06-WLAN Access Command Reference

HomeSupportResource CenterH3C Access Controllers Command References(R5426P02)-6W10406-WLAN Access Command Reference
01-WLAN access commands
Title Size Download
01-WLAN access commands 469.58 KB

Contents

WLAN access commands· 1

access-control acl 1

accounting-level 2

aggregation-ac· 3

beacon ssid-hide· 5

broadcast-probe reply· 5

classifier acl 6

client association-location· 8

client behavior-local network-flow-forwarding enable· 8

client cache aging-time· 9

client forwarding-location· 10

client forwarding-policy enable· 12

client forwarding-policy-name· 14

client frame-format 16

client idle-timeout 17

client keep-alive· 17

client keep-alive interval 18

client max-count 19

client preferred-vlan authorized· 20

client report-mandatory· 20

client smart-access enable· 21

client vlan-alloc· 22

client-mac· 24

client-statistics-report 24

customlog format wlan· 25

description· 26

display wlan ap all client-number 26

display wlan ap all radio client-number 27

display wlan ap region-code· 27

display wlan ap-group all client-number 28

display wlan blacklist 29

display wlan bss· 29

display wlan client 31

display wlan client ipv6· 37

display wlan client online-duration· 37

display wlan client status· 38

display wlan forwarding-policy· 40

display wlan guest-tunnel 42

display wlan service-template· 44

display wlan statistics client 49

display wlan statistics connect-history· 50

display wlan statistics service template· 51

display wlan statistics vip-client 52

display wlan whitelist 53

edge-ac· 53

inherit exclude service-template· 55

keep-alive interval 56

nas-id· 58

nas-port-id· 59

nas-port-type· 60

nas-vlan· 61

non-vip limit rate· 61

quick-association enable· 62

region-code (AP provision view/AP group provision view) 63

region-code (AP view/AP group view/global configuration view) 66

region-code-ie· 68

region-code-lock· 69

report-interval 70

reset wlan client 71

reset wlan dynamic-blacklist 71

reset wlan guest-tunnel 72

reset wlan statistics client 73

reset wlan statistics service-template· 74

roam-enhance· 74

service-template· 75

service-template enable· 77

snmp-agent trap enable wlan client 78

snmp-agent trap enable wlan client-audit 78

ssid· 79

unknown-client 79

vlan· 80

wlan accounting-policy· 81

wlan apply accounting-policy· 81

wlan association optimization· 82

wlan client forwarding enable· 83

wlan client forwarding-policy-name· 85

wlan client reauthentication-period· 87

wlan dynamic-blacklist active-on-ap· 87

wlan dynamic-blacklist lifetime· 88

wlan forwarding-policy· 88

wlan guest-tunnel 90

wlan guest-tunnel flow-distribute enable· 92

wlan imc· 93

wlan link-test 94

wlan nas-port-id format 96

wlan permit-ap-group· 97

wlan permit-ssid· 98

wlan service-template· 98

wlan static-blacklist mac-address· 99

wlan vip-client-group· 100

wlan web-server api-path· 100

wlan web-server host 101

wlan web-server max-client-entry· 102

wlan whitelist mac-address· 102

 


WLAN access commands

The WX1800H series, WX2500H series and WX3000H series access controllers do not support parameters or commands that are available only in IRF mode.

The AP models and serial numbers in this document are used only as examples. Support for AP models and serial numbers depends on the AC model.

access-control acl

Use access-control acl to specify an ACL for ACL-based access control.

Use undo access-control acl to restore the default.

Syntax

access-control acl acl-number

undo access-control acl

Default

No ACL is specified.

Views

AP view

Service template view

Predefined user roles

network-admin

Parameters

acl-number: Specifies the number of a Layer 2 ACL, in the range of 4000 to 4999.

Usage guidelines

This feature controls client access by using the specified ACL rules. When the device receives an association request, it performs the following actions:

·     Allows the client to access the WLAN if the MAC address of the client matches the MAC address attribute or MAC address OUI attribute in a rule and the rule action is permit. If multiple clients match the OUI attribute, all these clients are allowed to access the WLAN.

·     Denies the client's access to the WLAN if no match is found or the matched rule has a deny statement.

When you configure this feature, follow these restrictions and guidelines:

·     If the specified ACL contains a deny statement, configure a permit statement for the ACL to permit all clients. If you do not do so, no clients can come online.

·     ACL-based access control configuration takes precedence over whitelist and blacklist configuration.

·     You can specify only one ACL. If you execute this command multiple times, the most recent configuration takes effect.

·     The configuration in AP view takes precedence over the configuration in service template view.

Examples

# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for service template service1.

<Sysname> system-view

[Sysname] acl mac 4000

[Sysname-acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff

[Sysname-acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000

[Sysname-acl-mac-4000] rule 2 deny

[Sysname-acl-mac-4000] quit

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] access-control acl 4000

# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for AP ap1.

<Sysname> system-view

[Sysname] acl mac 4000

[Sysname-acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff

[Sysname-acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000

[Sysname-acl-mac-4000] rule 2 deny

[Sysname-acl-mac-4000] quit

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] access-control acl 4000

accounting-level

Use accounting-level to specify a traffic level for ACL-based accounting.

Use undo accounting-level to remove the accounting configuration for a traffic level.

Syntax

accounting-level level acl { acl-number | ipv6 ipv6-acl-number }

undo accounting-level level

Default

No traffic levels are specified for ACL-based accounting.

Views

Accounting policy view

Predefined user roles

network-admin

Parameters

level: Specifies the traffic level in the range of 1 to 8.

acl-number: Specifies an IPv4 ACL number in the range of 3000 to 3999.

ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 3000 to 3999.

Usage guidelines

An accounting policy takes effect on matching packets no matter whether the ACL action is deny or permit.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the traffic level as 1 for packets matching ACL 3000 in accounting policy view of policy abc.

<Sysname> system-view

[Sysname] wlan accounting-policy abc

[Sysname-wlan-acctpolicy-abc] accounting-level 1 acl 3000

Related commands

wlan accounting-policy

aggregation-ac

Use aggregation-ac to specify an aggregation AC for an edge AC.

Use undo aggregation-ac to delete a specified aggregation AC for an edge AC.

Syntax

aggregation-ac ip ipv4-address tunnel-source ip ipv4-address vlan vlan-id-list

undo aggregation-ac { all | ip ipv4-address [ vlan vlan-id-list ] }

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

No

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Default

No aggregation AC is specified for an edge AC.

Views

Edge AC view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies the IPv4 address of an aggregation AC.

tunnel-source ip ipv4-address: Specifies the source IPv4 address that the edge AC uses to establish a guest tunnel with the aggregation AC.

vlan vlan-id-list: Specifies a space-separated list of up to 10 guest VLAN items. Each VLAN item specifies a VLAN ID or a range of VLAN IDs in the form of start-vlan-id to end-vlan-id. The end VLAN ID must be greater than the start VLAN ID. Valid VLAN IDs are from 1 to 4094.

all: Specifies all aggregation ACs.

Usage guidelines

An edge AC can establish guest tunnels with multiple aggregation ACs, but these tunnels must belong to different VLANs.

An edge AC can establish multiple guest tunnels with an aggregation AC, but it must use different source IP addresses to establish tunnels with different aggregation AC interfaces. If you specify multiple IP addresses of an aggregation AC for the same edge AC IP address, the aggregation AC uses only the IP address in the first received keepalive request for tunnel establishment.

Examples

# Specify an aggregation AC with IP address 192.168.2.21 for the edge AC, configure the edge AC to use IP address 192.168.2.20 to establish a guest tunnel with the aggregation AC, and specify the guest VLAN as VLAN 7.

<Sysname> system-view

[Sysname] wlan guest-tunnel edge-ac

[Sysname-wlan-edge-ac] aggregation-ac ip 192.168.2.21 tunnel-source ip 192.168.2.20 vlan 7

Related commands

edge-ac

keep-alive interval

beacon ssid-hide

Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames.

Use undo beacon ssid-hide to restore the default.

Syntax

beacon ssid-hide

undo beacon ssid-hide

Default

The SSID is advertised in beacon frames.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command disables a radio from carrying SSIDs in the beacon frames and responding to probe requests after the specified service template is bound to the radio.

Examples

# Disable advertising the SSID in beacon frames.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] beacon ssid-hide

broadcast-probe reply

Use broadcast-probe reply enable to enable an AP to respond to broadcast probe requests.

Use broadcast-probe reply disable to disable an AP from responding to broadcast probe requests.

Use undo broadcast-probe reply to restore the default.

Syntax

broadcast-probe reply { disable | enable }

undo broadcast-probe reply

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, an AP responds to broadcast probe requests.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

Broadcast probe requests do not carry an SSID. Upon receiving a broadcast probe request, an AP responds with a probe response that carries service information for the AP. To ensure that clients that send unicast probe requests can associate with the AP, disable the AP from responding to broadcast probe requests.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Disable AP ap1 from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] broadcast-probe reply disable

# Disable APs in AP group group1 from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] broadcast-probe reply disable

classifier acl

Use classifier acl to configure a forwarding rule for a forwarding policy.

Use undo classifier acl to remove a forwarding rule.

Syntax

classifier acl { acl-number | ipv6 ipv6-acl-number } behavior { local | remote }

undo classifier acl { acl-number | ipv6 ipv6-acl-number }

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

·     WX3024H-F

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Yes

WX5800H series

WX5860H

EWP-WX5860H-GL

Yes

Default

No forwarding rules are configured.

Views

Forwarding policy view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an IPv4 or Layer 2 ACL number in the range of 2000 to 4999.

ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 2000 to 3999.

behavior: Specifies a forwarding mode for traffic that matches the specified ACL.

local: Specifies the local forwarding mode.

remote: Specifies the centralized forwarding mode.

Usage guidelines

Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.

A forwarding rule takes effect immediately after it is created. You can configure a maximum of 1000 forwarding rules for a forwarding policy.

Examples

# Configure a forwarding rule to locally forward packets that match ACL 2000.

<sysname> system-view

[sysname] wlan forwarding-policy abc

[sysname-wlan-fp-abc] classifier acl 2000 behavior local

client association-location

Use client association-location to enable client association at the AC or APs.

Use undo client association-location to restore the default.

Syntax

client association-location { ac | ap }

undo client association-location

Default

Client association is performed at the AC.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Enables client association at the AC.

ap: Enables client association at APs.

Usage guidelines

Make sure the service template is disabled before you execute this command.

Examples

# Enable client association at the AC.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client association-location ac

client behavior-local network-flow-forwarding enable

Use client behavior-local network-flow-forwarding enable to enable APs to forward client traffic to the external network when local forwarding is enabled.

Use undo client behavior-local network-flow-forwarding enable to disable APs from forwarding client traffic to the external network when local forwarding is enabled.

Syntax

client behavior-local network-flow-forwarding enable

undo client behavior-local network-flow-forwarding enable

Default

APs drop client packets destined to the external network when local forwarding is enabled.

Views

WLAN forwarding policy view

Predefined user roles

network-admin

Usage guidelines

When local forwarding is enabled, APs drop client packets destined to the external network. This feature enables an AP to replace the destination MAC address of a client packet destined to the external network with the AP's MAC address. Through NAT, the packet's source IP address is converted to an IP address in the same network segment as the AP. This enables APs to forward client traffic to an external network correctly.

This feature is available only on APs that support NAT.

Examples

# Enable APs to forward client packets destined to the external network when local forwarding is enabled.

<Sysname> system-view

[Sysname] wlan forwarding-policy abc

[Sysname-wlan-fp-abc] client behavior-local network-flow-forwarding enable

Related commands

wlan forwarding-policy

client cache aging-time

Use client cache aging-time to set the aging time for the cache of clients.

Use undo client cache aging-time to restore the default.

Syntax

client cache aging-time aging-time

undo client cache aging-time

Default

The aging time for the cache of clients is 180 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the aging time for the cache of clients, in the range of 0 to 86400 seconds.

Usage guidelines

If you set the aging time to 0 seconds, the AC clears the client cache immediately when the clients go offline.

Make sure the service template is disabled before you execute this command.

Examples

# Set the aging time for the cache of clients to 100 seconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client cache aging-time 100

client forwarding-location

Use client forwarding-location to specify the client data traffic forwarder.

Use undo client forwarding-location to restore the default.

Syntax

client forwarding-location { ac | ap [ vlan { start-vlan [ to end-vlan ] } ] }

undo client forwarding-location

Default

Hardware series

Model

Product code

Default

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

The AC forwards client data traffic.

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

The AC forwards client data traffic.

