Not supported.
STBC Rx Capability	Client STBC receive capability; · Not Supported. · Supported.
STBC Tx Capability	Client STBC transmission capability: · Not Supported. · Supported.
LDPC Rx capability	Client LDPC receive capability; · Not Supported. · Supported.
SU beamformee capability	Client SU beamformee capability: · Not Supported. · Supported. This field is supported only by 802.11ac radios.
MU beamformee capability	Client MU beamformee capability: · Not Supported. · Supported. This field is supported only by 802.11ac radios.
Beamformee STS capability	Client beamformee STS capability. This field displays N/A if the feature is not supported.
Block Ack	Negotiation result of Block ACK with TID: · TID 0 In—Sends Block ACK for inbound traffic. · TID 0 Out—Sends Block ACK for outbound traffic. · TID 0 Both—Sends Block ACK for both inbound and outbound traffic. · N/A—Does not send Block ACK for both inbound and outbound traffic.
Supported VHT-MCS set	VHT-MCS supported by the client.
Supported HT MCS set	HT-MCS supported by the client.
QoS mode	QoS mode: · N/A—WMM is not supported. · WMM—WMM is supported. WMM information negotiation is carried out between an AP and a client that both support WMM.
Listen interval	Interval at which the client wakes up to listen for beacon frames. It is counted by beacon interval.
RSSI	Received signal strength indication. This value indicates the client signal strength detected by the AP.
Rx/Tx rate	Sending and receiving rates of data, management, and control frames.
Authentication method	Authentication method: · Open system. · Shared key.
Security mode	Security mode: · RSN—Beacons and probe responses carry RSN IE. · WPA—Beacons and probe responses carry WPA IE. · PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE.
AKM mode	AKM mode: · 802.1X. · PSK. · Not configured.
Cipher suite	Cipher suite: · N/A. · WEP40. · WEP104. · WEP128. · CCMP. · TKIP.
User authentication mode	User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI.
Authorization ACL ID	Authorized ACL number: · This field displays the ACL number if the authorized ACL takes effect. · This field displays ACL number(Not effective) if the authorized ACL does not take effect. · This field displays N/A if the authentication server is configured without any authorized ACL.
Authorization user profile	Name of the authorized user profile: · This field displays the authorized user profile name if the authorized user profile takes effect. · This field displays authorized user profile name + Not effective if the authorized user profile does not take effect. · This field displays N/A if the authentication server is configured without any authorized user profile.
Roam status	Roam status: · Roaming in progress. · Inter-AC slow roaming. · Inter-AC fast roaming. · Intra-AC slow roaming. · Intra-AC fast roaming. · This field displays N/A if the client stays in one BSS after coming online.
Key derivation	Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · N/A—No key derivation algorithm is involved for the authentication type.
PMF status	PMF status: · Enabled—Management frame protection is enabled. · Disabled—Management frame protection is disabled. · N/A—Management frame protection is not involved.
Forward policy name	WLAN forwarding policy name: · Not configured. · Policy-name.
Online time	Client online duration.
FT status	Fast BSS transition (FT): · Active—FT is enabled. · Inactive—FT is disabled.

display wlan client ipv6

Use display wlan client ipv6 to display information about client IPv6 addresses.

Syntax

display wlan client ipv6

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display brief status information about the specified client.

<Sysname> display wlan client ipv6

MAC address AP name RID IPv6 address VLAN

84db-ac14-dd08 ap1 1 1::2:0:0:3 300

Table 7 Command output

Field	Description
MAC address	Client MAC address.
RID	Radio ID
IPv6 address	Client IPv6 address.

display wlan client online-duration

Use display wlan client online-duration to display client online duration.

Syntax

display wlan client online-duration [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

Examples

# Display brief information about client online duration.

<Sysname> display wlan client online-duration

Total number of online clients: 2

MAC address IPv4 address Online duration

a4c1-5b79-fa5b-1d62 192.168.11.123 0days 0hours 2minutes 23seconds

22d3-c5b7-a4b5-96fa 192.168.11.234 0days 0hours 5minutes 34seconds

Table 8 Command output

Field	Description
MAC address	Client MAC address.
IPv4 address	Client IPv4 address.
Online duration	Client online duration.

display wlan client status

Use display wlan client status to display client status information.

Syntax

display wlan client status [ mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.

verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.

Examples

# Display brief status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804

Total number of clients: 1

MAC address Access time RSSI Rx/Tx rate Discard AP name RID

001c-f08f-f804 41ms 0 39/117Mbps 0.00 ap2 2

# Display brief status information about all clients.

<Sysname> display wlan client status

Total number of clients: 1

MAC address Access time RSSI Rx/Tx rate Discard AP name RID

000f-e265-6401 10ms 62 130/195Mbps 0.00% ap1 1

Table 9 Command output

Field	Description
MAC address	Client MAC address.
Access time	Time the client took to associate with the WLAN.
RSSI	RSSI of the client.
Rx/Tx rate	Rates at which the client receives and sends data, management packets, and control packets.
Discard	Ratio of packets discarded by the client.
AP name	Name of the AP with which the client is associated.
RID	ID of the radio with which the client is associated.

# Display detailed status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose

Total number of clients: 1

MAC address : 001c-f08f-f804

AP name : ap2

Radio ID : 2

Access time : 41 ms

RSSI : 0

Rx/Tx rate : 39/117 Mbps

Received:

Retransmitted packets : 84

Retransmitted packet ratio : 64.12%

Sent:

Retransmitted packets : 0

Retransmitted packet ratio : 0.00%

Discarded:

Discarded packets : 0

Discarded packet ratio : 0.00%

Table 10 Command output

Field	Description
MAC address	Client MAC address.
AP name	Name of the AP that the client is associated with.
Radio ID	ID of the radio that the client is associated with.
Access time	Time the client took to associate with the WLAN.
RSSI	RSSI of the client.
Rx/Tx rate	Rates at which the client receives and sends data, management packets, and control packets.
Received	Received packet statistics: · Retransmitted packets. · Retransmitted packet ratio.
Sent	Sent packet statistics: · Retransmitted packets. · Retransmitted packet ratio.
Discarded	Discarded packet statistics: · Discarded packets. · Discarded packet ratio.

display wlan service-template

Use display wlan service-template to display service template information.

Syntax

display wlan service-template [ service-template-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.

verbose: Displays detailed service template information.

Examples

# Display brief information about all service templates.

[Sysname] display wlan service-template

Total number of service templates: 2

Service template name SSID Status

1 2333 Enabled

2 3222 Enabled

# Display detailed information about all service templates.

<Sysname> display wlan service-template verbose

Service template name : service1

Description : Not configured

SSID : wuxianfuwu

SSID-hide : Disabled

User-isolation : Disabled

Service template status : Disabled

Maximum clients per BSS : 64

Frame format : Dot3

Seamless roam status : Disabled

Seamless roam RSSI threshold : 50

Seamless roam RSSI gap : 20

VLAN ID : 1

AKM mode : PSK

Security IE : RSN

Cipher suite : CCMP

WEP key ID : 1

TKIP countermeasure time : 100 sec

PTK lifetime : 43200 sec

GTK rekey : Enabled

GTK rekey method : Time-based

GTK rekey time : 86400 sec

GTK rekey client-offline : Enabled

User authentication mode : Bypass

Intrusion protection : Disabled

Intrusion protection mode : Temporary-block

Temporary block time : 180 sec

Temporary service stop time : 20 sec

Fail VLAN ID : 1

802.1X handshake : Enabled

802.1X handshake secure : Disabled

802.1X domain : my-domain

MAC-auth domain : Not configured

Max 802.1X users per BSS : 4096

Max MAC-auth users per BSS : 4096

802.1X re-authenticate : Enabled

Authorization fail mode : Online

Accounting fail mode : Online

Authorization : Permitted

Key derivation : SHA1

PMF status : Optional

Hotspot policy number : Not configured

Forwarding policy status : Disabled

Forward policy name : Not configured

Forwarder : AC

FT status : Enabled

FT method : over-the-air

FT reassociation deadline : 20 sec

QoS trust : Port

QoS priority : 0

Table 11 Command output

Field	Description
SSID	SSID of the service template.
SSID-hide	Whether the SSID is hidden in beacons: · Disabled. · Enabled.
User-isolation	Use isolation: · Disabled. · Enabled.
Service template status	Service template status: · Disabled. · Enabled.
Maximum clients per BSS	Maximum number of clients that the BSS supports.
Frame format	Client data frame encapsulation format: · Dot3—802.3 format. · Dot11—802.11 format.
Seamless roam status	Seamless roaming status: · Disabled. · Enabled.
Seamless roam RSSI threshold	Seamless roaming RSSI threshold.
Seamless roam RSSI gap	Seamless roaming RSSI gap.
VLAN ID	ID of the VLAN to which clients belong after they come online through the service template.
AKM mode	AKM mode: · 802.1X. · PSK.
Security IE	Security IE: · RSN. · WPA.
Cipher suite	Cipher suite: · WEP40. · WEP104. · WEP128. · TKIP. · CCMP.
TKIP countermeasure time	TKIP countermeasure time. The value 0 indicates no countermeasures are taken.
GTK rekey	Whether GTK rekey is enabled: · Enabled. · Disabled.
GTK rekey method	GTK rekey method: · Time-based. · Packet-based.
GTK rekey time	GTK rekey interval.
GTK rekey packets	Number of packets that can be transmitted before the GTK is refreshed.
GTK rekey client-offline	Whether client-off GTK rekey is enabled: · Enabled. · Disabled.
User authentication mode	Authentication mode: · Bypass—No authentication. · MAC. · MAC-or-802.1X—MAC authentication is performed first. If MAC authentication fails, 802.1X authentication is performed. · 802.1X. · 802.1X-or-MAC—802.1X authentication is performed first. If 802.1X authentication fails, MAC authentication is performed. · OUI-or-802.1X—OUI authentication is performed first. If OUI authentication fails, 802.1X authentication is performed.
Intrusion protection	Whether intrusion protection is enabled: · Enabled. · Disabled.
Intrusion protection mode	Intrusion protection mode: · Temporary-block—Temporarily adds intruders to the block list. · Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets. · Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets.
Temporary block time	Temporary block time in seconds.
Temporary service stop time	Temporary service stop time in seconds.
Fail VLAN ID	ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured.
Critical VLAN ID	ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the critical VLAN ID is not configured.
802.1X handshake	Whether 802.1X handshake is enabled: · Enabled. · Disabled.
802.1X handshake secure	Whether secure 802.1X handshake is enabled: · Enabled. · Disabled.
802.1X domain	802.1X authentication domain. This field displays Not configured if the domain is not configured.
MAC-auth domain	MAC authentication domain. This field displays Not configured if the domain is not configured.
Max 802.1X users per BSS	Maximum number of supported 802.1X users in a BSS.
Max MAC-auth users per BSS	Maximum number of supported users that pass the MAC authentication in a BSS.
802.1X re-authenticate	Whether 802.1X reauthentication is enabled: · Enabled. · Disabled.
Authorization fail mode	Authorization fail mode: · Offline—Clients are logged off when authorization fails. · Online—Clients are not logged off when authorization fails.
Accounting fail mode	Accounting fail mode: · Offline—Clients are logged off when accounting fails. · Online—Clients are not logged off when accounting fails.
Authorization	Authorization information: · Permitted—Applies the authorization information issued by the RADIUS server or the local device. · Ignored—Ignores the authorization information issued by the RADIUS server or the local device.
Key derivation	Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm.
PMF status	PMF status: · Disabled—Management frame protection is disabled. · Optional—Management frame protection in optional mode is enabled. · Mandatory—Management frame protection in mandatory mode is enabled.
Forwarding policy status	WLAN forwarding policy status: · Disabled. · Enabled.
Forward policy name	WLAN forwarding policy name: · Not configured—No WLAN forwarding policy is configured. · policy-name.
Forwarder	Client traffic forwarder: · AC—AC in a non-AC hierarchical network and local AC in an AC hierarchical network. · AP. · Central AC. This field is not supported in the current software version.
FT status	FT status: · Disabled. · Enabled. This field is not supported in the current software version.
FT method	FT method: · over-the-air. · over-the-ds. This field is not supported in the current software version.
FT reassociation deadline	FT reassociation timeout timer in seconds.
QoS trust	QoS priority trust mode: · Port—Port priority trust mode. · Dot11e—802.11e priority trust mode.
QoS priority	Port priority in the range of 0 to 7.

display wlan statistics

Use display wlan statistics to display client statistics or service template statistics.

Syntax

display wlan statistics { client [ mac-address mac-address ] | service-template service-template-name [ connect-history ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client: Specifies client statistics.

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.

service-template service-template-name: Specifies a service template by its name.

Examples

# Display statistics for all clients.

<Sysname> display wlan statistics client

MAC address : 0014-6c8a-43ff

AP name : ap1

Radio ID : 1

SSID : office

BSSID : 000f-e2ff-7700

RSSI : 31

Sent frames:

Back ground : 0/0 (frames/bytes)

Best effort : 9/1230 (frames/bytes)

Video : 0/0 (frames/bytes)

Voice : 2/76 (frames/bytes)

Received frames:

Back ground : 0/0 (frames/bytes)

Best effort : 18/2437 (frames/bytes)

Video : 0/0 (frames/bytes)

Voice : 7/468 (frames/bytes)

Discarded frames:

Back ground : 0/0 (frames/bytes)

Best effort : 0/0 (frames/bytes)

Video : 0/0 (frames/bytes)

Voice : 5/389 (frames/bytes)

Table 12 Command output

Field	Description
SSID	SSID of the service template.
MAC address	Client MAC address.
Back ground	AC-BK queue.
Best effort	AC-BE queue.
Video	AC-VI queue.
Voice	AC-VO queue.

