26-WLAN Configuration Guide(AC)

HomeSupportConfigure & DeployConfiguration GuidesH3C MSR610[810][830][1000S][2600][3600] Routers Configuration Guides(V7)-R6749-6W10026-WLAN Configuration Guide(AC)
09-WLAN roaming configuration
Title Size Download
09-WLAN roaming configuration

Contents

Configuring WLAN roaming· 1

About WLAN roaming· 1

WLAN roaming mechanism·· 1

Layer 3 roaming· 1

Setting the roaming entry aging time· 2

Display and maintenance commands for WLAN roaming· 2

Example: Configuring intra-AC roaming· 3

Configuring enhanced roaming· 1

About enhanced roaming· 1

802.1X fast roaming· 1

802.1X fast roaming mechanism·· 1

Restrictions and guidelines: 802.1X fast forwarding configuration· 2

MAC fast roaming· 2

Restrictions and guidelines: MAC fast forwarding· 3

Enabling fast-connect for MAC authenticated intra-AC roaming clients· 3

802.11r 3

About 802.11r 3

Restrictions and guidelines: 802.11r configuration· 5

Configuring 802.11r 5

Example: Configuring over-the-DS FT (PSK authentication) 6

Example: Configuring over-the-DS FT (802.1X authentication) 11

802.11v· 16

About 802.11v· 16

Restrictions and guidelines: 802.11v configuration· 17

Enabling BTM·· 17

Configuring BTM disassociation· 17

Example: Configuring 802.11v· 18

Cooperative roaming· 20

About cooperative roaming· 20

Restrictions and guidelines: Cooperative roaming configuration· 20

Configuring client anti-sticky· 20

Enabling an AP to obtain BSS candidate information· 22

Enabling data transmission holding during roaming· 22

Display and maintenance commands for cooperative roaming· 23

Example: Configuring cooperative roaming· 23

Configuring mobility groups· 1

About mobility groups· 1

Restrictions: Hardware compatibility with mobility group· 1

Restrictions and guidelines: Mobility group configuration· 1

Enabling SNMP notifications for WLAN roaming· 1

Display and maintenance commands for mobility groups· 1

 


Configuring WLAN roaming

About WLAN roaming

WLAN roaming enables clients to seamlessly roam among APs in an ESS while retaining their IP address and authorization information during the roaming process.

 

 

NOTE:

The term "AC" in this document refers to MSR routers that can function as ACs. For information about routers that can function as ACs, see "Compatibility of MSR routers and AC functionality."

 

 

WLAN roaming mechanism

As shown in Figure 5, the client roams from AP 1 to AP 2 as follows:

1.     The client comes online from AP 1, and the AC creates a roaming entry for the client.

The entry records the initial SSID at association, PMKID, authentication method, security mode, and roaming VLAN.

2.     The client roams to AP 2. The AC examines the roaming entry.

3.     The client performs reauthentication and then comes online from AP 2.

Figure 1 WLAN roaming mechanism

Layer 3 roaming

As shown in Figure 2, the client can roam between APs in different VLANs without special configuration. For the roaming procedure, see "WLAN roaming mechanism."

Figure 2 Layer 3 roaming

Setting the roaming entry aging time

About this task

Client roaming entries record client PMKs, VLAN, and other authorization information. If a disconnected client connects to an AP before its roaming entry expires, the client can inherit authorization recorded in the entry and achieve fast roaming.

If a disconnected client cannot come online before its entry expires, the system deletes the entry.

Restrictions and guidelines

Setting the roaming entry aging time to 0 allows the system to delete the roaming entry of a client once the client goes offline. Fast roaming cannot be performed.

The aging time is applicable only to intra-AC roaming entries. It does not take effect on inter-AC roaming entries.

Procedure

1.     Enter system view.

system-view

2.     Enter service template view.

wlan service-template service-template-name

3.     Set the roaming entry aging time.

client cache aging-time aging-time

By default, the roaming entry aging time is 180 seconds.

Display and maintenance commands for WLAN roaming

Execute display commands in any view.

 

Task

Command

Display roam-track information for a client.

display wlan mobility roam-track mac-address mac-address

Example: Configuring intra-AC roaming

Network configuration

As shown in Figure 3, configure intra-AC roaming to enable the client to roam from AP 1 to AP 2. The two APs are managed by the same AC.

Figure 3 Network diagram

Procedure

# Create a service template named service, set the SSID to 1, and enable the service template.

<AC> system-view

[AC] wlan service-template service

[AC-wlan-st-service] ssid 1

[AC-wlan-st-service] service-template enable

[AC-wlan-st-service] quit

# Create a manual AP named ap1, and specify the AP model and serial ID.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

# Bind the service template to radio 1 of AP 1.

[AC-wlan-ap-ap1] radio 1

[AC-wlan-ap-ap1-radio-1] radio enable

[AC-wlan-ap-ap1-radio-1] service-template service

[AC-wlan-ap-ap1-radio-1] quit

[AC-wlan-ap-ap1] quit

# Create a manual AP named ap2, and specify the AP model and serial ID.

[AC] wlan ap ap2 model WA6320

[AC-wlan-ap-ap2] serial-id 219801A28N819CE0003T

# Bind the service template to radio 1 of AP 2.

[AC-wlan-ap-ap2] radio 1

[AC-wlan-ap-ap2-radio-1] radio enable

[AC-wlan-ap-ap2-radio-1] service-template service

[AC-wlan-ap-ap2-radio-1] quit

[AC-wlan-ap-ap2] quit

Verifying the configuration

# Enable the client to come online from AP 1. (Details not shown.)

# Verify that the client associates with AP 1, and the roaming status is N/A, which indicates that the client has not performed any roaming.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : 9cd3-6d9e-6778

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : ap1

Radio ID                           : 1

Channel                            : 36

SSID                               : 1

BSSID                              : 000f-e200-4444

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : Open system

Security mode                      : PRE-RSNA

AKM mode                           : Not configured

Cipher suite                       : N/A

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Authorization CAR                  : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Inactive