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

·     WX3010H, WX3010H-X, WX3024H, WX3024H-F:
The AC forwards client data traffic.

·     WX3010H-L, WX3024H-L:
The APs forward client data traffic.

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

The AC forwards client data traffic.

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

The AC forwards client data traffic.

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

The AC forwards client data traffic.

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

The AC forwards client data traffic.

Hardware series

Model

Product code

Default

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

The AC forwards client data traffic.

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

The AC forwards client data traffic.

WX5800H series

WX5860H

EWP-WX5860H-GL

The AC forwards client data traffic.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Enables the AC to forward client data traffic.

The following compatibility matrixes show the support of hardware platforms for this keyword:

 

Hardware series

Model

Parameter compatibility

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2540H

WX2560H

Yes

WX3000H series

WX3010H

WX3010H-L

WX3010H-X

WX3024H

WX3024H-L

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

Yes

WX5500E series

WX5510E

WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

Yes

Access controller modules

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

Yes

Hardware series

Model

Parameter compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

Yes

WX3800H series

WX3820H

WX3840H

Yes

WX5800H series

WX5860H

Yes

ap: Enables APs to forward client data traffic.

vlan start-vlan to end-vlan: Specifies a VLAN ID range. The value range for the start-vlan and end-vlan arguments is 1 to 4094. If you do not specify this option, APs forward client data traffic from all VLANs.

Usage guidelines

Make sure the service template is disabled before you execute this command.

If APs forward client data traffic, you can specify a VLAN or a VLAN range for the APs to forward client data traffic from the specified VLANs. The AC forwards data traffic from other VLANs.

Make sure client traffic forwarding is enabled when the AC is configured as the client traffic forwarder.

Examples

# Configure APs to forward client data traffic from all VLANs.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] user-forward location ap

client forwarding-policy enable

Use client forwarding-policy enable to enable policy-based forwarding for a service template.

Use undo client forwarding-policy enable to disable policy-based forwarding for a service template.

Syntax

client forwarding-policy enable

undo client forwarding-policy enable

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

·     WX3024H-F

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Yes

WX5800H series

WX5860H

EWP-WX5860H-GL

Yes

Default

Policy-based forwarding is disabled for a service template.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Enable policy-based forwarding for a service template for the following forwarding policies to take effect:

·     The forwarding policy applied to the service template.

·     The forwarding policy applied to a user profile that uses the service template.

Examples

# Enable policy-based forwarding for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-policy enable

Related commands

client-security authentication-location

client forwarding-policy-name

Use client forwarding-policy-name to apply a forwarding policy to a service template.

Use undo client forwarding-policy-name to restore the default.

Syntax

client forwarding-policy-name policy-name

undo client forwarding-policy-name

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

·     WX3024H-F

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Yes

WX5800H series

WX5860H

EWP-WX5860H-GL

Yes

Default

No forwarding policy is applied to a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Make sure the service template is disabled before you execute this command.

For the forwarding policy to take effect, you must enable policy-based forwarding and specify the AC to perform client authentication for the service template.

Make sure the AC and its associated APs are in different network segments.

Examples

# Apply forwarding policy strategy to service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-policy-name strategy

Related commands

client forwarding-policy enable

client-security authentication-location

client frame-format

Use client frame-format to set the client data frame format.

Use undo client frame-format to restore the default.

Syntax

client frame-format { dot3 | dot11 }

undo client frame-format

Default

Client data frames are encapsulated in 802.3 format.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot3: Specifies the 802.3 format.

dot11: Specifies the 802.11 format.

Usage guidelines

This command takes effect only in centralized forwarding mode.

Make sure the service template is disabled before you execute this command.

Examples

# Configure the client data frames to be encapsulated in 802.11 format.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client frame-format dot11

Related commands

client forwarding-location

client idle-timeout

Use client idle-timeout to set the client idle timeout timer.

Use undo client idle-timeout to restore the default.

Syntax

client idle-timeout timeout

undo client idle-timeout

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the client idle timeout timer is 3600 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

timeout: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.

Usage guidelines

If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the client idle timeout timer to 2000 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client idle-timeout 2000

# Set the client idle timeout timer to 2000 seconds for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client idle-timeout 2000

client keep-alive

Use client keep-alive enable to enable client keepalive.

Use client keep-alive disable to disable client keepalive.

Use undo client keep-alive to restore the default.

Syntax

client keep-alive { disable | enable }

undo client keep-alive

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, client keepalive is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

disable: Disables client keepalive.

enable: Enables client keepalive.

Usage guidelines

This feature enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable client keepalive for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client keep-alive enable

# Enable client keepalive for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client keep-alive enable

Related commands

client keep-alive interval

client keep-alive interval

Use client keep-alive interval to set the client keepalive interval.

Use undo client keep-alive interval to restore the default.

Syntax

client keep-alive interval interval

undo client keep-alive interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the client keepalive interval is 300 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.

Usage guidelines

Enable client keepalive before you execute this command.

This feature enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the keepalive interval to 20 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client keep-alive 20

# Set the keepalive interval to 20 seconds for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client keep-alive interval 20

Related commands

client keep-alive enable

client max-count

Use client max-count to set the maximum number of associated clients for a service template.

Use undo client max-count to restore the default.

Syntax

client max-count max-number

undo client max-count

Default

The number of associated clients for a service template is not limited.

Views

Service template view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of clients in the range of 1 to 512.

Usage guidelines

With this feature configured, new clients cannot access the WLAN and the SSID is hidden when the maximum number is reached.

Examples

# Set the maximum number of associated clients to 38 for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client max-count 38

Related commands

beacon ssid-hide

client preferred-vlan authorized

Use client preferred-vlan authorized to configure clients to prefer the authorization VLAN after roaming.

Use undo client preferred-vlan authorized to configure client VLANs to remain unchanged after client roaming.

Syntax

client preferred-vlan authorized

undo client preferred-vlan authorized

Default

Clients prefer the authorization VLAN after roaming.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This feature takes effect only on 802.1X and MAC authentication clients.

Typically, the VLAN of a client remains unchanged after client roaming. However, if the client triggers a security alert configured on IMC after roams to another AP, the issued authorization VLAN for user isolation takes effect.

Examples

# Configure clients to prefer the authorization VLAN after roaming.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client preferred-vlan authorized

client report-mandatory

Use client report-mandatory to allow locally authenticated clients to come online after successful client information reporting.

Use undo client report-mandatory to allow locally authenticated clients to come online immediately after successful local authentication.

Syntax

client report-mandatory

undo client report-mandatory

Default

Locally authenticated clients come online after successful client information reporting.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

By default, an AP reports information about locally authenticated clients that pass authentication to the AC, and the AC creates client entries and informs the AP to get the clients online. If the CAPWAP tunnel between the AC and the AP operates incorrectly, clients might fail to come online and perform reauthentication repeatedly. To avoid this problem, you can allow clients to come online immediately after successful local authentication so that the AP can forward client traffic when the AC cannot be reached. The AP synchronizes client information to the AC when the tunnel recovers.

Examples

# Allow locally authenticated clients to come online immediately after successful local authentication.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client report-mandatory

client smart-access enable

Use client smart-access enable to enable smart client access.

Use undo client smart-access enable to restore the default.

Syntax

client smart-access enable

undo client smart-access enable

Default

Smart client access is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This feature enables H3C wireless clients to access the WLAN automatically when the AKM mode is set to PSK or when the radio is bound to an empty service template.

Examples

# Enable smart client access.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client smart-access enable

client vlan-alloc

Use client vlan-alloc to set the VLAN allocation method for clients.

Use undo client vlan-alloc to restore the default.

Syntax

client vlan-alloc { dynamic | static | static-compatible }

undo client vlan-alloc

Default

The VLAN allocation method for clients is dynamic.

Views

Service template view

Predefined user roles

network-admin

Parameters

dynamic: Specifies dynamic VLAN allocation.

static: Specifies static VLAN allocation.

static-compatible: Specifies compatible static VLAN allocation.

The following compatibility matrixes show the support of hardware platforms for the static-compatible keyword:

 

Hardware series

Model

Product code

Parameter compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Parameter compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

No

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Usage guidelines

When a client comes online for the first time, the associated AP assigns a random VLAN to it. When the client comes online again, the VLAN assigned to the client depends on the allocation method.

·     Static allocation—The client inherits the VLAN that has been assigned to it. If the IP address lease has not expired, the client will use the same IP address. This method helps save IP addresses.

·     Dynamic allocation—The radio re-assigns a VLAN to the client. This method balances clients in all VLANs.

·     Compatible static allocation—The client inherits the VLAN that has been assigned to it when roaming between Comware 5 and Comware 7 ACs.

Examples

# Set the VLAN allocation method for clients to dynamic.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client vlan-alloc dynamic

Related commands

service-template

client-mac

Use client-mac to add a client to the VIP client group.

Use undo ap-name to remove a client from the VIP client group.

Syntax

client-mac mac-address

undo client-mac mac-address

Default

No clients exist in the VIP client group.

Views

VIP client group view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a client by its MAC address. The MAC address must be in the H-H-H format, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted.

Usage guidelines

You can add both online and offline clients to the VIP client group.

You can add a maximum of 64 client MAC addresses.

Examples

# Add a client with MAC address a0cc-2bca-a305 to the VIP client group.

<Sysname> system-view

[Sysname] wlan vip-client-group

[Sysname-wlan vip-client-group] client-mac a0cc-2bca-a305

client-statistics-report

Use client-statistics-report enable to enable client statistics reporting.

Use client-statistics-report disable to disable client statistics reporting.

Use undo client-statistics-report to restore the default.

Syntax

client-statistics-report { disable | enable [ interval interval ] }

undo client-statistics-report

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, client statistics reporting is enabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval interval: Specifies the interval at which client statistics are reported, in the range of 2 to 120 seconds. The interval is 50 seconds by default.

Usage guidelines

This feature enables an AP to report client statistics to the AC at the specified intervals for client entry update. The AC informs the AP to log off a client if the client's information does not exist in the saved entries.

To avoid frequent client re-association, disable this feature when the network is in a bad condition.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable client statistics reporting and set the reporting interval to 20 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client-statistics-report enable interval 20

# Enable client statistics reporting and set the reporting interval to 20 seconds for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client-statistics-report enable interval 20

customlog format wlan

Use customlog format wlan to enable the device to generate client logs in the specified format.

Use undo customlog format wlan to restore the default.

Syntax

customlog format wlan { normal | sangfor }

undo customlog format wlan

Default

The device generates client logs only in H3C format.

Views

System view

Predefined user roles

network-admin

Parameters

normal: Specifies normal format.

sangfor: Specifies sangfor format.

Usage guidelines

By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.

You can configure the device to generate client logs in one of the following formats:

·     Normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.

·     Sangfor—Logs AP MAC address, client IP address, and client MAC address.

This feature does not affect the generation of client logs in H3C format.

Examples

# Enable the device to generate client logs in sangfor format.

<Sysname> system-view

[Sysname] customlog format wlan sangfor

description

Use description to configure a description for a service template.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 64 characters.

Examples

# Configure a description for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] description wlanst

display wlan ap all client-number

Use display wlan ap all client-number to display the number of online clients at the 2.4 GHz band and the 5 GHz band.

Syntax

display wlan ap all client-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of online clients at both the 2.4 GHz and 5 GHz bands.

<System> display wlan ap all client-number

AP name           Clients           2.4GHz            5GHz

ap1               2                 2                 0

Table 1 Command output

Field

Description

Clients

Total number of online clients.

2.4GHz

Number of online clients at the 2.4 GHz band.

5GHz

Number of online clients at the 5 GHz band.

display wlan ap all radio client-number

Use display wlan ap all radio client-number to display the number of online clients and channel information for each radio.

Syntax

display wlan ap all radio client-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of online clients and channel information for each radio.

<Sysname> display wlan ap all radio client-number

AP name                    RID     Channel     Clients

ap1                        1       44          12

ap1                        2       11          4

display wlan ap region-code

Use display wlan ap region-code to display region code information for all APs or the specified AP.

Syntax

display wlan ap { all | name ap-name } region-code

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display region code information for all APs.

<Sysname> display wlan ap all region-code

Region Code

AP name                         Region Code

ap1                             CN  CHINA

ap2                             CN  CHINA

ap3                             CN  CHINA

Table 2 Command output

Field

Description

Region Code

Region code. For more information about region codes, see Table 19.

display wlan ap-group all client-number

Use display wlan ap-group all client-number to display the number of online clients in each radio group.

Syntax

display wlan ap-group all client-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of online clients in each radio group.