# Display statistics for service template 1.

<Sysname> display wlan statistics service-template 1

AP name : ap1

Radio ID : 1

Received:

Frame count : 1713

Frame bytes : 487061

Data frame count : 1683

Data frame bytes : 485761

Association request count : 2

Sent:

Frame count : 62113

Frame bytes : 25142076

Data frame count : 55978

Data frame bytes : 22626600

Association response count : 2

# Display the connection history for service template 1.

<Sysname> display wlan statistics service-template 1 connect-history

AP name : ap1

Radio ID : 1

Associations : 132

Association failures : 3

Reassociations : 30

Rejections : 12

Abnormal disassociations : 2

Current associations : 57

AP name : ap1

Radio ID : 2

Associations : 1004

Association failures : 35

Reassociations : 59

Rejections : 4

Abnormal disassociations : 22

Current associations : 300

# Display the connection history for AP ap1.

<Sysname> display wlan statistics ap name ap1 connect-history

AP name : ap1

Associations : 1

Reassociations : 0

Failures : 0

Rejections : 0

Abnormal disassociations : 0

Current associations : 1

display wlan whitelist

Use display wlan whitelist to display whitelist entries.

Syntax

display wlan whitelist

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display whitelist entries.

<Sysname> display wlan whitelist

Total number of clients: 3

MAC addresses:

000e-35b2-000e

0019-5b8e-b709

001c-f0bf-9c92

quick-association enable

Use quick-association to enable quick association.

Use undo quick-association to disable quick association.

Syntax

quick-association enable

undo quick-association enable

Default

Quick association is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.

Examples

# Enable quick association for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1]quick-association enable

region-code

Use region-code to specify a region code.

Use undo region-code to restore the default.

Syntax

region-code code

undo region-code

Default

The region code is CN.

Views

Global configuration view

Predefined user roles

network-admin

Parameters

code: Specifies a region code. For more information about region codes, see Table 13.

Table 13 Region code information

Country	Code	Country	Code
Andorra	AD	Korea, Republic of Korea	KR
United Arab Emirates	AE	Kenya	KE
Albania	AL	Kuwait	KW
Armenia	AM	Kazakhstan	KZ
Australia	AU	Lebanon	LB
Argentina	AR	Liechtenstein	LI
Australia	AT	Sri Lanka	LK
Azerbaijan	AZ	Lithuania	LT
Bosnia and Herzegovina	BA	Luxembourg	LU
Belgium	BE	Latvia	LV
Bulgaria	BG	Libyan	LY
Bahrain	BH	Morocco	MA
Brunei Darussalam	BN	Monaco	MC
Bolivia	BO	Moldova	MD
Brazil	BR	Macedonia	MK
Bahamas	BS	Macau	MO
Belarus	BY	Martinique	MQ
Belize	BZ	Malta	MT
Canada	CA	Mauritius	MU
Switzerland	CH	Mexico	MX
Cote d'ivoire	CI	Malay Archipelago	MY
Chile	CL	Namibia	NA
China	CN	Nigeria	NG
Colombia	CO	Nicaragua	NI
Costarica	CR	Netherlands	NL
Serbia	RS	Norway	NO
Cyprus	CY	New Zealand	NZ
Czech Republic	CZ	Oman	OM
Germany	DE	Panama	PA
Denmark	DK	Peru	PE
Dominica	DO	Poland	PL
Algeria	DZ	Philippines	PH
Ecuador	EC	Pakistan	PK
Estonia	EE	Puerto Rico	PR
Egypt	EG	Portugal	PT
Spain	ES	Paraguay	PY
Faroe Islands	FO	Qatar	QA
Finland	FI	Romania	RO
France	FR	Russian Federation	RU
Britain	GB	Saudi Arabia	SA
Georgia	GE	Sweden	SE
Gibraltar	GI	Singapore	SG
Greenland	GL	Slovenia	SI
Guadeloupe	GP	Slovak	SK
Greece	GR	San Marino	SM
Guatemala	GT	Salvador	SV
Guyana	GY	Syrian	SY
Honduras	HN	Thailand	TH
Hong Kong	HK	Tunisia	TN
Croatia	HR	Turkey	TR
Hungary	HU	Trinidad and Tobago	TT
Iceland	IS	, China	TW
India	IN	Ukraine	UA
Indonesia	ID	United States of America	US
Ireland	IE	Uruguay	UY
Israel	IL	Uzbekistan	UZ
Iraq	IQ	The Vatican City State	VA
Italy	IT	Venezuela	VE
Iran	IR	Virgin Islands	VI
Jamaica	JM	Vietnam	VN
Jordan	JO	Yemen	YE
Japan	JP	South Africa	ZA
Democratic People's Republic of Korea	KP	Zimbabwe	ZW

Usage guidelines

A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.

Examples

# Specify US as the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code US

Related commands

region-code-lock

Use region-code-lock enable to lock the region code.

Use region-code-lock disable to unlock the region code.

Use undo region-code-lock to restore the default.

Syntax

region-code-lock { disable | enable }

undo region-code-lock

Default

The region code is not locked.

Views

Global configuration view

Predefined user roles

network-admin

Parameters

A locked region code cannot be changed.

Examples

# Lock the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code-lock enable

Related commands

region-code

reset wlan client

Use reset wlan client to log off a client or all clients.

Syntax

reset wlan client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all clients.

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Log off all clients.

<Sysname> reset wlan client all

Related commands

display wlan client

reset wlan dynamic-blacklist

Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.

Syntax

reset wlan dynamic-blacklist [ mac-address mac-address ]

Views

User view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.

Examples

# Remove all clients from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist

# Remove the specified client from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69

Related commands

display wlan blacklist

reset wlan statistics client

Use reset wlan statistics client to clear client statistics.

Syntax

reset wlan statistics client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all clients.

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Clear statistics about all clients.

<Sysname> reset wlan statistics client all

Related commands

display wlan statistics

reset wlan statistics service-template

Use reset wlan statistics service-template to clear service template statistics.

Syntax

reset wlan statistics service-template service-template-name

View

User view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Examples

# Clear statistics about service template service1.

<Sysname> reset wlan statistics service-template service1

Related commands

display wlan statistics

service-template

Use service-template to bind a service template to a radio or a radio interface.

Use undo service-template to unbind a service template from a radio or a radio interface.

Syntax

service-template service-template-name

undo service-template service-template-name

Default

No service template is bound to a radio interface.

Views

WLAN-Radio interface view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Before you bind a service template to a radio or a radio interface, you must create the service template.

Examples

# Bind service template service1 to interface WLAN-Radio 1/0/1.

<Sysname> system-view

[Sysname] interface wlan-radio 1/0/1

[Sysname-wlan-radio-1] service-template service1

service-template enable

Use service-template enable to enable a service template.

Use undo service-template enable to disable a service template.

Syntax

service-template enable

undo service-template enable

Default

A service template is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

If the number of BSSs on a device exceeds the limit, you cannot enable a new service template.

Examples

# Enable service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] service-template enable

snmp-agent trap enable wlan client

Use snmp-agent trap enable wlan client to enable SNMP notification for client access.

Use undo snmp-agent trap enable wlan client to disable SNMP notification for client access.

Syntax

snmp-agent trap enable wlan client

undo snmp-agent trap enable wlan client

Default

SNMP notification is disabled for client access.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for client access.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client

snmp-agent trap enable wlan client-audit

Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.

Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.

Syntax

snmp-agent trap enable wlan client-audit

undo snmp-agent trap enable wlan client-audit

Default

SNMP notification is disabled for client audit.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for client audit.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client-audit

ssid

Use ssid to set an SSID for a service template.

Use undo ssid to restore the default.

Syntax

ssid ssid-name

undo ssid

Default

No SSID is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

Disable the service template before you execute this command.

Examples

# Set the SSID to lynn for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] ssid lynn

unknown-client

Use unknown-client to set the way that an AP processes traffic from unknown clients.

Use undo unknown-client to restore the default.

Syntax

unknown-client { deauthenticate | drop }

undo unknown-client

Default

The AP drops packets from unknown clients and deauthenticates these clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

deauthenticate: Drops packets from unknown clients and deauthenticates these clients.

drop: Drops packets from unknown clients.

Examples

# Configure the AP that uses service template example to drop packets from unknown clients but not deauthenticate these clients.

<Sysname> system-view

[Sysname] wlan service-template example

[Sysname -wlan-st-example] unknown-client drop

vlan

Use vlan to assign clients coming online through a service template to the specified VLAN.

Use undo vlan to restore the default.

Syntax

vlan vlan-id

undo vlan

Default

Clients are assigned to VLAN 1 after coming online through a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094. If the specified VLAN does not exist, this command creates the VLAN when clients come online.

Usage guidelines

Disable the service template before you execute this command.

If the specified VLAN does not exist, this command creates the VLAN when clients come online.

Examples

# Assign clients coming online through service template service1 to VLAN 2.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] vlan 2

wlan broadcast-probe reply

Use wlan broadcast-probe reply to enable the AP to respond to broadcast probe requests.

Use undo wlan broadcast-probe reply to disable the AP from responding to broadcast probe requests.

Syntax

wlan broadcast-probe reply

undo wlan broadcast-probe reply

Default

The AP responds to broadcast probe requests.

Views

System view

Predefined user roles

network-admin

Examples

# Disable the AP from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] undo wlan broadcast-probe reply

wlan client idle-timeout

Use wlan client idle-timeout to set the client idle timeout timer.

Use undo wlan client idle-timeout to restore the default.

Syntax

wlan client idle-timeout timeout

undo wlan client idle-timeout

Default

The client idle timeout timer is 3600 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

timeout: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.

Usage guidelines

If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.

Examples

# Set the client idle timeout timer to 2000 seconds.

<Sysname> system-view

[Sysname] wlan client idle-timeout 2000

wlan client keep-alive

Use wlan client keep-alive enable to enable client keepalive.

Use undo wlan client keep-alive to disable client keepalive.

Syntax

wlan client keep-alive enable

undo wlan client keep-alive

Default

Client keepalive is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the AP to send keepalive packets to clients at the specified intervals to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

Examples

# Enable client keepalive.

<Sysname> system-view

[Sysname] client keep-alive enable

Related commands

wlan client keep-alive interval

wlan client keepalive interval

Use wlan client keepalive interval to set the client keepalive interval.

Use undo wlan client keepalive interval to disable client keepalive.

Syntax

wlan client keepalive interval interval

undo wlan client keepalive interval

Default

The client keepalive interval is 300 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.

Usage guidelines

Enable client keepalive on the AP before you execute this command.

This command enables the AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

Examples

# Set the client keepalive interval to 1000 seconds.

<Sysname> system-view

[Sysname] wlan client keepalive interval 1000

Related commands

wlan client keep-alive

wlan client reauthentication-period

Use wlan client reauthentication-period to set the idle period before client reauthentication.

Use undo wlan client reauthentication-period to restore the default.

Syntax

wlan client reauthentication-period [ period-value ]

undo wlan client reauthentication-period

Default

The idle period is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

period-value: Specifies the idle period in the range of 1 to 3600 seconds. By default, the idle period is 10 seconds.

Usage guidelines

Set the idle period before client reauthentication to reduce reauthentication failures.

When URL redirection is enabled for WLAN MAC authentication clients, an AP logs off a client that has passed MAC authentication. At the next MAC authentication attempt, the client can pass MAC authentication and access the WLAN. With the idle period configured, the AP adds the client to the dynamic blacklist after logging off the client and the client entry ages out after the specified idle period.

Examples

# Set the idle period before client reauthentication to 100 seconds.

<Sysname> system-view

[Sysname] wlan client reauthentication-period 100

wlan gps-report enable

NOTE:

Support for this command depends on the device model.

Use wlan gps-report enable to enable GPS information reporting.

Use undo wlan gps-report enable to disable GPS information reporting.

Syntax

wlan gps-report enable

undo wlan gps-report enable

Default

GPS information reporting is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the AP to output GPS information every 5 seconds and send the GPS information to the information center. For more information about the destination and output rules in the information center, see Network Management and Monitoring Configuration Guide.

Only APs installed with GPS antennas can obtain GPS information. If you enable this feature on an AP that does not have any GPS antennas, the AP does not output or send GPS information.

Examples

# Enable GPS information reporting.

<Sysname> system-view

[Sysname] wlan gps-report enable

[Sysname] %Jan 1 12:45:33:697 2014 H3C APMGR/6/APMGR_AP_GPSREPORT: SN=CN51GTG0GK, Lng=117.788887, Lat=30.822136, Velocity=25.445878, Orientation=8.054548, DayTime=2016-03-28 15:32:19, Elevation=156.655897.

