02-WLAN

HomeSupportResource CenterH3C Access Controllers Command References(E5208P03 E5215P01 R5215P01)-6W10202-WLAN
03-WLAN access commands
Title Size Download
03-WLAN access commands 222.87 KB

Contents

WLAN access commands· 3

beacon ssid-hide· 3

broadcast-probe reply· 3

classifier acl 4

client association-location· 5

client cache aging-time· 5

client forwarding-location· 6

client forwarding-policy-name· 7

client forwarding-policy enable· 8

client frame-format 9

client idle-timeout 9

client keep-alive· 10

client keep-alive interval 11

client max-count 12

client preferred-vlan authorized· 12

client vlan-alloc· 13

customlog format wlan· 14

description· 14

display uplink client-rate-limit 15

display wlan blacklist 17

display wlan client 18

display wlan client status· 23

display wlan forwarding-policy· 25

display wlan region-code· 26

display wlan service-template· 27

display wlan statistics· 31

display wlan whitelist 33

inherit exclude service-template· 34

map-configuration· 34

nas-id· 35

nas-port-id· 36

nas-vlan· 37

quick-association enable· 38

region-code· 38

region-code-lock· 41

reset wlan client 42

reset wlan dynamic-blacklist 43

reset wlan statistics client 43

service-template· 44

service-template enable· 45

snmp-agent trap enable wlan client 45

snmp-agent trap enable wlan client-audit 46

ssid· 46

unknown-client 47

uplink client-rate-limit 48

vlan· 49

wlan client forwarding enable· 50

wlan client forwarding-policy-name· 50

wlan client reauthentication-period· 51

wlan dynamic-blacklist active-on-ap· 52

wlan dynamic-blacklist lifetime· 53

wlan forwarding-policy· 53

wlan link-test 54

wlan permit-ap-group· 55

wlan permit-ssid· 56

wlan service-template· 56

wlan static-blacklist mac-address· 57

wlan web-server api-path· 58

wlan web-server host 58

wlan web-server max-client-entry· 59

wlan whitelist mac-address· 60

 


WLAN access commands

beacon ssid-hide

Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames.

Use undo beacon ssid-hide to restore the default.

Syntax

beacon ssid-hide

undo beacon ssid-hide

Default

The SSID is advertised in beacon frames.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command enables a radio to not carry SSIDs in the beacon frames and to not respond to probe requests after the specified service template is bound to the radio.

Examples

# Disable advertising the SSID in beacon frames.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] beacon ssid-hide

broadcast-probe reply

Use broadcast-probe reply enable to enable an AP to respond to broadcast probe requests.

Use broadcast-probe reply disable to disable an AP from responding to broadcast probe requests.

Use undo broadcast-probe reply to restore the default.

Syntax

broadcast-probe reply { disable | enable }

undo broadcast-probe reply

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, an AP responds to broadcast probe requests.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

Broadcast probe requests do not carry an SSID. Upon receiving a broadcast probe request, an AP responds with a probe response that carries service information for the AP. To ensure that clients that send unicast probe requests can associate with the AP, disable the AP from responding to broadcast probe requests.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Disable the AP ap1 from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] broadcast-probe reply disable

# Disable APs in the AP group group1 from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] broadcast-probe reply disable

classifier acl

Use classifier acl to configure a forwarding rule for a forwarding policy.

Use undo classifier acl to remove a forwarding rule.

Syntax

classifier acl { acl-number | ipv6 ipv6-acl-number } behavior { local | remote }

undo classifier acl { acl-number | ipv6 ipv6-acl-number }

Default

No forwarding rules are configured.

Views

Forwarding policy view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an IPv4 or Layer 2 ACL number in the range of 2000 to 4999.

ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 2000 to 3999.

behavior: Specifies a forwarding mode for traffic that matches the specified ACL.

local: Specifies the local forwarding mode.

remote: Specifies the centralized forwarding mode.

Usage guidelines

A forwarding rule takes effect immediately after it is created. You can configure a maximum of 1000 forwarding rules for a forwarding policy.

Examples

# Configure a forwarding rule to locally forward packets that match ACL 2000.

<sysname> system-view

[sysname] wlan forwarding-policy abc

[sysname-wlan-fp-abc] classifier acl 2000 behavior local

client association-location

Use client association-location to enable client association at the AC or APs.

Use undo client association-location to restore the default.