<Sysname> display wlan ap-group all client-number

AP group name                    Group ID    Clients     2.4GHz      5GHz

default-group                    1           150         100         50

1                                2           250         50          200

Table 3 Command output

Field

Description

2.4GHz

Number of clients at the 2.4 GHz band.

5GHz

Number of clients at the 5 GHz band.

display wlan blacklist

Use display wlan blacklist to display blacklist entries.

Syntax

display wlan blacklist { dynamic | static }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Specifies the dynamic blacklist.

static: Specifies the static blacklist.

Examples

# Display static blacklist entries.

<Sysname> display wlan blacklist static

Total number of clients: 3

 MAC addresses:

  000e-35b2-000e

  0019-5b8e-b709

  001c-f0bf-9c92

# Display dynamic blacklist entries.

<Sysname> display wlan blacklist dynamic

Total number of clients: 3

MAC address     APID  Lifetime (s)  Duration (hh:mm:ss)

000f-e2cc-0001  1     300           00:02:11

000f-e2cc-0002  2     300           00:01:17

000f-e2cc-0003  3     300           00:02:08

Table 4 Command output

Field

Description

MAC address

Client MAC address.

APID

ID of the AP that detects the rogue client.

Lifetime (s)

Lifetime of the entry in seconds.

Duration (hh:mm:ss)

Duration for the entry since the entry was added to the dynamic blacklist.

display wlan bss

Use display wlan bss to display basic service set (BSS) information.

Syntax

 

display wlan bss { all | ap ap-name | bssid bssid } [ verbose ]

In IRF mode:

display wlan bss { all | ap ap-name | bssid bssid } [ slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all BSSs.

ap ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

bssid bssid: Specifies a BSS by its ID. The value is a 48-bit hexadecimal number in the format of H-H-H.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays client information on the master device. (In IRF mode.)

verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.

Examples

# Display brief information about all BSSs.

<Sysname> display wlan bss all

Total number of BSSs: 4

AP name                   RID  SSID                            BSSID

ap1                       1    SSID1                           001c-f08f-f804

ap1                       2    SSID1                           001c-f08f-f806

ap2                       1    SSID1                           001c-f0bf-9c92

ap2                       2    SSID1                           001c-f0bf-9c94

# Display detailed information about the BSS with ID 001c-f08f-f804 on member device 1.

<Sysname> display wlan bss bssid 001c-f08f-f804 slot 1 verbose

AP name                       : ap1

BSSID                         : 001c-f08f-f804

Radio ID                      : 1

Service template name         : servcie1

SSID                          : SSID1

VLAN ID                       : 1

AKM mode                      : Not configured

User authentication mode      : Bypass

Table 5 Command output

Field

Description

AKM mode

AKM mode:

·     802.1X.

·     PSK.

·     Not configured.

User authentication mode

User authentication mode:

·     Bypass—No client authentication.

·     MAC.

·     802.1X.

·     OUI.

display wlan client

Use display wlan client to display client information.

Syntax

display wlan client [ ap ap-name [ radio radio-id ] | mac-address mac-address | service-template service-template-name | frequency-band { 2.4 | 5 } ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Displays information about clients that are connected to the specified AP. The AP name is a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

radio radio-id: Displays information about clients that are connected to the specified radio. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays information about all clients that are connected to the specified AP.

mac-address mac-address: Specifies a client by its MAC address.

service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.

frequency-band: Displays information about clients working on the specified band.

2.4: Specifies the 2.4 GHz band.

5: Specifies the 5 GHz band.

verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.

Examples

# Display brief information about all clients.

<Sysname> display wlan client

Total number of clients: 3

 

MAC address    Username         AP name       RID   IP address          VLAN

000f-e265-6400 N/A                  ap1                   1 1.1.1.1         100

000f-e265-6401 user                 ap2                   1 3.0.0.3         200

84db-ac14-dd08 N/A                  ap1                   1 5.5.5.3         1

Table 6 Command output

Field

Description

MAC address

Client MAC address.

Username

Client username:

·     The field displays the client username if the client uses 802.1X or MAC authentication.

·     The field displays N/A if the client does not use 802.1X or MAC authentication.

NOTE:

If the client uses portal authentication, this field does not display the portal username of the client.

AP name

Name of the AP that the client is associated with.

R

ID of the radio that the client is associated with.

IP address

IPv4 address of the client.

VLAN ID

ID of the VLAN to which the client belongs.

# Display detailed information about the client with MAC address 000f-e265-6400.

<Sysname> display wlan client mac-address 000f-e265-6400 verbose

Total number of clients: 1

 

MAC address                        : 000f-e265-6400

IPv4 address                       : 10.1.1.114

IPv6 address                       : 2001::1234:5678:0102:0304

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : ap1

Radio ID                           : 1

SSID                               : office

BSSID                              : 0026-3e08-1150

VLAN ID                            : 3

Sleep count                        : 3

Wireless mode                      : 802.11gn

Channel bandwidth                  : 20MHz

20/40 BSS Coexistence Management   : Not supported

SM power save                      : Enabled

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15

Supported rates                    : 1, 2, 5.5, 6, 9, 11,

                                     12, 18, 24, 36, 48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/195 Mpbs

Authentication method              : Open system

Security mode                      : PRE-RSNA

AKM mode                           : Not configured

Cipher suite                       : N/A

User authentication mode           : Bypass

WPA3 status                        : Disabled

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Authorization CAR                  :

  Average input rate               : 102400 bps

  Average output rate              : 102400 bps

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forwarding policy name             : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Inactive

Table 7 Command output

Field

Description

MAC address

Client MAC address.

IPv4 address

Client IPv4 address.

IPv6 address

Client IPv6 address.

Username

Client username:

·     The field displays the client username if the client uses 802.1X or MAC authentication.

·     The field displays N/A if the client does not use 802.1X or MAC authentication.

NOTE:

If the client uses portal authentication, this field does not display the portal username of the client.

AID

Association ID.

AP ID

ID of the AP that the client is associated with.

AP name

Name of the AP that the client is associated with.

Radio ID

ID of the radio that the client is associated with.

SSID

SSID with which the client is associated.

VLAN ID

ID of the VLAN to which the client belongs.

Sleep count

Client sleep times.

Wireless mode

Wireless mode:

·     802.11a.

·     802.11b.

·     802.11g.

·     802.11gn.

·     802.11an.

·     802.11ac.

Channel bandwidth

Channel bandwidth:

·     20 MHz.

·     40 MHz.

·     80 MHz.

·     160 MHz.

20/40 BSS Coexistence Management

Whether the client supports 20/40MHz channel bandwidth coexistence.

SM Power Save

SM Power Save status:

·     Enabled—Only one antenna of a client operates in active state, and others operate in sleep state to save power.

·     Disabled.

Short GI for 20MHz

Whether the client supports short GI when its channel bandwidth is 20 MHz:

·     Supported.

·     Not supported.

Short GI for 40MHz

Whether the client supports short GI when its channel bandwidth is 40 MHz:

·     Supported.

·     Not supported.

Short GI for 80MHz

Whether the client supports short GI when its channel bandwidth is 80 MHz:

·     Supported.

·     Not supported.

Short GI for 160/80+80MHz

Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz:

·     Supported.

·     Not supported.

STBC Rx Capability

Client STBC receive capability;

·     Not Supported.

·     Supported.

STBC Tx Capability

Client STBC transmission capability:

·     Not Supported.

·     Supported.

LDPC Rx capability

Client LDPC receive capability;

·     Not Supported.

·     Supported.

SU beamformee capability

Client SU beamformee capability:

·     Not Supported.

·     Supported.

MU beamformee capability

Client MU beamformee capability:

·     Not Supported.

·     Supported.

Beamformee STS capability

Supported spatial stream quantity if the client is a beamformee receiver, in the range of 0 to 7 (the maximum spatial stream quantity specified by the MIMO mode minus one). This field displays N/A if the client cannot act as a beamformee receiver.

Number of Sounding Dimensions

Supported spatial stream quantity if the client is a beamformee transmitter, in the range of 0 to 7 (the maximum spatial stream quantity specified by the MIMO mode minus one). This field displays N/A if the client cannot act as a beamformee transmitter.

Block Ack

Negotiation result of Block ACK with TID:

·     TID 0 In—Sends Block ACK for inbound traffic.

·     TID 0 Out—Sends Block ACK for outbound traffic.

·     TID 0 Both—Sends Block ACK for both inbound and outbound traffic.

·     N/A—Does not send Block ACK for both inbound and outbound traffic.

Supported VHT-MCS set

VHT-MCS supported by the client.

Supported HT MCS set

HT-MCS supported by the client.

QoS mode

QoS mode:

·     N/A—WMM is not supported.

·     WMM—WMM is supported.

WMM information negotiation is carried out between an AP and a client that both support WMM.

Listen interval

Interval at which the client wakes up to listen for beacon frames. It is counted by beacon interval.

RSSI

Received signal strength indication. This value indicates the client signal strength detected by the AP.

Rx/Tx rate

Sending and receiving rates of data, management, and control frames.

Authentication method

Authentication method:

·     Open system.

·     Shared key.

·     SAE.

Security mode

Security mode:

·     RSN—Beacons and probe responses carry RSN IE.

·     WPA—Beacons and probe responses carry WPA IE.

·     PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE.

AKM mode

AKM mode:

·     802.1X.

·     PSK.

·     Not configured.

Cipher suite

Cipher suite:

·     N/A.

·     WEP40.

·     WEP104.

·     WEP128.

·     CCMP.

·     TKIP.

·     GCMP.

User authentication mode

User authentication mode:

·     Bypass—No client authentication.

·     MAC.

·     802.1X.

·     OUI.

WPA3 status

WPA3 status:

·     Disabled.

·     Enabled.

·     N/A.

Authorization ACL ID

Authorized ACL number:

·     This field displays the ACL number if the authorized ACL takes effect.

·     This field displays ACL number(Not effective) if the authorized ACL does not take effect.

·     This field displays N/A if the authentication server is configured without any authorized ACL.

Authorization user profile

Name of the authorized user profile:

·     This field displays the authorized user profile name if the authorized user profile takes effect.

·     This field displays authorized user profile name + Not effective if the authorized user profile does not take effect.

·     This field displays N/A if the authentication server is configured without any authorized user profile.

Authorization CAR

Authorization CAR:

·     Average input rate—Average uplink rate in bps.

·     Average output rate—Average downlink rate in bps.

·     N/A—This field displays N/A if the authentication server is not configured with authorization CAR for users.

Roam status

Roam status:

·     Roaming in progress.

·     Inter-AC roam.

·     Inter-MA roam.

·     Intra-AC roam.

·     Intra-MA roam.

·     This field displays N/A if the client stays in one BSS after coming online.

Key derivation

Key derivation type:

·     SHA1—Uses the HMAC-SHA1 hash algorithm.

·     SHA256—Uses the HMAC-SHA256 hash algorithm.

·     SHA384—Uses the HMAC-SHA384 hash algorithm.

·     N/A—No key derivation algorithm is involved for the authentication type.

PMF status

PMF status:

·     Enabled—Management frame protection is enabled.

·     Disabled—Management frame protection is disabled.

·     N/A—Management frame protection is not involved.

Forwarding policy name

WLAN forwarding policy name:

·     Not configured.

·     Policy-name.

Online time

Client online duration.

FT status

Fast BSS transition (FT):

·     Active—FT is enabled.

·     Inactive—FT is disabled.

display wlan client ipv6

Use display wlan client ipv6 to display information about client IPv6 addresses.

Syntax

display wlan client ipv6

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display brief status information about the specified client.

<Sysname> display wlan client ipv6

MAC address    AP name               IPv6 address                            VLAN

84db-ac14-dd08 ap1                   1::2:0:0:3                              300

Table 8 Command output

Field

Description

MAC address

Client MAC address.

IPv6 address

Client IPv6 address.

display wlan client online-duration

Use display wlan client online-duration to display client online duration.

Syntax

display wlan client online-duration [ ap ap-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

Examples

# Display brief information about client online duration.

<Sysname> display wlan client online-duration

Total number of online clients: 2

MAC address            IPv4 address    Online duration

a4c1-5b79-fa5b-1d62    192.168.11.123  0days 0hours 2minutes 23seconds

22d3-c5b7-a4b5-96fa    192.168.11.234  0days 0hours 5minutes 34seconds

Table 9 Command output

Field

Description

MAC address

Client MAC address.

IPv4 address

Client IPv4 address.

Online duration

Client online duration.

display wlan client status

Use display wlan client status to display client status information.