Table 14 Command output

Field	Description
SN	Serial number of the AP.
Lng	Longitude rounded to six decimal places.
Lat	Latitude rounded to six decimal places.
Velocity	Horizontal velocity rounded to six decimal places.
Orientation	Orientation rounded to six decimal places.
DayTime	Date and time.
Elevation	Elevation rounded to six decimal places.

wlan link-test

Use wlan link-test to test wireless link quality.

Syntax

wlan link-test mac-address

Views

Any view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the client MAC address in the H-H-H format.

Usage guidelines

Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.

The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.

Examples

# Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0.

<Sysname> wlan link-test 60a4-4cda-eff0

Testing link to 60a4-4cda-eff0. Press CTRL + C to break.

Link Status

-----------------------------------------------------------------------

MAC address: 60a4-4cda-eff0

-----------------------------------------------------------------------

VHT-MCS Rate(Mbps) TxCnt RxCnt RSSI Retries RTT(ms)

-----------------------------------------------------------------------

NSS = 1

-----------------------------------------------------------------------

0 32.5 5 5 54 0 0

1 65 5 5 51 0 0

2 97.5 5 5 49 0 0

3 130 5 5 47 0 0

4 195 5 5 45 0 0

5 260 5 5 45 0 0

6 292.5 5 5 44 0 0

7 325 5 5 44 0 0

8 390 5 5 44 0 0

9 433.3 5 5 43 0 0

-----------------------------------------------------------------------

NSS = 2

-----------------------------------------------------------------------

0 65 5 5 44 0 0

1 130 5 5 44 0 0

2 195 5 5 44 0 0

3 260 5 5 44 0 0

4 390 5 5 44 0 0

5 520 5 5 44 0 0

6 585 5 5 43 0 0

7 650 5 5 43 0 0

8 780 5 5 43 0 0

9 866.7 5 5 43 0 0

Table 15 Command output

Field	Description
No./MCS/VHT-MCS	· No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients. · MCS—MCS index for link quality test on 802.11n clients. · VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients.
Rate(Mbps)	Rate at which the AP sends wireless link quality detection frames.
TxCnt	Number of wireless link quality detection frames sent by the AP.
RxCnt	Number of responses received by the AP.
RSSI	RSSI of the client detected by the AP.
Retries	Number of wireless link quality retransmission frames sent by the AP.
RTT(ms)	Round trip time for link quality test frames from the AP to the client.
NSS	Number of spatial streams for link quality test on 802.11n or 802.11ac clients.

wlan service-template

Use wlan service-template to create a service template and enter its view, or enter the view of an existing service template.

Use undo wlan service-template to delete a service template.

Syntax

wlan service-template service-template-name

undo wlan service-template service-template-name

Default

No service template exists.

Views

System view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You cannot delete a service template that has been bound to a radio.

Examples

# Create service template service1 and enter its view.

<Sysname> system-view

[Sysname] wlan service-template service1

wlan static-blacklist mac-address

Use wlan static-blacklist mac-address to add a client to the static blacklist.

Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.

Syntax

wlan static-blacklist mac-address mac-address

undo wlan static-blacklist [ mac-address mac-address ]

Default

No clients exist in the static blacklist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

If you add an online client to the static blacklist, the command logs off the client.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.

Examples

# Add MAC address 001c-f0bf-9c92 to the static blacklist.

<Sysname> system-view

[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92

Related commands

display wlan blacklist

wlan whitelist mac-address

Use wlan whitelist mac-address to add a client to the whitelist.

Use undo wlan whitelist mac-address to remove a client from the whitelist.

Syntax

wlan whitelist mac-address mac-address

undo wlan whitelist [ mac-address mac-address ]

Default

No clients exist in the whitelist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.

If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.

Examples

# Add MAC address 001c-f0bf-9c92 to the whitelist.

<Sysname> system-view

[Sysname] wlan whitelist mac-address 001c-f0bf-9c92

This command will disconnect all clients. Continue? [Y/N]:

Related commands

display wlan whitelist

WLAN security commands

WLAN is supported only on the following routers:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· MSR810-W-LM-HK.

· MSR810-W-LM-GL.

The term "AP" in this document refers to MSR routers that support WLAN.

akm mode

Use akm mode to set an authentication and key management (AKM) mode.

Use undo akm mode to restore the default.

Syntax

akm mode { dot1x | private-psk | psk | anonymous-dot1x }

undo akm mode

Default

No AKM mode is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

dot1x: Specifies 802.1X as the AKM mode.

private-psk: Specifies private PSK as the AKM mode.

psk: Specifies PSK as the AKM mode.

anonymous-dot1x: Specifies WiFi alliance anonymous 802.1X as the AKM mode.

Usage guidelines

You must set the AKM mode for 802.11i (RSNA) networks.

Each WLAN service template supports only one AKM mode. Set the AKM mode only when the WLAN service template is disabled.

Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.

Each of the following AKM modes must be used with a specific authentication mode:

· 802.1X AKM—802.1X authentication mode.

· Private PSK AKM—MAC authentication mode.

· PSK AKM—MAC or bypass authentication mode.

· WiFi alliance anonymous 802.1X AKM—802.1X authentication mode.

For more information about the authentication mode, see "Configuring WLAN user access authentication."

Examples

# Set the PSK AKM mode.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] akm mode psk

Related commands

cipher-suite

security-ie

cipher-suite

Use cipher-suite to specify the cipher suite used for frame encryption.

Use undo cipher-suite to remove the cipher suite configuration.

Syntax

cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }

undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }

Default

No cipher suite is specified.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

ccmp: Specifies the AES-CCMP cipher suite.

tkip: Specifies the TKIP cipher suite.

wep40: Specifies the WEP40 cipher suite.

wep104: Specifies the WEP104 cipher suite.

wep128: Specifies the WEP128 cipher suite.

Usage guidelines

You must set the cipher suite for 802.11i networks. Set a cipher suite only when the WLAN service template is disabled.

Set the TKIP or CCMP cipher suite when you configure the RSN IE or WPA IE.

The WEP cipher suite includes three types, WEP40, WEP104, and WEP128. Each WLAN service template supports only one type of WEP cipher suite. After you set a type of WEP cipher suite, you must create and apply a key of the same type.

WEP128 cannot be set if the CCMP or TKIP cipher suite is configured.

Examples

# Set the TKIP cipher suite for frame encryption.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite tkip

Related commands

security-ie

wep key

wep key-id

gtk-rekey client-offline enable

Use gtk-rekey client-offline enable to enable offline-triggered GTK update.

Use undo gtk-rekey client-offline to restore the default.

Syntax

gtk-rekey client-offline enable

undo gtk-rekey client-offline enable

Default

Offline-triggered GTK update is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

Enable offline-triggered GTK update only when GTK update is enabled.

Examples

# Enable offline-triggered GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey client-offline enable

Related commands

gtk-rekey enable

Use gtk-rekey enable to enable GTK update.

Use undo gtk-rekey enable to disable GTK update.

Syntax

gtk-rekey enable

undo gtk-rekey enable

Default

GTK update is enabled.

Views

WLAN service template view

Predefined user roles

network-admin

Examples

# Enable GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey enable

gtk-rekey method

Use gtk-rekey method to set a GTK update method.

Use undo gtk-rekey method to restore the default.

Syntax

gtk-rekey method { packet-based [ packet ] | time-based [ time ] }

undo gtk-rekey method

Default

The GTK is updated at an interval of 86400 seconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

packet-based packet: Specifies the number of packets (including multicasts and broadcasts) that are transmitted before the GTK is updated. The value range for the packet argument is 5000 to 4294967295 and the default is 10000000.

time-based time: Specifies the interval at which the GTK is updated. The value range for the time argument is 180 to 604800 seconds and the default is 86400 seconds.

Usage guidelines

Set the GTK update method only when GTK update is enabled.

The most recent configuration overwrites the previous one. For example, if you set the packet-based method and then set the time-based method, the time-based method takes effect.

If you set the GTK update method after the service template is enabled, the change takes effect when the following conditions exist:

· If you change the GTK update interval, the new interval takes effect when the old timer times out.

· If you change the packet number threshold, the new threshold takes effect immediately.

· If you change the GTK update method to packet-based, the new method takes effect when the timer is deleted and the packet number threshold is reached.

· If you change the GTK update method to time-based, the configuration takes effect immediately.

Examples

# Enable time-based GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey method time-based 3600

# Enable packet-based GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey method packet-based 600000

Related commands

gtk-rekey enable

key-derivation

Use key-derivation to set the key derivation function (KDF).

Use undo key-derivation to restore the default.

Syntax

key-derivation { sha1 | sha1-and-sha256 | sha256 }

undo key-derivation

Default

The KDF is the HMAC-SHA1 algorithm.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

sha1: Specifies the HMAC-SHA1 algorithm as the KDF.

sha256: Specifies the HMAC-SHA256 algorithm as the KDF.

sha1-and-sha256: Specifies the HMAC-SHA1 algorithm and the HMAC-SHA256 algorithm as the KDFs.

Usage guidelines

KDFs take effect only for a network that uses the 802.11i mechanism.

The HMAC-SHA256 algorithm is recommended if mandatory management frame protection is enabled.

Examples

# Configure the HMAC-SHA256 algorithm as the KDF.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] key-derivation sha256

Related commands

akm mode

cipher-suite

security-ie

pmf

Use pmf to enable management frame protection.

Use undo pmf to restore the default.

Syntax

pmf { mandatory | optional }

undo pmf

Default

Management frame protection is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

mandatory: Specifies the mandatory mode. Only clients that support management frame protection can access the WLAN.

optional: Specifies the optional mode. All clients can access the WLAN.

Usage guidelines

Management frame protection takes effect only for a network that uses the 802.11i mechanism and is configured with the CCMP cipher suite and RSN security information element.

Examples

# Enable management frame protection in optional mode.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf optional

Related commands

cipher-suite

security-ie

pmf association-comeback

Use pmf association-comeback to set the association comeback time.

Use undo pmf association-comeback to restore the default.

Syntax

pmf association-comeback time

undo pmf association-comeback

Default

The association comeback time is 1 second.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Specifies the association comeback time in the range of 1 to 20 seconds.

Usage guidelines

If an AP rejects the current association or reassociation request from a client, it returns an association/reassociation response that carries the association comeback time. The AP starts to receive the association or reassociation request from the client when the association comeback time times out.

Examples

# Set the association comeback time to 2 seconds.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf association-comeback 2

pmf saquery retrycount

Use pmf saquery retrycount to maximum retransmission attempts for SA query requests.

Use undo pmf saquery retrycount to restore the default.

Syntax

pmf saquery retrycount count

undo pmf saquery retrycount

Default

The maximum retransmission attempt number is 4 for SA query requests.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum retransmission attempts for SA query requests, in the range of 1 to 16.

Usage guidelines

If an AP does not receive an acknowledgment for the SA query request after retransmission attempts reach the maximum number, the AP determines that the client is offline.

Examples

# Set the number of maximum retransmission attempt to 3 for SA query requests.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf saquery retrycount 3

Related commands

pmf

pmf saquery retrycount

pmf saquery retrytimeout

Use pmf saquery retrytimeout to set the interval for sending SA query requests.

Use undo pmf saquery retrytimeout to restore the default.

Syntax

pmf saquery retrytimeout timeout

undo pmf saquery retrytimeout

Default

The interval for sending SA query requests is 200 milliseconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

timeout: Specifies the interval for an AP to send SA query requests, in the range of 100 to 500 milliseconds.

Examples

# Set the interval for sending SA query requests to 300 milliseconds.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf saquery retrytimeout 300

Related commands

pmf

pmf saquery retrytimeout

preshared-key

Use preshared-key to set the PSK.

Use undo preshared-key to restore the default.

Syntax

preshared-key { pass-phrase | raw-key } { cipher | simple } string

undo preshared-key

Default

No PSK is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

pass-phrase: Sets a PSK, a character string.

raw-key: Sets a PSK, a hexadecimal number.

cipher: Sets a key in encrypted form.

simple: Sets a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies a key string. This argument is case sensitive. Key length varies by key type:

· pass-phrase—Its plaintext form is 8 to 63 characters. Its encrypted form is 8 to 117 characters.

· raw-key—Its plaintext form is 64 hexadecimal digits. Its encrypted form is 8 to 117 characters.

Usage guidelines

Set the PSK only when the WLAN service template is disabled and the AKM mode is PSK. If you set the PSK when the AKM mode is 802.1X, the WLAN service template can be enabled but the PSK configuration does not take effect.

You can set only one PSK for a WLAN service template.

Examples

# Configure simple character string 12345678 as the PSK.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] akm mode psk

[Sysname-wlan-st-security] preshared-key pass-phrase simple 12345678

Related commands

akm mode

ptk-lifetime

Use ptk-lifetime to set the PTK lifetime.

Use undo ptk-lifetime to restore the default.

Syntax

ptk-lifetime time

undo ptk-lifetime

Default

The PTK lifetime is 43200 seconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Specifies the lifetime of the PSK, in the range of 180 to 604800 seconds.

Usage guidelines

If you configure the PTK lifetime when the service template is enabled, the configuration takes effect after the old timer times out.

Examples

# Set the PTK lifetime to 200 seconds.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] ptk-lifetime 200

ptk-rekey enable

Use ptk-rekey enable to enable PTK update.

Use undo ptk-rekey enable to disable PTK update.