Syntax

client association-location { ac | ap }

undo client association-location

Default

Client association is performed at the AC.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Enables client association at the AC.

ap: Enables client association at APs.

Usage guidelines

Make sure the service template is disabled before you execute this command.

Examples

# Enable client association at the AC.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client association-location ac

client cache aging-time

Use client cache aging-time to set the client cache aging time.

Use undo client cache aging-time to restore the default.

Syntax

client cache aging-time aging-time

undo client cache aging-time

Default

The client cache aging time is 180 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the aging time in the range of 0 to 86400 seconds. If you set the aging time to 0, the device deletes the cache information of a client immediately after the client goes offline.

Usage guidelines

Make sure the service template is disabled before you execute this command.

The client cache saves information such as the PMK list and access VLAN for clients. If a client roams to another AP before the cache aging time expires, the client can inherit the cache information. If a client does not come online before the cache aging time expires, its cache information is cleared.

Examples

# Set the client cache aging time to 100 seconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client cache aging-time 100

client forwarding-location

Use client forwarding-location to specify the client data traffic forwarder.

Use undo client forwarding-location to restore the default.

Syntax

client forwarding-location { ac | ap [ vlan { vlan-start [ to vlan-end ] } ] }

undo client forwarding-location

Default

The following matrix shows the default setting for the command:

 

Hardware series

Model

Default

WX1800H series

WX1804H

WX1810H

WX1820H

The AC forwards client data traffic.

WX2500H series

WX2510H

WX2540H

WX2560H

The AC forwards client data traffic.

WX3000H series

WX3010H

WX3010H-X

WX3024H

The AC forwards client data traffic.

WX3010H-L

WX3024H-L

The AP forwards client data traffic.

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

The AC forwards client data traffic.

WX5500E series

WX5510E

WX5540E

The AC forwards client data traffic.

WX5500H series

WX5540H

WX5560H

WX5580H

The AC forwards client data traffic.

Access controller modules

EWPXM1MAC0F

EWPXM1WCME0

EWPXM2WCMD0F

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

The AC forwards client data traffic.

 

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Enables the AC to forward client data traffic.

ap: Enables APs to forward client data traffic.

vlan vlan-start to vlan-end: Specifies a VLAN ID range. The value range for the vlan-start and vlan-end arguments is 1 to 4094. If you do not specify this option, APs forward client data traffic from all VLANs.

Usage guidelines

Make sure the service template is disabled before you execute this command.

If APs forward client data traffic, you can specify a VLAN or a VLAN range for the APs to forward client data traffic from the specified VLANs. The AC forwards data traffic from other VLANs.

Make sure client traffic forwarding is enabled when the AC is configured as the client traffic forwarder.

Examples

# Configure APs to forward client data traffic from all VLANs.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-location ap

client forwarding-policy-name

Use client forwarding-policy-name to apply a forwarding policy to a service template.

Use undo client forwarding-policy-name to remove a forwarding policy from a service template.

Syntax

client forwarding-policy-name policy-name

undo client forwarding-policy-name

Default

No forwarding policy is applied to a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Make sure the AC and its associated APs are in different network segments.

Make sure the service template is disabled before you execute this command.

For the forwarding policy to take effect, you must enable policy-based forwarding and specify the AC to perform client authentication for the service template.

Examples

# Apply the forwarding policy strategy to service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-policy-name strategy

Related commands

·     client forwarding-policy enable

·     client-security authentication-location

client forwarding-policy enable

Use client forwarding-policy enable to enable policy-based forwarding for a service template.

Use undo client forwarding-policy enable to disable policy-based forwarding for a service template.

Syntax

client forwarding-policy enable

undo client forwarding-policy enable

Default

Policy-based forwarding is disabled for a service template.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Enable policy-based forwarding for a service template for the following forwarding policies to take effect:

·     The forwarding policy applied to the service template.

·     The forwarding policy applied to a user profile that uses the service template.

Examples

# Enable policy-based forwarding for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-policy enable

Related commands

client-security authentication-location

client frame-format

Use client frame-format to set the encapsulation mode for client data frames..

Use undo client frame-format to restore the default.

Syntax

client frame-format { dot3 | dot11 }

undo client frame-format

Default

Client data frames are encapsulated in 802.3 format.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot3: Configures the client data frames to be encapsulated in 802.3 format.

dot11: Configures the client data frames to be encapsulated in 802.11 format.