# Verify that the AC has a roaming entry for the client.

[AC] display wlan mobility roam-track mac-address 9cd3-6d9e-6778

Total entries: 1

BSSID           Created at           Online time       AC IP address  RID  AP name

000f-e200-4444  2016-06-14 11:12:28  00hr 01min 16sec  127.0.0.1      1    ap1

# Enable the client roam to AP 2. (Details not shown.)

# Verify that the client has associated with AP 2, and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : 9cd3-6d9e-6778

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 2

AP name                            : ap2

Radio ID                           : 1

Channel                            : 36

SSID                               : 1

BSSID                              : 000f-e203-7777

VLAN ID                            : 1

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : Open system

Security mode                      : PRE-RSNA

AKM mode                           : Not configured

Cipher suite                       : N/A

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Authorization CAR                  : N/A

Roam status                        : Intra-AC roam

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 5minutes 13seconds

FT status                          : Inactive

# Verify that the AC has updated the roaming entry for the client.

[AC] display wlan mobility roam-track mac-address 9cd3-6d9e-6778

Total entries: 2

BSSID           Created at           Online time          AC IP address  RID  AP name

000f-e203-7777  2016-06-14 11:12:28  00hr 01min 02sec     127.0.0.1      1    ap2

000f-e200-4444  2016-06-14 11:12:04  00hr 03min 51sec     127.0.0.1      1    ap1


Configuring enhanced roaming

About enhanced roaming

WLAN supports the following enhanced roaming technologies:

·     802.1X fast roaming—Allows users to come online from a new AP or radio without being reauthenticated. It is applicable only when RSN+802.1X authentication is used.

·     MAC fast roaming—Allows users to come online from a new AP or radio without being reauthenticated. It is applicable only when MAC authentication is used.

·     802.11r—Shortens roaming latency to reduce client disconnection rate and improve the service quality.

·     Virtual BSS roaming—Enables the AC to monitor client signal strength in real time and guide clients to roam to the optimal APs in the same ESS seamlessly.

802.1X fast roaming

802.1X fast roaming mechanism

As shown in Figure 4, 802.1X fast roaming operates as follows:

1.     The client comes online from AP 1 after passing RSN+802.1X authentication. AP 1 creates a roaming entry for the client.

For more information about 802.1X authentication, see "Configuring WLAN security."

2.     The client roams to AP 2. The AP examines the roaming entry for the client and triggers 802.1X fast forwarding if the client carries the same PMKID as the AP.

The system uses the cached PMK to perform key negotiation and the client can associate with AP 2 without reauthentication.

 

 

NOTE:

The system supports using the following methods to cache PMKID:

·     Sticky Key Caching (SKC)—Directly caches the PMKIDs generated during 802.1X authentication of clients.

·     Opportunistic Key Caching (OKC)—Uses the currently associated BSSID, client MAC address, and cached PMK to generate a PMKID.

Both methods support 802.1X fast roaming without manual intervention.

 

Figure 4 802.1X fast roaming

 

Restrictions and guidelines: 802.1X fast forwarding configuration

802.1X fast roaming supports only roaming between APs managed by the same AC.

MAC fast roaming

Intra-AC roaming enables clients to roam among APs that are managed by the same AC.

Figure 5 Intra-AC roaming

As shown in Figure 5, intra-AC roaming uses the following procedure:

1.     The client comes online from AP 1, and the AC creates a roaming entry for the client. For more information about MAC authentication, see "Configuring WLAN authentication."

2.     The client roams to AP 2. The AC examines the roaming entry for the client and determines whether to perform fast roaming.

If the client uses RSN + 802.1X authentication and carries the same PMKID as the AC, fast roaming is used, and the client can associate with AP 2 without reauthentication. If it is not, the client must be reauthenticated before associating with AP 2.

Restrictions and guidelines: MAC fast forwarding

802.1X fast roaming supports only roaming between APs managed by the same AC.

Enabling fast-connect for MAC authenticated intra-AC roaming clients

About this task

This feature allows a MAC authentication roaming client that has been authenticated once on the AC to come online from any APs attached to the AC without re-authentication.

Restrictions and guidelines

This feature applies only to MAC authentication wireless clients whose authentication location and association location are both on the AC.

This feature affects the displayed roaming state of inter-AC roaming clients that use MAC authentication and requires special configuration for them.

·     If a client has roamed between ACs, its roaming state is N/A in the output from the display wlan client verbose command.

·     If the inter-AC roaming clients belong to different VLANs, you must make sure the upstream ports of all the ACs in the same roaming group permit traffic from these VLANs to pass through.

Prerequisites

Before you can configure this feature in a service template, you must disable that service template.

Procedure

1.     Enter system view.

system-view

2.     Enter service template view.

wlan service-template service-template-name

3.     Enable fast-connect for MAC authenticated intra-AC roaming clients.

mac-authentication fast-connect enable

By default, fast-connect is enabled for MAC authenticated intra-AC roaming clients.

802.11r

About 802.11r

802.11r fast BSS transition (FT) minimizes the delay when a client roams from a BSS to another BSS within the same ESS. During 802.11r FT, a client needs to exchange messages with the target AP.

FT provides the following message exchanging methods:

·     Over-the-air—The client communicates directly with the target AP for pre-roaming authentication. This method is applicable to scenarios with high requirements on roaming compatibility.

·     Over-the-DS—The client communicates with the target AP through the current AP for pre-roaming authentication. This method is applicable to scenarios with high requirements on roaming performance.