Syntax

ptk-rekey enable

undo ptk-rekey enable

Default

PTK update is enabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to update the PTK after the PTK lifetime expires.

Examples

# Enable PTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] ptk-rekey enable

Related commands

ptk-lifetime

security-ie

Use security-ie to enable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.

Use undo security-ie to disable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.

Syntax

security-ie { osen | rsn | wpa }

undo security-ie { osen | rsn | wpa }

Default

OSEN IE, RSN IE, and WPA IE are disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

osen: Enables the OSEN IE in the beacon and probe response frames sent by the AP. The OSEN IE advertises the OSEN capabilities of the AP.

rsn: Enables the RSN IE in the beacon and probe response frames sent by the AP. The RSN IE advertises the RSN capabilities of the AP.

wpa: Enables the WPA IE in the beacon and probe response frames sent by the AP. The WPA IE advertises the WPA capabilities of the AP.

Usage guidelines

You must set the security IE for 802.11i networks. Set a security IE only when the WLAN service template is disabled and the CCMP or TKIP cipher suite is configured.

You can set both the WPA IE and RSN IE for the same WLAN service template. The WPA IE and RSN IE cannot be used together with the OSEN IE for a WLAN service template.

Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.

Examples

# Enable the RSN IE in beacon and probe responses.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] security-ie rsn

Related commands

akm mode

cipher-suite

snmp-agent trap enable wlan usersec

Use snmp-agent trap enable wlan usersec to enable SNMP notifications for WLAN security.

Use undo snmp-agent trap enable wlan usersec to disable SNMP notifications for WLAN security.

Syntax

snmp-agent trap enable wlan usersec

undo snmp-agent trap enable wlan usersec

Default

SNMP notifications are disabled for WLAN security.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN security events to an NMS, enable SNMP notifications for WLAN security. For WLAN security event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.

Examples

# Enable SNMP notifications for WLAN security.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan usersec

tkip-cm-time

Use tkip-cm-time to set the TKIP MIC failure hold time.

Use undo tkip-cm-time to restore the default.

Syntax

tkip-cm-time time

undo tkip-cm-time

Default

The TKIP MIC failure hold time is 0 seconds. The AP does not take any countermeasures.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Sets the TKIP MIC failure hold time in the range of 0 to 3600 seconds.

Usage guidelines

Set the TKIP MIC failure hold time only when the TKIP cipher suite is configured.

If you configure the MIC failure hold time when the service template is enabled, the configuration takes effect after the old timer times out.

If the AP detects two MIC failures within the MIC failure hold time, it disassociates all clients for 60 seconds.

Examples

# Set the TKIP MIC failure hold time to 180 seconds.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] tkip-cm-time 180

Related commands

cipher-suite

wep key

Use wep key to set a WEP key.

Use undo wep key to delete the configured WEP key.

Syntax

wep key key-id { wep40 | wep104 | wep128 } { pass-phrase | raw-key } { cipher | simple } string

undo wep key key-id

Default

No WEP key is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

key-id: Sets the key ID in the range of 1 to 4.

wep40: Sets the WEP40 key.

wep104: Sets the WEP104 key.

wep128: Sets the WEP128 key.

pass-phrase: Sets a WEP key, a character string.

raw-key: Sets a WEP key, a hexadecimal number.

cipher: Sets a key in encrypted form.

simple: Sets a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

key: Specifies a key string. This argument is case sensitive. The cipher key length is in the range of 37 to 73 characters. The plaintext key length varies by key type:

· wep40 pass-phrase—Its plaintext form is 5 characters.

· wep104 pass-phrase—Its plaintext form is 13 characters.

· wep128 pass-phrase—Its plaintext form is 16 characters.

· wep40 raw-key—Its plaintext form is 10 hexadecimal digits.

· wep104 raw-key—Its plaintext form is 26 hexadecimal digits.

· wep128 raw-key—Its plaintext form is 32 hexadecimal digits.

Usage guidelines

Set a WEP key only when the WLAN service template is disabled and the cipher suite WEP is configured. You can set a maximum of four WEP keys.

Examples

# Configure the cipher suite WEP40 and configure plain text 12345 as WEP key 1.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite wep40

[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345

Related commands

cipher-suite

wep key-id

Use wep key-id to apply a WEP key.

Use undo wep key-id to restore the default.

Syntax

wep key-id { 1 | 2 | 3 | 4 }

undo wep key-id

Default

Key 1 is applied.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

1: Specifies the WEP key whose ID is 1.

2: Specifies the WEP key whose ID is 2.

3: Specifies the WEP key whose ID is 3.

4: Specifies the WEP key whose ID is 4.

Usage guidelines

Apply a WEP key only when the WLAN service template is disabled.

In the 802.11i mechanism, key 1 is the negotiated key. To apply a WEP key, specify a WEP key whose ID is not 1.

You can only apply an existing WEP key.

Examples

# Configure the cipher suite WEP40, configure plain text 12345 as WEP key 1, and apply WEP key 1.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite wep40

[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345

[Sysname-wlan-st-security] wep key-id 1

Related commands

wep key

wep mode dynamic

Use the wep mode dynamic command to enable the dynamic WEP mechanism.

Use the undo wep mode dynamic command to disable the dynamic WEP mechanism.

Syntax

wep mode dynamic

undo wep mode dynamic

Default

The dynamic WEP mechanism is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

Enable the dynamic WEP mechanism only when the WLAN service template is disabled.

The dynamic WEP mechanism requires 802.1X authentication for user access authentication.

Do not apply WEP key 4 if the dynamic WEP mechanism is enabled.

Examples

# Enable the dynamic WEP mechanism.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] wep mode dynamic

Related commands

cipher-suite

client-security authentication-mode

wep key

wep key-id

WLAN authentication commands

WLAN is supported only on the following routers:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· MSR810-W-LM-HK.

· MSR810-W-LM-GL.

The term "AP" in this document refers to MSR routers that support WLAN.

This chapter describes WLAN-specific authentication commands. For more information about 802.1X and MAC authentication commands, see Security Command Reference.

client url-redirect enable

Use client url-redirect enable to enable URL redirection for WLAN clients.

Use undo client url-redirect enable to disable URL redirection for WLAN clients.

Syntax

client url-redirect enable

undo client url-redirect enable

Default

URL redirection is disabled for WLAN clients

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

This command takes effect only on clients that use RADIUS-based MAC authentication.

A client is allowed to pass RADIUS-based MAC authentication only when its credential information (username and password) and MAC address are recorded on the RADIUS server.

This command facilitates MAC authentication for a client whose credential information and MAC address are not recorded on the RADIUS server. After this command is enabled, the client will perform Web authentication on the Web interface specified by the RADIUS server-assigned redirect URL. After the client passes Web authentication, the RADIUS server records the client's credential information and MAC address. At the same time, the server uses DM requests to log off the client. At the next MAC authentication attempt, the client can pass MAC authentication. For information about DMs, see AAA in Security Configuration Guide.

Examples

# Enable URL redirection for WLAN clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client url-redirect enable

client-security accounting-delay time

Use client-security accounting-delay time to configure the accounting delay.

Use undo client-security accounting-delay time to restore the default.

Syntax

client-security accounting-delay time time [ no-ip-logoff ]

undo client-security accounting-delay time

Default

The device sends start-accounting requests for a client when the device learns the IP address of the client.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Specifies the accounting delay timer that starts after the client passes 802.1X or MAC authentication. The value range for the time argument is 1 to 60 seconds.

no-ip-logoff: Logs off a client if the device fails to obtain the client IP address within the delay timer. If you do not specify this keyword, the device sends start-accounting requests when the delay timer expires.

Usage guidelines

The device takes a predefined action on a client if it does not learn an IP address of the specified type for the client within the delay time. To specify the type of IP addresses that have the accounting-start qualification, use the client-security accounting-start trigger command. When the IP address type is set to none, the accounting delay feature does not take effect.

As a best practice, consider the time the device takes to obtain an IP address when you set the accounting delay timer. Increase the delay timer in a low-performance network.

If you execute this command on a service template that has been enabled, the command takes effect only on subsequent clients. It does not affect clients that have been online since before this command is executed.

Examples

# On service template service1, set the accounting delay timer to 15 seconds. Configure the device to log off a client if it fails to learn the required client IP address within the delay timer.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-delay time 15 no-ip-logoff

Related commands

client-security accounting-start trigger

Use client-security accounting-start trigger to specify an IP address type to have the accounting-start qualification.

Use undo client-security accounting-start trigger to restore the default.

Syntax

client-security accounting-start trigger { ipv4 | ipv4-ipv6 | ipv6 | none }

undo client-security accounting-start trigger

Default

The IP address type is IPv4.

Views

Service template view

Predefined user roles

network-admin

Parameters

ipv4: Specifies the IPv4 address type.

ipv4-ipv6: Specifies the IPv4 or IPv6 address type.

ipv6: Specifies the IPv6 address type.

none: Configures the device to send start-accounting requests for a client when the client passes authentication.

Usage guidelines

This command allows the device to send start-accounting requests to the accounting server only for clients that use a specific type of IP addresses. The command takes effect on clients that have passed 802.1X or MAC authentication. For more information about accounting, see AAA in Security Configuration Guide.

To configure an IP address type to have the accounting-start qualification, you must enable learning for IP addresses of that type. For information about wireless client IP address learning, see WLAN IP snooping in WLAN Configuration Guide.

The IP address type setting configured by using this command must meet the protocol requirements of the accounting server.

Examples

# On service template service1, allow the device to send start-accounting requests only for clients that use IPv6 addresses.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-start trigger ipv6

Related commands

client ipv4-snooping arp-learning enable

client ipv4-snooping dhcp-learning enable

client ipv6-snooping dhcpv6-learning enable

client ipv6-snooping nd-learning enable

client ipv6-snooping snmp-nd-report enable

client-security accounting-delay time

client-security accounting-update trigger

Use client-security accounting-update trigger to specify an IP address type to have the accounting-update qualification.

Use undo client-security accounting-update trigger to restore the default.

Syntax

client-security accounting-update trigger { ipv4 | ipv4-ipv6 | ipv6 }

undo client-security accounting-update trigger

Default

The device sends update-accounting requests to the accounting server at the server-assigned or user-defined realtime accounting interval.

Views

Service template view

Predefined user roles

network-admin

Parameters

ipv4: Specifies the IPv4 address type, which indicates that the device triggers accounting update for a client only when the learned IP address of the client changes to an IPv4 address.

ipv4-ipv6: Specifies the IPv4 or IPv6 address type, which indicates that the device triggers accounting update for a client whenever the learned IP address of the client changes.

ipv6: Specifies the IPv6 address type, which indicates that the device triggers accounting update for a client only when the learned IP address of the client changes to an IPv6 address.

Usage guidelines

This command takes effect only when the client-security accounting-start trigger command takes effect.

This command is independent of the periodic realtime-accounting feature. For example, if you configure the accounting-update trigger as client IP addresses changing to IPv6 addresses and set the realtime accounting interval to 12 minutes, both settings take effect. For a client that uses the settings, the device sends update-accounting requests every 12 minutes and triggers accounting update whenever the client IP address changes to an IPv6 address.

To set the realtime accounting interval, use the timer realtime-accounting command.

Examples

# On service template service1, configure the device to trigger accounting update for a client whenever the client IP address changes to an IPv6 address.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-update trigger ipv6

Related commands

client-security accounting-start trigger

timer realtime-accounting (Security Command Reference)

client-security authentication fail-vlan

Use client-security authentication fail-vlan to configure an Auth-Fail VLAN for a service template.

Use undo client-security authentication fail-vlan to restore the default.

Syntax

client-security authentication fail-vlan vlan-id

undo client-security authentication fail-vlan

Default

No Auth-Fail VLAN exists for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies the ID of the Auth-Fail VLAN, in the range of 1 to 4094. Make sure the VLAN has been created.

Usage guidelines

The WLAN Auth-Fail VLAN accommodates clients that have failed WLAN authentication because of the failure to comply with the organization security strategy. For example, the VLAN accommodates clients that have entered invalid passwords. The Auth-Fail VLAN does not accommodate WLAN clients that have failed authentication for authentication timeouts or network connection problems.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure VLAN 10 as the Auth-Fail VLAN on service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] client-security authentication fail-vlan 10

client-security authentication-mode

Use client-security authentication-mode to set the authentication mode for WLAN clients.

Use undo client-security authentication-mode to restore the default.

Syntax

client-security authentication-mode { dot1x | dot1x-then-mac | mac | mac-then-dot1x | oui-then-dot1x }

undo client-security authentication-mode

Default

The WLAN authentication mode is Bypass. The device does not perform authentication for WLAN clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot1x: Performs 802.1X authentication only.

dot1x-then-mac: Performs 802.1X authentication first, and then MAC authentication. If the client passes 802.1X authentication, MAC authentication is not performed.

mac: Performs MAC authentication only.

mac-then-dot1x: Performs MAC authentication first, and then 802.1X authentication. If the client passes MAC authentication, 802.1X authentication is not performed.

oui-then-dot1x: Performs OUI authentication first, and then 802.1X authentication. If the client passes OUI authentication, 802.1X authentication is not performed.

