- Table of Contents
-
- 02-WLAN Command References
- 00-Preface
- 01-AP management commands
- 02-Radio management commands
- 03-WLAN access commands
- 04-WLAN security commands
- 05-WLAN authentication commands
- 06-WIPS commands
- 07-WLAN QoS commands
- 08-WLAN roaming commands
- 09-WLAN load balancing commands
- 10-WLAN radio resource measurement commands
- 11-Channel scanning commands
- 12-Band navigation commands
- 13-WLAN high availability commands
- 14-Wireless location commands
- 15-AC hierarchy commands
- 16-IoT AP commands
- 17-WLAN probe commands
- 18-Spectrum management commands
- 19-WLAN optimization commands
- 20-WLAN RRM commands
- 21-WLAN IP snooping commands
- 22-WLAN forwarding commands
- 23-WLAN radio load balancing commands
- 24-802.1X client commands
- 25-IP source guard commands
- Related Documents
-
Title | Size | Download |
---|---|---|
19-WLAN optimization commands | 110.08 KB |
Contents
option client hide-node-protection
rrop anti-bmc protocol arp mode
rrop anti-bmc protocol nd mode
sacp roam-optimize traffic-hold enable
scap application optimization enable oppo
WLAN optimization commands
IMPORTANT: Use WLAN optimization commands under the guidance of H3C Support. |
option 4-way-handshake resend
Use option 4-way-handshake resend to set the maximum number of retransmissions for an EAPOL-Key packet and the retransmission interval.
Use undo option 4-way-handshake resend to restore the default.
Syntax
option 4-way-handshake resend max-count [ interval interval ]
undo option 4-way-handshake resend
Default
The maximum number of retransmissions for an EAPOL-Key packet is three, and the retransmission interval is 300 milliseconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
resend max-count: Specifies the maximum number of retransmissions for an EAPOL-Key packet, in the range of 0 to 3.
interval interval: Specifies the retransmission interval in the range of 200 to 500 milliseconds.
Usage guidelines
In Robust Security Network Association (RSNA) authentication, an AP and a client use EAPOL-Key packets in the four-way handshake to negotiate the keys. After that, the AP and the client periodically exchange EAPOL-Key packets to update the keys.
During key negotiation or update, the AP keeps retransmitting an EAPOL-Key packet until a response is received or the maximum number of retries for an EAPOL-Key packet is reached.
The system starts to count the retries when the maximum number of retransmissions is reached.
To ensure successful RSN key negotiation or update, you can increase the maximum number of retransmissions and the maximum number of retries for an EAPOL-Key packet.
For more information about RSN key negotiation or update, see "Configuring WLAN security."
Examples
# In service template view, set the maximum number of retransmissions for an EAPOL-Key packet to one and the retransmission interval to 400 milliseconds.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-svervice1] option 4-way-handshake resend 1 interval 400
Related commands
option 4-way-handshake retry
option 4-way-handshake retry
Use option 4-way-handshake retry to set the maximum number of retries for an EAPOL-Key packet and the retry interval.
Use undo option 4-way-handshake retry to restore the default.
Syntax
option 4-way-handshake retry max-count [ interval interval ]
undo option 4-way-handshake retry
Default
The maximum number of retries for an EAPOL-Key packet is three, and the retry interval is 5 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
retry max-count: Specifies the maximum number of retries for an EAPOL-Key packet, in the range of 0 to 3.
interval interval: Specifies the retry interval in the range of 2 to 5 seconds.
Usage guidelines
During RSN key negotiation or update, an AP keeps retransmitting an EAPOL-Key packet until a response is received or the maximum number of retries for an EAPOL-Key packet is reached.
The system starts to count the retries when the maximum number of retransmissions is reached.
If you execute this command for multiple times, the most recent configuration takes effect.
Examples
# In service template view, set the maximum number of retries for an EAPOL-Key packet to two and the retry interval to 3 seconds.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] option 4-way-handshake retry 2 interval 3
Related commands
option 4-way-handshake resend
option client fast-forwarding
Use option client fast-forwarding enable to enable fast forwarding of AP-to-client data frames.