Syntax

display wlan client status [ mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.

verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.

Examples

# Display brief status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804

Total number of clients: 1

 

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name          RID

001c-f08f-f804  41ms         0     39/117Mbps      0.00     ap2              2

# Display brief status information about all clients.

<Sysname> display wlan client status

Total number of clients: 2

 

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name          RID

000b-c002-9d09  41ms         65    39/117Mbps      0.00%    ap2              2

000f-e265-6401  10ms         62    130/195Mbps     0.00%    ap1              1

Table 10 Command output

Field

Description

MAC address

Client MAC address.

Access time

Time the client took to associate with the WLAN.

RSSI

RSSI of the client.

Rx/Tx rate

Rates at which the client receives and sends data, management packets, and control packets.

Discard

Ratio of packets discarded by the client.

AP name

Name of the AP with which the client is associated.

RID

ID of the radio with which the client is associated.

# Display detailed status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose

Total number of clients: 1

 

MAC address                       : 001c-f08f-f804

AP name                           : ap2

Radio ID                          : 2

Access time                       : 41 ms

RSSI                              : 0

Rx/Tx rate                        : 39/117 Mbps

Received:

 Retransmitted packets            : 84

 Retransmitted packet ratio       : 64.12 %

Sent:

 Retransmitted packets            : 0

 Retransmitted packet ratio       : 0.00 %

Discarded:

 Discarded packets                : 0

 Discarded packet ratio           : 0.00 %

Table 11 Command output

Field

Description

MAC address

Client MAC address.

AP name

Name of the AP that the client is associated with.

Radio ID

ID of the radio that the client is associated with.

Access time

Time the client took to associate with the WLAN.

RSSI

RSSI of the client.

Rx/Tx rate

Rates at which the client receives and sends data, management packets, and control packets.

Received

Received packet statistics:

·     Retransmitted packets.

·     Retransmitted packet ratio.

Sent

Sent packet statistics:

·     Retransmitted packets.

·     Retransmitted packet ratio.

Discarded

Discarded packet statistics:

·     Discarded packets.

·     Discarded packet ratio.

display wlan forwarding-policy

Use display wlan forwarding-policy to display WLAN forwarding policy information.

Syntax

display wlan forwarding-policy [ policy-name ]

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

·     WX3024H-F

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Yes

WX5800H series

WX5860H

EWP-WX5860H-GL

Yes

Views

Any view

Predefined user roles

network-admin

network-operator

Parameter

policy-name: Specifies a WLAN forwarding policy by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all WLAN forwarding policies.

Examples

# Display information about all WLAN forwarding policies.

<Sysname> display wlan forwarding-policy

Total number of forwarding policies: 2

 

Forwarding policy name: fwd1

 Classifier ACL 2000: Local

 Classifier ACL 2004: Local

 Classifier IPv6 ACL 2001: Remote

 Classifier IPv6 ACL 2002: Remote

 

Forwarding policy name: fwd2

 Classifier ACL 4021: Local

 Classifier IPv6 ACL 2000: Remote

 Classifier IPv6 ACL 3024: Remote

Table 12 Command output

Field

Description

Classifier ACL number

IPv4 packet forwarding mode:

·     Local—Local forwarding.

·     Remote—Centralized forwarding.

Classifier IPv6 ACL number

IPv6 packet forwarding mode:

·     Local—Local forwarding.

·     Remote—Centralized forwarding.

Related commands

wlan forwarding-policy

display wlan guest-tunnel

Use display wlan guest-tunnel to display guest tunnel information on the AC.

Syntax

display wlan guest-tunnel { all | ip ipv4-address }

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

No

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays information about all guest tunnels.

ip ipv4-address: Displays information about the guest tunnel with the specified peer IPv4 address.

Examples

# Display information about all guest tunnels on an edge AC.

<Sysname> display wlan guest-tunnel all

                       Guest access tunnel information

 Local mode: Edge AC                           Tunnels: 2

 

 Peer IP address   Local IP address     VLANs          State    Interface

 2.2.2.2           5.5.5.1              4              Up       WLAN-Tunnel9

 2.2.2.3           5.5.5.1              5              Down     WLAN-Tunnel10

# Display information about all guest tunnels on an aggregation AC.

<Sysname> display wlan guest-tunnel all

                        Guest access tunnel information

 Local mode: Aggregation AC                  Tunnels: 2

 

 Peer IP address         VLANs          State            Interface

 1.1.1.1                 4-5            Down             WLAN-Tunnel9

 1.1.1.2                 6              Down             WLAN-Tunnel10

# Display information about the guest tunnel established with peer IPv4 address 1.1.1.1.

<Sysname> display wlan guest-tunnel ip 1.1.1.1

                        Guest access tunnel information

 Local mode: Edge AC

 Peer IP address        : 1.1.1.1

 Local IP address       : 1.1.1.2

 VLANs                  : 4

 State                  : Down

 Interface              : WLAN-Tunnel9

 Online duration        : 00:32:05

Table 13 Command output

Field

Description

Local mode

AC role:

·     Edge AC.

·     Aggregation AC.

Tunnels

Number of guest tunnels.

VLANs

Guest VLAN ID.

State

Guest tunnel state:

·     Up.

·     Down.

Interface

Local interface created during guest tunnel establishment.

This field displays N/A if the AC fails to create the guest tunnel interface.

Online duration

Tunnel uptime.

display wlan service-template

Use display wlan service-template to display service template information.

Syntax

display wlan service-template [ service-template-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.

verbose: Displays detailed service template information.

Examples

# Display brief information about all service templates.

[Sysname] display wlan service-template

Total number of service templates: 2

Service template name           SSID                                    Status

1                               2333                                    Enabled

2                               3222                                    Enabled

# Display detailed information about all service templates.

<Sysname> display wlan service-template verbose

Service template name         : service1

Description                   : Not configured

SSID                          : wuxianfuwu

SSID-hide                     : Disabled

User-isolation                : Disabled

Service template status       : Disabled

Maximum clients per BSS       : 64

Frame format                  : Dot3

Seamless roam status          : Disabled

Seamless roam RSSI threshold  : 50

Seamless roam RSSI gap        : 20

VLAN ID                       : 1

AKM mode                      : PSK

Security IE                   : RSN

Cipher suite                  : CCMP

WEP key ID                    : 1

TKIP countermeasure time      : 100 sec

PTK lifetime                  : 43200 sec

PTK rekey                     : Enabled

GTK rekey                     : Enabled

GTK rekey method              : Time-based

GTK rekey time                : 86400 sec

GTK rekey client-offline      : Enabled

WPA3 status                   : Disabled

User authentication mode      : Bypass

Intrusion protection          : Disabled

Intrusion protection mode     : Temporary-block

Temporary block time          : 180 sec

Temporary service stop time   : 20 sec

Fail VLAN ID                  : 1

802.1X handshake              : Enabled

802.1X handshake secure       : Disabled

802.1X domain                 : my-domain

MAC-auth domain               : Not configured

Max 802.1X users per BSS      : 4096

Max MAC-auth users per BSS    : 4096

802.1X re-authenticate        : Enabled

Authorization fail mode       : Online

Accounting fail mode          : Online

Authorization                 : Permitted

Key derivation                : SHA1

PMF status                    : Optional

Hotspot policy number         : Not configured

Forwarding policy status      : Disabled

Forwarding policy name        : Not configured

Forwarder                     : AP

FT status                     : Disabled

QoS trust                     : Port

QoS priority                  : 0

Table 14 Command output

Field

Description

SSID

SSID of the service template.

SSID-hide

Whether the SSID is hidden in beacons:

·     Disabled.

·     Enabled.

User-isolation

Use isolation:

·     Disabled.

·     Enabled.

Service template status

Service template status:

·     Disabled.

·     Enabled.

Maximum clients per BSS

Maximum number of clients that the BSS supports.

Frame format

Client data frame encapsulation format:

·     Dot3—802.3 format.

·     Dot11—802.11 format.

Seamless roam status

This field is not supported in the current software version.

Seamless roaming status:

·     Disabled.

·     Enabled.

Seamless roam RSSI threshold

This field is not supported in the current software version.

Seamless roaming RSSI threshold.

Seamless roam RSSI gap

This field is not supported in the current software version.

Seamless roaming RSSI gap.

VLAN ID

ID of the VLAN to which clients belong after they come online through the service template.

AKM mode

AKM mode:

·     802.1X.

·     PSK.

Security IE

Security IE:

·     RSN.

·     WPA.

Cipher suite

Cipher suite:

·     WEP40.

·     WEP104.

·     WEP128.

·     TKIP.

·     CCMP.

·     GCMP.

TKIP countermeasure time

TKIP countermeasure time. The value 0 indicates no countermeasures are taken.

PTK rekey

Whether PTK rekey is enabled:

·     Enabled.

·     Disabled.

GTK rekey

Whether GTK rekey is enabled:

·     Enabled.

·     Disabled.

GTK rekey method

GTK rekey method:

·     Time-based.

·     Packet-based.

GTK rekey time

GTK rekey interval.

GTK rekey packets

Number of packets that can be transmitted before the GTK is refreshed.

GTK rekey client-offline

Whether client-off GTK rekey is enabled:

·     Enabled.

·     Disabled.

WPA3 status

WPA3 security mode:

·     Disabled.

·     Mandatory.

·     Optional.

User authentication mode

Authentication mode:

·     Bypass—No authentication.

·     MAC.

·     MAC-or-802.1X—MAC authentication is performed first. If MAC authentication fails, 802.1X authentication is performed.

·     802.1X.

·     802.1X-or-MAC—802.1X authentication is performed first. If 802.1X authentication fails, MAC authentication is performed.

·     OUI-or-802.1X—OUI authentication is performed first. If OUI authentication fails, 802.1X authentication is performed.

·     MAC-and-802.1X—MAC authentication is performed first. If MAC authentication succeeds, 802.1X authentication is performed.

Intrusion protection

Whether intrusion protection is enabled:

·     Enabled.

·     Disabled.

Intrusion protection mode

Intrusion protection mode:

·     Temporary-block—Temporarily adds intruders to the block list.

·     Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets.

·     Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets.

Temporary block time

Temporary block time in seconds.

Temporary service stop time

Temporary service stop time in seconds.

Fail VLAN ID

ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured.

Critical VLAN ID

ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the critical VLAN ID is not configured.

802.1X handshake

Whether 802.1X handshake is enabled:

·     Enabled.

·     Disabled.

802.1X handshake secure

Whether secure 802.1X handshake is enabled:

·     Enabled.

·     Disabled.

802.1X domain

802.1X authentication domain. This field displays Not configured if the domain is not configured.

MAC-auth domain

MAC authentication domain. This field displays Not configured if the domain is not configured.

Max 802.1X users per BSS

Maximum number of supported 802.1X users in a BSS.

Max MAC-auth users per BSS

Maximum number of supported users that pass the MAC authentication in a BSS.

802.1X re-authenticate

Whether 802.1X reauthentication is enabled:

·     Enabled.

·     Disabled.

Authorization fail mode

Authorization fail mode:

·     Offline—Clients are logged off when authorization fails.

·     Online—Clients are not logged off when authorization fails.

Accounting fail mode

Accounting fail mode:

·     Offline—Clients are logged off when accounting fails.

·     Online—Clients are not logged off when accounting fails.

Authorization

Authorization information:

·     Permitted—Applies the authorization information issued by the RADIUS server or the local device.

·     Ignored—Ignores the authorization information issued by the RADIUS server or the local device.

Key derivation

Key derivation type:

·     SHA1—Uses the HMAC-SHA1 hash algorithm.

·     SHA256—Uses the HMAC-SHA256 hash algorithm.

·     SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm.

PMF status

PMF status:

·     Disabled—Management frame protection is disabled.

·     Optional—Management frame protection in optional mode is enabled.

·     Mandatory—Management frame protection in mandatory mode is enabled.

Hotspot policy number

Hotspot 2.0 policy number.

Forwarding policy status

WLAN forwarding policy status:

·     Disabled.

·     Enabled.

Forward policy name

WLAN forwarding policy name:

·     Not configured—No WLAN forwarding policy is configured.

·     policy-name.

Forwarder

Client traffic forwarder:

·     AC—AC in a non-AC hierarchical network and local AC in an AC hierarchical network.

·     AP.

·     Central AC.

FT status

FT status:

·     Disabled.

·     Enabled.

FT method

FT method:

·     over-the-air.

·     over-the-ds.

FT reassociation deadline

FT reassociation timeout timer in seconds.