Usage guidelines

A service template allows access of multiple authenticated clients in any authentication mode. To set the maximum number of 802.1X clients, use the dot1x max-user command. To set the maximum number of MAC authentication clients, use the mac-authentication max-user command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Set the authentication mode to mac for WLAN clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security authentication-mode mac

client-security authorization-fail offline

Use client-security authorization-fail offline to enable the authorization-fail-offline feature.

Use undo client-security authorization-fail offline to disable the authorization-fail-offline feature.

Syntax

client-security authorization-fail offline

undo client-security authorization-fail offline

Default

The authorization-fail-offline feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

The authorization-fail-offline feature logs off WLAN clients that fail ACL or user profile authorization.

A WLAN client fails ACL or user profile authorization in the following situations:

· The device or server fails to authorize the specified ACL or user profile to the client.

· The authorized ACL or user profile does not exist.

If this feature is disabled, the device does not log off WLAN clients that fail ACL or user profile authorization. However, the device outputs logs to report the failure.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the authorization-fail-offline feature for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security authorization-fail offline

client-security ignore-authentication

Use client-security ignore-authentication to configure the device to ignore the 802.1X or MAC authentication failures.

Use undo client-security ignore-authentication to restore the default.

Syntax

client-security ignore-authentication

undo client-security ignore-authentication

Default

The device does not ignore the authentication failures for wireless clients that use 802.1X authentication or RADIUS-based MAC authentication.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command applies to the following clients:

· Clients that use 802.1X authentication.

This command enables the device to ignore the 802.1X authentication failures and allow clients that have failed 802.1X authentication to come online.

· Clients that use both RADIUS-based MAC authentication and portal authentication.

Typically, a client must pass MAC authentication and portal authentication in turn to access network resources. The client provides username and password each time portal authentication is performed.

This command simplifies the authentication process for a client as follows:

¡ If the RADIUS server already records the client's MAC authentication information, the client passes MAC authentication. The device allows the client to access network resources without performing portal authentication.

¡ If the RADIUS server does not record the client's MAC authentication information, the client fails MAC authentication. The device ignores the MAC authentication failure and performs portal authentication for the client. If the client passes portal authentication, it can access network resources. The MAC address of the portal authenticated client will be recorded as MAC authentication information on the RADIUS server.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For 802.1X clients that use RSN to roam to a new AP, do not use this command.

Examples

# Configure the device to ignore 802.1X or MAC authentication failures on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security ignore-authentication

client-security ignore-authorization

Use client-security ignore-authorization to configure the device to ignore the authorization information received from the authentication server (a RADIUS server or the local device).

Use undo client-security ignore-authorization to restore the default.

Syntax

client-security ignore-authorization

undo client-security ignore-authorization

Default

The device uses the authorization information from the server.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

After a client passes RADIUS or local authentication, the server performs authorization based on the authorization attributes configured for the user account. For example, the server can assign a VLAN. If you do not want the device to use these authorization attributes for clients, configure this command to ignore the authorization information from the server.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure the device to ignore the authorization information from the authentication server for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security ignore-authorization

client-security intrusion-protection action

Use client-security intrusion-protection action to configure the intrusion protection action that the device takes when intrusion protection detects illegal frames.

Use undo client-security intrusion-protection action to restore the default.

Syntax

client-security intrusion-protection action { service-stop | temporary-block | temporary-service-stop }

undo client-security intrusion-protection action

Default

The intrusion protection action is temporary-block.

Views

Service template view

Predefined user roles

network-admin

Parameters

service-stop: Stops the BSS where an illegal frame is received until the BSS is enabled manually on the radio interface.

temporary-block: Adds the source MAC address of an illegal frame to the blocked MAC address list for a period. To set the period, use the client-security intrusion-protection timer temporary-block command.

temporary-service-stop: Stops the BSS where an illegal frame is received for a period. To set the period, use the client-security intrusion-protection timer temporary-service-stop command.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For this command to take effect, you must also use the client-security intrusion-protection enable command to enable the intrusion protection feature.

Examples

# Configure the device to stop the BSS where intrusion protection detects illegal frames for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action service-stop

Related commands

client-security intrusion-protection enable

client-security intrusion-protection timer temporary-block

client-security intrusion-protection timer temporary-service-stop

client-security intrusion-protection enable

Use client-security intrusion-protection enable to enable the intrusion protection feature.

Use undo client-security intrusion-protection enable to disable the intrusion protection feature.

Syntax

client-security intrusion-protection enable

undo client-security intrusion-protection enable

Default

The intrusion protection feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

When the device receives an association request from an illegal client, the device takes the predefined protection action on the BSS where the request is received. A client is illegal if its MAC address fails WLAN authentication. To set the protection action, use the client-security intrusion-protection action command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the intrusion protection feature for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

Related commands

client-security intrusion-protection action

client-security intrusion-protection timer temporary-block

Use client-security intrusion-protection timer temporary-block to set the period during which a MAC address is blocked by intrusion protection.

Use undo client-security intrusion-protection timer temporary-block to restore the default.

Syntax

client-security intrusion-protection timer temporary-block time

undo client-security intrusion-protection timer temporary-block

Default

An illegal MAC address is blocked for 180 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Specifies the period during which a MAC address is blocked. The value range is 60 to 300 seconds.

Usage guidelines

This command takes effect only when the intrusion protection action is temporary-block.

If you change the blocking period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.

Examples

# Configure service template service1 to block illegal MAC addresses for 120 seconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-block

[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-block 120

Related commands

client-security intrusion-protection action

client-security intrusion-protection enable

client-security intrusion-protection timer temporary-service-stop

Use client-security intrusion-protection timer temporary-service-stop to set the BSS silence period for intrusion protection.

Use undo client-security intrusion-protection timer temporary-service-stop to restore the default.

Syntax

client-security intrusion-protection timer temporary-service-stop time

undo client-security intrusion-protection timer temporary-service-stop

Default

The BSS silence period for intrusion protection is 20 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Specifies the period during which a BSS is disabled. The value range is 10 to 300 seconds.

Usage guidelines

This command takes effect only when the intrusion protection action is temporary-service-stop.

If you change the BSS silence period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.

Examples

# Set the BSS silence period to 30 seconds for intrusion protection on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-service-stop

[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-service-stop 30

Related commands

client-security intrusion-protection action

client-security intrusion-protection enable

display wlan client-security block-mac

Use display wlan client-security block-mac to display blocked MAC address information for WLAN clients.

Syntax

display wlan client-security block-mac

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

A MAC address that fails authentication is added to the blocked MAC address list when the intrusion protection action is temporary-block.

Examples

# Display information about all blocked MAC addresses.

<Sysname> display wlan client-security block-mac

MAC address AP ID RADIO ID BSSID

0002-0002-0002 1 1 00ab-0de1-0001

000d-88f8-0577 1 1 0ef1-0001-02c1

Total entries: 2

Table 16 Command output

Field	Description
MAC address	Blocked MAC address, in the format of H-H-H.
AP ID	AP ID of the blocked MAC address.
RADIO ID	Radio ID of the blocked MAC address.
BSSID	BSS ID of the blocked MAC address, in the format of H-H-H.
Total entries	Number of blocked MAC addresses.

Related commands:

client-security intrusion-protection action

client-security intrusion-protection timer temporary-block

dot1x domain

Use dot1x domain to specify an authentication domain for 802.1X clients on a service template.

Use undo dot1x domain to restore the default.

Syntax

dot1x domain domain-name

undo dot1x domain

Default

No authentication domain is specified for 802.1X clients on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

802.1X chooses an authentication domain for WLAN clients in the following order:

1. Authentication domain specified on the service template.

2. Domain specified by username.

3. Default authentication domain.

Examples

# Specify ISP domain my-domain as the authentication domain for 802.1X clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x domain my-domain

dot1x eap

Use dot1x eap to specify the EAP mode for 802.1X authentication.

Use undo dot1x eap to restore the default.

Syntax

dot1x eap { extended | standard }

undo dot1x eap

Default

The EAP mode is standard for 802.1X authentication.

Views

Service template view

Predefined user roles

network-admin

Parameters

extended: Specifies the extended EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the proprietary EAP protocol.

standard: Specifies the standard EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the standard EAP protocol.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When you configure this command, specify the extended keyword for iNode clients and the standard keyword for other clients.

This command is required only when an IMC server is used as the RADIUS server.

Examples

# Set the EAP mode to extended for service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] dot1x eap extended

dot1x handshake enable

Use dot1x handshake enable to enable the 802.1X online user handshake feature.

Use undo dot1x handshake enable to disable the 802.1X online user handshake feature.

Syntax

dot1x handshake enable

undo dot1x handshake enable

Default

The 802.1X online user handshake feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

The online user handshake feature checks the connection status of online 802.1X clients by periodically sending handshake messages to the clients. The device sets a client to the offline state if it does not receive responses from the client after making the maximum handshake attempts within the handshake timer. To set the handshake timer, use the dot1x timer handshake-period command. To set the maximum handshake attempts, use the dot1x retry command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the online user handshake feature for 802.1X clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x handshake enable

Related commands

dot1x handshake secure enable

dot1x retry (Security Command Reference)

dot1x timer handshake-period (Security Command Reference)

dot1x handshake secure enable

Use dot1x handshake secure enable to enable the 802.1X online user handshake security feature.

Use undo dot1x handshake secure enable to disable the 802.1X online user handshake security feature.

Syntax

dot1x handshake secure enable

undo dot1x handshake secure enable

Default

The 802.1X online user handshake security feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For the 802.1X online user handshake security feature to take effect, you must enable the 802.1X online user handshake feature.

The online user handshake security feature protects only authenticated online 802.1X clients.

Examples

# Enable the 802.1X online user handshake security feature on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x handshake enable

[Sysname-wlan-st-service1] dot1x handshake secure enable

Related commands

dot1x handshake enable

dot1x max-user

Use dot1x max-user to set the maximum number of concurrent 802.1X clients on a service template.

Use undo dot1x max-user to restore the default.

Syntax

dot1x max-user count

undo dot1x max-user

Default

A maximum of 4096 concurrent 802.1X clients are allowed on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of concurrent 802.1X clients. The value range is 1 to 4096.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When the maximum number is reached, the service template denies subsequent 802.1X clients.

Examples

# Set the maximum number of concurrent 802.1X clients to 32 on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x max-user 500

dot1x re-authenticate enable

Use dot1x re-authenticate enable to enable the 802.1X periodic online user reauthentication feature.

Use undo dot1x re-authenticate enable to disable the 802.1X periodic online user reauthentication feature.

Syntax

dot1x re-authenticate enable

undo dot1x re-authenticate enable

Default

The 802.1X periodic online user reauthentication feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Periodic reauthentication enables the device to periodically authenticate online 802.1X clients on a service template. This feature checks the connection status of online clients and updates the authorization attributes assigned by the server, such as the ACL, VLAN, and user profile.

You can use the dot1x timer reauth-period command to configure the interval for reauthentication.

The server-assigned session timeout timer (Session-Timeout attribute) and termination action (Termination-Action attribute) can affect the periodic online user reauthentication feature. To display the server-assigned Session-Timeout and Termination-Action attributes, use the display dot1x connection command (see Security Command Reference).

· If the termination action is Default (logoff), periodic online user reauthentication on the template takes effect only when the periodic reauthentication timer is shorter than the session timeout timer.

· If the termination action is Radius-request, the periodic online user reauthentication configuration on the template does not take effect. The device reauthenticates the online 802.1X clients after the session timeout timer expires.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the 802.1X periodic online user reauthentication feature on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x re-authenticate enable

Related commands

dot1x timer (Security Command Reference)

mac-authentication domain

Use mac-authentication domain to specify an authentication domain for MAC authentication clients on a service template.

Use undo mac-authentication domain to restore the default.

Syntax

mac-authentication domain domain-name

undo mac-authentication domain

Default

No authentication domain is specified for MAC authentication clients on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

MAC authentication chooses an authentication domain for WLAN clients in the following order:

1. Authentication domain specified on the service template.

2. Global authentication domain specified in system view.

3. Default authentication domain.

Examples

# Specify ISP domain my-domain as the authentication domain for MAC authentication clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] mac-authentication domain my-domain

mac-authentication max-user

Use mac-authentication max-user to set the maximum number of concurrent MAC authentication clients on a service template.

Use undo mac-authentication max-user to restore the default.

Syntax

mac-authentication max-user count

undo mac-authentication max-user

Default

A maximum of 4096 concurrent MAC authentication clients are allowed on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of concurrent MAC authentication clients. The value range for this argument is 1 to 4096.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When the maximum number is reached, the service template denies subsequent MAC authentication clients.

Examples

# Configure service template service1 to support a maximum of 32 concurrent MAC authentication clients.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] mac-authentication max-user 32

WLAN QoS commands

WLAN is supported only on the following routers:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· MSR810-W-LM-HK.

· MSR810-W-LM-GL.

The term "AP" in this document refers to MSR routers that support WLAN.

cac policy

Use cac policy to configure a Connect Admission Control (CAC) policy.

Use undo cac policy to restore the default.