Use option client fast-forwarding disable to disable fast forwarding of AP-to-client data frames.
Use undo option client fast-forwarding to restore the default.
Syntax
option client fast-forwarding { disable | enable level level-value }
undo option client fast-forwarding
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, fast forwarding of AP-to-client data frames is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
level level-value: Specifies the fast forwarding level in the range of 1 to 4.
Usage guidelines
This feature enables an AP to forward data frames to clients without extra processing (such as verification and counting) to improve processing efficiency.
Examples
# Enable fast forwarding of AP-to-client data frames for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option client fast-forwarding enable level 1
# Enable fast forwarding of AP-to-client data frames for APs with model WA6320 in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client fast-forwarding enable level 1
option client hide-node-protection
Use option client hide-node-protection enable to enable hidden node protection.
Use option client hide-node-protection disable to disable hidden node protection.
Use undo option client hide-node-protection to restore the default.
Syntax
option client hide-node-protection { disable | enable }
undo option client hide-node-protection
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, hidden node protection is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only on 802.11g, 802.11n, and 802.11ac clients.
This feature enables clients to send RTS or CTS frames before transmitting frames to avoid interference from hidden nodes.
Examples
# Enable hidden node protection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option client hide-node-protection enable
# Enable hidden node protection for APs with model WA6320 in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client hide-node-protection enable
option client reconnect
Use option client reconnect enable to enable AP-triggered client reassociation.
Use option client reconnect disable to disable AP-triggered client reassociation.
Use undo option client reconnect to restore the default.
Syntax
option client reconnect { disable | enable [ rssi rssi-value ] [ interval interval ] }
undo option client reconnect
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, AP-triggered client reassociation is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
rssi rssi-value: Specifies the RSSI threshold in the range of 5 to 100. The default and recommended RSSI thresholds are 10 and 20, respectively.
interval interval: Specifies the interval at which an AP detects the signal strength of the clients. The value range for the interval argument is 3 to 10 seconds and the default interval is 3 seconds.
Usage guidelines
This feature enables an AP to send deauthentication frames to a client when the AP detects that the signal strength of the client is lower than the specified RSSI threshold. Then, the client can reassociate with the AP or roam to another AP.
Examples
# Enable AP-triggered client reassociation for AP ap1. Set the RSSI threshold and detection interval to 30 and 5 seconds, respectively.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option client reconnect enable rssi 30 interval 5
# Enable AP-triggered client reassociation for APs with model WA6320 in AP group 1. Set the RSSI threshold and detection interval to 30 and 5 seconds, respectively.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client reconnect enable rssi 30 interval 5
option client reject
Use option client reject enable to enable an AP to reject weak-signal clients.
Use option client reject disable to disable an AP from rejecting weak-signal clients.
Use undo option client reject to restore the default.
Syntax
option client reject { disable | enable [ rssi rssi-value ] }
undo option client reject
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, a radio does not reject weak-signal clients.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
rssi rssi-value: Specifies the RSSI threshold in the range of 5 to 100. Both the default and recommended RSSI thresholds are 10.
Usage guidelines
This feature enables an AP to reject clients with an RSSI lower than the specified threshold to release channel resources and enhance WLAN performance.
After you enable this feature, wireless clients with an RSSI lower than the threshold might fail to access the WLAN.
After a client accesses the WLAN, an AP will not log off the client with an RSSI lower than the threshold but will reject the client after it disconnects from the network.
Examples
# Enable AP ap1 to reject clients with an RSSI lower than 30 dBm.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option client reject enable rssi 30
# Enable APs with model WA6320 in AP group 1 to reject clients with an RSSI lower than 30 dBm.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client reject enable rssi 30
rrop anti-bmc protocol arp mode
Use rrop anti-bmc protocol arp mode to configure the action to take on ARP packets.
Use undo rrop anti-bmc protocol arp to restore the default.