QoS trust

QoS priority trust mode:

·     Port—Port priority trust mode.

·     Dot11e—802.11e priority trust mode.

QoS priority

Port priority in the range of 0 to 7.

display wlan statistics client

Use display wlan statistics client to display client statistics.

Syntax

display wlan statistics client [ mac-address mac-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.

Examples

# Display statistics for all clients.

<Sysname> display wlan statistics client

MAC address                : 0014-6c8a-43ff

AP name                    : ap1

Radio ID                   : 1

SSID                       : office

BSSID                      : 000f-e2ff-7700

RSSI                       : 31

Sent frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 9/1230 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 2/76 (frames/bytes)

Received frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 18/2437 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 7/468 (frames/bytes)

Discarded frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 0/0 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 5/389 (frames/bytes)

Table 15 Command output

Field

Description

SSID

SSID of the service template.

MAC address

Client MAC address.

Back ground

AC-BK queue.

Best effort

AC-BE queue.

Video

AC-VI queue.

Voice

AC-VO queue.

display wlan statistics connect-history

Use display wlan statistics connect-history to display client connection history.

Syntax

display wlan statistics connect-history { ap { all | name ap-name } | service-template service-template-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap: Specifies APs.

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

service-template service-template-name: Specifies a service template by its name.

Examples

# Display the connection history for service template 1.

<Sysname> display wlan statistics connect-history service-template 1

AP name                     : ap1

Radio ID                    : 1

Associations                : 132

Association failures        : 3

Reassociations              : 30

Rejections                  : 12

Abnormal disassociations    : 2

Current associations        : 57

# Display the connection history for AP ap1.

<Sysname> display wlan statistics connect-history ap name ap1

AP name                       : ap1

Associations                  : 1

Reassociations                : 0

Failures                      : 0

Rejections                    : 0

Abnormal disassociations      : 0

Current associations          : 1

display wlan statistics service template

Use display wlan statistics service-template to display service template statistics.

Syntax

display wlan statistics service-template service-template-name

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

service-template service-template-name: Specifies a service template by its name.

Examples

# Display statistics for service template 1.

<Sysname> display wlan statistics service-template 1

AP name                       : ap1

Radio ID                      : 1

Received:

  Frame count                 : 1713

  Frame bytes                 : 487061

  Data frame count            : 1683

  Data frame bytes            : 485761

  Association request count   : 2

Sent:

  Frame count                 : 62113

  Frame bytes                 : 25142076

  Data frame count            : 55978

  Data frame bytes            : 22626600

  Association response count  : 2

display wlan statistics vip-client

Use display wlan statistics vip-client to display VIP client statistics that an AP reports to the AC.

Syntax

display wlan statistics vip-client [ mac-address mac-address ] [ history-record ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address: Specifies a client by its MAC address. The MAC address must be in the H-H-H format, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted.

history-record: Displays the history records for the VIP client. If you do not specify this keyword, the most recent statistics about the VIP client are displayed.

Usage guidelines

A maximum of 300 history records can be displayed for a VIP client.

Examples

# Display VIP client statistics that an AP reports to the AC.

<Sysname> display wlan statistics vip-client mac-address 1234-4321-1234

Total number of configured VIP clients: 1

Total number of online VIP clients: 1

MAC address                     : 1234-4321-1234

Data reporting time             : 2018-8-15 12:20:15

AP name                         : ap1

Radio ID                        : 1

SSID                            : val-problem

Rx/Tx rate                      : 114.2/120.2 Mbps

Rx/Tx traffic                   : 16584/901021 Bytes

RSSI                            : 33

Clients on radio                : 5

Channel utilization             : 20%

Packet loss rate                : 0.25%

Packet error rate               : 0.01%

Retransmission rate             : 1.29%

Delay                           : 5us

Table 16 Command output

Field

Description

MAC address

MAC address of the VIP client.

Data reporting time

Time at which the AP reported VIP client statistics to the AC.

AP name

Name of the AP associated with the VIP client.

Radio ID

ID of the radio associated with the VIP client.

SSID

SSID associated with the VIP client.

Rx/Tx rate

Rx/Tx rate for packets from the VIP client, including data, management, and control packets.

Rx/Tx traffic

Traffic received and sent by the VIP client within the report interval, in Bytes.

RSSI

RSSI of the VIP client.

Clients on radio

Number of clients associated with the radio.

Delay

AP-to-VIP client packet sending delay in microseconds.

Related commands

client-mac

wlan vip-client-group

display wlan whitelist

Use display wlan whitelist to display whitelist entries.

Syntax

display wlan whitelist

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display whitelist entries.

<Sysname> display wlan whitelist

Total number of clients: 3

 MAC addresses:

  000e-35b2-000e

  0019-5b8e-b709

  001c-f0bf-9c92

edge-ac

Use edge-ac to specify an edge AC for an aggregation AC.

Use undo edge-ac to delete an edge AC for an aggregation AC.

Syntax

edge-ac ip ipv4-address vlan vlan-id-list

undo edge-ac { all | ip ipv4-address [ vlan vlan-id-list ] }

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

No

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Default

No edge AC is specified for an aggregation AC.

Views

Aggregation AC view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies the IPv4 address of an edge AC.

vlan vlan-id-list: Specifies a space-separated list of up to 10 guest VLAN items. Each VLAN item specifies a VLAN ID or a range of VLAN IDs in the form of start-vlan-id to end-vlan-id. The end VLAN ID must be greater than the start VLAN ID. Valid VLAN IDs are from 1 to 4094.

all: Specifies all edge ACs.

Usage guidelines

An edge AC can establish guest tunnels with multiple aggregation ACs, but these tunnels must belong to different VLANs.

An edge AC can establish multiple guest tunnels with an aggregation AC, but it must use different source IP addresses to establish tunnels with different aggregation AC interfaces.

Examples

# Specify an edge AC with IP address 192.168.2.20 for the aggregation AC, and specify the guest VLAN as VLAN 7.

<Sysname> system-view

[Sysname] wlan guest-tunnel aggregation-ac

[Sysname-wlan-aggregation-ac] edge-ac ip 192.168.2.20 vlan 7

Related commands

aggregation-ac

inherit exclude service-template

Use inherit exclude service-template to configure an AP to not inherit the specified service template from the AP group to which it belongs.

Use undo inherit exclude service-template to restore the default.

Syntax

inherit exclude service-template service-template-name

undo inherit exclude service-template service-template-name

Default

An AP inherits the service template bound to an AP group.

Views

Radio view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Examples

# Configure AP ap1 to not inherit service template st from an AP group.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-ap-ap1] radio 1

[Sysname-ap-ap1-radio-1] inherit exclude service-template st

keep-alive interval

Use keep-alive interval to set the guest tunnel keepalive interval.

Use undo keep-alive interval to restore the default.

Syntax

keep-alive interval interval

undo keep-alive interval

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

No

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Default

The guest tunnel keepalive interval is 10 seconds.

Views

Edge AC view

Predefined user roles

network-admin

Parameters

interval: Specifies the guest tunnel keepalive interval in the range of 5 to 80 seconds.

Usage guidelines

After you specify an aggregation AC for an edge AC, the edge AC starts to send keepalive requests to the aggregation AC at the specified intervals. A guest tunnel is established once the edge AC receives a keepalive response from the aggregation AC.

After tunnel establishment, the edge AC keeps sending keepalive requests to examine the tunnel connectivity. If the edge AC fails to receive a keepalive response within three keepalive intervals, the edge AC terminates the tunnel. If the aggregation AC fails to receive a keepalive request within three keepalive intervals, the aggregation AC terminates the tunnel.

Examples

# Set the guest tunnel keepalive interval to 7 seconds.

<Sysname> system-view

[Sysname] wlan guest-tunnel edge-ac

[Sysname-wlan-edge-ac] keep-alive interval 7

nas-id

Use nas-id to set the network access server identifier (NAS ID).

Syntax

nas-id nas-id

undo nas-id

Default

In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, no NAS ID is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

nas-id: Specifies a NAS ID, a case-sensitive string of 1 to 63 characters.

Usage guidelines

After coming online, a client sends a RADIUS request that carries the NAS ID to the RADIUS server to indicate its network access server.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order. You can also set the NAS ID when binding a service template to a radio. If you have specified a NAS ID when binding a service template to a radio, the AP uses the NAS ID specified for the service template.

Examples

# Set the NAS ID to abc123 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-AGN

[Sysname-wlan-ap-ap1] nas-id abc123

# Set the NAS ID to abc123 for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] nas-id abc123

# Set the global NAS ID to abc123.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] nas-id abc123

nas-port-id

Use nas-port-id to set the network access server port identifier (NAS port ID).

Use the undo nas-port-id to restore the default.

Syntax

nas-port-id nas-port-id

undo nas-port-id

Default

In AP view, an AP uses the configuration in AP group view. If no NAS ID is specified in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, no NAS port ID is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

nas-port-id: Specifies a NAS port ID, a case-sensitive string of 1 to 63 characters.

Usage guidelines

After coming online, a client sends a RADIUS request that carries the NAS port ID to the RADIUS server to indicate its network access server.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order. You can also set the NAS port ID when binding a service template to a radio. If you have specified a NAS port ID when binding a service template to a radio, the AP uses the NAS port ID specified for the service template.

Examples

# Set the NAS port ID to abcd1234 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-AGN

[Sysname-wlan-ap-ap1] nas-port-id abcd1234

# Set the NAS port ID to abcd1234 for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] nas-port-id abcd1234

# Set the global NAS port ID to abcd1234.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] nas-port-id abcd1234

nas-port-type

Use nas-port-type to set the NAS port type attribute in RADIUS requests.

Use the undo nas-port-type to restore the default.

Syntax

nas-port-type value

undo nas-port-type

Default

The NAS port type is Wireless-IEEE 802.11.

Views

Service template view

Predefined user roles

network-admin

Parameters

value: Specifies a NAS port type by its code value in the range of 0 to 255. Table 17 lists the most commonly used NAS port types and their code values.

Table 17 Common NAS port types and their code values

NAS port type

Code value

Async

0

Sync

1

ISDN Sync

2

ISDN Async V.120

3

ISDN Async V.110

4

Virtual

5

PIAFS

6

HDLC Clear Channel

7

X.25

8

X.75

9

G.3 Fax

10

SDSL

11

ADSL-CAP

12

ADSL-DMT

13

IDSL

14

Ethernet

15

xDSL

16

Cable

17

Wireless-Other

18

Wireless-IEEE 802.11

19

Usage guidelines

You can execute this command to set the NAS port type attribute in RADIUS requests for 802.11X and MAC-authenticated clients.

Make sure the service template is disabled before you execute this command.

Examples

# Set the NAS port type in RADIUS requests to 15 (Ethernet).

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] nas-port-type 15

nas-vlan

Use nas-vlan to set the network access server VLAN identifier (NAS VLAN ID) and enable the AC to encapsulate the VLAN ID in RADIUS requests.

Use undo nas-vlan to restore the default.

Syntax

nas-vlan vlan-id

undo nas-vlan

Default

No NAS VLAN ID is set. Authentication requests sent to the RADIUS server do not contain the NAS VLAN ID field.

Views

AP view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a NAS VLAN ID in the range of 1 to 4096.

Usage guidelines

When the NAS VLAN ID is set, the AC encapsulates the VLAN ID in RADIUS requests sent to the RADIUS server to indicate clients' network access server.

Set the NAS VLAN ID when a third-party Security Accounting Management (SAM) server is used as the RADIUS server.

Examples

# Set the NAS VLAN ID to 1234 for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] nas-vlan 1234

non-vip limit rate

Use non-vip limit rate to configure non-VIP client rate limit.

Use undo non-vip limit rate to remove the configuration.

Syntax

non-vip limit rate { inbound | outbound } cir cir

undo non-vip limit rate { inbound | outbound } cir

Default

Non-VIP client rate limit is not configured.

Views

VIP client group view

Predefined user roles

network-admin

Parameters

inbound: Limits the rate of incoming traffic.

outbound: Limits the rate of outgoing traffic.

cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000.

Usage guidelines

With non-VIP client rate limit configured, all non-VIP clients associated with a radio are rate limited to a specific value when the radio has associated VIP clients. When all VIP clients associated with the radio go offline, non-VIP clients are not rated limited. If a radio does not have associated VIP clients, non-VIP clients are not rate limited.

You can rate limit both inbound and outbound traffic.

If you configure both radio-based client rate limit and non-VIP client rate limit, the rate of the non-VIP clients takes the smaller value and the VIP clients are not rate limited.

