02-WLAN Command References

HomeSupportConfigure & DeployConfiguration GuidesH3C Unified Wired and Wireless Access Controller User Manual (R5456Pxx)-6W10002-WLAN Command References
19-WLAN optimization commands
Title Size Download
19-WLAN optimization commands 110.08 KB

WLAN optimization commands

IMPORTANT

IMPORTANT:

Use WLAN optimization commands under the guidance of H3C Support.

option 4-way-handshake resend

Use option 4-way-handshake resend to set the maximum number of retransmissions for an EAPOL-Key packet and the retransmission interval.

Use undo option 4-way-handshake resend to restore the default.

Syntax

option 4-way-handshake resend max-count [ interval interval ]

undo option 4-way-handshake resend

Default

The maximum number of retransmissions for an EAPOL-Key packet is three, and the retransmission interval is 300 milliseconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

resend max-count: Specifies the maximum number of retransmissions for an EAPOL-Key packet, in the range of 0 to 3.

interval interval: Specifies the retransmission interval in the range of 200 to 500 milliseconds.

Usage guidelines

In Robust Security Network Association (RSNA) authentication, an AP and a client use EAPOL-Key packets in the four-way handshake to negotiate the keys. After that, the AP and the client periodically exchange EAPOL-Key packets to update the keys.

During key negotiation or update, the AP keeps retransmitting an EAPOL-Key packet until a response is received or the maximum number of retries for an EAPOL-Key packet is reached.

The system starts to count the retries when the maximum number of retransmissions is reached.

To ensure successful RSN key negotiation or update, you can increase the maximum number of retransmissions and the maximum number of retries for an EAPOL-Key packet.

For more information about RSN key negotiation or update, see "Configuring WLAN security."

Examples

# In service template view, set the maximum number of retransmissions for an EAPOL-Key packet to one and the retransmission interval to 400 milliseconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-svervice1] option 4-way-handshake resend 1 interval 400

Related commands

option 4-way-handshake retry

option 4-way-handshake retry

Use option 4-way-handshake retry to set the maximum number of retries for an EAPOL-Key packet and the retry interval.

Use undo option 4-way-handshake retry to restore the default.

Syntax

option 4-way-handshake retry max-count [ interval interval ]

undo option 4-way-handshake retry

Default

The maximum number of retries for an EAPOL-Key packet is three, and the retry interval is 5 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

retry max-count: Specifies the maximum number of retries for an EAPOL-Key packet, in the range of 0 to 3.

interval interval: Specifies the retry interval in the range of 2 to 5 seconds.

Usage guidelines

During RSN key negotiation or update, an AP keeps retransmitting an EAPOL-Key packet until a response is received or the maximum number of retries for an EAPOL-Key packet is reached.

The system starts to count the retries when the maximum number of retransmissions is reached.

If you execute this command for multiple times, the most recent configuration takes effect.

Examples

# In service template view, set the maximum number of retries for an EAPOL-Key packet to two and the retry interval to 3 seconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] option 4-way-handshake retry 2 interval 3

Related commands

option 4-way-handshake resend

option client fast-forwarding

Use option client fast-forwarding enable to enable fast forwarding of AP-to-client data frames.

Use option client fast-forwarding disable to disable fast forwarding of AP-to-client data frames.

Use undo option client fast-forwarding to restore the default.

Syntax

option client fast-forwarding { disable | enable level level-value }

undo option client fast-forwarding

Default

In radio view, a radio uses the configuration in an AP group's radio view.

In an AP group's radio view, fast forwarding of AP-to-client data frames is disabled.

Views

Radio view

AP group's radio view

Predefined user roles

network-admin

Parameters

level level-value: Specifies the fast forwarding level in the range of 1 to 4.

Usage guidelines

This feature enables an AP to forward data frames to clients without extra processing (such as verification and counting) to improve processing efficiency.

Examples

# Enable fast forwarding of AP-to-client data frames for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA6320

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] option client fast-forwarding enable level 1

# Enable fast forwarding of AP-to-client data frames for APs with model WA6320 in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA6320

[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client fast-forwarding enable level 1

option client hide-node-protection

Use option client hide-node-protection enable to enable hidden node protection.