Usage guidelines

Make sure the service template is disabled before you execute this command.

This command takes effect only in centralized forwarding mode.

Examples

# Configure the client data frames to be encapsulated in 802.11 format.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client frame-format dot11

Related commands

client forwarding-location

client idle-timeout

Use client idle-timeout to set the client idle timeout timer.

Use undo client idle-timeout to restore the default.

Syntax

client idle-timeout interval

undo client idle-timeout

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, the client idle timeout timer is 3600 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.

Usage guidelines

If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the client idle timeout timer to 2000 seconds for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client idle-timeout 2000

# Set the client idle timeout timer to 2000 seconds for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client idle-timeout 2000

client keep-alive

Use client keep-alive enable to enable client keepalive.

Use client keep-alive disable to disable client keepalive.

Use undo client keep-alive to restore the default.

Syntax

client keep-alive { disable | enable }

undo client keep-alive

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, client keepalive is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

disable: Disables client keepalive.

enable: Enables client keepalive.

Usage guidelines

This feature enables an AP to send keepalive packets to clients at the client keepalive interval to identify whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable client keepalive for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client keep-alive enable

# Enable client keepalive for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client keep-alive enable

Related commands

client keep-alive interval

client keep-alive interval

Use client keep-alive interval to set the client keepalive interval.

Use undo client keep-alive interval to restore the default.

Syntax

client keep-alive interval value

undo client keep-alive interval

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, the client keepalive interval is 300 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.

Usage guidelines

Enable client keepalive before you execute this command.

This command enables an AP to send keepalive packets to clients at the client keepalive interval to identify whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the keepalive interval to 20 seconds for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client keep-alive interval 20

# Set the keepalive interval to 20 seconds for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client keep-alive interval 20

Related commands

client keep-alive enable

client max-count

Use client max-count to set the maximum number of associated clients for a service template.

Use undo client max-count to restore the default.

Syntax

client max-count max-number

undo client max-count

Default

The number of associated clients for a service template is not limited.

Views

Service template view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of clients in the range of 1 to 2007.

Usage guidelines

When this feature is configured, new clients cannot access the WLAN when the maximum number is reached.

Examples

# Set the maximum number of associated clients to 38 for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client max-count 38

client preferred-vlan authorized

Use client preferred-vlan authorized to configure clients to prefer the authorization VLAN after roaming.

Use undo client preferred-vlan authorized to configure client VLANs to remain unchanged after client roaming.

Syntax

client preferred-vlan authorized

undo client preferred-vlan authorized

Default

Clients prefer the authorization VLAN after roaming.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This feature takes effect only on 802.1X and MAC authentication clients.

Typically, the VLAN of a client remains unchanged after client roaming. However, if the client triggers a security alert configured on IMC after roams to another AP, the issued authorization VLAN for user isolation takes effect.

Examples

# Configure clients to prefer the authorization VLAN after roaming.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client preferred-vlan authorized

client vlan-alloc

Use client vlan-alloc to specify the VLAN allocation method for clients.

Use undo client vlan-alloc to restore the default.

Syntax

client vlan-alloc { dynamic | static | static-compatible }

undo client vlan-alloc { dynamic | static | static-compatible }

Default

The VLAN allocation method for clients is dynamic.

Views

Service template view

Predefined user roles

network-admin

Parameters

dynamic: Specifies dynamic VLAN allocation.

static: Specifies static VLAN allocation.

static-compatible: Specifies compatible static VLAN allocation.

Usage guidelines

When a client comes online for the first time, the radio assigns a random VLAN to it. When the client comes online again, the VLAN assigned to the client depends on the allocation method.

·     Static allocationThe client inherits the VLAN that has been assigned to it. If the IP address lease has not expired, the client will use the same IP address. This method helps save IP addresses.

·     Dynamic allocation—The client is re-assigned a VLAN. This method balances clients in all VLANs.

·     Compatible static allocation—The client inherits the VLAN that has been assigned to it when roaming between Comware 5 and Comware 7 ACs.

Examples

# Specify the VLAN allocation method for clients as dynamic.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client vlan-alloc dynamic

customlog format wlan

Use customlog format wlan to enable the device to generate client logs in the specified format.

Use undo customlog format wlan to restore the default.

Syntax

customlog format wlan { normal | sangfor }

undo customlog format wlan

Default

The device generates client logs only in the H3C format.