Over-the-air FT

As shown in Figure 6, the client is associated with AP 1. Intra-AC roaming through over-the-air FT uses the following process:

1.     The client sends an FT authentication request to AP 2.

2.     AP 2 sends an FT authentication response to the client.

3.     The client sends a reassociation request to AP 2.

4.     AP 2 sends a reassociation response to the client.

5.     The client roams to AP 2.

Figure 6 Over-the-air FT

Over-the-DS FT

As shown in Figure 7, the client is associated with AP 1. Intra-AC roaming through over-the-DS FT uses the following process:

1.     After the client comes online, the AC creates a roaming entry and saves it for the client.

2.     The client sends an FT authentication request to AP 1.

3.     AP 1 sends an FT authentication response to the client.

4.     The client sends a reassociation request to AP 2.

5.     AP 2 sends a reassociation response to the client.

6.     The client roams to AP 2.

Figure 7 Intra-AC roaming through over-the-DS FT

Restrictions and guidelines: 802.11r configuration

When you configure 802.11r, follow these restrictions and guidelines:

·     To enable a client that does not support FT to access the WLAN, create two service templates using the same SSID: one enabled with FT and the other not.

·     To prevent a client from coming online every time the periodic re-authentication timer expires, do not enable FT and 802.1X periodic re-authentication for the same service template. For more information about 802.1X periodic re-authentication, see "Configuring WLAN security."

·     PTK updates are not supported for clients that have been associated with a WLAN through FT. For more information about PTK updates, see "Configuring WLAN security."

·     To use FT, you must also specify an AKM mode.

·     To use FT, enable RSN IE in the beacon and probe responses, configure the CCMP cipher suite, and do not use local authentication.

·     802.11r supports only intra-device roaming in the current software version.

·     802.11r takes effect only on clients associated with the AC.

·     Before configuring 802.11r, make sure the service template is disabled.

·     Do not enable 802.11r FT and set the WPA3 security mode or enable enhanced open system authentication at the same time. If you do so, the service template cannot be enabled. For more information about WPA3 and enhanced open system authentication, see "Configuring WLAN security."

Configuring 802.11r

1.     Enter system view.

system-view

2.     Enter service template view.

wlan service-template service-template-name

3.     Enable FT.

ft enable

By default, FT is disabled.

4.     (Optional.) Set the FT method.

ft method { over-the-air | over-the-ds }

By default, the FT method is over-the-air.

5.     (Optional.) Set the reassociation timeout timer.

ft reassociation-timeout timeout

By default, the association timeout timer is 20 seconds.

The roaming process is terminated if a client does not send any reassociation requests before the timeout timer expires.

Example: Configuring over-the-DS FT (PSK authentication)

Network configuration

As shown in Figure 8, configure intra-AC roaming through over-the-DS FT to enable the client to roam between AP 1 and AP 2. Configure PSK as the authentication and key management mode.

Figure 8 Network diagram

Procedure

# Create service template acstname.

<AC> system-view

[AC] wlan service-template acstname

# Set the SSID to service.

[AC-wlan-st-acstname] ssid service

# Set the authentication and key management mode to PSK, and configure simple string 12345678 as the PSK.

[AC-wlan-st-acstname] akm mode psk

[AC-wlan-st-acstname] preshared-key pass-phrase simple 12345678

# Set the CCMP cipher suite and enable the RSN IE in the beacon and probe responses.

[AC-wlan-st-acstname] cipher-suite ccmp

[AC-wlan-st-acstname] security-ie rsn

# Enable FT.

[AC-wlan-st-acstname] ft enable

# Set the reassociation timeout timer to 50 seconds.

[AC-wlan-st-acstname] ft reassociation-timeout 50

# Set the FT method to over-the-DS.

[AC-wlan-st-acstname] ft method over-the-ds

# Enable the service template.

[AC-wlan-st-acstname] service-template enable

[AC-wlan-st-acstname] quit

# Create AP 1, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 1 model WA6320

[AC-wlan-ap-1] serial-id 219801A28N819CE0002T

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template acstname

[AC-wlan-ap-1-radio-1] radio enable

[AC-wlan-ap-1-radio-1] quit

[AC-wlan-ap-1] quit

# Create AP 2, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 2 model WA6320

[AC-wlan-ap-2] serial-id 219801A28N819CE0007T

[AC-wlan-ap-2] radio 1

[AC-wlan-ap-2-radio-1] service-template acstname

[AC-wlan-ap-2-radio-1] radio enable

[AC-wlan-ap-2-radio-1] quit

[AC-wlan-ap-2] quit

Verifying the configuration

# Verify that the service template is correctly configured.

[AC] display wlan service-template acstname verbose

Service template name                            : acstname

Description                                      : Not configured

SSID                                             : service

SSID-hide                                        : Disabled

User-isolation                                   : Disabled

Service template status                          : Enabled

Maximum clients per BSS                          : Not configured

Frame format                                     : Dot3

Seamless-roam status                             : Disabled

Seamless-roam RSSI threshold                     : 50

Seamless-roam RSSI gap                           : 20

VLAN ID                                          : 1

Service VLAN ID                                  : N/A

Service VLAN TPID                                : dot1q

AKM mode                                         : PSK

Security IE                                      : RSN

Cipher suite                                     : CCMP

TKIP countermeasure time                         : 0 sec

PTK lifetime                                     : 43200 sec

PTK rekey                                        : Enabled

GTK rekey                                        : Enabled

GTK rekey method                                 : Time-based

GTK rekey time                                   : 86400 sec

GTK rekey client-offline                         : Disabled

WPA3 status                                      : Disabled

PPSK                                             : Disabled

PPSK Fail Permit                                 : Disabled

Enhance-open status                              : Disabled

Enhanced-open transition-mode service-template   : N/A

User authentication mode                         : Bypass

Intrusion protection                             : Disabled

Intrusion protection mode                        : Temporary-block

Temporary block time                             : 180 sec

Temporary service stop time                      : 20 sec

Fail VLAN ID                                     : Not configured

802.1X handshake                                 : Disabled

802.1X handshake secure                          : Disabled

802.1X domain                                    : Not configured

MAC-auth domain                                  : Not configured

Max 802.1X users per BSS                         : 4096

Max MAC-auth users per BSS                       : 4096

802.1X re-authenticate                           : Disabled

Authorization fail mode                          : Online

Accounting fail mode                             : Online

Authorization                                    : Permitted

Key derivation                                   : SHA1

PMF status                                       : Disabled

Hotspot policy number                            : Not configured

Forwarding policy status                         : Disabled

Forwarding policy name                           : Not configured

Forwarder                                        : AC

FT Status                                        : Enable

FT Method                                        : over-the-ds

FT Reassociation Deadline                        : 50 sec

QoS trust                                        : Port

QoS priority                                     : 0

QoS U-APSD mode                                  : 1

BTM status                                       : Disabled

# Verify that the roaming status is N/A and the FT status is Active.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : 1