Examples

# Configure non-VIP client rate limit in VIP client group view: set the CIR to 500 Kbps for incoming traffic of each client and set the CIR to 100 Kbps for outgoing traffic of all clients.

<Sysname> system-view

[Sysname] wlan vip-client-group

[Sysname-wlan vip-client-group] non-vip limit rate inbound cir 500

[Sysname-wlan vip-client-group] non-vip limit rate outbound cir 100

Related commands

client-rate-limit (radio view/AP group radio view)

quick-association enable

Use quick-association to enable quick association.

Use undo quick-association to disable quick association.

Syntax

quick-association enable

undo quick-association enable

Default

Quick association is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.

Examples

# Enable quick association for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1]quick-association enable

region-code (AP provision view/AP group provision view)

Use region-code to specify a region code.

Use undo region-code to restore the default.

Syntax

region-code code

undo region-code

Default

In AP provision view, an AP uses the configuration in AP group provision view.

In AP group provision view, no region code is specified.

Views

AP provision view

AP group provision view

Predefined user roles

network-admin

Parameters

code: Specifies a region code. For more information about region codes, see Table 18.

Table 18 Region code information

Country

Code

Country

Code

Andorra

AD

Korea, Republic of Korea

KR

United Arab Emirates

AE

Kenya

KE

Albania

AL

Kuwait

KW

Armenia

AM

Kazakhstan

KZ

Australia

AU

Lebanon

LB

Argentina

AR

Liechtenstein

LI

Australia

AT

Sri Lanka

LK

Azerbaijan

AZ

Lithuania

LT

Bosnia and Herzegovina

BA

Luxembourg

LU

Belgium

BE

Latvia

LV

Bulgaria

BG

Libyan

LY

Bahrain

BH

Morocco

MA

Brunei Darussalam

BN

Monaco

MC

Bolivia

BO

Moldova

MD

Brazil

BR

Macedonia

MK

Bahamas

BS

Macau

MO

Belarus

BY

Martinique

MQ

Belize

BZ

Malta

MT

Canada

CA

Mauritius

MU

Switzerland

CH

Mexico

MX

Cote d'ivoire

CI

Malay Archipelago

MY

Chile

CL

Namibia

NA

China

CN

Nigeria

NG

Colombia

CO

Nicaragua

NI

Costarica

CR

Netherlands

NL

Serbia

RS

Norway

NO

Cyprus

CY

New Zealand

NZ

Czech Republic

CZ

Oman

OM

Germany

DE

Panama

PA

Denmark

DK

Peru

PE

Dominica

DO

Poland

PL

Algeria

DZ

Philippines

PH

Ecuador

EC

Pakistan

PK

Estonia

EE

Puerto Rico

PR

Egypt

EG

Portugal

PT

Spain

ES

Paraguay

PY

Faroe Islands

FO

Qatar

QA

Finland

FI

Romania

RO

France

FR

Russian Federation

RU

Britain

GB

Saudi Arabia

SA

Georgia

GE

Sweden

SE

Gibraltar

GI

Singapore

SG

Greenland

GL

Slovenia

SI

Guadeloupe

GP

Slovak

SK

Greece

GR

San Marino

SM

Guatemala

GT

Salvador

SV

Guyana

GY

Syrian

SY

Honduras

HN

Thailand

TH

Hong Kong

HK

Tunisia

TN

Croatia

HR

Turkey

TR

Hungary

HU

Trinidad and Tobago

TT

Iceland

IS

Taiwan, Province of China

TW

India

IN

Ukraine

UA

Indonesia

ID

United States of America

US

Ireland

IE

Uruguay

UY

Israel

IL

Uzbekistan

UZ

Iraq

IQ

The Vatican City State

VA

Italy

IT

Venezuela

VE

Iran

IR

Virgin Islands

VI

Jamaica

JM

Vietnam

VN

Jordan

JO

Yemen

YE

Japan

JP

South Africa

ZA

Democratic People's Republic of Korea

KP

Zimbabwe

ZW

Usage guidelines

The region code will take effect after an AP reboots and become invalid after the AP associates with the target AC.

The configuration in AP provision view takes precedence over the configuration in AP group provision view.

Examples

# Specify US as the region code in AP provision view of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] region-code US

# Specify US as the region code in AP group provision view of AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group1-prvs] region-code US

region-code (AP view/AP group view/global configuration view)

Use region-code to specify a region code.

Use undo region-code to restore the default.

Syntax

region-code code

undo region-code

Default

In AP view, an AP uses the configuration in AP group view. If no region code is specified in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, no region code is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

code: Specifies a region code. For more information about region codes, see Table 19.

Table 19 Region code information

Country

Code

Country

Code

Andorra

AD

Korea, Republic of Korea

KR

United Arab Emirates

AE

Kenya

KE

Albania

AL

Kuwait

KW

Armenia

AM

Kazakhstan

KZ

Australia

AU

Lebanon

LB

Argentina

AR

Liechtenstein

LI

Australia

AT

Sri Lanka

LK

Azerbaijan

AZ

Lithuania

LT

Bosnia and Herzegovina

BA

Luxembourg

LU

Belgium

BE

Latvia

LV

Bulgaria

BG

Libyan

LY

Bahrain

BH

Morocco

MA

Brunei Darussalam

BN

Monaco

MC

Bolivia

BO

Moldova

MD

Brazil

BR

Macedonia

MK

Bahamas

BS

Macau

MO

Belarus

BY

Martinique

MQ

Belize

BZ

Malta

MT

Canada

CA

Mauritius

MU

Switzerland

CH

Mexico

MX

Cote d'ivoire

CI

Malay Archipelago

MY

Chile

CL

Namibia

NA

China

CN

Nigeria

NG

Colombia

CO

Nicaragua

NI

Costarica

CR

Netherlands

NL

Serbia

RS

Norway

NO

Cyprus

CY

New Zealand

NZ

Czech Republic

CZ

Oman

OM

Germany

DE

Panama

PA

Denmark

DK

Peru

PE

Dominica

DO

Poland

PL

Algeria

DZ

Philippines

PH

Ecuador

EC

Pakistan

PK

Estonia

EE

Puerto Rico

PR

Egypt

EG

Portugal

PT

Spain

ES

Paraguay

PY

Faroe Islands

FO

Qatar

QA

Finland

FI

Romania

RO

France

FR

Russian Federation

RU

Britain

GB

Saudi Arabia

SA

Georgia

GE

Sweden

SE

Gibraltar

GI

Singapore

SG

Greenland

GL

Slovenia

SI

Guadeloupe

GP

Slovak

SK

Greece

GR

San Marino

SM

Guatemala

GT

Salvador

SV

Guyana

GY

Syrian

SY

Honduras

HN

Thailand

TH

Hong Kong

HK

Tunisia

TN

Croatia

HR

Turkey

TR

Hungary

HU

Trinidad and Tobago

TT

Iceland

IS

Taiwan, Province of China

TW

India

IN

Ukraine

UA

Indonesia

ID

United States of America

US

Ireland

IE

Uruguay

UY

Israel

IL

Uzbekistan

UZ

Iraq

IQ

The Vatican City State

VA

Italy

IT

Venezuela

VE

Iran

IR

Virgin Islands

VI

Jamaica

JM

Vietnam

VN

Jordan

JO

Yemen

YE

Japan

JP

South Africa

ZA

Democratic People's Republic of Korea

KP

Zimbabwe

ZW

Usage guidelines

A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Specify US as the region code for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] region-code US

# Specify US as the region code for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] region-code US

# Specify US as the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code US

Related commands

region-code-lock

region-code-ie

Use region-code-ie to include or exclude region codes in beacon frames and probe responses and specify the installation environment type.

Use undo region-code-ie to restore the default.

Syntax

region-code-ie { disable | enable { any | indoor | outdoor } }

undo region-code-ie

Default

Beacon frames and probe responses contain region codes but do not contain installation environment types.

Views

Service template view

Predefined user roles

network-admin

Parameters

disable: Excludes region codes in beacon frames and probe responses.

enable: Includes region codes in beacon frames and probe responses.

any: Specifies APs that can be installed both indoors and outdoors.

indoor: Specifies APs that can only be installed indoors.

outdoor: Specifies APs that can only be installed outdoors.

Usage guidelines

If you bind different service templates to radios of an AP, make sure the service templates are specified with the same installation environment type.

Examples

# Include region codes in beacon frames and probe responses and specify the type of installation environment as indoor.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] region-code-ie enable indoor

Related commands

region-code

region-code-lock

Use region-code-lock enable to lock the region code.

Use region-code-lock disable to unlock the region code.

Use undo region-code-lock to restore the default.

Syntax

region-code-lock { disable | enable }

undo region-code-lock

Default

In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, the region code is not locked.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

A locked region code cannot be changed.

The region-code-lock enable command does not take effect on an AP if you execute this command without specifying a region code first in AP view. The AP's region code is determined by the region code configuration for the AP group to which the AP belongs, or by the global configuration. The same rule applies to an AP group in the same situation.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Lock the region code for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] region-code-lock enable

# Lock the region code for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] region-code-lock enable

# Lock the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code-lock enable

Related commands

region-code

report-interval

Use report-interval to set the interval at which an AP reports VIP client statistics to the AC.

Use undo report-interval to restore the default.

Syntax

report-interval interval

undo report-interval

Default

An AP reports VIP client statistics to the AC at intervals of 50 seconds.

Views

VIP client group view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which an AP reports VIP client statistics to the AC, in the range of 10 to 120 seconds.

Usage guidelines

The AC sends VIP client statistics to the Oasis platform every five minutes.

Examples

# Set the interval at which an AP reports VIP client statistics to the AC to 36 seconds.

<Sysname> system-view

[Sysname] wlan vip-client-group

[Sysname-wlan vip-client-group] report-interval 36

reset wlan client

Use reset wlan client to log off a client or all clients.

Syntax

reset wlan client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all clients.

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Log off all clients.

<Sysname> reset wlan client all

Related commands

display wlan client

reset wlan dynamic-blacklist

Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.

Syntax

reset wlan dynamic-blacklist [ mac-address mac-address ]

Views

User view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.

Examples

# Remove all clients from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist

# Remove the specified client from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69

Related commands

display wlan blacklist

reset wlan guest-tunnel

Use reset wlan guest-tunnel to delete the specified guest tunnel or all guest tunnels.

Syntax

reset wlan guest-tunnel { all | ip ipv4-address }

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

No

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all guest tunnels.

ip ipv4-address: Specifies a guest tunnel by its peer IPv4 address.

Examples

# Delete all guest tunnels.

<Sysname> reset wlan guest-tunnel all

reset wlan statistics client

Use reset wlan statistics client to clear client statistics.

Syntax

reset wlan statistics client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all clients.

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Clear statistics about all clients.

<Sysname> reset wlan statistics client all

Related commands

display wlan statistics

reset wlan statistics service-template

Use reset wlan statistics service-template to clear service template statistics.

Syntax

reset wlan statistics service-template service-template-name

View

User view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Examples

# Clear statistics about service template service1.

<Sysname> reset wlan statistics service-template service1

Related commands

display wlan statistics

roam-enhance

Use roam-enhance to enable roaming enhancement.

Use undo roam-enhance to disable roaming enhancement.

Syntax

roam-enhance ssid ssid

undo roam-enhance

Default

In radio view, the configuration in an AP group's radio view is used.

In an AP group's radio view, roaming enhancement is disabled.

Views

Radio view

AP group's radio view

Predefined user roles

network-admin

Parameters

ssid: Specifies an SSID for roaming enhancement, a case-sensitive string of 1 to 32 characters.

Usage guidelines

You can enable this feature only on the 2.4G radio. If you perform this task multiple times, the most recent configuration takes effect.

Bind the 5G radio to a minimum of one service template that uses the SSID specified for roaming enhancement for the 2.4G radio.

You can bind a maximum of five service templates using the specified SSID to the 5G radio.

To avoid packet loss, do not configure the 5G radio as a scanning radio.

The 5G radio cannot operate in a radar channel. As a best practice, manually specify a non-radar channel, enable auto channel selection, or configure the channel scanning whitelist or blacklist for the 5G radio.

Examples

# Enable roaming enhancement for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] roam-enhance ssid agv

# Enable roaming enhancement for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 2

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-2] roam-enhance ssid agv

service-template

Use service-template to bind a service template to a radio.

Use undo service-template to unbind a service template from a radio.

Syntax

service-template service-template-name [ vlan vlan-id1 [ vlan-id2 ] | vlan-group vlan-group-name ] [ ssid-hide ] [ nas-port-id nas-port-id ] [ nas-id nas-id ]

undo service-template service-template-name

Default

In radio view, an AP uses the configuration in AP group view.