Views

System view

Predefined user roles

network-admin

Parameters

normal: Specifies normal format.

sangfor: Specifies sangfor format.

Usage guidelines

By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.

You can configure the device to generate client logs in one of the following formats:

·     normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.

·     sangfor—Logs AP MAC address, client IP address, and client MAC address.

This feature does not affect the generation of client logs in H3C format.

Examples

# Enable the device to generate client logs in sangfor format.

<Sysname> system-view

[Sysname] customlog format wlan sangfor

description

Use description to configure a description for a service template.

Use undo description to restore the default.

Syntax

description text

undo description

Default

A service template does not have a description.

Views

Service template view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 64 characters.

Examples

# Configure the description as wlanst for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] description wlanst

display uplink client-rate-limit

Use display uplink client-rate-limit to display uplink client rate limit settings.

Syntax

display uplink client-rate-limit

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The following matrix shows the command and hardware compatibility:

 

Hardware series

Model

Uplink client rate limit compatibility

WX1800H series

WX1804H

No

WX1810H

WX1820H

Yes

WX2500H series

WX2510H

WX2540H

WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3024H

Yes

WX3010H-L

WX3024H-L

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

No

WX5500E series

WX5510E

WX5540E

No

WX5500H series

WX5540H

WX5560H

WX5580H

No

Access controller modules

EWPXM1MAC0F

EWPXM1WCME0

EWPXM2WCMD0F

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

No

 

Examples

# Display uplink client rate limit settings.

<Sysname> display uplink client-rate-limit

Direction: Inbound

  Status: Enabled

  Mode: Static

  Global CIR: 2000 kbps

  User CIR: 100 kbps

Direction: Outbound

  Status: Disabled

Table 1 Command output

Field

Description

Direction

Client rate limit direction:

·     Inbound.

·     Outbound.

Status

Client rate limit status:

·     Enabled.

·     Disabled.

Mode

Client rate limit mode:

·     Dynamic.

·     Static.

Global CIR

Global CIR in kbps.

User CIR

Per-client CIR in kbps.

 

Related commands

uplink client-rate-limit

display wlan blacklist

Use display wlan blacklist to display blacklist entries.

Syntax

display wlan blacklist { dynamic | static }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Specifies the dynamic blacklist.

static: Specifies the static blacklist.

Examples

# Display static blacklist entries.

<Sysname> display wlan blacklist static

Total number of clients: 3

 MAC addresses:

  000e-35b2-000e

  0019-5b8e-b709

  001c-f0bf-9c92

# Display dynamic blacklist entries.

<Sysname> display wlan blacklist dynamic

Total number of clients: 3

MAC address     APID  Lifetime (s)  Duration (hh:mm:ss)

000f-e2cc-0001  1     300           00:02:11

000f-e2cc-0002  2     300           00:01:17

000f-e2cc-0003  3     300           00:02:08

Table 2 Command output

Field

Description

MAC address

Client MAC address.

APID

ID of the AP that detects the rogue client.

Lifetime (s)

Lifetime of the entry in seconds.

Duration (hh:mm:ss)

Duration for the entry since the entry was added to the dynamic blacklist.

 

display wlan client

Use display wlan client to display client information.

Syntax

display wlan client [ ap ap-name [ radio radio-id ] | mac-address mac-address | service-template service-template-name | frequency-band { 2.4 | 5 } ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Displays information about clients that are connected to the specified AP. The AP name is a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

radio radio-id: Displays information about clients that are connected to the specified radio. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays information about all clients that are connected to the specified AP.

mac-address mac-address: Specifies a client by its MAC address.

service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.

frequency-band: Displays information about clients working on the specified band.

2.4: Specifies the 2.4 GHz band.

5: Specifies the 5 GHz band.

verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.

Examples

# Display brief information about all clients.

<Sysname> display wlan client

Total number of clients: 3

 

MAC address    Username  AP name         RID   IP address      IPv6 address   VLAN

000f-e265-6400 N/A       ap1             1     1.1.1.1                        100

000f-e265-6401 user      ap2             1     3.0.0.3                        200

84db-ac14-dd08 N/A       ap1             1     5.5.5.3         1::2:0:0:3     1

Table 3 Command output

Field

Description

MAC address

Client MAC address.

Username

Client username.

·     The field displays the client username if the client uses 802.1X or MAC authentication.