Radio ID                           : 1

Channel                            : 36

SSID                               : service

BSSID                              : 000f-e266-7788

VLAN ID                            : 1

VLAN ID2                           : N/A

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : Open system

Security mode                      : RSN

AKM mode                           : PSK

Encryption cipher                  : CCMP

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Active

# Move the client to the coverage of AP 2. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 2

AP name                            : 2

Radio ID                           : 1

Channel                            : 36

SSID                               : service

BSSID                              : 000f-e211-2233

VLAN ID                            : 1

VLAN ID2                           : N/A

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : FT

Security mode                      : RSN

AKM mode                           : PSK

Encryption cipher                  : CCMP

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : Intra-AC roam

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 5minutes 13seconds

FT status                          : Active

Example: Configuring over-the-DS FT (802.1X authentication)

Network configuration

As shown in Figure 8, configure intra-AC roaming through over-the-DS FT to enable the client to roam between AP 1 and AP 2. Configure 802.1X as the authentication and key management mode.

Procedure

# Create service template acstname.

<AC> system-view

[AC] wlan service-template acstname

# Set the SSID to service.

[AC-wlan-st-acstname] ssid service

# Set the AKM mode to 802.1X.

[AC-wlan-st-acstname] akm mode dot1x

# Enable the RSN IE in the beacon and probe responses.

[AC-wlan-st-acstname] cipher-suite ccmp

[AC-wlan-st-acstname] security-ie rsn

# Set the authentication mode to 802.1X for clients.

[AC-wlan-st-acstname] client-security authentication-mode dot1x

[AC-wlan-st-acstname] dot1x domain imc

# Enable FT.

[AC-wlan-st-acstname] ft enable

# Set the FT method to over-the-DS.

[AC-wlan-st-acstname] ft method over-the-ds

# Enable the service template.

[AC-wlan-st-acstname] service-template enable

[AC-wlan-st-acstname] quit

# Set the 802.1X authentication mode to EAP.

[AC] dot1x authentication-method eap

# Create RADIUS scheme imcc.

[AC] radius scheme imcc

# Set the IP address of the primary authentication and accounting servers to 10.1.1.3.

[AC-radius-imcc] primary authentication 10.1.1.3

[AC-radius-imcc] primary accounting 10.1.1.3

# Set the shared key for the AC to exchange packets with the authentication and accounting servers to 12345678.

[AC-radius-imcc] key authentication simple 12345678

[AC-radius-imcc] key accounting simple 12345678

# Configure the AC to remove the ISP domain name from usernames sent to the RADIUS server.

[AC-radius-imcc] user-name-format without-domain

[AC-radius-imcc] quit

# Create ISP domain imc, and configure the domain to use the RADIUS scheme imcc for authentication, authorization, and accounting.