In an AP group's radio view, no service template is bound to a radio.

Views

Radio view

AP group's radio view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

vlan vlan-id1 vlan-id2: Specifies an outer VLAN ID and an inner VLAN ID. The vlan-id1 argument represents the outer VLAN ID and the vlan-id2 argument represents the inner VLAN ID. The VLAN ID is in the range of 1 to 4094.

The following compatibility matrixes show the support of hardware platforms for the vlan-id2 argument:

 

Hardware series

Model

Parameter compatibility

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2540H

WX2560H

No

WX3000H series

WX3010H

WX3010H-L

WX3010H-X

WX3024H

WX3024H-L

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

Yes

WX5500E series

WX5510E

WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

Yes

Access controller modules

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

Yes

Hardware series

Model

Parameter compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

No

WX3800H series

WX3820H

WX3840H

Yes

WX5800H series

WX5860H

Yes

vlan-group vlan-group-name: Specifies a VLAN group name, a case-insensitive string of 1 to 31 characters. If you do not specify this option, the radio uses the VLAN configured for the service template. For more information about configuring VLAN groups, see VLAN commands in Network Connectivity Command Reference.

ssid-hide: Hides SSIDs in beacon frames.

nas-port-id nas-port-id: Specifies a NAS port ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.

nas-id nas-id: Specifies a NAS ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.

Usage guidelines

Before you bind a service template to a radio or a radio interface, you must create the service template.

If you specify a non-existent VLAN, the AC creates the VLAN when a client comes online. The outer VLAN takes effect only when centralized forwarding is enabled.

The VLAN ID or VLAN group configured using this command takes precedence over the VLAN ID configured for a service template.

The configuration in radio view takes precedence over the configuration in an AP group's radio view.

Examples

# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radio.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-ap-ap1] radio 1

[Sysname-ap-ap1-radio-1] service-template service1 vlan-group vg1

# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radios in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] service-template service1 vlan-group vg1

service-template enable

Use service-template enable to enable a service template.

Use undo service-template enable to disable a service template.

Syntax

service-template enable

undo service-template enable

Default

A service template is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

If the number of BSSs on a device exceeds the limit, you cannot enable a new service template.

Examples

# Enable service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] service-template enable

snmp-agent trap enable wlan client

Use snmp-agent trap enable wlan client to enable SNMP notification for client access.

Use undo snmp-agent trap enable wlan client to disable SNMP notification for client access.

Syntax

snmp-agent trap enable wlan client

undo snmp-agent trap enable wlan client

Default

SNMP notification is disabled for client access.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for client access.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client

snmp-agent trap enable wlan client-audit

Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.

Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.

Syntax

snmp-agent trap enable wlan client-audit

undo snmp-agent trap enable wlan client-audit

Default

SNMP notification is disabled for client audit.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for client audit.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client-audit

ssid

Use ssid to set an SSID for a service template.

Use undo ssid to restore the default.

Syntax

ssid ssid-name

undo ssid

Default

No SSID is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

Disable the service template before you execute this command.

Examples

# Set the SSID to lynn for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] ssid lynn

unknown-client

Use unknown-client to set the way that an AP processes traffic from unknown clients.

Use undo unknown-client to restore the default.

Syntax

unknown-client { deauthenticate | drop }

undo unknown-client

Default

An AP drops packets from unknown clients and deauthenticates these clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

deauthenticate: Drops packets from unknown clients and deauthenticates these clients.

drop: Drops packets from unknown clients.

Examples

# Configure APs that use service template example to drop packets from unknown clients but not deauthenticate these clients.

<Sysname> system-view

[Sysname] wlan service-template example

[Sysname-wlan-st-example] unknown-client drop

vlan

Use vlan to assign clients coming online through a service template to the specified VLAN.

Use undo vlan to restore the default.

Syntax

vlan vlan-id

undo vlan

Default

Clients are assigned to VLAN 1 after coming online through a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094. If the specified VLAN does not exist, this command creates the VLAN when clients come online.

Usage guidelines

Disable the service template before you execute this command.

If the specified VLAN does not exist, this command creates the VLAN when clients come online.

Examples

# Assign clients coming online through service template service1 to VLAN 2.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] vlan 2

wlan accounting-policy

Use wlan accounting-policy to create an accounting policy and enter its view or enter the view of an existing accounting policy.

Use undo wlan accounting-policy to delete an accounting policy.

Syntax

wlan accounting-policy policy-name

undo wlan accounting-policy policy-name

Default

No accounting policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies the policy name, a case-insensitive string of 1 to 31 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), and hyphens (-).

Usage guidelines

For the accounting server to perform differentiated accounting on different client traffic, specify multiple traffic levels for an accounting policy.

The number of accounting policies that can be created varies by device model.

Examples

# Create accounting policy abc and enter its view.

<Sysname> system-view

[Sysname] wlan accounting-policy abc

[Sysname-wlan-acctpolicy-abc]

Related commands

accounting-level

wlan apply accounting-policy

wlan apply accounting-policy

Use wlan apply accounting-policy to apply an accounting policy to a user profile.

Use undo wlan apply accounting-policy to restore the default.

Syntax

wlan apply accounting-policy policy-name

undo wlan apply accounting-policy

Default

No accounting policy is applied to a user profile.

Views

User profile view

Predefined user roles

network-admin

Parameters

policy-name: Specifies the policy name, a case-insensitive string of 1 to 31 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), and hyphens (-).

Usage guidelines

This feature enables APs to perform client traffic accounting based on the accounting policy applied to the user profile. Upon client association, the authentication server deploys the user profile bound to the client account to the client authenticator (AC or AP). If the AC is the authenticator, it deploys the user profile to the AP.

If no accounting policy is applied to a user profile, the system performs AAA accounting.

Accounting policy changes, including deletion, for a user profile do not affect online clients.

Examples

# Apply accounting policy abc to user profile 123.

<Sysname> system-view

[Sysname] user-profile 123

[Sysname-user-profile-123] wlan apply accounting-policy abc

Related commands

wlan accounting-policy

wlan association optimization

Use wlan association optimization to set the index for optimizing client association ratios.

Use undo wlan association optimization to restore the default.

Syntax

wlan association optimization value

undo wlan association optimization

Default

The index is 0. The device does not optimize client association ratios.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the index for optimizing client association ratios, in the range of 900 to 1000. The smaller the index is, the smaller the calculated association success ratio will be and the larger the calculated congestion ratio and abnormal disassociation ratio will be.

Usage guidelines

This feature enables the device to recalculate the client association success ratio, association congestion ratio, and abnormal disassociation ratio by using the specified index to get smaller ratio values.

The client association success ratio is the number of successful client associations divided by the total number of client association attempts. The client association congestion ratio is the number of failed client associations caused by AP overloading divided by the total number of client association attempts. The client abnormal disassociation ratio is the number of abnormal disassociations divided by the sum of successful associations and online clients.

Examples

# Set the index for optimizing client association ratios to 950.

<Sysname> system-view

[Sysname] wlan association optimization 950

wlan client forwarding enable

Use wlan client forwarding enable to enable client traffic forwarding.

Use undo wlan client forwarding enable to disable client traffic forwarding.

Syntax

wlan client forwarding enable

undo wlan client forwarding enable

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

·     WX3024H-F

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Yes

WX5800H series

WX5860H

EWP-WX5860H-GL

Yes

Default

Client traffic forwarding is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable this feature if you configure the AC as the client traffic forwarder.

In an AC hierarchical network, disable this feature on the central AC and enable this feature on local ACs if the client traffic forwarder is the AC. This guarantees central AC's management performance in case a local AC is down.

For more information about AC hierarchy, see WLAN Advanced Features Configuration Guide.

Examples

# Disable client traffic forwarding.

<Sysname> system-view

[Sysname] undo wlan client forwarding enable

Related commands

client forwarding-location

wlan client forwarding-policy-name

Use wlan client forwarding-policy-name to apply a forwarding policy to a user profile.

Use undo wlan client forwarding-policy-name to restore the default.

Syntax

wlan client forwarding-policy-name policy-name

undo wlan client forwarding-policy-name

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

·     WX3024H-F

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Yes

WX5800H series

WX5860H

EWP-WX5860H-GL

Yes

Default

No forwarding policy is applied to a user profile.

Views

User profile view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

For the AC to perform policy-based forwarding for clients that use a user profile, apply a forwarding policy to the user profile. After a client passes authentication, the authentication server sends the user profile name specified for the client to the AC. The AC will forward traffic of the client based on the forwarding policy applied to the user profile.

For the forwarding policy applied to a user profile to take effect, perform the following tasks for the service template that the user profile uses:

·     Enable policy-based forwarding.

·     Specify the AC to perform client authentication.

If you modify or delete the applied forwarding policy, the change takes effect when the client comes online again.

The AC preferentially uses the forwarding policy applied to a user profile to direct client traffic forwarding. If the user profile of a client does not have a forwarding policy applied, the AC uses the forwarding policy applied to the service template.

Make sure the AC and its associated APs are in different network segments.

Examples

# Apply forwarding policy policyname to user profile profilename.

<Sysname> system-view

[Sysname] user-profile profilename

[Sysname-user-profile-profilename] wlan client forward-policy-name policyname

Related commands

client forwarding-policy enable

client-security authentication-location

wlan client reauthentication-period

Use wlan client reauthentication-period to set the idle period before client reauthentication.

Use undo wlan client reauthentication-period to restore the default.

Syntax

wlan client reauthentication-period [ period-value ]

undo wlan client reauthentication-period

Default

The idle period is 10 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

period-value: Specifies the idle period in the range of 1 to 3600 seconds.

Usage guidelines

When URL redirection for WLAN MAC authentication is enabled, an AP redirects clients whose information is not recorded on the RADIUS server to the specified URL for Web authentication. Clients passing Web authentication are logged off and must perform MAC reauthentication to come online. However, MAC reauthentication fails if the IP addresses assigned to the clients have not expired.

Perform this task to add these clients to the dynamic blacklist for the specified idle period after they pass Web authentication to reduce reauthentication failures.

Examples

# Set the idle period before client reauthentication to 100 seconds.

<Sysname> system-view

[Sysname] wlan client reauthentication-period 100

wlan dynamic-blacklist active-on-ap

Use wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on APs.

Use undo wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on the AC.

Syntax

wlan dynamic-blacklist active-on-ap

undo wlan dynamic-blacklist active-on-ap

Default

The dynamic blacklist takes effect on APs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If you configure the dynamic blacklist to take effect on the AC, all APs connected to the AC will reject the client in the dynamic blacklist. If you configure the dynamic blacklist to take effect on APs, the AP associated with the client in the dynamic blacklist will reject the client, but the client can still associate with other APs connected to the AC. As a best practice, configure the dynamic blacklist to take effect on the AC in high-density environments.

Examples

# Configure the dynamic blacklist to take effect on the AC.

<Sysname> system-view

[Sysname] undo wlan dynamic-blacklist active-on-ap

wlan dynamic-blacklist lifetime

Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries.

Use undo wlan dynamic-blacklist lifetime to restore the default.

Syntax

wlan dynamic-blacklist lifetime lifetime

undo wlan dynamic-blacklist lifetime

Default

The aging time is 300 seconds for dynamic blacklist entries.

Views

System view

Predefined user roles

network-admin

Parameters

lifetime: Specifies the aging time in the range of 1 to 3600 seconds.

Usage guidelines

The configured aging time takes effect only on entries added to the dynamic blacklist after this command is executed.

The aging time for dynamic blacklist entries only applies to rogue client entries.

Examples

# Set the aging time for dynamic blacklist entries to 3600 seconds.

<Sysname> system-view

[Sysname] wlan dynamic-blacklist lifetime 3600

wlan forwarding-policy

Use wlan forwarding-policy to create a forwarding policy and enter its view, or enter the view of an existing forwarding policy.

Use undo wlan forwarding-policy to delete a forwarding policy.

Syntax

wlan forwarding-policy policy-name

undo wlan forwarding-policy policy-name

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

·     WX3024H-F

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

Yes

WX5800H series

WX5860H

EWP-WX5860H-GL

Yes

Default

No forwarding policies are created.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.

You can create a maximum of 1000 forwarding policies.

Examples

# Create forwarding policy abc and enter its view.

<Sysname> system-view

[Sysname] wlan forwarding-policy abc

[Sysname-wlan-fp-abc]

wlan guest-tunnel

Use wlan guest-tunnel { aggregation-ac | edge-ac } to set the AC role and enter its view or directly enter the view of an edge AC or aggregation AC.