·     The field displays N/A if the client does not use 802.1X or MAC authentication.

NOTE:

If the client uses portal authentication, this field does not display the portal username of the client.

AP name

Name of the AP that the client is associated with.

RID

ID of the radio that the client is associated with.

IP address

IPv4 address of the client.

IPv6 address

IPv6 address of the client.

VLAN ID

ID of the VLAN to which the client belongs.

 

# Display detailed information about all clients.

<Sysname> display wlan client verbose

Total number of clients: 1

 

MAC address                        : 000f-e265-6400

IPv4 address                       : 10.1.1.114

IPv6 address                       : 2001::1234:5678:0102:0304

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : ap1

Radio ID                           : 1

SSID                               : office

BSSID                              : 0026-3e08-1150

VLAN ID                            : 3

Sleep count                        : 0

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/195 Mbps

Authentication method              : Open system

Security mode                      : PRE-RSNA

AKM mode                           : Not configured

Cipher suite                       : N/A

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy                     : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Inactive

Table 4 Command output

Field

Description

MAC address

Client MAC address.

IPv4 address

Client IPv4 address.

IPv6 address

Client IPv6 address.

Username

Client username.

·     The field displays the client username if the client uses 802.1X or MAC authentication.

·     The field displays N/A if the client does not use 802.1X or MAC authentication.

NOTE:

If the client uses portal authentication, this field does not display the portal username of the client.

AID

Association ID

AP ID

ID of the AP that the client is associated with.

AP name

Name of the AP that the client is associated with.

Radio ID

ID of the radio that the client is associated with.

SSID

SSID with which the client is associated.

VLAN ID

ID of the VLAN to which the client belongs.

Sleep count

Number of transitions to the sleep state.

Wireless mode

Wireless mode:

·     802.11a.

·     802.11b.

·     802.11g.

·     802.11gn.

·     802.11an.

·     802.11ac.

Channel bandwidth

Channel bandwidth, 20 MHz, 40 MHz, 80 MHz, or 160 MHz.

SM Power Save

SM Power Save:

·     EnabledOnly one antenna of a client operates in active state, and others operate in sleep state to save power.

·     Disabled.

SM power save mode

Power saving mode.

·     Dynamic.

·     Static.

Short GI for 20MHz

Whether the client supports short GI when its channel bandwidth is 20 MHz.

·     Supported.

·     Not supported.

Short GI for 40MHz

Whether the client supports short GI when its channel bandwidth is 40 MHz.

·     Supported.

·     Not supported.

Short GI for 80MHz

Whether the client supports short GI when its channel bandwidth is 80 MHz.

·     Supported.

·     Not supported.

Short GI for 160/80+80MHz

Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz.

·     Supported.

·     Not supported.

STBC Rx Capability

Client STBC receive capability.

·     Not Supported.

·     Supported.

STBC Tx Capability

Client STBC transmission capability.

·     Not Supported.

·     Supported.

LDPC Rx capability

Client LDPC receive capability.

·     Not Supported.

·     Supported.

SU beamformee capability

Client SU beamformee capability.

·     Not Supported.

·     Supported.

MU beamformee capability

Client MU beamformee capability.

·     Not Supported.

·     Supported.

Beamformee STS capability

Client beamformee STS capability.

·     Not Supported.

·     Supported.

Block Ack

Negotiation result of Block ACK with TID.

·     IN—Sends Block ACK for traffic from the inbound direction.

·     OUT—Sends Block ACK for traffic from the outbound direction.

·     BOTH—Sends Block ACK for traffic from both inbound and outbound directions.

Supported VHT-MCS set

VHT-MCS supported by the client.

Supported HT MCS set

HT-MCS supported by the client.

QoS mode

QoS mode:

·     N/A—WMM is not supported.

·     WMM—WMM is supported.

WMM information negotiation is carried out between an AP and a client that both support WMM.

Listen interval

Interval at which the client wakes up to listen to beacon frames. It is counted by beacon interval.

RSSI

Received signal strength indication. This value indicates the client signal strength detected by the AP.

Rx/Tx rate

Sending and receiving rates of data, management, and control frames.

Authentication method

Authentication method, open system or shared key.

Security mode

Security mode:

·     RSN—Beacons and probe responses carry RSN IE.

·     WPA—Beacons and probe responses carry WPA IE.

·     PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE.

