Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-WLAN roaming commands | 95.91 KB |
WLAN roaming commands
client cache aging-time
Use client cache aging-time to set the aging time for client roaming entries.
Use undo client cache aging-time to restore the default.
Syntax
client cache aging-time aging-time
undo client cache aging-time
Default
The aging time for client roaming entries is 180 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the aging time in the range of 0 to 86400 seconds.
Usage guidelines
Setting the roaming entry aging time to 0 allows the system to delete the roaming entry of a client once the client goes offline. Fast roaming cannot be performed.
Make sure the service template is disabled before you executing this command.
Examples
# Set the aging time for client roaming entries to 100 seconds.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client cache aging-time 100
display wlan mobility roam-track mac-address
Use display wlan mobility roam-track mac-address to display roaming information for a client.
Syntax
display wlan mobility roam-track mac-address mac-address
Views
Any view
Predefined user roles
Parameters
mac-address mac-address: Specifies a client by its MAC address, in the form of H-H-H.
Usage guidelines
Roaming information is displayed in sequence. The most recent roam-track information is displayed the first.
The system can save a maximum of 128 roaming entries. To record a new entry if the maximum number has been reached, the system deletes the third oldest entry and then records the new entry.
Examples
# Display roaming information for the specified client.
<Sysname> display wlan mobility roam-track mac-address 5250-0012-0411
Total entries: 5
Current entries: 5
BSSID Created at Online time AP IP address RID AP name
d461-fe62-21e0 2018-12-04 17:10:18 00h 00m 42s 127.0.0.1 3 fatap
d461-fe62-21c1 2018-12-04 17:08:52 00h 01m 26s 127.0.0.1 1 fatap
d461-fe62-21e0 2018-12-04 17:08:32 00h 00m 19s 127.0.0.1 3 fatap
d461-fe62-21d2 2018-12-04 17:01:52 00h 06m 41s 127.0.0.1 2 fatap
d461-fe62-21c1 2018-12-04 17:00:16 00h 01m 19s 127.0.0.1 1 fatap
Table 1 Command output
|
Field |
Description |
|
BSSID |
BSSID of the AP with which the client is associated. |
|
Created at |
Time when a roam-track entry was created for the client. |
|
Online time |
Online time of the client. |
|
AP IP address |
IP address of the AP with which the client is associated. This field displays 127.0.0.1 if the client is associated with the HA. |
|
RID |
ID of the radio with which the client is associated. |
|
AP name |
Name of the AP with which the client is associated. |
Enhanced roaming commands
ft enable
Use ft enable to enable fast BSS transition (FT).
Use undo ft enable to disable FT.
Syntax
ft enable
undo ft enable
Default
FT is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
FT minimizes the delay when a client roams from a BSS to another BSS within the same ESS. During 802.11r FT, a client needs to exchange messages with the target AP.
Enable FT only when the service template is disabled.
To use FT, enable RSN IE in the beacon and probe responses, configure the CCMP cipher suite, and and do not use local authentication. For more information about the security IE, see the security-ie command in "WLAN security commands."
Do not use FT together with WPA3 or enhanced open system authentication. For more information about WPA3 and enhanced open system authentication, see WLAN Security Command Reference.
Examples
# Enable FT.
<Sysname> system-view
[Sysname] wlan service-template st
[Sysname-wlan-st-st] ft enable
Related commands
security-ie
ft method
Use ft method to set the FT method.
Use undo ft method to restore the default.
Syntax
ft method { over-the-air | over-the-ds }
undo ft method
Default
The FT method is over-the-air.
Views
Service template view
Predefined user roles
network-admin
Parameters
over-the-air: Specifies over-the-air FT. This method enables clients to communicate directly with the target AP for pre-roaming authentication.
over-the-ds: Specifies over-the-DS FT. This method enables clients to communicate with the target AP through the current AP for pre-roaming authentication.
Usage guidelines
Set the FT method only when the service template is disabled.
This command takes effect only when FT is enabled.