[AC] domain imc

[AC-isp-imc] authentication lan-access radius-scheme imcc

[AC-isp-imc] authorization lan-access radius-scheme imcc

[AC-isp-imc] accounting lan-access radius-scheme imcc

[AC-isp-imc] quit

# Create AP 1, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 1 model WA6320

[AC-wlan-ap-1] serial-id 219801A28N819CE0002T

[AC-wlan-ap-1] radio 1

[AC-wlan-ap-1-radio-1] service-template acstname

[AC-wlan-ap-1-radio-1] radio enable

[AC-wlan-ap-1-radio-1] quit

[AC-wlan-ap-1] quit

# Create AP 2, and bind service template acstname to radio 1 of the AP.

[AC] wlan ap 2 model WA6320

[AC-wlan-ap-2] serial-id 219801A28N819CE0007T

[AC-wlan-ap-2] radio 1

[AC-wlan-ap-2-radio-1] service-template acstname

[AC-wlan-ap-2-radio-1] radio enable

[AC-wlan-ap-2-radio-1] quit

[AC-wlan-ap-2] quit

Verifying the configuration

# Verify that the service template is correctly configured.

[AC] display wlan service-template acstname verbose

Service template name                            : stname

Description                                      : Not configured

SSID                                             : service

SSID-hide                                        : Disabled

User-isolation                                   : Disabled

Service template status                          : Enabled

Maximum clients per BSS                          : Not configured

Frame format                                     : Dot3

Seamless-roam status                             : Disabled

Seamless-roam RSSI threshold                     : 50

Seamless-roam RSSI gap                           : 20

VLAN ID                                          : 1

Service VLAN ID                                  : N/A

Service VLAN TPID                                : dot1q

AKM mode                                         : 802.1X

Security IE                                      : RSN

Cipher suite                                     : CCMP

TKIP countermeasure time                         : 0 sec

PTK lifetime                                     : 43200 sec

PTK rekey                                        : Enabled

GTK rekey                                        : Enabled

GTK rekey method                                 : Time-based

GTK rekey time                                   : 86400 sec

GTK rekey client-offline                         : Disabled

WPA3 status                                      : Disabled

PPSK                                             : Disabled

PPSK Fail Permit                                 : Disabled

Enhance-open status                              : Disabled

Enhanced-open transition-mode service-template   : N/A

User authentication mode                         : 802.1X

Intrusion protection                             : Disabled

Intrusion protection mode                        : Temporary-block

Temporary block time                             : 180 sec

Temporary service stop time                      : 20 sec

Fail VLAN ID                                     : Not configured

802.1X handshake                                 : Disabled

802.1X handshake secure                          : Disabled

802.1X domain                                    : imc

MAC-auth domain                                  : Not configured

Max 802.1X users per BSS                         : 4096

Max MAC-auth users per BSS                       : 4096

802.1X re-authenticate                           : Disabled

Authorization fail mode                          : Online

Accounting fail mode                             : Online

Authorization                                    : Permitted

Key derivation                                   : SHA1

PMF status                                       : Disabled

Hotspot policy number                            : Not configured

Forwarding policy status                         : Disabled

Forwarding policy name                           : Not configured

Forwarder                                        : AC

FT Status                                        : Enable

FT Method                                        : over-the-ds

FT Reassociation Deadline                        : 20 sec

QoS trust                                        : Port

QoS priority                                     : 0

QoS U-APSD mode                                  : 1

BTM status                                       : Disabled

# Verify that the roaming status is N/A and the FT status is Active.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : 1

Radio ID                           : 1

Channel                            : 36

SSID                               : service

BSSID                              : 000f-e266-7788

VLAN ID                            : 1

VLAN ID2                           : N/A

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : Open system

Security mode                      : RSN

AKM mode                           : 802.1X

Encryption cipher                  : CCMP

User authentication mode           : 802.1X

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Active

# Move the client to the coverage of AP 2. (Details not shown.)

# Verify that the authentication method is FT and the roaming status is Intra-AC roam.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : fc25-3f03-8361

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 2

AP name                            : 2

Radio ID                           : 1

Channel                            : 36

SSID                               : service

BSSID                              : 000f-e211-2233

VLAN ID                            : 1

VLAN ID2                           : N/A

Sleep count                        : 242

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/11

Authentication method              : FT

Security mode                      : RSN

AKM mode                           : 802.1X

Encryption cipher                  : CCMP

User authentication mode           : 802.1X

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : Intra-AC roam

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy name                : Not configured

Online time                        : 0days 0hours 5minutes 13seconds

FT status                          : Active

802.11v

About 802.11v

802.11v defines BSS transition management (BTM), which enables clients to roam to the optimal AP if the signal strength of the current AP is low or if a better AP is discovered.

As shown in Figure 9, BTM operates as follows:

1.     If the RSSI of the currently associated AP is too low or the client discovered a better AP, the client sends a BTM query to the associated AP. Upon receiving the query, the AP responds with a BTM request.

A BTM request contains information about recommended BSSs.

2.     Upon receiving the BTM request, the client determines whether to disconnect from the current AP and roam to a recommended AP.

3.     If the client determines to perform a roaming, it sends a BTM response to the AP. If the client fails to leave the current BSS before the disassociation timer expires, the AP sends a disassociation request to the client and logs off the client.

Figure 9 BSS transition

 

Restrictions and guidelines: 802.11v configuration

802.11v supports only intra-AC roaming in the current software version.

Enabling BTM

Restrictions and guidelines

Make sure the service template is disabled before you perform this task.

For BTM to take effect on all clients, use the bss transition-management disassociation command to enable BTM disassociation.

Procedure

1.     Enter system view.

system-view

2.     Enter service template view.

wlan service-template service-template-name

3.     Enable BTM.

bss transition-management enable

By default, BTM is disabled.

Configuring BTM disassociation

About this task

With BTM disassociation configured, an AP sends a BTM request to a client upon receiving a BTM query from the client and guides the client for BSS transition. With forced BTM disassociation configured, the AP forcibly logs off the client if the client fails to leave the current BSS before the disassociation timer expires.

Restrictions and guidelines

Forced BTM disassociation will forcibly log off a client. Use this feature with caution.

For BTM disassociation to take effect, enable BTM first.

Procedure

1.     Enter system view.

system-view

2.     Enter service template view.

wlan service-template service-template-name

3.     Enable BTM disassociation and configure forced disassociation.

bss transition-management disassociation { forced | recommended } [ timer time ]

By default, recommended BTM disassociation is enabled and the disassociation timeout is 90 seconds.

Example: Configuring 802.11v

Network configuration

As shown in Figure 10, configure 802.11v for the AP to guide the client to an optimal AP.

Figure 10 Network diagram

Procedure

# Create service template service.

<AC> system-view

[AC] wlan service-template service

# Set the SSID to service.

[AC-wlan-st-service] ssid service

# Enable BTM.

[AC-wlan-st-service] bss transition-management enable

# Specify the BTM disassociation timeout as 45 seconds.

[AC-wlan-st-service] bss transition-management disassociation recommended timer 45

# Enable the service template.

[AC-wlan-st-service] service-template enable

[AC-wlan-st-service] quit

# Create AP ap1, specify the AP model and serial ID, enable the AP to obtain BSS candidate information, and bind service template service to radio 1 of AP ap1.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