Syntax

cac policy { channelutilization [ channelutilization-value ] | client [ client-number ] }

undo cac policy

Default

The client-based admission policy is used, and the maximum number of admitted clients is 20.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

channelutilization: Specifies the channel usage-based admission policy.

channelutilization-value: Specifies the maximum channel usage in percentage, in the range of 0 to 100. The maximum channel usage refers to the medium time of the accepted AC-VO and AC-VI traffic to the valid time within a certain time. The valid time refers to the time available for transmitting and receiving data. By default, the maximum channel usage is 65%.

client: Specifies the client-based admission policy.

client-number: Specifies the maximum number of clients allowed to be connected, in the range of 0 to 124. A client is counted as one client if it is using both the AC-VO and AC-VI queues.

Usage guidelines

The CAC policy takes effect only on the AC-VO and the AC-VI queues.

Examples

# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70%.

<Sysname> system-view

[Sysname] interface wlan-radio 0/1

[Sysname-WLAN-Radio0/1] cac policy channelutilization 70

display wlan wmm

Use display wlan wmm to display WMM statistics.

Syntax

display wlan wmm { client [ interface wlan-radio interface-number | mac-address mac-address ] | radio [ interface wlan-radio interface-number ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client: Displays WMM statistics for clients. If you use this keyword without the interface wlan-radio interface-number or mac-address mac-address option, this command displays WMM statistics for all clients.

radio: Displays WMM statistics for radios. If you use this keyword without the interface wlan-radio interface-number option, this command displays WMM statistics for all radios.

mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.

interface wlan-radio interface-number: Specifies a radio interface by its number.

Examples

# Display WMM statistics for all radios.

<Sysname> display wlan wmm radio

Radio : 1

Client EDCA updates : 0

QoS mode : WMM

WMM status : Enabled

Radio max AIFSN : 15 Radio max ECWmin : 10

Radio max TXOPLimit : 32767 Radio max ECWmax : 10

CAC information

Clients accepted : 0

Voice : 0

Video : 0

Total request medium time(µs) : 0

Voice(µs) : 0

Video(µs) : 0

Calls rejected due to insufficient resources : 0

Calls rejected due to invalid parameters : 0

Calls rejected due to invalid medium time : 0

Calls rejected due to invalid delay bound : 0

Radio : 2

Client EDCA updates : 0

QoS mode : WMM

WMM status: Disabled

Radio max AIFSN : 15 Radio max ECWmin : 10

Radio max TXOPLimit : 32767 Radio max ECWmax : 10

CAC information

Client accepted : 0

Voice : 0

Video : 0

Total request medium time(µs) : 0

Voice(µs) : 0

Video(µs) : 0

Calls rejected due to insufficient resources : 0

Calls rejected due to invalid parameters : 0

Calls rejected due to invalid medium time : 0

Calls rejected due to invalid delay bound : 0

Table 17 Command output

Field	Description
Client EDCA updates	Times that client EDCA parameters have been updated.
QoS mode	WMM. If this field displays N/A, the QoS mode is not available.
WMM status	· Enabled. · Disabled.
Radio max AIFSN	Maximum AIFSN that the radio supports.
Radio max ECWmin	Maximum ECWmin that the radio supports.
Radio max TXOPLimit	Maximum TXOPLimit that the radio supports.
Radio max ECWmax	Maximum ECWmax that the radio supports.
Total request medium time	Total request medium time for AC-VO and AC-VI queues, in microseconds.

# Display WMM statistics for all clients.

<Sysname> display wlan wmm client

MAC address : 000f-e23c-0001 SSID : service

QoS mode : WMM

APSD information :

Max SP length : 7

L: Legacy T: Trigger D: Delivery

AC AC-BK AC-BE AC-VI AC-VO

Assoc State T|D L T|D T|D

Statistics information :

Uplink packets : 0 Downlink packets : 0

Uplink bytes : 0 Downlink bytes : 0

Downgrade packets : 0 Discarded packets : 0

Downgrade bytes : 0 Discarded bytes : 0

TS information:

AC : AC-VO User priority : 7

TID : 1 Direction : Bidirectional

PSB : 0 Surplus bandwidth allowance : 1.0000

Medium time (µs) : 39 MSDU size (bytes) : 1500

Mean data rate (Kbps) : 10.000 Minimum PHY rate (Mbps) : 11.000

TS creation time : 0h:0m:5s

TS updating time : 0h:0m:5s

Uplink TS packets : 0 Downlink TS packets : 0

Uplink TS bytes : 0 Downlink TS bytes : 0

Table 18 Command output

Field	Description
QoS mode	· WMM. · -NA-.
Max SP length	Maximum service period (SP) length.
AC	· AC-VO. · AC-VI. · AC-BE. · AC-BK.
Assoc state	APSD attribute for an AC queue: · T—The AC queue is trigger-enabled. · D—The AC queue is delivery-enabled. · T \| D—The AC queue is both trigger-enabled and delivery-enabled. · L—The AC queue is of legacy attributes.
User priority	User priority for packets from wired networks.
TID	Traffic identifier, in the range of 0 to 15.
Direction	Traffic direction: · Uplink. · Downlink. · Bidirectional.
PSB	Power save behavior: · 1—U-APSD power saving mode. · 0—Traditional power saving mode.
Surplus bandwidth allowance	Surplus bandwidth allowance in percentage.
Medium time	Permitted medium time in microseconds.
MSDU size	Average MSDU size in bytes.
Mean data rate	Average data transmission rate in Kbps.
Minimum PHY rate	Minimum physical transmission rate in Mbps.

Related commands

reset wlan wmm

edca client (ac-be and ac-bk)

Use edca client to set EDCA parameters of AC-BE or AC-BK queues for clients.

Use undo edca client to restore the default.

Syntax

edca client { ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *

undo edca client { ac-be | ac-bk }

Default

The default EDCA parameter values of AC-BE or AC-BK queues for clients are shown in Table 19.

Table 19 Default EDCA parameter values of AC-BE or AC-BK queues for clients

AC	AIFSN	ECWmin	ECWmax	TXOP Limit
AC-BK	7	4	10	0
AC-BE	3	4	10	0

Views

Radio interface view

Predefined user roles

network-admin

Parameters

ac-be: Specifies the AC-BE (best-effort traffic) queue.

ac-bk: Specifies the AC-BK (background traffic) queue.

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.

txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value, in the range of 0 to 65535 (in units of 32 microseconds). If the value is 0, a client can send only one packet each time it holds the channel.

Usage guidelines

As a best practice, set the TXOP Limit value to 0 for both the AC-BE and AC-BK queues if all the clients are 802.11b clients.

As a best practice, use the default TXOPLimit values for both the AC-BK and AC-BE queues if both 802.11b and 802.11g clients exist in the WLAN.

Examples

# Set the AIFSN to 5 for the AC-BE queue.

<Sysname> system-view

[Sysname] interface wlan-radio 0/1

[Sysname-WLAN-Radio0/1] edca client ac-be aifsn 5

edca client (ac-vi and ac-vo)

Use edca client to set EDCA parameters of AC-VI or AC-VO queues for clients.

Use undo edca client to restore the default.

Syntax

edca client { ac-vi | ac-vo } { aifsn aifsn-value | cac { disable | enable } | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *

undo edca client { ac-vi | ac-vo }

Default

The default EDCA parameter values of AC-VI or AC-VO queues for clients are shown in Table 20.

Table 20 Default EDCA parameter values of AC-VI or AC-VO queues for clients

AC	AIFSN	ECWmin	ECWmax	TXOP Limit
AC-VI	2	3	4	94
AC-VO	2	2	3	47

Views

Radio interface view

Predefined user roles

network-admin

Parameters

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

cac: Specifies CAC. The AC-VO and AC-VI queues support CAC. CAC is disabled by default.

disable: Disables CAC.

enable: Enables CAC.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.

Usage guidelines

As a best practice, set the TXOPLimit value to 188 and 102 for the AC-VI and AC-VO queues, respectively when all the clients are 802.11b clients.

As a best practice, use the default TXOPLimit values for both the AC-VI and AC-VO queues if both 802.11b and 802.11g clients exist in the WLAN.

Examples

# Set the AIFSN to 3 for the AC-VO queue.

<Sysname> system-view

[Sysname] interface wlan-radio 0/1

[Sysname-WLAN-Radio0/1] edca client ac-vo aifsn 3

edca radio

Use edca radio to set EDCA parameters.

Use undo edca radio to restore the default.

Syntax

edca radio { ac-be | ac-bk | ac-vi | ac-vo } { ack-policy { noack | normalack } | aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | noack | txoplimit txoplimit-value } *

undo edca radio { ac-be | ac-bk | ac-vi | ac-vo }

Default

The default EDCA parameter values are shown in Table 21.

Table 21 Default EDCA parameter values

AC	AIFSN	ECWmin	ECWmax	TXOP Limit
AC-BK	7	4	10	0
AC-BE	3	4	6	0
AC-VI	1	3	4	94
AC-VO	1	2	3	47

Views

Radio interface view

Predefined user roles

network-admin

Parameters

ac-be: Specifies the AC-BE (best-effort traffic) queue.

ac-bk: Specifies the AC-BK (background traffic) queue.

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

ack-policy: Specifies the ACK policy for the AC queue.

noack: Specifies the No ACK policy.

normalack: Specifies the Normal ACK policy (the default).

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin). The value range for the ecwmin-value argument is 0 to 10.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax). The value range for the ecwmax-value argument is 0 to 10. The value of ECWmax cannot be smaller than the value of ECWmin.

txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value in units of 32 microseconds. The value range for the txoplimit-value argument is 0 to 32767. If the value is 0, a client can send only one packet each time it holds the channel.

Usage guidelines

As a best practice, set TXOP Limit values for AC-BK, AC-BE, AC-VI, and AC-VO queues to 0, 0, 188, and 102, respectively for 802.11b radios.

Examples

# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2.

<Sysname> system-view

[Sysname] interface wlan-radio 0/1

[Sysname-WLAN-Radio0/1] edca radio ac-vo aifsn 2

qos priority

Use qos priority to set the port priority.

Use undo qos priority to restore the default.

Syntax

qos priority priority-value

undo qos priority

Default

The port priority is 0.

Views

Service template view

Predefined user roles

network-admin

Parameters

priority-value: Specifies the port priority in the range of 0 to 7. A larger value represents a higher priority.

Usage guidelines

When the port trust mode is enabled, the AP assigns the port priority to all packets for the service template.

This command does not take effect when the packet trust mode is enabled.

Examples

# Set the port priority to 2 for service template 1.

<Sysname> system

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] qos priority 2

Related commands

qos trust

Use qos trust to configure the trusted packet priority type.

Use undo qos trust to restore the default.

Syntax

qos trust { dot11e | dscp }

undo qos trust

Default

The port priority is trusted.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot11e: Uses the 802.1e priority carried in packets for priority mapping.

dscp: Uses the DSCP priority carried in packets for priority mapping.

Usage guidelines

This feature takes effect only on uplink packets.

Examples

# Configure service template 1 to use the 802.1e priority carried in packets for priority mapping.

<Sysname> system

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] qos trust dot11e

Related commands

qos priority

reset wlan wmm

Use reset wlan wmm to clear WMM statistics.

Syntax

reset wlan wmm { client [ interface wlan-radio interface-number | mac-address mac-address ] | radio [ interface wlan-radio interface-number ] }

Views

User view

Predefined user roles

network-admin

Parameters

client: Clears WMM statistics for clients. If you use this keyword without the interface wlan-radio interface-number or mac-address mac-address option, this command clears WMM statistics for all clients.

radio: Clears WMM statistics for radios. If you use this keyword without the interface wlan-radio interface-number option, this command clears WMM statistics for all radios.

mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.

interface wlan-radio interface-number: Specifies a radio interface by its number.

Examples

# Clear WMM statistics for all radios.

<Sysname> reset wlan wmm radio

Related commands

display wlan wmm

svp map-ac

Use svp map-ac to map SVP packets to the specified AC queue.

Use svp map-ac disable to disable SVP mapping.

Use undo svp map-ac to restore the default.

Syntax

svp map-ac { ac-vi | ac-vo }

svp map-ac disable

undo svp map-ac

Default

SVP mapping is disabled.

Views

Radio interface view

Predefined user roles

network-admin

Parameters

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

Usage guidelines

SVP mapping takes effect only on non-WMM clients.

Examples

# Map SVP packets to the AC-VO queue.

<Sysname> system-view

[Sysname] interface wlan-radio 0/1

[Sysname-WLAN-Radio0/1] svp map-ac ac-vo

wmm

Use wmm enable to enable WMM.

Use wmm disable to disable WMM.

Use undo wmm to restore the default.

Syntax

wmm { disable | enable }

undo wmm

Default

WMM is enabled.

Views

Radio interface view

Predefined user roles

network-admin

Usage guidelines

All 802.11n clients must support WLAN QoS. For 802.11n clients to communicate with the associated AP, enable WMM when the radio operates in 802.11an or 802.11gn mode.

Examples

# Disable WMM.

<Sysname> system-view

[Sysname] interface wlan-radio 0/1

[Sysname-WLAN-Radio0/1] wmm disable

Cloud connection commands

The term "AP" in this document refers to MSR routers that support WLAN.

WLAN is supported only on the following routers:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· MSR810-W-LM-HK.

· MSR810-W-LM-GL.

cloud-management keepalive

Use cloud-management keepalive to set the keepalive interval for the local device to send keepalive packets to the H3C Oasis server.

Use undo cloud-management keepalive to restore the default.