Use option client hide-node-protection disable to disable hidden node protection.

Use undo option client hide-node-protection to restore the default.

Syntax

option client hide-node-protection { disable | enable }

undo option client hide-node-protection

Default

In radio view, a radio uses the configuration in an AP group's radio view.

In an AP group's radio view, hidden node protection is disabled.

Views

Radio view

AP group's radio view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only on 802.11g, 802.11n, and 802.11ac clients.

This feature enables clients to send RTS or CTS frames before transmitting frames to avoid interference from hidden nodes.

Examples

# Enable hidden node protection for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA6320

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] option client hide-node-protection enable

# Enable hidden node protection for APs with model WA6320 in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA6320

[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client hide-node-protection enable

option client reconnect

Use option client reconnect enable to enable AP-triggered client reassociation.

Use option client reconnect disable to disable AP-triggered client reassociation.

Use undo option client reconnect to restore the default.

Syntax

option client reconnect { disable | enable [ rssi rssi-value ] [ interval interval ] }

undo option client reconnect

Default

In radio view, a radio uses the configuration in an AP group's radio view.

In an AP group's radio view, AP-triggered client reassociation is disabled.

Views

Radio view

AP group's radio view

Predefined user roles

network-admin

Parameters

rssi rssi-value: Specifies the RSSI threshold in the range of 5 to 100. The default and recommended RSSI thresholds are 10 and 20, respectively.

interval interval: Specifies the interval at which an AP detects the signal strength of the clients. The value range for the interval argument is 3 to 10 seconds and the default interval is 3 seconds.

Usage guidelines

This feature enables an AP to send deauthentication frames to a client when the AP detects that the signal strength of the client is lower than the specified RSSI threshold. Then, the client can reassociate with the AP or roam to another AP.

Examples

# Enable AP-triggered client reassociation for AP ap1. Set the RSSI threshold and detection interval to 30 and 5 seconds, respectively.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA6320

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] option client reconnect enable rssi 30 interval 5

# Enable AP-triggered client reassociation for APs with model WA6320 in AP group 1. Set the RSSI threshold and detection interval to 30 and 5 seconds, respectively.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA6320

[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client reconnect enable rssi 30 interval 5

option client reject

Use option client reject enable to enable an AP to reject weak-signal clients.

Use option client reject disable to disable an AP from rejecting weak-signal clients.

Use undo option client reject to restore the default.

Syntax

option client reject { disable | enable [ rssi rssi-value ] }

undo option client reject

Default

In radio view, a radio uses the configuration in an AP group's radio view.

In an AP group's radio view, a radio does not reject weak-signal clients.

Views

Radio view

AP group's radio view

Predefined user roles

network-admin

Parameters

rssi rssi-value: Specifies the RSSI threshold in the range of 5 to 100. Both the default and recommended RSSI thresholds are 10.

Usage guidelines

This feature enables an AP to reject clients with an RSSI lower than the specified threshold to release channel resources and enhance WLAN performance.

After you enable this feature, wireless clients with an RSSI lower than the threshold might fail to access the WLAN.

After a client accesses the WLAN, an AP will not log off the client with an RSSI lower than the threshold but will reject the client after it disconnects from the network.

Examples

# Enable AP ap1 to reject clients with an RSSI lower than 30 dBm.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA6320

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] option client reject enable rssi 30

# Enable APs with model WA6320 in AP group 1 to reject clients with an RSSI lower than 30 dBm.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA6320

[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client reject enable rssi 30

rrop anti-bmc protocol arp mode

Use rrop anti-bmc protocol arp mode to configure the action to take on ARP packets.

Use undo rrop anti-bmc protocol arp to restore the default.

Syntax

rrop anti-bmc protocol arp mode { proxy-reply | unicast-forward }

undo rrop anti-bmc protocol arp

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, an AP uses the configuration in system view.

In system view, APs convert ARP packets to unicast packets and then forward them.

Views

AP view

AP group view

System view

Predefined user roles

network-admin

Parameters

proxy-reply: Enables APs to reply to ARP packets.

unicast-forward: Enables APs to convert ARP packets to unicast packets and then forward them.