[AC-wlan-ap-ap1] radio 1

[AC-wlan-ap-ap1-radio-1] sacp roam-optimize bss-candidate-list enable

[AC-wlan-ap-ap1-radio-1] service-template service

[AC-wlan-ap-ap1-radio-1] radio enable

[AC-wlan-ap-ap1-radio-1] quit

[AC-wlan-ap-ap1] quit

Verifying the configuration

# Verify that BTM has been enabled.

[AC] display wlan service-template service verbose

Service template name                           : service

 Description                                     : Not configured

 SSID                                            : service

 SSID-hide                                       : Disabled

 User-isolation                                  : Disabled

 Service template status                         : Disabled

 Maximum clients per BSS                         : Not configured

 Frame format                                    : Dot3

 Seamless roam status                            : Disabled

 Seamless roam RSSI threshold                    : 50

 Seamless roam RSSI gap                          : 20

 VLAN ID                                         : 1

 Service VLAN ID                                 : N/A

 Service VLAN TPID                               : dot1q

 AKM mode                                        : Not configured

 Security IE                                     : Not configured

 Cipher suite                                    : Not configured

 TKIP countermeasure time                        : 0 sec

 PTK lifetime                                    : 43200 sec

 PTK rekey                                       : Enabled

 GTK rekey                                       : Enabled

 GTK rekey method                                : Time-based

 GTK rekey time                                  : 86400 sec

 GTK rekey client-offline                        : Disabled

 WPA3 status                                     : Disabled

 PPSK                                            : Disabled

 PPSK Fail Permit                                : Enabled

 Enhance-open status                             : Disabled

 Enhanced-open transition-mode service-template  : N/A

 User authentication mode                        : Bypass

 Intrusion protection                            : Disabled

 Intrusion protection mode                       : Temporary-block

 Temporary block time                            : 180 sec

 Temporary service stop time                     : 20 sec

 Fail VLAN ID                                    : Not configured

 802.1X handshake                                : Disabled

 802.1X handshake secure                         : Disabled

 802.1X domain                                   : Not configured

 MAC-auth domain                                 : Not configured

 Max 802.1X users per BSS                        : 512

 Max MAC-auth users per BSS                      : 512

 802.1X re-authenticate                          : Disabled

 Authorization fail mode                         : Online

 Accounting fail mode                            : Online

 Authorization                                   : Permitted

 Key derivation                                  : SHA1

 PMF status                                      : Disabled

 Hotspot policy number                           : Not configured

 Forwarding policy status                        : Disabled

 Forwarding policy name                          : Not configured

 Forwarder                                       : AC

 FT status                                       : Disabled

 QoS trust                                       : Port

 QoS priority                                    : 0

 QoS U-APSD mode                                 : 1

 BTM status                                      : Enabled

# Verify that the client has come online.

<AC> display wlan client

Total number of clients: 3

 

MAC address    Username             AP name               R IP address      VLAN

4581-61ac-885a N/A                  ap1                   1 192.168.66.230  1

# Verify that the client has been logged off 45 seconds after the AP recommends an optimal AP for the client. (Details not shown.)

Cooperative roaming

About cooperative roaming

Cooperative roaming is defined by H3C to provide AP- and wireless client-guided roaming of wireless clients in an ESS by using IEEE802.11k, IEEE802.11r, and IEEE802.11v.

·     802.11k defines Beacon radio measurement, allowing monitoring of channel quality and resource performance on both 2.4 GHz and 5 GHz channels.

·     802.11r defines Fast BSS Transition (FT) to shorten transmission delay during client roaming, reducing disconnection rate and improving the roaming service quality.

·     802.11v defines BSS Transition Management (BTM) to guide 802.11v clients to the optimal AP, improving the access service quality.

Cooperative roaming also supports using APs to monitor 802.11v client signal strength and can proactively guide clients to better services.

Restrictions and guidelines: Cooperative roaming configuration

Cooperative roaming supports only intra-AC roaming in the current software version.

To use cooperative roaming, make sure the APs support Wi-Fi 6.

Configuring client anti-sticky

About this task

This feature enables APs to examine the signal strength of clients at the specified intervals. For an 802.11v client, its associated AP triggers a BSS transition to guide the client to a better BSS if the signal strength of the client is lower than the threshold. For a non-802.11v client, no action is performed.

With client anti-sticky enabled, the system logs off a client if the signal strength of the client cannot reach the RSSI threshold. This practice might cause frequent BSS transitions and affect user experience.

To solve this issue, configure ACL-based client anti-sticky to set different RSSI thresholds for clients matching different ACL rules.

Restrictions and guidelines

ACL-based client anti-sticky takes effect only when client anti-sticky is enabled.

You can bind only one ACL rule to a radio.

You can use the display wlan client verbose command to view client RSSIs, and configure ACL-based client anti-sticky based on the RSSIs.

Procedure

1.     Enter system view.

system-view

2.     Enter AP view or an AP group's AP model view.

¡     Enter AP view.

wlan ap ap-name

¡     Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3.     Enter radio view.

radio radio-id

4.     Configure client anti-sticky.

sacp anti-sticky { disable | enable [ rssi rssi-value ] [ interval interval ] [ forced-logoff ] }

By default:

¡     In radio view, a radio uses the configuration in an AP group's radio view.

¡     In an AP group's radio view, client anti-sticky is enabled.

5.     (Optional.) Configure ACL-based client anti-sticky.

¡     In radio view:

sacp anti-sticky acl { acl-number rssi rssi-value | remove }

¡     In an AP group's radio view:

sacp anti-sticky acl acl-number [ rssi rssi-value ]

By default:

¡     In radio view, a radio uses the configuration in AP group view.

¡     In an AP group's radio view, ACL-based client anti-sticky is not configured.

If you specify the remove keyword when executing the command in radio view, the radio does not perform ACL-based client anti-sticky.

Enabling an AP to obtain BSS candidate information

About this task

This feature enables an AP to send Beacon requests at specific intervals to clients that support Beacon measurement and obtain information about BSSs detected by the clients. Upon receiving such a request, a client responds with a Beacon Report frame to report BSS information.

With this feature disabled, the AP stops updating BSS candidate information and deletes all the candidates after the aging time expires.

If both this feature and BSS transition management are enabled, the system can guide clients to roam to better services based on BSS candidate information.

Restrictions and guidelines

This feature takes effect only on clients that come online after the feature is configured.

To examine if a client supports beacon measurement, use the display wlan client rm-capabilities command.

Procedure

1.     Enter system view.

system-view

2.     Enter AP view or an AP group's AP model view.

¡     Enter AP view.

wlan ap ap-name

¡     Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3.     Enter radio view.

radio radio-id

4.     Enable an AP to obtain BSS candidate information.

sacp roam-optimize bss-candidate-list { disable | enable [ interval interval ] }

By default:

¡     In radio view, an AP uses the configuration in an AP group's radio view.

¡     In an AP group's radio view, the BSS candidate obtaining feature is disabled.