Use undo wlan guest-tunnel to restore the default.

Syntax

wlan guest-tunnel { aggregation-ac | edge-ac }

undo wlan guest-tunnel

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

No

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Default

An AC is neither an aggregation AC nor an edge AC.

Views

Any view

Predefined user roles

network-admin

Parameters

aggregation-ac: Specifies the AC as an aggregation AC.

edge-ac: Specifies the AC as an edge AC.

Usage guidelines

To change the role of an AC, you must first restore the default AC role.

Restoring the default AC role removes all the guest tunnel settings on the AC.

Examples

# Set the AC role to aggregation and enter its view.

<Sysname> system-view

[Sysname] wlan guest-tunnel aggregation-ac

[Sysname-wlan-aggregation-ac]

wlan guest-tunnel flow-distribute enable

Use wlan guest-tunnel flow-distribute enable to enable guest tunnel flow distribution.

Use undo wlan guest-tunnel flow-distribute enable to disable guest tunnel flow distribution.

Syntax

wlan guest-tunnel flow-distribute enable

undo wlan guest-tunnel flow-distribute enable

The following compatibility matrixes show the support of hardware platforms for this command:

 

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

No

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Command compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Default

Guest tunnel flow distribution is disabled.

Views

Edge AC view

Aggregation AC view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to distribute guest tunnel flows to different CPUs before they are encrypted by IPsec to improve forwarding efficiency.

Enable this feature only when IPsec is configured for guest tunnels.

This feature must be enabled or disabled at the same time on the edge AC and the aggregation AC of a guest tunnel.

Examples

# Enable guest tunnel flow distribution on an edge AC.

<Sysname> system-view

[Sysname] wlan guest-tunnel edge-ac

[Sysname-wlan-edge-ac] wlan guest-tunnel flow-distribute enable

wlan imc

Use wlan imc to specify an IMC server by its IP address and port number.

Use undo wlan imc to restore the default.

Syntax

wlan imc ip ip-address port port-number

undo wlan imc

Default

No IMC server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

ip ip-address: Specifies an IMC server by its IP address.

port port-number: Specifies an IMC server by its port number in the range of 1025 to 65535.

Usage guidelines

This feature enables the system to report association and disassociation events of APs, clients, and portal users to an IMC server, allowing you to view the statistics from the IMC platform.

Examples

# Specify an IMC server.

<Sysname> system-view

[Sysname] wlan imc ip 1.1.1.1 port 65535

wlan link-test

Use wlan link-test to test wireless link quality.

Syntax

wlan link-test mac-address

Views

Any view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the client MAC address in the H-H-H format.

Usage guidelines

Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.

The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.

Examples

# Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0.

<Sysname> wlan link-test 60a4-4cda-eff0

Testing link to 60a4-4cda-eff0. Press CTRL + C to break.

                              Link Status

-----------------------------------------------------------------------

MAC address: 60a4-4cda-eff0

-----------------------------------------------------------------------

VHT-MCS  Rate(Mbps)  Tx packets  Rx packets  RSSI   Retries RTT(ms)

-----------------------------------------------------------------------

NSS = 1

-----------------------------------------------------------------------

 0       32.5        5           5           54     0       0

 1       65          5           5           51     0       0

 2       97.5        5           5           49     0       0

 3       130         5           5           47     0       0

 4       195         5           5           45     0       0

 5       260         5           5           45     0       0

 6       292.5       5           5           44     0       0

 7       325         5           5           44     0       0

 8       390         5           5           44     0       0

 9       433.3       5           5           43     0       0

-----------------------------------------------------------------------

NSS = 2

-----------------------------------------------------------------------

 0       65          5           5           44     0       0

 1       130         5           5           44     0       0

 2       195         5           5           44     0       0

 3       260         5           5           44     0       0

 4       390         5           5           44     0       0

 5       520         5           5           44     0       0

 6       585         5           5           43     0       0

 7       650         5           5           43     0       0

 8       780         5           5           43     0       0

 9       866.7       5           5           43     0       0

# Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0.

<Sysname> wlan link-test 784f-43b6-077c

Testing link to 784f-43b6-077c. Press CTRL + C to break.

                              Link Status

-----------------------------------------------------------------------

MAC address: 784f-43b6-077c

-----------------------------------------------------------------------

MCS     Rate(Mbps)  Tx packets  Rx packets  RSSI   Retries  RTT(ms)

-----------------------------------------------------------------------

0       6.5         5           5           54     0        0

1       13          5           5           51     0        0

2       19.5        5           5           49     0        0

3       26          5           5           47     0        0

4       39          5           5           45     0        0

5       52          5           5           45     0        0

6       58.5        5           5           44     0        0

7       72.2        5           5           44     0        0

8       13          5           5           44     0        0

9       26          5           5           43     0        0

10       39         5           5           44     0        0

11       52         5           5           44     0        0

12       78         5           5           44     0        0

13       104        5           5           44     0        0

14       117        5           5           44     0        0

15       144.4      5           5           44     11       0

-----------------------------------------------------------------------

Table 20 Command output

Field

Description

No./MCS/VHT-MCS

·     No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients.

·     MCS—MCS index for link quality test on 802.11n clients.

·     VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients.

Rate(Mbps)

Rate at which the AP sends wireless link quality detection frames.

Tx packets

Number of wireless link quality detection frames sent by the AP.

Rx packets

Number of responses received by the AP.

RSSI

RSSI of the client detected by the AP.

Retries

Number of wireless link quality retransmission frames sent by the AP.

RTT(ms)

Round trip time for link quality test frames from the AP to the client.

NSS

Number of spatial streams for link quality test on 802.11n or 802.11ac clients.

wlan nas-port-id format

Use wlan nas-port-id format to set the format of NAS port IDs for wireless clients.

Use undo wlan nas-port-id format to restore the default.

Syntax

wlan nas-port-id format { 2 | 4 }

undo wlan nas-port-id format

Default

Clients use format 2 to generate NAS port IDs.

Views

System view

Predefined user roles

network-admin

Parameters

2: Specifies the SlotID00IfNOVlanID format.

·     SlotID—Slot ID for client access, a string of two characters.

·     IfNO—Interface number for client access, a string of three characters.

·     VlanID—VLAN ID for client access, a string of nine characters.

4: Specifies the slot=**;subslot=**;port=**;vlanid=**;vlanid2=** format. The vlanid2 field is available only for clients accessing the WLAN through an interface configured with VLAN termination.

Usage guidelines

802.1X and MAC-authenticated clients provide NAS port IDs in the specified format in RADIUS packets.

If a NAS port ID has been specified by using the nas-port-id command, clients use the specified NAS port ID.

Examples

# Set the NAS port ID format to format 4.

<Sysname> system-view

[Sysname] wlan nas-port-id format 4

Related commands

nas-port-id

wlan permit-ap-group

Use wlan permit-ap-group to specify a permitted AP group for client association.

Use undo permit-ap-group to delete a permitted AP group.

Syntax

wlan permit-ap-group ap-group-name

undo wlan permit-ap-group [ ap-group-name ]

Default

No permitted AP group is specified for client association.

Views

User profile view

Predefined user roles

network-admin

Parameters

ap-group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

If no permitted AP group is specified for client association, client access is not restricted.

If you specify a permitted AP group for client association, clients can only associate with APs in the AP group.

The undo form of the command deletes all permitted AP groups if you do not specify the ap-group-name argument.

Examples

# Specify AP group group1 as the permitted AP group for client association.

<Sysname> system-view

[Sysname] user-profile profile1

[Sysname-user-profile-profile1] wlan permit-ap-group group1

wlan permit-ssid

Use wlan permit-ssid to specify a permitted SSID for client association.

Use undo permit-ssid to delete a permitted SSID.

Syntax

wlan permit-ssid ssid-name

undo wlan permit-ssid [ ssid-name ]

Default

No permitted SSID is specified for client association.

Views

User profile view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

If no permitted SSID is specified for client association, client association is not restricted.

If you specify a permitted SSID for client association, clients can only associate with WLANs through the SSID.

The undo form of the command deletes all permitted SSIDs if you do not specify the ssid-name argument.

Examples

# Specify SSID ssid1 as the permitted SSID for client access.

<Sysname> system-view

[Sysname] user-profile profile1

[Sysname-user-profile- profile1] wlan permit-ssid ssid1

wlan service-template

Use wlan service-template to create a service template and enter its view, or enter the view of an existing service template.

Use undo wlan service-template to delete a service template.

Syntax

wlan service-template service-template-name

undo wlan service-template service-template-name

Default

No service template exists.

Views

System view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You cannot delete a service template that has been bound to a radio.

Examples

# Create service template service1 and enter its view.

<Sysname> system-view

[Sysname] wlan service-template service1

wlan static-blacklist mac-address

Use wlan static-blacklist mac-address to add a client to the static blacklist.

Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.

Syntax

wlan static-blacklist mac-address mac-address

undo wlan static-blacklist [ mac-address mac-address ]

Default

No clients exist in the static blacklist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

If you add an online client to the static blacklist, the command logs off the client.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.

Do not add multicast or broadcast MAC addresses to the static blacklist.

Examples

# Add MAC address 001c-f0bf-9c92 to the static blacklist.

<Sysname> system-view

[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92

Related commands

display wlan blacklist

wlan vip-client-group

Use wlan vip-client-group to create the VIP client group and enter its view or enter the view of the existing VIP client group.

Use undo wlan vip-client-group to delete the VIP client group.

Syntax

wlan vip-client-group

undo wlan vip-client-group

Default

No VIP client group exists.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You can view information about online clients in the VIP client group from the Oasis platform.

Examples

# Create the VIP client group.

<Sysname> system-view

[Sysname] wlan vip-client-group

[Sysname-wlan vip-client-group]

wlan web-server api-path

Use wlan web-server api-path to specify the path of the Web server to which client information is reported.

Use undo wlan web-server api-path to restore the default.

Syntax

wlan web-server api-path path

undo wlan web-server api-path

Default

The path of the Web server is not specified.

Views

System view

Predefined user roles

network-admin

Parameters

path: Specifies a path, a case-sensitive string of 1 to 256 characters.

Usage guidelines

The Web server accepts client information only when the server's host name, port number, and path are specified.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the path of the Web server as /wlan/dev-cfg.

<Sysname> system-view

[Sysname] wlan web-server api-path /wlan/dev-cfg

Related commands

wlan web-server host

wlan web-server max-client-entry

wlan web-server host

Use wlan web-server host to specify the host name and port number of the Web server to which client information is reported.

Use undo wlan web-server host to restore the default.

Syntax

wlan web-server host host-name port port-number

undo wlan web-server host

Default

The host name and port number of the Web server are not specified.

Views

System view

Predefined user roles

network-admin

Parameters

host host-name: Specifies a host name, a case-insensitive string of 3 to 127 characters that can contain letters, digits, hyphens (-), underscores (_), and dots (.).

port port-number: Specifies a port number in the range of 1 to 65534.

Usage guidelines

The Web server accepts client information only when the server's host name, port number, and path are specified.

Client information changes are reported to the Web server in real time.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the host name and port number of the Web server as www.abc.com and 668, respectively.

<Sysname> system-view

[Sysname] wlan web-server host www.abc.com port 668

Related commands

wlan web-server api-path

wlan web-server max-client-entry

wlan web-server max-client-entry

Use wlan web-server max-client-entry to set the maximum number of client entries that can be reported at a time.

Use undo wlan web-server max-client-entry to restore the default.

Syntax

wlan web-server max-client-entry number

undo wlan web-server max-client-entry

Default

A maximum of ten client entries can be reported at a time.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies a maximum number of client entries that can be reported at a time, in the range of 1 to 25.

Examples

# Set the maximum of client entries that can be reported at a time to 12.

<Sysname> system-view

[Sysname] wlan web-server max-client-entry 12

Related commands

wlan web-server api-path

wlan web-server host

wlan whitelist mac-address

Use wlan whitelist mac-address to add a client to the whitelist.

Use undo wlan whitelist mac-address to remove a client from the whitelist.

Syntax

wlan whitelist mac-address mac-address

undo wlan whitelist [ mac-address mac-address ]

Default

No clients exist in the whitelist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.

If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.

Do not add multicast or broadcast MAC addresses to the whitelist.

Examples

# Add MAC address 001c-f0bf-9c92 to the whitelist.

<Sysname> system-view

[Sysname] wlan whitelist mac-address 001c-f0bf-9c92

This command will disconnect all clients. Continue? [Y/N]:

Related commands

display wlan whitelist