Usage guidelines

Configure this feature to reduce ARP packets in the WLAN.

·     With the proxy-reply keyword specified, an AP sends an ARP response instead of forwarding the ARP request if the target IP address in the ARP request matches the client entry on the AP. The sender address in the response is the target IP address. The sender MAC address and the source MAC address at the data link layer both are the MAC address bound to the target IP address in the client entry.

·     With the unicast-forward keyword specified, an AP changes the target MAC address in the ARP request and the destination MAC address at the data link layer to the MAC address bound to the target IP address in the client entry. Then the AP converts the ARP packet to a unicast packet and forwards it.

This feature takes effect only after you use the rrop anti-bmc network ipv4-simple enable command to enable basic broadcast and multicast packet control for the IPv4 network.

Examples

# Configure AP ap1 to reply to ARP packets.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-wlan-ap-ap1] rrop anti-bmc protocol arp mode proxy-reply

# Configure APs in AP group group1 to reply to ARP packets.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] rrop anti-bmc protocol arp mode proxy-reply

# Configure all APs to reply to ARP packets.

<Sysname> system-view

[Sysname] rrop anti-bmc protocol arp mode proxy-reply

Related commands

rrop anti-bmc network

rrop anti-bmc protocol nd mode

Use rrop anti-bmc protocol nd mode to configure the action to take on ND packets.

Use undo rrop anti-bmc protocol nd to restore the default.

Syntax

rrop anti-bmc protocol nd mode { proxy-reply | unicast-forward }

undo rrop anti-bmc protocol nd

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, an AP uses the configuration in system view.

In system view, APs convert ARP packets to unicast packets and then forward them.

Views

AP view

AP group view

System view

Predefined user roles

network-admin

Parameters

proxy-reply: Enables APs to reply to ND packets.

unicast-forward: Enables APs to convert ND packets to unicast packets and then forward them.

Usage guidelines

Configure this feature to reduce ND packets in the WLAN.

·     With the proxy-reply keyword specified, an AP sends an ND response instead of forwarding the ARP request if the target IP address in the ND request matches the client entry on the AP. The sender address in the response is the target IP address. The sender MAC address and the source MAC address at the data link layer both are the MAC address bound to the target IP address in the client entry.

·     With the unicast-forward keyword specified, an AP changes the target MAC address in the ND request and the destination MAC address at the data link layer to the MAC address bound to the target IP address in the client entry. Then the AP converts the ND packet to a unicast packet and forwards it.

This feature takes effect only after you use the rrop anti-bmc network ipv6-simple enable command to enable basic broadcast and multicast packet control for the IPv6 network.

Examples

# Configure AP ap1 to reply to ND packets.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-wlan-ap-ap1] rrop anti-bmc protocol nd mode proxy-reply

# Configure APs in AP group group1 to reply to ND packets.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] rrop anti-bmc protocol nd mode proxy-reply

# Configure all APs to reply to ND packets.

<Sysname> system-view

[Sysname] rrop anti-bmc protocol nd mode proxy-reply

Related commands

rrop anti-bmc network

rrop client fast-keep-alive

Use rrop client fast-keep-alive enable to enable client fast keepalive.

Use rrop client fast-keep-alive disable to disable client fast keepalive.

Use undo rrop client fast-keep-alive to restore the default.

Syntax

rrop client fast-keep-alive { disable | enable [ count count-value ] [ interval interval-value ] }

undo rrop client fast-keep-alive

Default

In radio view, a radio uses the configuration in the AP group's radio view.

In an AP group's radio view, the client fast keepalive feature is enabled.

Views

Radio view

AP group's radio view

Predefined user roles

network-admin

Parameters

count count-value: Specifies the maximum number of keepalive packets that an AP can send to a client, in the range of 128 to 2048. The default value is 1024.

interval interval-value: Specifies the keepalive packet sending interval, in the range of 3 to 60 seconds. The default value is 10 seconds.