Examples
# Set the FT method to over-the-DS.
<Sysname> system-view
[Sysname] wlan service-template st
[Sysname-wlan-st-st] ft method over-the-ds
Related commands
ft enable
ft reassociation-timeout
Use ft reassociation-timeout to set the reassociation timeout timer.
Use undo ft reassociation-timeout to restore the default.
Syntax
ft reassociation-timeout timeout
undo ft reassociation-timeout
Default
The reassociation timeout timer is 20 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
timeout: Specifies the reassociation timeout timer in the range of 1 to 100 seconds.
Usage guidelines
The roaming process is terminated if a client does not send any reassociation requests before the timeout timer expires.
Set the reassociation timeout timer only when the service template is disabled.
This command takes effect only when FT is enabled.
Examples
# Set the reassociation timeout timer to 30 seconds.
<Sysname> system-view
[Sysname] wlan service-template st
[Sysname-wlan-st-st] ft reassociation-timeout 30
Related commands
ft enable
Mobility group commands
authentication-mode
Use authentication-mode to set an authentication mode for IADTP control messages.
Use undo authentication-mode to restore the default.
Syntax
authentication-mode authentication-mode { cipher | simple } string
Default
The device does not verify the integrity of IADTP control messages.
Views
Mobility group view
Predefined user roles
Parameters
authentication-mode: Specifies an authentication mode. Only the 128-bit MD5 authentication mode is supported.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its encrypted form is a case-sensitive string of 33 to 53 characters.
Usage guidelines
Use this command to enable the device to verify the integrity of control messages transmitted over IADTP tunnels.
Examples
# Set the authentication mode to MD5 and set the plaintext key to 12345.
[Sysname] wlan mobility group aaa
[Sysname-wlan-mg-aaa] authentication-mode md5 simple 12345
data-tunnel disable
Use data-tunnel disable to disable IADTP data tunnels.
Use undo data-tunnel disable to enable IADTP data tunnels.
Syntax
data-tunnel disable
undo data-tunnel disable
Default
IADTP data tunnels are enabled.
Views
Mobility group view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: To avoid data loss, do not disable IADTP data tunnels if no service ports are specified on the device for client VLANs. |
This feature enables a device to forward client traffic directly out of client VLANs' service ports, instead of through the IADTP data tunnel. This reduces the device's workload caused by processing broadcast packets received from IADTP data tunnels and saves resources used for maintaining the tunnels.
You must enable or disable IADTP tunnels on all devices in a mobility group.
You can configure this feature only when the mobility group is disabled.
Examples
# Disable IADTP data tunnels.
<Sysname> system-view
[Sysname] wlan mobility group group1
[Sysname-wlan-mg-group1] data-tunnel disable
Related commands
wlan mobility group
display wlan mobility
Use display wlan mobility to display information about clients that have roamed to or from the device.
Syntax
display wlan mobility { roam-in | roam-out } [ member { ip ipv4-address | ipv6 ipv6-address } ]
Views
Any view
Predefined user roles
Parameters
roam-in: Specifies clients that have roamed from another device to the current device.
roam-out: Specifies clients that have roamed to another device.
member ip ipv4-address: Specifies the IPv4 address of a member device.
member ipv6 ipv6-address: Specifies the IPv6 address of a member device.
Usage guidelines
If no member device is specified, this command displays information about all clients that have roamed to and from another device.