Enabling data transmission holding during roaming

About this task

With advanced data transmission holding during roaming enabled, the device caches the data packets and sends the cached packets to the client to reduce the packet loss when the client signal strength is lower than the RSSI threshold specified by client anti-sticky. With advanced data transmission holding during roaming disabled, the device ages out the cached packets after a period of time and will not send the packets to the client. As a best practice, enable advanced data transmission holding during roaming in the cooperative roaming scenario enabled with client anti-sticky.

Restrictions and guidelines

To make this feature take effect, enable client association at the AC and enable the AC to forward client data traffic.

This feature is not supported in an AC hierarchy network.

Procedure

1.     Enter system view.

system-view

2.     Enter service template view.

wlan service-template service-template-name

3.     Enable advanced data transmission holding during roaming.

sacp roam-optimize traffic-hold enable advanced

By default, advanced data transmission holding during roaming is disabled.

Display and maintenance commands for cooperative roaming

Execute display commands in any view.

 

Task

Command

Display running configuration for the specified AP or all APs.

display wlan ap { all | name ap-name } running-configuration [ verbose ]

Display client information.

display wlan client [ ap ap-name [ radio radio-id ] | mac-address mac-address | service-template service-template-name | frequency-band { 2.4 | 5 } | vlan vlan-id ] [ verbose ]

Display radio resource measurement capabilities reported by clients.

display wlan client rm-capabilities [ mac-address mac-address ]

Display the client roaming history.

display wlan sacp move-history [ mac-address mac-address ]

Display service template information.

display wlan service-template [ service-template-name ] [ verbose ]

 

NOTE:

·     For more information about the display wlan service-template and display wlan client commands, see WLAN access commands in WLAN Command Reference.

·     For more information about the display wlan ap name running-configuration command, see AP management commands in WLAN Command Reference.

Example: Configuring cooperative roaming

Network configuration

As shown in Figure 10, most clients in the network support 802.11k and 802.11v. Configure cooperative roaming for clients to roam in the ESS seamlessly.

Figure 11 Network diagram

Restrictions and guidelines

If most clients in the network do not support 802.11k or 802.11v, you can configure BTM, BTM disassociation, anti-sticky, and advanced data transmission holding for clients to perform seamless roaming.

Procedure

# Configure interface IP addresses and route settings. Make sure the devices can reach each other. (Details not shown.)

# Create service template wifi6_zero.

<AC> system-view

[AC] wlan service-template wifi6_zero

# Set the SSID to wifi6_zero.

[AC-wlan-st-wifi6_zero] ssid wifi6_zero

# Enable BTM.

[AC-wlan-st-wifi6_zero] bss transition-management enable

# (Optional.) Specify the BTM disassociation timeout as 45 seconds.

[AC-wlan-st-wifi6_zero] bss transition-management disassociation recommended timer 45

# (Optional.) Enable advanced data transmission holding.

[AC-wlan-st-wifi6_zero] sacp roam-optimize traffic-hold enable advanced

# Enable FT. If clients in the network are of an old model and do not support FT, do not enable FT as a best practice.

[AC-wlan-st-wifi6_zero] ft enable

# Enable the service template.

[AC-wlan-st-wifi6_zero] service-template enable

[AC-wlan-st-wifi6_zero] quit

# Create AP ap1 and specify the serial ID.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

# Enter radio view of radio 1.

[AC-wlan-ap-ap1] radio 1

# Enable radio resource measurement.

[AC-wlan-ap-ap1-radio-1] resource-measure enable

# (Optional.) Enable the AP to obtain BSS candidate information.

[AC-wlan-ap-ap1-radio-1] sacp roam-optimize bss-candidate-list enable

# (Optional.) Enable client anti-sticky, set the RSSI threshold to 30, set the detection interval to 2 seconds, and enable forced logoff.

[AC-wlan-ap-ap1-radio-1] sacp anti-sticky enable rssi 30 interval 2 forced-logoff

# Bind service template wifi6_zero to radio 1 of AP ap1.

[AC-wlan-ap-ap1-radio-1] service-template wifi6_zero

[AC-wlan-ap-ap1-radio-1] radio enable

[AC-wlan-ap-ap1-radio-1] quit

[AC-wlan-ap-ap1] quit

# (Optional.) Configure ACL-based client anti-sticky.

 

 

NOTE:

If multiple types of clients exist and the client transmit power differs greatly, client signal strength detected by the AP might have large differences. In this case, configure ACL-based client anti-sticky as a best practice.

1.     Create an ACL rule to permit all packets from the client. In this example, the client MAC address is CCC9-5DE2-512D.

[AC] acl number 4500

[AC-acl-mac-4500] rule permit source-mac ccc9-5de2-512d ffff-ff00-0000

[AC-acl-mac-4500] quit

2.     Specify ACL 4500 for ACL-based client anti-sticky and set the RSSI threshold to 25 for radio 1 of AP ap1. If the signal strength of the client drops below –25 dBm, the AP will guide the client to roam to another AP.