Usage guidelines

To quickly determine whether clients are online and save radio resources, execute this command to set the maximum number of unicast keepalive packets that an AP can send to a client. The AP logs off a client if it does not receive any replies from the client after sending three groups of keepalive packets within the specified keepalive packet sending interval. Packets specified by the count count-value option are counted as one group of keepalive packet.

This command is mainly used in scenarios with high client mobility. If the network quality is poor, reduce the maximum number of keepalive packets that an AP can send to a client or set a smaller interval. As a best practice, use the default setting in scenarios with stable clients.

The configuration in radio view takes precedence over the configuration in an AP group's radio view.

Examples

# Enable client fast keepalive for AP ap1 and set the maximum number of keepalive packets to 300.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA6320

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrop client fast-keep-alive enable count 300

# Enable client fast keepalive for APs with model WA6320 in AP group group1 and set the maximum number of keepalive packets to 300.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA6320

[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] rrop client fast-keep-alive enable count 300

Related commands

client keep-alive

sacp roam-optimize traffic-hold enable

Use sacp roam-optimize traffic-hold enable to enable data transmission holding during roaming.

Use undo sacp roam-optimize traffic-hold enable to disable data transmission holding during roaming.

Syntax

sacp roam-optimize traffic-hold enable

undo sacp roam-optimize traffic-hold enable

Default

Data transmission holding during roaming is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

With data transmission holding during roaming enabled, the device caches the packets during client roaming and sends the packets to the client after the client roams successfully to reduce the packet loss during client roaming. With data transmission holding during roaming disabled, the device ages out the cached packets after a period of time and will not send the packets to the client. As a best practice, enable this feature in a scenario that is sensitive to packet loss.

To make this feature take effect, enable client association at the AC and enable the AC to forward client data traffic.

This feature is not supported in an AC hierarchy network or inter-AC roaming network.

Examples

# Enable data transmission holding during roaming.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] sacp roam-optimize traffic-hold enable

scap application optimization enable oppo

Use sacp application optimization enable oppo to enable application traffic forwarding optimization.

Use undo sacp application optimization enable oppo to disable application traffic forwarding optimization.

Syntax

sacp application optimization enable oppo [ dual-wifi | qos ]

undo sacp application optimization enable oppo [ dual-wifi | qos ]

Default

Application traffic forwarding optimization is disabled.

Views

Wireless service template view

Predefined user roles

network-admin

Parameters

dual-wifi: Specifies dual-WiFi-based application traffic optimization.

qos: Specifies QoS-based application traffic optimization.

Usage guidelines

Application traffic forwarding optimization provides the following benefits:

·     Dual-WiFi-based application traffic optimization—After you enable dual-WiFi-based application traffic optimization and enable dual-WiFi on a wireless client, the client will establish a backup WiFi link with the AP. Data packets of the client will be transmitted through both the primary and backup WiFi links to improve the transmission reliability.

·     QoS-based application traffic optimization—After you enable QoS-based application traffic optimization, the device will preferentially process high-priority packets to improve the downlink transmission rate for audio and video traffic.

This feature is memory intensive. Please be cautious.

This feature is not supported in an AC hierarchy network.

Examples

# Enable QoS-based application traffic optimization.

<Sysname> system-view

[Sysname] wlan service-template test

[Sysname-wlan-st-test] sacp application optimization enable oppo qos

Related commands

display system internal wlan client dual-wifi cache

wlan client inspect

Use wlan client inspect enable to enable client inspection.

Use wlan client inspect disable to disable client inspection.

Use undo wlan client inspect to restore the default.

Syntax

wlan client inspect { disable | enable }

undo wlan client inspect

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, client inspection is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

The client inspection feature enables you to view information about packets exchanged and time consumed in each stage of the client association process.

In the current software version, the client inspection feature supports only client association, client association failure, and IP address lease extension events.

Examples

# Enable client inspection for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA6320

[Sysname-wlan-ap-ap1] wlan client inspect enable

# Enable client inspection for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] wlan client inspect enable

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Intelligent Storage
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
  • Technical Blogs
All Support
  • Become A Partner
  • Partner Policy & Program
  • Global Learning
  • Partner Sales Resources
  • Partner Business Management
  • Service Business
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网