Examples
# Display information about all clients that have roamed to the device.
<Sysname> display wlan mobility roam-in
Total entries: 1
MAC address BSSID VLAN ID HA IP address
5250-0012-0411 cbab-abab-abab 1 192.168.0.101
# Display information about clients that have roamed to the specified member device.
<Sysname> display wlan mobility roam-in member ip 192.168.0.101
Total entries: 1
MAC address BSSID VLAN ID
5250-0012-0411 cbab-abab-abab 1
# Display information about all clients that have roamed to another device.
<Sysname> display wlan mobility roam-out
Total entries: 1
MAC address BSSID VLAN ID Online time FA IP address
5250-0012-0411 cbab-abab-abab 1 00hr 01min 39sec 192.168.0.102
# Display information about clients that have roamed from the specified member device to another device.
[Sysname] display wlan mobility roam-out member ip 192.168.0.102
Total entries: 1
MAC address BSSID VLAN ID Online time
5250-0012-0411 cbab-abab-abab 1 00hr 03min 02sec
Table 2 Command output
|
Field |
Description |
|
Total entries |
Total number of clients. |
|
MAC address |
MAC address of the client. |
|
BSSID |
BSSID of the AP with which the client is associated. |
|
VLAN ID |
VLAN ID of the client. |
|
HA IP address |
IP address of the HA. |
|
FA IP address |
IP address of the FA. |
|
Online time |
Online time of the client. |
display wlan mobility group
Use display wlan mobility group to display mobility group information.
Syntax
display wlan mobility group [ member { ip ipv4-address | ipv6 ipv6-address } ]
Views
Any view
Predefined user roles
Parameters
member: Displays information about a member device in the mobility group. If you do not specify this keyword, the command displays mobility group information.
ip ipv4-address: Specifies a device by its IPv4 address.
ipv6 ipv6-address: Specifies a device by its IPv6 address.
Examples
# Display mobility group information.
<Sysname> display wlan mobility group
Mobility group name: office
Tunnel type: IPv4
Source IPv4: 172.16.220.101
Source IPv6: Not configured
Authentication method: Not configured
Auto discovery: Enabled
Mobility group status: Enabled
Member entries: 3
IP address State Online duration
172.16.220.102 DOWN 00hr 00min 00sec
172.16.220.105 UP 00hr 36min 27sec
172.16.220.106 UP (A) 00h 50min 30sec
Table 3 Command output
|
Field |
Description |
|
Tunnel type |
IADTP tunnel type for the mobility group: IPv4 or IPv6. |
|
Authentication method |
Authentication method used for the mobility group. |
|
Auto discovery |
Status of automatic group member discovery: · Enabled. · Disabled. |
|
Mobility group status: · Enabled. · Disabled. |
|
|
Member entries |
Number of member devices. |
|
IP address |
IP address of the member device. |
|
State |
IADTP tunnel state: · UP. · DOWN. The (A) suffix indicates that the device has joined the group through automatic group member discovery. |
|
Online duration |
Online duration of the member device. |
# Display information about a member device in the mobility group.
<Sysname> display wlan mobility group member ip 172.16.220.105
IP address : 172.16.220.105
State : UP
Interface : WLAN-Tunnel0
Online duration : 00hr 36min 35sec
Table 4 Command output
|
Field |
Description |
|
IP address |
IP address of the member device. |
|
State |
IADTP tunnel state: · UP. · DOWN. |
|
Interface |
Interface type and number of the IADTP tunnel. |
|
Online duration |
Online duration of the member device. |
Related commands
wlan mobility group
display wlan mobility roam-count
Use display wlan mobility roam-count to display the number of roamings for each client.
Syntax
display wlan mobility roam-count
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of roamings for each client.
<Sysname> display wlan mobility roam-count
MAC address Count
5250-0012-0411 0
9cd3-6d9d-ea3c 3
8007-3fed-aa6c 8
Table 5 Command output
|
Field |
Description |
|
MAC address |
Client MAC address. |
|
Count |
Number of roamings. |
group enable
Use group enable to enable a mobility group.
Use undo group enable to disable a mobility group.
Syntax
Default
A mobility group is disabled.
Views
Mobility group view
Predefined user roles
Usage guidelines
Before enabling a mobility group, make sure you have completed the following tasks:
· Configure the source IP address of the same type as the IADTP tunnel address type.
· Specify member IP addresses of the same type as the IADTP tunnel address type, or enable automatic group member discovery.
This feature enables the device to establish IADTP tunnels and synchronize roaming entries with member devices.
If you disable a mobility group on the device, the device shuts down all IADTP tunnels established with all member devices and deletes the roaming entries.