[AC] wlan ap ap1

[AC-wlan-ap-ap1] radio 1

[AC-wlan-ap-ap1-radio-1] sacp anti-sticky acl 4500 rssi 25

[AC-wlan-ap-ap1-radio-1] quit

[AC-wlan-ap-ap1] quit

Verifying the configuration

# Verify that BTM is enabled.

[AC] display wlan service-template wifi6_zero verbose

 Service template name                            : wifi6_zero

 Description                                      : Not configured

 SSID                                             : wifi6_zero

 SSID-hide                                        : Disabled

 User-isolation                                   : Disabled

 Service template status                          : enabled

 Maximum clients per BSS                          : Not configured

 Frame format                                     : Dot3

 Seamless roam status                             : Disabled

 Seamless roam RSSI threshold                     : 50

 Seamless roam RSSI gap                           : 20

 VLAN ID                                          : 1

 Service VLAN ID                                  : N/A

 Service VLAN TPID                                : dot1q

 AKM mode                                         : Not configured

 Security IE                                      : Not configured

 Cipher suite                                     : Not configured

 TKIP countermeasure time                         : 0 sec

 PTK lifetime                                     : 43200 sec

 PTK rekey                                        : Enabled

 GTK rekey                                        : Enabled

 GTK rekey method                                 : Time-based

 GTK rekey time                                   : 86400 sec

 GTK rekey client-offline                         : Disabled

 WPA3 status                                      : Disabled

 PPSK                                             : Disabled

 PPSK Fail Permit                                 : Enabled

 Enhance-open status                              : Disabled

 Enhanced-open transition-mode service-template   : N/A

 User authentication mode                         : Bypass

 Intrusion protection                             : Disabled

 Intrusion protection mode                        : Temporary-block

 Temporary block time                             : 180 sec

 Temporary service stop time                      : 20 sec

 Fail VLAN ID                                     : Not configured

 802.1X handshake                                 : Disabled

 802.1X handshake secure                          : Disabled

 802.1X domain                                    : Not configured

 MAC-auth domain                                  : Not configured

 Max 802.1X users per BSS                         : 512

 Max MAC-auth users per BSS                       : 512

 802.1X re-authenticate                           : Disabled

 Authorization fail mode                          : Online

 Accounting fail mode                             : Online

 Authorization                                    : Permitted

 Key derivation                                   : SHA1

 PMF status                                       : Disabled

 Hotspot policy number                            : Not configured

 Forwarding policy status                         : Disabled

 Forwarding policy name                           : Not configured

 Forwarder                                        : AC

 FT status                                        : Enabled

 FT method                                        : Over-the-air

 FT reassociation deadline                        : 20 sec

 QoS trust                                        : Port

 QoS priority                                     : 0

 QoS U-APSD mode                                  : 1

 BTM status                                       : Enabled

# View the radio resource measurement capabilities of the client.

[AC] display wlan client rm-capabilities

Total number of clients: 1

 

 MAC address                       : ccc9-5de2-512d

 Neighbor report capability        : Disabled

 Beacon passive measurement        : Enabled

 Beacon active measurement         : Enabled

 Beacon table measurement          : Disabled

# Verify that the online client supports 802.11v BTM.

[AC] display wlan client verbose

Total number of clients: 1

 

MAC address                        : ccc9-5de2-512d

IPv4 address                       : 10.1.1.114

IPv6 address                       : N/A

Username                           : N/A

AID                                : 1

AP ID                              : 2

AP name                            : ap1

Radio ID                           : 1

Channel                            : 64

SSID                               : wifi6_zero

BSSID                              : 0026-3e08-1150

VLAN ID                            : 1

VLAN ID2                           : N/A

Sleep count                        : 0

Wireless mode                      : 802.11ax

Channel bandwidth                  : 80MHz

SM power save                      : Disabled

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

5G 40And80MHz Channel bandwidth    : Supported

5G 160MHz Channel bandwidth        : Not Supported

5G 8080MHz Channel bandwidth       : Not Supported

OFDMA random access RUs            : Not supported

Supported HE-MCS set               : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11

TWT scheduled                      : no

QoS mode                           : WMM

Listen interval                    : 20

RSSI                               : 40

Rx/Tx rate                         : 54/6 Mbps

Speed                              : 0.968/0.104 Mbps

Authentication method              : Open system

Security mode                      : PRE-RSNA

AKM mode                           : Not configured

Cipher suite                       : N/A

User authentication mode           : Bypass

WPA3 status                        : N/A

Authorization CAR                  : N/A

Authorization ACL ID               : N/A

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : N/A

Forwarding policy name             : Not configured

Online time                        : 0days 0hours 1minutes 53seconds

FT status                          : Inactive

BTM status                         : Active

# View the running configuration on the AP.

[AC] display wlan ap all running-configuration verbose

(i) -- Inherited from AP group

(g) -- Inherited from AP global-configuration

 

#

wlan ap ap1 model WA6320 id 2

  ap group name default-group

  serial-id 219801A28N819CE0002T

  region code CN (g)

  echo interval 10 (i)

 

  radio 1

    radio type 802.11ax

    radio enable

    channel auto<52> (i)

    channel unlock (i)

    fragment-threshold 2346 (i)

    max-power 20 (i)

    power unlock (i)

    distance 1 kilometer (i)

    ANI Enabled (i)

    sacp anti-sticky enable rssi 35 interval 2 forced-logoff 1

    sacp anti-sticky acl 4500 rssi 30

 

  radio 2

     radio type 802.11n(2.4GHz) (i)

    radio disable (i)

    channel auto<11> (i)

    channel unlock (i)

    fragment-threshold 2346 (i)

    max-power 20 (i)

    power unlock (i)

    distance 1 kilometer (i)

    ANI Enabled (i)

    sacp anti-sticky enable rssi 20 interval 3 forced-logoff 0 (i)

    sacp anti-sticky acl disable (i)


Configuring mobility groups 

About mobility groups

A mobility group contains multiple member devices among which clients can roam without IP or authorization changes. Mobility groups expand the scale in which clients can roam.

 

Restrictions: Hardware compatibility with mobility group

For information about MSR routers that can function as ACs, see "Compatibility of hardware and AC functionality."

Restrictions and guidelines: Mobility group configuration

For a service template where an AP is configured as the client authenticator, WLAN roaming is not supported. For more information about client authentication, see "Configuring WLAN authentication."

Enabling SNMP notifications for WLAN roaming

About this task

To report critical WLAN roaming events to an NMS, enable SNMP notifications for WLAN roaming. For WLAN roaming event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Procedure

1.     Enter system view.

system-view

2.     Enable SNMP notifications for WLAN roaming.

snmp-agent trap enable wlan mobility

By default, SNMP notifications for WLAN roaming are disabled.

Display and maintenance commands for mobility groups

Execute display commands in any view.

 

Task

Command

Display the number of roamings for each client on the HA.

display wlan mobility roam-count

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网