Syntax

cloud-management keepalive interval

undo cloud-management keepalive

Default

The keepalive interval is 180 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the keepalive interval in the range of 10 to 600 seconds.

Usage guidelines

If the device does not receive a response from the H3C Oasis server within three keepalive intervals, the device sends a registration request to re-establish the cloud connection.

Examples

# Set the keepalive interval to 360 seconds.

<Sysname> system-view

[Sysname] cloud-management keepalive 360

cloud-management server domain

Use cloud-management server domain to configure the domain name of the H3C Oasis server.

Use undo cloud-management server domain to restore the default.

Syntax

cloud-management server domain domain-name

undo cloud-management server domain

Default

The domain name of the H3C Oasis server is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the domain name of the H3C Oasis server, a case-sensitive string of 1 to 253 characters.

Usage guidelines

Before you configure the domain name of the H3C Oasis server, make sure a DNS server is configured to translate the domain name.

If you execute the command multiple times, the most recent configuration takes effect.

Examples

# Configure the domain name of the H3C Oasis server as lvzhouv3.h3c.com.

<Sysname> system-view

[Sysname] cloud-management server domain lvzhouv3.h3c.com

cloud-management ping

Use cloud-management ping to set the interval at which the local device sends ping packets to the H3C Oasis server.

Use undo cloud-management ping to restore the default.

Syntax

cloud-management ping interval

undo cloud-management ping

Default

The local device sends ping packets to the H3C Oasis server at intervals of 60 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which the local device sends ping packets to the H3C Oasis server, in the range of 10 to 600 seconds.

Usage guidelines

After the connection to the H3C Oasis server is established, the local device sends ping packets to the server periodically to prevent NAT entry aging. Reduce the interval value if the network condition is poor or the NAT entry aging time is short.

The H3C Oasis server does not respond to ping packets.

Examples

# Configure the local device to send ping packets to the H3C Oasis server at intervals of 120 seconds.

<Sysname> system-view

[Sysname] cloud-management ping 120

display cloud-management state

Use display cloud-management state to display cloud connection state information.

Syntax

display cloud-management state

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display cloud connection state information.

<Sysname> display cloud-management state

Cloud connection state : Established

Device state : Request_success

Cloud server address : 10.1.1.1

Cloud server domain name : lvzhouv3.h3c.com

Local port : 443

Connected at : Wed Jan 27 14:18:40 2016

Duration : 00d 00h 02m 01s

Process state : DNS not parsed

Failure reason : DNS parse failed

Table 22 Command output

Field	Description
Cloud connection state	Cloud connection state: Unconnected, Request, and Established.
Device state	Local device state: · Idle—In idle state. · Connecting—Connecting to the H3C Oasis server. · Request_CAS_url—Sent a central authentication service (CAS) URL request. · Request_CAS_url_success—Requesting CAS URL succeeded. · Request_CAS_TGT—Sent a ticket granting ticket (TGT) request. · Request_CAS_TGT_success—Requesting TGT succeeded. · Request_CAS_ST—Sent a service ticket (ST) request. · Request_CAS_ST_success—Requesting ST succeeded. · Request_cloud_auth—Sent an authentication request. · Request_cloud_auth_success—Authentication succeeded. · Register—Sent a registration request. · Register_success—Registration succeeded. · Request—Sent a handshake request. · Request_success—Handshake succeeded.
Cloud server address	IP address of the H3C Oasis server.
Cloud server domain name	Domain name of the H3C Oasis server.
Local port	TCP port number used to establish cloud connections.
Connected at	Time when the cloud connection was established.
Duration	Duration since the establishment of the cloud connection.
Process state	Cloud connection processing state: · DNS not parsed. · DNS parsed. · Message not sent. · Message sent. · Message not received. · Message received.
Failure reason	Cloud connection failure reason: · DNS parse failed. · Socket connection failed. · SSL creation failed. · Sending CAS url request failed. · Sending CAS TGT failed. · Sending CAS ST failed. · Sending cloud auth failed. · Sending register failed. · Processing CAS url response failed. · Processing CAS TGT response failed. · Processing CAS ST response failed. · Processing cloud auth response failed. · Processing register response failed. · Sending handshake request failed. · Processing handshake failed. · Sending websocket request failed. · Processing websocket packet failed.

WLAN multicast optimization commands

The term "AP" in this document refers to MSR routers that support WLAN.

WLAN is supported only on the following routers:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· MSR810-W-LM-HK.

· MSR810-W-LM-GL.

display wlan ipv6 multicast-optimization entry

Use display wlan ipv6 multicast-optimization entry to display IPv6 multicast optimization entry information.

Syntax

display wlan ipv6 multicast-optimization entry [ client mac-address [ group group-ip [ source source-ip ] ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries.

group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries for the specified client.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries for the specified multicast group to which the specified client belongs.

Examples

# Display information about all IPv6 multicast optimization entries.

<Sysname> display wlan ipv6 multicast-optimization entry

Total 2 clients reported

Client: 0000-0000-0001

Reported from AP 1 on radio 1

Total number of groups: 1

Group: FF25::1

Version: MLDv2

Mode: Include

Duration: 00h 02m 03s

Sources: 3

Source: 1::1

Duration: 00h 02m 03s

Source: 1::2

Duration: 00h 02m 15s

Source: 1::3

Duration: 00h 02m 45s

Client: 0000-0000-0002

Reported from AP 1 on radio 1

Total number of groups: 1

Group: FF25::2

Version: MLDv2

Mode: Include

Duration: 00h 01m 09s

Sources: 3

Source: 1::1

Duration: 00h 01m 11s

Source: 1::2

Duration: 00h 01m 09s

Source: 1::3

Duration: 00h 01m 45s

Table 23 Command output

Field	Description
Total 2 clients reported	Number of clients in the multicast optimization entry table.
Client	MAC address of the client.
Group	Multicast group address.
Version	Version of the multicast group: · MLDv1. · MLDv2.
Mode	WLAN multicast optimization mode of the multicast group: · Include—Multicast packets destined to the multicast group are converted to unicast packets if the multicast source address exists in the source address list obtained from MLDv2 reports. · Exclude—Multicast packets destined to the multicast group are not converted to unicast packets if the multicast source address does not exist in the source address list obtained from MLDv2 reports. This field always displays Exclude for MLDv1 multicast groups.
Duration	Lifetime of the multicast optimization entry for the multicast group or multicast source.
Source	Multicast source address.

display wlan multicast-optimization entry

Use display wlan multicast-optimization entry to display IPv4 multicast optimization entry information.

Syntax

display wlan multicast-optimization entry [ client mac-address [ group group-ip [ source source-ip ] ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries.

group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries for the specified client.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries for the specified multicast group to which the specified client belongs.

Examples

# Display information about all IPv4 multicast optimization entries.

<Sysname> display wlan multicast-optimization entry

Total 2 clients reported

Client: 0000-0000-0001

Reported from AP 1 on radio 1

Total number of groups: 1

Group: 226.0.0.1

Version: IGMPv3

Mode: Include

Duration: 00h 03m 03s

Sources: 3

Source: 27.0.0.1

Duration: 00h 03m 32s

Source: 27.0.0.2

Duration: 00h 03m 15s

Source: 27.0.0.3

Duration: 00h 03m 03s

Client: 0000-0000-0002

Reported from AP 1 on radio 1

Total number of groups: 2

Group: 226.0.0.1

Version: IGMPv3

Mode: Include

Duration: 00h 02m 15s

Sources: 3

Source: 27.0.0.1

Duration: 00h 02m 32s

Source: 27.0.0.2

Duration: 00h 02m 15s

Source: 27.0.0.3

Duration: 00h 02m 23s

Group: 226.0.0.2

Version: IGMPv3

Mode: Include

Duration: 00h 01m 11s

Sources: 2

Source: 27.0.0.1

Duration: 00h 01m 12s

Source: 27.0.0.2

Duration: 00h 01m 11s

Table 24 Command output

Field	Description
Total 2 clients reported	Number of clients in the multicast optimization entry table.
Client	MAC address of the client.
Group	Multicast group address.
Version	Version of the multicast group: · IGMPv1v2—IGMPv1 or IGMPv2. · IGMPv3.
Mode	WLAN multicast optimization mode of the multicast group: · Include—Multicast packets destined to the multicast group are converted to unicast packets if the multicast source address exists in the source address list obtained from IGMPv2 reports. · Exclude—Multicast packets destined to the multicast group are not converted to unicast packets if the multicast source address does not exist in the source address list obtained from IGMPv2 reports. This field always displays Exclude for IGMPv1 multicast groups.
Duration	Lifetime of the multicast optimization entry for the multicast group or multicast source.
Source	Multicast source address.

ipv6 multicast-optimization enable

Use ipv6 multicast-optimization enable to enable IPv6 WLAN multicast optimization.

Use undo ipv6 multicast-optimization enable to disable IPv6 WLAN multicast optimization.

Syntax

ipv6 multicast-optimization enable

undo ipv6 multicast-optimization enable

Default

IPv6 WLAN multicast optimization is disabled.

Views

Service template view

Predefined user roles

network-admin

Examples

# Enable IPv6 WLAN multicast optimization for service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] ipv6 multicast-optimization enable

multicast-optimization enable

Use multicast-optimization enable to enable IPv4 WLAN multicast optimization.

Use undo multicast-optimization enable to disable IPv4 WLAN multicast optimization.

Syntax

multicast-optimization enable

undo multicast-optimization enable

Default

IPv4 WLAN multicast optimization is disabled.

Views

Service template view

Predefined user roles

network-admin

Examples

# Enable IPv4 WLAN multicast optimization for service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] multicast-optimization enable

reset wlan ipv6 multicast-optimization entry

Use reset wlan ipv6 multicast-optimization entry to clear IPv6 multicast optimization entries.

Syntax

reset wlan ipv6 multicast-optimization entry { all | client mac-address [ group group-ip [ source source-ip ] ] }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all IPv6 multicast optimization entries.

client mac-address: Specifies a client by its MAC address.

group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified client.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified multicast group to which the specified client belongs.

Examples

# Clear all IPv6 multicast optimization entries for the client with MAC address 1011-2222-3334.

<Sysname> reset wlan ipv6 multicast-optimization entry client 1011-2222-3334

Related commands

display wlan ipv6 multicast-optimization entry

reset wlan ipv6 multicast-optimization entry group

Use reset wlan ipv6 multicast-optimization entry group to clear IPv6 multicast optimization entries for the specified multicast group.

Syntax

reset wlan ipv6 multicast-optimization entry group group-ip [ source source-ip ]

Views

User view

Predefined user roles

network-admin

Parameters

group-ip: Specifies a multicast group by its IP address.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified multicast group.

Examples

# Clear IPv6 multicast optimization entries for the multicast group with IPv6 address FF28::1.

<Sysname> reset wlan ipv6 multicast-optimization entry group FF28::1

reset wlan multicast-optimization entry

Use reset wlan multicast-optimization entry to clear IPv4 multicast optimization entries.

Syntax

reset wlan multicast-optimization entry { all | client mac-address [ group group-ip [ source source-ip ] ] }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all IPv4 multicast optimization entries.

client mac-address: Specifies a client by its MAC address.

group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified client.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified multicast group to which the specified client belongs.

Examples

# Clear all IPv4 multicast optimization entries for the client with MAC address 1011-2222-3334.

<Sysname> reset wlan multicast-optimization entry client 1011-2222-3334

Related commands

display wlan multicast-optimization entry

reset wlan multicast-optimization entry group

Use reset wlan multicast-optimization entry group to clear IPv4 multicast optimization entries for the specified multicast group.

Syntax

reset wlan multicast-optimization entry group group-ip [ source source-ip ]

Views

User view

Predefined user roles

network-admin

Parameters

group-ip: Specifies a multicast group by its address.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified multicast group.

Examples

# Clear IPv4 multicast optimization entries for the multicast group with address 235.1.1.1.

<Sysname> reset wlan multicast-optimization entry group 235.1.1.1

wlan ipv6 multicast-optimization aging-time

Use wlan ipv6 multicast-optimization aging-time to set the aging time for IPv6 multicast optimization entries.

Use undo wlan ipv6 multicast-optimization aging-time to restore the default.

Syntax

wlan ipv6 multicast-optimization aging-time aging-value

undo wlan ipv6 multicast-optimization aging-time

Default

The aging time is 260 seconds for IPv6 multicast optimization entries.

Views

System view

Predefined user roles

network-admin

Parameters

aging-value: Specifies the aging time for IPv6 multicast optimization entries, in the range of 60 to 3600 seconds.

Examples

# Set the aging time to 600 seconds for IPv6 multicast optimization entries.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization aging-time 600

wlan ipv6 multicast-optimization client entry-limit

Use wlan ipv6 multicast-optimization client entry-limit to set the limit for IPv6 multicast optimization entries per client.

Use undo wlan ipv6 multicast-optimization client entry-limit to restore the default.

Syntax

wlan ipv6 multicast-optimization client entry-limit [ limit-value ]

undo wlan ipv6 multicast-optimization client entry-limit

Default

No limit is set for IPv6 multicast optimization entries per client.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the limit for IPv6 multicast optimization entries per client, in the range of 8 to 1024. The default value is 256.