AKM mode

AKM mode:

·     802.1X.

·     PSK.

·     Not configured.

Cipher suite

Cipher suite:

·     N/A.

·     WEP40.

·     WEP104.

·     WEP128.

·     CCMP.

·     TKIP.

User authentication mode

User authentication mode:

·     Bypass—No client authentication.

·     MAC.

·     802.1X.

·     OUI.

Authorization ACL ID

Authorized ACL number:

·     This field displays the ACL number if the authorized ACL takes effect.

·     This field displays the ACL number + Not effective if the authorized ACL does not take effect.

·     This field displays N/A if the authentication server is configured without any authorized ACL.

Authorization user profile

Name of the authorized user profile:

·     This field displays the authorized user profile name if the authorized user profile takes effect.

·     This field displays the authorized user profile name + Not effective if the authorized user profile does not take effect.

·     This field displays N/A if the authentication server is configured without any authorized user profile.

Roam status

Roam status:

·     Roaming in progress.

·     Inter-AC slow roaming.

·     Inter-AC fast roaming.

·     Intra-AC slow roaming.

·     Intra-AC fast roaming.

·     This field displays N/A if the client stays in one BSS after coming online.

Key derivation

Key derivation type:

·     SHA1—Uses the HMAC-SHA1 hash algorithm.

·     SHA256—Uses the HMAC-SHA256 hash algorithm.

·     N/A—No key derivation algorithm is involved for the authentication type.

PMF status

PMF status:

·     Enabled—Management frame protection is enabled.

·     Disabled—Management frame protection is disabled.

·     N/A—Management frame protection is not involved.

Forward policy

WLAN forwarding policy.

·     Not configured—No WLAN forwarding policy is configured.

·     policy-name.

Online time

Client online duration.

FT status

Fast BSS transition (FT).

·     Active—FT is enabled.

·     Inactive—FT is disabled.

 

display wlan client status

Use display wlan client status to display client status information.

Syntax

display wlan client status [ mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.

verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.

Examples

# Display brief status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804

Total number of clients: 1

 

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name          RID

001c-f08f-f804  41ms         0     39/117Mbps      0.00%    ap2              2

# Display brief status information about all clients.

<Sysname> display wlan client status

Total number of clients: 2

 

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name          RID

000b-c002-9d09  41ms         65    39/117Mbps      0.00%    ap2              2

000f-e265-6401  10ms         62    130/195Mbps     0.00%    ap1              1

Table 5 Command output

Field

Description

MAC address

Client MAC address.

Access time

Time the client took to associate with the WLAN.

RSSI

RSSI of the client.

Rx/Tx rate

Rates at which the client receives and sends data, management packets, and control packets.

Discard

Ratio of packets discarded by the client.

AP name

Name of the AP that the client is associated with.

RID

ID of the radio that the client is associated with.

 

# Display detailed status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose

Total number of clients: 1

 

MAC address                       : 001c-f08f-f804

AP name                           : ap2

Radio ID                          : 2

Access time                       : 41 ms

RSSI                              : 0

Rx/Tx rate                        : 39/117 Mbps

Received:

 Retransmitted packets            : 84

 Retransmitted packet ratio       : 64.12%

Sent:

 Retransmitted packets            : 0

 Retransmitted packet ratio       : 0.00%

Discarded:

 Discarded packets                : 0

 Discarded packet ratio           : 0.00%

Table 6 Command output

Field

Description

MAC address

Client MAC address.

AP name

Name of the AP that the client is associated with.

Radio ID

ID of the radio that the client is associated with.

Access time

Time the client took to associate with the WLAN.

RSSI

RSSI of the client.

Rx/Tx rate

Rates at which the client receives and sends data, management packets, and control packets.

Received

Received packet statistics:

·     Retransmitted packets.

·     Retransmitted packet ratio.

Sent

Sent packet statistics:

·     Retransmitted packets.

·     Retransmitted packet ratio.

Discarded

Discarded packet statistics:

·     Discarded packets.

·     Discarded packet ratio.

 

display wlan forwarding-policy

Use display wlan forwarding-policy to display WLAN forwarding policy information.

Syntax

display wlan forwarding-policy [ policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameter

policy-name: Specifies a WLAN forwarding policy by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all WLAN forwarding policies.