Syntax
rrop anti-bmc protocol arp mode { proxy-reply | unicast-forward }
undo rrop anti-bmc protocol arp
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP uses the configuration in system view.
In system view, APs convert ARP packets to unicast packets and then forward them.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
proxy-reply: Enables APs to reply to ARP packets.
unicast-forward: Enables APs to convert ARP packets to unicast packets and then forward them.
Usage guidelines
Configure this feature to reduce ARP packets in the WLAN.
· With the proxy-reply keyword specified, an AP sends an ARP response instead of forwarding the ARP request if the target IP address in the ARP request matches the client entry on the AP. The sender address in the response is the target IP address. The sender MAC address and the source MAC address at the data link layer both are the MAC address bound to the target IP address in the client entry.
· With the unicast-forward keyword specified, an AP changes the target MAC address in the ARP request and the destination MAC address at the data link layer to the MAC address bound to the target IP address in the client entry. Then the AP converts the ARP packet to a unicast packet and forwards it.
This feature takes effect only after you use the rrop anti-bmc network ipv4-simple enable command to enable basic broadcast and multicast packet control for the IPv4 network.
Examples
# Configure AP ap1 to reply to ARP packets.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-wlan-ap-ap1] rrop anti-bmc protocol arp mode proxy-reply
# Configure APs in AP group group1 to reply to ARP packets.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc protocol arp mode proxy-reply
# Configure all APs to reply to ARP packets.
<Sysname> system-view
[Sysname] rrop anti-bmc protocol arp mode proxy-reply
Related commands
rrop anti-bmc network
rrop anti-bmc protocol nd mode
Use rrop anti-bmc protocol nd mode to configure the action to take on ND packets.
Use undo rrop anti-bmc protocol nd to restore the default.
Syntax
rrop anti-bmc protocol nd mode { proxy-reply | unicast-forward }
undo rrop anti-bmc protocol nd
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP uses the configuration in system view.
In system view, APs convert ARP packets to unicast packets and then forward them.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
proxy-reply: Enables APs to reply to ND packets.
unicast-forward: Enables APs to convert ND packets to unicast packets and then forward them.
Usage guidelines
Configure this feature to reduce ND packets in the WLAN.
· With the proxy-reply keyword specified, an AP sends an ND response instead of forwarding the ARP request if the target IP address in the ND request matches the client entry on the AP. The sender address in the response is the target IP address. The sender MAC address and the source MAC address at the data link layer both are the MAC address bound to the target IP address in the client entry.
· With the unicast-forward keyword specified, an AP changes the target MAC address in the ND request and the destination MAC address at the data link layer to the MAC address bound to the target IP address in the client entry. Then the AP converts the ND packet to a unicast packet and forwards it.
This feature takes effect only after you use the rrop anti-bmc network ipv6-simple enable command to enable basic broadcast and multicast packet control for the IPv6 network.
Examples
# Configure AP ap1 to reply to ND packets.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-wlan-ap-ap1] rrop anti-bmc protocol nd mode proxy-reply
# Configure APs in AP group group1 to reply to ND packets.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc protocol nd mode proxy-reply
# Configure all APs to reply to ND packets.
<Sysname> system-view
[Sysname] rrop anti-bmc protocol nd mode proxy-reply
Related commands
rrop anti-bmc network
rrop client fast-keep-alive
Use rrop client fast-keep-alive enable to enable client fast keepalive.
Use rrop client fast-keep-alive disable to disable client fast keepalive.
Use undo rrop client fast-keep-alive to restore the default.
Syntax
rrop client fast-keep-alive { disable | enable [ count count-value ] [ interval interval-value ] }
undo rrop client fast-keep-alive
Default
In radio view, a radio uses the configuration in the AP group's radio view.
In an AP group's radio view, the client fast keepalive feature is enabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
count count-value: Specifies the maximum number of keepalive packets that an AP can send to a client, in the range of 128 to 2048. The default value is 1024.
interval interval-value: Specifies the keepalive packet sending interval, in the range of 3 to 60 seconds. The default value is 10 seconds.