Usage guidelines

Configure this command to limit the number of multicast optimization entries that an AP maintains for each client to prevent a client from occupying excessive system resources.

Examples

# Set the limit to 64 for IPv6 multicast optimization entries per client.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization client entry-limit 64

wlan ipv6 multicast-optimization entry client-limit

Use wlan ipv6 multicast-optimization entry client-limit to configure an IPv6 multicast optimization policy.

Use undo wlan ipv6 multicast-optimization entry client-limit to restore the default.

Syntax

wlan ipv6 multicast-optimization entry client-limit [ limit-value ] [ drop | multicast | unicast ]

undo wlan ipv6 multicast-optimization entry client-limit

Default

No IPv6 multicast optimization policies exist and an AP performs WLAN multicast optimization for all clients.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the threshold for the number of clients that WLAN multicast optimization supports, in the range of 1 to 256. The default value is 8.

drop: Configures an AP to drop a multicast packet when the number of clients to receive the packet exceeds the threshold.

multicast: Configures an AP to forward a multicast packet to all clients when the number of clients to receive the packet exceeds the threshold.

unicast: Configures an AP to process a multicast packet as follows when the number of clients to receive the packet exceeds the threshold:

· Convert the multicast packet to unicast packets.

· Send the unicast packets to only n (n equal to the specified threshold) clients that are randomly selected.

Usage guidelines

Use this command to configure the maximum number of clients that WLAN multicast optimization supports and define the action an AP takes when the limit is reached.

If you do not specify an action, an AP performs unicast forwarding.

Examples

# Set the threshold for the number of clients that WLAN multicast optimization supports to 32, and specify the unicast forwarding mode.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization entry client-limit 32 unicast

wlan ipv6 multicast-optimization global entry-limit

Use wlan ipv6 multicast-optimization global entry-limit to set the limit for IPv6 multicast optimization entries.

Use undo wlan ipv6 multicast-optimization global entry-limit to restore the default.

Syntax

wlan ipv6 multicast-optimization global entry-limit [ limit-value ]

undo wlan ipv6 multicast-optimization global entry-limit

Default

No limit is set for IPv6 multicast optimization entries.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the limit for IPv6 multicast optimization entries, in the range of 8 to 8192. The default value is 1024.

Usage guidelines

When the number of multicast optimization entries reaches the limit, the AP stops creating new entries until the number falls below the limit. This action saves system resources.

Examples

# Set the limit for IPv6 multicast optimization entries to 512.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization global entry-limit 512

wlan ipv6 multicast-optimization packet-rate-limit

Use wlan ipv6 multicast-optimization packet-rate-limit to set the maximum number of MLD packets that can be received from clients within the specified period.

Use undo wlan ipv6 multicast-optimization packet-rate-limit to restore the default.

Syntax

wlan ipv6 multicast-optimization packet-rate-limit [ interval interval-value | threshold threshold-value ] *

undo wlan ipv6 multicast-optimization packet-rate-limit

Default

No limit is set for the number of MLD packets that can be received from clients.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the interval for calculating the incoming MLD packet rate. The value range is 60 to 3600 seconds. The default setting is 60 seconds.

threshold threshold-value: Specifies the threshold on the number of incoming MLD packets over the specified interval. The value range is 1 to 100000. The default threshold is 100.

Usage guidelines

If the number of MLD packets received from clients reaches the threshold within the specified interval, the AP stops receiving MLD packets from clients until the next period.

Examples

# Configure an AP to receive a maximum of 240 MLD packets every 120 seconds.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization packet-rate-limit interval 120 threshold 240

wlan multicast-optimization aging-time

Use wlan multicast-optimization aging-time to set the aging time for IPv4 multicast optimization entries.

Use undo wlan multicast-optimization aging-time to restore the default.

Syntax

wlan multicast-optimization aging-time aging-value

undo wlan multicast-optimization aging-time

Default

The aging time is 260 seconds for IPv4 multicast optimization entries.

Views

System view

Predefined user roles

network-admin

Parameters

aging-value: Specifies the aging time for IPv4 multicast optimization entries, in the range of 60 to 3600 seconds.

Examples

# Set the aging time to 600 seconds for IPv4 multicast optimization entries.

<Sysname> system-view

[Sysname] wlan multicast-optimization aging-time 600

wlan multicast-optimization client entry-limit

Use wlan multicast-optimization client entry-limit to set the limit for IPv4 multicast optimization entries per client.

Use undo wlan multicast-optimization client entry-limit to restore the default.

Syntax

wlan multicast-optimization client entry-limit [ limit-value ]

undo wlan multicast-optimization client entry-limit

Default

No limit is set for IPv4 multicast optimization entries per client.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the limit for IPv4 multicast optimization entries per client, in the range of 8 to 1024. The default value is 256.

Usage guidelines

Configure this command to limit the number of multicast optimization entries that an AP maintains for each client to prevent a client from occupying excessive system resources.

Examples

# Set the limit to 64 for IPv4 multicast optimization entries per client.

<Sysname> system-view

[Sysname] wlan multicast-optimization client entry-limit 64

wlan multicast-optimization entry client-limit

Use wlan multicast-optimization entry client-limit to configure an IPv4 multicast optimization policy.

Use undo wlan multicast-optimization entry client-limit to restore the default.

Syntax

wlan multicast-optimization entry client-limit [ limit-value ] [ drop | multicast | unicast ]

undo wlan multicast-optimization entry client-limit

Default

No IPv4 multicast optimization policies exist and an AP performs WLAN multicast optimization for all clients.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the threshold for the number of clients that WLAN multicast optimization supports, in the range of 1 to 256. The default value is 8.

drop: Configures an AP to drop a multicast packet when the number of clients to receive the packet exceeds the threshold.

multicast: Configures an AP to forward a multicast packet to all clients when the number of clients to receive the packet exceeds the threshold.

unicast: Configures an AP to process a multicast packet as follows when the number of clients to receive the packet exceeds the threshold:

· Convert the multicast packet to unicast packets.

· Send the unicast packets to only n (n equal to the specified threshold) clients that are randomly selected.

Usage guidelines

Use this command to configure the maximum number of clients that WLAN multicast optimization supports and define the action an AP takes when the limit is reached. If you do not specify an action, the AP performs unicast forwarding.

Examples

# Set the threshold for the number of clients that WLAN multicast optimization supports to 32, and specify the unicast forwarding mode.

<Sysname> system-view

[Sysname] wlan multicast-optimization entry client-limit 32 unicast

wlan multicast-optimization global entry-limit

Use wlan multicast-optimization global entry-limit to set the limit for IPv4 multicast optimization entries.

Use undo wlan multicast-optimization global entry-limit to restore the default.

Syntax

wlan multicast-optimization global entry-limit [ limit-value ]

undo wlan multicast-optimization global entry-limit

Default

No limit is set for IPv4 multicast optimization entries.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the limit for IPv4 multicast optimization entries, in the range of 8 to 8192. The default value is 1024.

Usage guidelines

When the number of multicast optimization entries reaches the limit, the AP stops creating new entries until the number falls below the limit. This action saves system resources.

Examples

# Set the limit for IPv4 multicast optimization entries to 512.

<Sysname> system-view

[Sysname] wlan multicast-optimization global entry-limit 512

wlan multicast-optimization packet-rate-limit

Use wlan multicast-optimization packet-rate-limit to set the maximum number of IGMP packets that can be received from clients within the specified period.

Use undo wlan multicast-optimization packet-rate-limit to restore the default.

Syntax

wlan multicast-optimization packet-rate-limit [ interval interval-value | threshold threshold-value ] *

undo wlan multicast-optimization packet-rate-limit

Default

No limit is set for the number of IGMP packets that can be received from clients within the specified period.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the interval for calculating the incoming IGMP packet rate. The value range is 60 to 3600 seconds. The default setting is 60 seconds.

threshold threshold-value: Specifies the threshold on the number of incoming IGMP packets over the specified interval. The value range is 1 to 100000. The default threshold is 100.

Usage guidelines

If the number of IGMP packets received from clients reaches the threshold within the specified interval, the AP stops receiving IGMP packets from clients until the next period.

Examples

# Configure an AP to receive a maximum of 240 IGMP packets from clients every 120 seconds.

<Sysname> system-view

[Sysname] wlan multicast-optimization packet-rate-limit interval 120 threshold 240

Index

A B C D E F G I K L M P Q R S T U V W

akm mode,73

a-mpdu,1

a-msdu,1

ani,2

antenna type,3

beacon ssid-hide,35

beacon-interval,3

cac policy,106

channel,4

channel band-width,4

channel-usage measure,5

cipher-suite,74

client dot11b-forbidden,6

client dot11n-only,6

client max-count,35

client max-count,7

client url-redirect enable,88

client-security accounting-delay time,89

client-security accounting-start trigger,89

client-security accounting-update trigger,91

client-security authentication fail-vlan,92

client-security authentication-mode,92

client-security authorization-fail offline,93

client-security ignore-authentication,94

client-security ignore-authorization,95

client-security intrusion-protection action,95

client-security intrusion-protection enable,96

client-security intrusion-protection timer temporary-block,97

client-security intrusion-protection timer temporary-service-stop,98

cloud-management keepalive,116

cloud-management ping,117

cloud-management server domain,116

continuous-mode,7

custom-antenna gain,8

customlog format wlan,36

description,37

display cloud-management state,118

display wlan ap all client-number,38

display wlan ap all radio client-number,37

display wlan blacklist,38

display wlan bss,39

display wlan client,40

display wlan client ipv6,45

display wlan client online-duration,46

display wlan client status,47

display wlan client-security block-mac,99

display wlan ipv6 multicast-optimization entry,120

display wlan measure-report,24

display wlan multicast-optimization entry,121

display wlan service-template,48

display wlan statistics,53

display wlan whitelist,55

display wlan wmm,107

distance,9

dot11g protection,9

dot11n mandatory maximum-mcs,10

dot11n multicast-mcs,11

dot11n protection,12

dot11n support maximum-mcs,12

dot1x domain,99

dot1x eap,100

dot1x handshake enable,101

dot1x handshake secure enable,102

dot1x max-user,102

dot1x re-authenticate enable,103

dtim,13

edca client (ac-be and ac-bk),109

edca client (ac-vi and ac-vo),110

edca radio,111

fragment-threshold,14

green-energy-management,14

gtk-rekey client-offline enable,75

gtk-rekey enable,75

gtk-rekey method,76

ipv6 multicast-optimization enable,123

key-derivation,77

ldpc,15

long-retry threshold,16

mac-authentication domain,104

mac-authentication max-user,105

max-power,16

measure,27

measure-duration,28

measure-interval,28

multicast-optimization enable,124

pmf,77

pmf association-comeback,78

pmf saquery retrycount,79

pmf saquery retrytimeout,79

preamble,17

preshared-key,80

protection-mode,18

protection-threshold,18

ptk-lifetime,81

ptk-rekey enable,81

qos priority,112

qos trust,113

quick-association enable,56

rate,19

region-code,56

region-code-lock,59

reset wlan client,59

reset wlan dynamic-blacklist,60

reset wlan ipv6 multicast-optimization entry,124

reset wlan ipv6 multicast-optimization entry group,125

reset wlan multicast-optimization entry,125

reset wlan multicast-optimization entry group,126

reset wlan statistics client,60

reset wlan statistics service-template,61

reset wlan wmm,114

resource-measure,29

rm-capability mode,30

security-ie,82

service-template,61

service-template enable,62

short-gi,20

short-retry threshold,21

snmp-agent trap enable wlan client,62

snmp-agent trap enable wlan client-audit,63

snmp-agent trap enable wlan usersec,83

ssid,63

stbc,21

svp map-ac,114

tkip-cm-time,83

type,22

unknown-client,64

vlan,64

wep key,84

wep key-id,85

wep mode dynamic,86

wlan band-navigation aging-time,31

wlan band-navigation balance access-denial,31

wlan band-navigation balance session,32

wlan band-navigation enable,33

wlan band-navigation rssi-threshold,33

wlan broadcast-probe reply,65

wlan client idle-timeout,65

wlan client keep-alive,66

wlan client keepalive interval,67

wlan client reauthentication-period,67

wlan gps-report enable,68

wlan ipv6 multicast-optimization aging-time,126

wlan ipv6 multicast-optimization client entry-limit,127

wlan ipv6 multicast-optimization entry client-limit,127

wlan ipv6 multicast-optimization global entry-limit,128

wlan ipv6 multicast-optimization packet-rate-limit,129

wlan link-test,69

wlan multicast-optimization aging-time,129

wlan multicast-optimization client entry-limit,130

wlan multicast-optimization entry client-limit,131

wlan multicast-optimization global entry-limit,131

wlan multicast-optimization packet-rate-limit,132

wlan service-template,70

wlan static-blacklist mac-address,71

wlan whitelist mac-address,72

wmm,115

14-WLAN FAT AP Command Reference

channel

distance

dot11n multicast-mcs

preamble

rate

short-gi

Band navigation commands

wlan band-navigation rssi-threshold

gtk-rekey client-offline enable

WLAN authentication commands

client-security accounting-delay time

client-security ignore-authentication

dot1x handshake enable

dot1x handshake secure enable

dot1x re-authenticate enable

svp map-ac

WLAN multicast optimization commands