Examples
# Enable mobility group floor1.
[Sysname] wlan mobility group floor1
[Sysname-wlan-mg-floor1] tunnel-type ipv4
[Sysname-wlan-mg-floor1] source ip 192.168.0.1
[Sysname-wlan-mg-floor1] member ip 192.168.0.2
[Sysname-wlan-mg-floor1] group enable
Related commands
wlan mobility group
member
Use member to add a mobility group member.
Use undo member to delete a mobility group member.
Syntax
member { ip ipv4-address | ipv6 ipv6-address } [ vlan vlan-id-list ]
undo member [ ip ipv4-address | ipv6 ipv6-address ] [ vlan [ vlan-id-list ] ]
Default
No member devices exist.
Views
Mobility group view
Predefined user roles
Parameters
ip ipv4-address: Specifies a device by its IPv4 address.
ipv6 ipv6-address: Specifies a device by its IPv6 address.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 2 to 4094. The value for the vlan-id2 argument cannot be lower than the value for the vlan-id1 argument.
Usage guidelines
Make sure the mobility group is disabled before you use this command.
Members in a mobility group are identified by their IP addresses used to establish IADTP tunnels.
You can add both IPv4 and IPv6 members to a mobility group. Only members whose IP address type is the same as the IP address type of IADTP tunnels take effect.
A device can belong to only one mobility group.
You can add a maximum of 31 IPv4 members and 31 IPv6 members to a mobility group.
You can specify VLANs for a member device, so that other member devices in the mobility group can directly forward client data of the member device from the specified VLANs. If you do not specify VLANs for the member device, its client data cannot be directly forwarded by another member in the mobility group unless the clients roam to that member.
If a mobility group has multiple devices, make sure no loops exist among IADTP tunnels between members within the mobility group.
The undo form of this command deletes all member devices in a mobility group if you do not specify any parameters.
Examples
# Add a mobility group member.
[Sysname] wlan mobility group abc
[Sysname-wlan-mg-abc] member ip 192.168.1.55 vlan 3 10 19 22 to 30
member auto-discovery
Use member auto-discovery to enable automatic group member discovery.
Use undo member auto-discovery to disable automatic group member discovery and delete all automatically discovered member devices.
Syntax
member auto-discovery [ interval interval ]
undo member auto-discovery
Default
Automatic group member discovery is disabled.
Views
Mobility group view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval at which the device broadcasts its source IP address, in the range of 10 to 3600 seconds. The default value is 60.
Usage guidelines
Before enabling this feature, execute the source command to specify the source IP address used for establishing IADTP tunnels.
This feature enables a device to automatically discover member devices in a mobility group by broadcasting its source IP address in the group. Member devices in the group that receive the IP address automatically establish IADTP tunnels with the device. The device joins the mobility group after it establishes IADTP tunnels with all the other members.
A device can belong to only one mobility group.
You can add a maximum of 31 IPv4 members and 31 IPv6 members to a mobility group.
The automatic discovery feature can add only devices in the same subnet as the source IP address.
Examples
# Enable automatic group member discovery and set the broadcast interval to 10 seconds.
<Sysname> system-view
[Sysname] wlan mobility group 1
[Sysname-wlan-mg-1] member auto-discovery interval 10
Related commands
member
source
wlan mobility group
role
Use role to specify the role of the device in a mobility group.
Use undo role to restore the default.
Syntax
role { client | server }
undo role
Default
A member device with a higher IP address acts as the server, and a member device with a lower IP address acts as the client.
Views
Mobility group view
Predefined user roles
network-admin
Parameters
client: Specifies the client role of the device.
server: Specifies the server role of the device.
Usage guidelines
This feature applies to a scenario where a device establishes an IADTP tunnel with another device in the same mobility group across a NAT device. In this scenario, the device with a lower IP address acts as the client to initiate a connection request to the device with a higher IP address. If the device with a lower IP address resides in the public network, the IADTP tunnel cannot be established. To ensure successful establishment of the IADTP tunnel in this case, specify the device in the private network as the client to initiate the connection request.
Examples
# Configure the device to act as a client in mobility group abc.
<Sysname> system-view
[Sysname] wlan mobility group abc
[Sysname-wlan-mg-abc] role client