Examples

# Display information about all WLAN forwarding policies.

<Sysname> display wlan forwarding-policy

Total number of forwarding policies: 2

 

Forwarding policy name: fwd1

 Classifier ACL 2000: Local

 Classifier ACL 2004: Local

 Classifier IPv6 ACL 2001: Remote

 Classifier IPv6 ACL 2002: Remote

 

Forwarding policy name: fwd2

 Classifier ACL 4021: Local

 Classifier IPv6 ACL 2000: Remote

 Classifier IPv6 ACL 3024: Remote

Table 7 Command output

Field

Description

Classifier ACL number

IPv4 packet forwarding mode:

·     Local—Local forwarding.

·     Remote—Centralized forwarding.

Classifier IPv6 ACL number

IPv6 packet forwarding mode:

·     Local—Local forwarding.

·     Remote—Centralized forwarding.

 

Related commands

wlan forwarding-policy

display wlan region-code

Use display wlan region-code to display region code information for all APs or the specified AP.

Syntax

display wlan region-code ap { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display region code information for all APs.

<Sysname> display wlan region-code ap all

Region Code

-----------------------------------------------------------------------

AP name                         Region Code

ap1                             CN  CHINA

ap2                             CN  CHINA

ap3                             CN  CHINA

Table 8 Command output

Field

Description

Region Code

Region code. For more information about region codes, see Table 11.

 

display wlan service-template

Use display wlan service-template to display service template information.

Syntax

display wlan service-template [ service-template-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.

verbose: Displays detailed service template information.

Examples

# Display brief information about all service templates.

<Sysname> display wlan service-template

Total number of service templates: 2

Service template name          SSID                 Status

1                              2333                 Enabled

2                              3222                 Enabled

# Display detailed information about all service templates.

<Sysname> display wlan service-template verbose

Service template name         : service1

Description                   : Not configured

SSID                          : wuxianfuwu

SSID-hide                     : Disabled

User-isolation                : Disabled

Service template status       : Disabled

Maximum clients per BSS       : 64

Frame format                  : Dot3

Seamless roam status          : Disabled

Seamless roam RSSI threshold  : 0

Seamless roam RSSI gap        : 0

VLAN ID                       : 1

AKM mode                      : PSK

Security IE                   : RSN

Cipher suite                  : CCMP

TKIP countermeasure time      : 100 sec

PTK lifetime                  : 43200 sec

GTK rekey                     : Enabled

GTK rekey method              : Time-based

GTK rekey time                : 86400 sec

GTK rekey client-offline      : Enabled

User authentication mode      : Bypass

Intrusion protection          : Disabled

Intrusion protection mode     : Temporary-block

Temporary block time          : 180 sec

Temporary service stop time   : 20 sec

Fail VLAN ID                  : 1

802.1X handshake              : Enabled

802.1X handshake secure       : Disabled

802.1X domain                 : my-domain

MAC-auth domain               : Not configured

Max 802.1X users per BSS      : 4096

Max MAC-auth users per BSS    : 4096

802.1X re-authenticate        : Enabled

Authorization fail mode       : Online

Accounting fail mode          : Online

Authorization                 : Permitted

Key derivation                : SHA1

PMF status                    : Optional

Hotspot policy number         : Not configured

Forwarding policy status      : Disabled

Forward policy name           : Not configured

Forwarder                     : AC

FT status                     : Enabled

QoS trust                     : Port

QoS priority                  : 0

Table 9 Command output

Field

Description

SSID

SSID of the service template.

SSID-hide

Whether the SSID is hidden in beacons.

·     Disabled.

·     Enabled.

User-isolation

Use isolation:

·     Disabled.

·     Enabled.

Service template status

Service template status:

·     Disabled.

·     Enabled.

Maximum clients per BSS

Maximum number of clients that the BSS supports.

Frame format

Client data frame encapsulation format:

·     Dot3—802.3 format.

·     Dot11802.11 format.

Seamless roam status

Seamless roaming:

·     Disabled.

·     Enabled.

This field is not supported in the current release.

Seamless roam RSSI threshold

Seamless roaming RSSI threshold.

This field is not supported in the current release.

Seamless roam RSSI gap

Seamless roaming RSSI gap.

This field is not supported in the current release.

VLAN ID

ID of the VLAN to which clients belong after they come online through the service template.

AKM mode

AKM mode, 802.1X or PSK.

Security IE

Security IE:

·     RSN.

·     WPA.