Usage guidelines
To quickly determine whether clients are online and save radio resources, execute this command to set the maximum number of unicast keepalive packets that an AP can send to a client. The AP logs off a client if it does not receive any replies from the client after sending three groups of keepalive packets within the specified keepalive packet sending interval. Packets specified by the count count-value option are counted as one group of keepalive packet.
This command is mainly used in scenarios with high client mobility. If the network quality is poor, reduce the maximum number of keepalive packets that an AP can send to a client or set a smaller interval. As a best practice, use the default setting in scenarios with stable clients.
The configuration in radio view takes precedence over the configuration in an AP group's radio view.
Examples
# Enable client fast keepalive for AP ap1 and set the maximum number of keepalive packets to 300.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrop client fast-keep-alive enable count 300
# Enable client fast keepalive for APs with model WA6320 in AP group group1 and set the maximum number of keepalive packets to 300.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] rrop client fast-keep-alive enable count 300
Related commands
client keep-alive
sacp roam-optimize traffic-hold enable
Use sacp roam-optimize traffic-hold enable to enable data transmission holding during roaming.
Use undo sacp roam-optimize traffic-hold enable to disable data transmission holding during roaming.
Syntax
sacp roam-optimize traffic-hold enable
undo sacp roam-optimize traffic-hold enable
Default
Data transmission holding during roaming is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
With data transmission holding during roaming enabled, the device caches the packets during client roaming and sends the packets to the client after the client roams successfully to reduce the packet loss during client roaming. With data transmission holding during roaming disabled, the device ages out the cached packets after a period of time and will not send the packets to the client. As a best practice, enable this feature in a scenario that is sensitive to packet loss.
To make this feature take effect, enable client association at the AC and enable the AC to forward client data traffic.
This feature is not supported in an AC hierarchy network or inter-AC roaming network.
Examples
# Enable data transmission holding during roaming.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] sacp roam-optimize traffic-hold enable
scap application optimization enable oppo
Use sacp application optimization enable oppo to enable application traffic forwarding optimization.
Use undo sacp application optimization enable oppo to disable application traffic forwarding optimization.
Syntax
sacp application optimization enable oppo [ dual-wifi | qos ]
undo sacp application optimization enable oppo [ dual-wifi | qos ]
Default
Application traffic forwarding optimization is disabled.
Views
Wireless service template view
Predefined user roles
network-admin
Parameters
dual-wifi: Specifies dual-WiFi-based application traffic optimization.
qos: Specifies QoS-based application traffic optimization.
Usage guidelines
Application traffic forwarding optimization provides the following benefits:
· Dual-WiFi-based application traffic optimization—After you enable dual-WiFi-based application traffic optimization and enable dual-WiFi on a wireless client, the client will establish a backup WiFi link with the AP. Data packets of the client will be transmitted through both the primary and backup WiFi links to improve the transmission reliability.
· QoS-based application traffic optimization—After you enable QoS-based application traffic optimization, the device will preferentially process high-priority packets to improve the downlink transmission rate for audio and video traffic.
This feature is memory intensive. Please be cautious.
This feature is not supported in an AC hierarchy network.
Examples
# Enable QoS-based application traffic optimization.
<Sysname> system-view
[Sysname] wlan service-template test
[Sysname-wlan-st-test] sacp application optimization enable oppo qos
Related commands
display system internal wlan client dual-wifi cache
wlan client inspect
Use wlan client inspect enable to enable client inspection.
Use wlan client inspect disable to disable client inspection.
Use undo wlan client inspect to restore the default.
Syntax
wlan client inspect { disable | enable }
undo wlan client inspect
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, client inspection is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
The client inspection feature enables you to view information about packets exchanged and time consumed in each stage of the client association process.
In the current software version, the client inspection feature supports only client association, client association failure, and IP address lease extension events.
Examples
# Enable client inspection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] wlan client inspect enable
# Enable client inspection for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] wlan client inspect enable