Cipher suite

Cipher suite:

·     WEP40.

·     WEP104.

·     WEP128.

·     TKIP.

·     CCMP.

TKIP countermeasure time

TKIP countermeasure time. The value 0 represents no countermeasures are taken.

GTK rekey

Whether GTK rekey is enabled:

·     Enabled.

·     Disabled.

GTK rekey method

GTK rekey method, time-based or packet-based.

GTK rekey time

GTK rekey interval.

GTK rekey packets

Number of packets that can be transmitted before the GTK is refreshed.

GTK rekey client-offline

Whether client-off GTK rekey is enabled:

·     Enabled.

·     Disabled.

User authentication mode

Authentication mode:

·     Bypass—No authentication.

·     MAC.

·     MAC-or-802.1X.

·     802.1X.

·     802.1X-or-MAC.

·     OUI-or-802.1X.

Intrusion protection

Whether intrusion protection is enabled:

·     Enabled.

·     Disabled.

Intrusion protection mode

Intrusion protection mode:

·     Temporary-block—Temporarily adds intruders to the block list.

·     Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets.

·     Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets.

Temporary block time

Temporary block time in seconds.

Temporary service stop time

Temporary service stop time in seconds.

Fail VLAN ID

ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured.

Critical VLAN ID

ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the Critical VLAN ID is not configured.

802.1X handshake

Whether 802.1X handshake is enabled:

·     Enabled.

·     Disabled.

802.1X handshake secure

Whether secure 802.1X handshake is enabled:

·     Enabled.

·     Disabled.

802.1X domain

802.1X authentication domain. This field displays Not configured if the domain is not configured.

MAC-auth domain

MAC authentication domain. This field displays Not configured if the domain is not configured.

Max 802.1X users per BSS

Maximum number of supported 802.1X users in a BSS.

Max MAC-auth users per BSS

Maximum number of supported users that pass the MAC authentication in a BSS.

802.1X re-authenticate

Whether 802.1X reauthentication is enabled:

·     Enabled.

·     Disabled.

Authorization fail mode

Authorization fail mode:

·     OfflineClients are logged off when authorization fails.

·     OnlineClients are not logged off when authorization fails.

Accounting fail mode

Accounting fail mode:

·     OfflineClients are logged off when accounting fails.

·     OnlineClients are not logged off when accounting fails.

Authorization

Authorization information:

·     Permitted—Applies the authorization information issued by the RADIUS server or the local device.

·     Ignored—Ignores the authorization information issued by the RADIUS server or the local device.

Key derivation

Key derivation type:

·     SHA1—Uses the HMAC-SHA1 hash algorithm.

·     SHA256—Uses the HMAC-SHA256 hash algorithm.

·     SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm.

PMF status

PMF status:

·     Disabled—Management frame protection is disabled.

·     Optional—Management frame protection in optional mode is enabled.

·     Mandatory—Management frame protection in mandatory mode is enabled.

Forwarding policy status

WLAN forwarding policy status:

·     Disabled.

·     Enabled.

Forward policy name

WLAN forwarding policy name:

·     Not configured—No WLAN forwarding policy is configured.

·     policy-name.

Forwarder

Client traffic forwarder:

·     AC.

·     AP.

FT status

FT status:

·     Disabled.

·     Enabled.

QoS trust

QoS priority trust mode:

·     Port—Port priority trust mode.

·     Dot11e—802.11e priority trust mode.

QoS priority

Port priority in the range of 0 to 7.

 

display wlan statistics

Use display wlan statistics to display client statistics or service template statistics.

Syntax

display wlan statistics { ap { all | name ap-name } connect-history | client [ mac-address mac-address ] | service-template service-template-name [ connect-history ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap: Specifies APs.

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

connect-history: Displays the connection history.

client: Specifies client statistics.

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.

service-template service-template-name: Specifies a service template by its name. If you also specify the connect-history keyword, the command displays the connection history for the specified service template.

Examples

# Display statistics for all clients.

<Sysname> display wlan statistics client

MAC address                : 0014-6c8a-43ff

AP name                    : ap1

Radio ID                   : 1

SSID                       : office

BSSID                      : 000f-e2ff-7700

RSSI                       : 31

Sent frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 9/1230 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 2/76 (frames/bytes)

Received frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 18/2437 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 7/468 (frames/bytes)

Discarded frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 0/0 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 5/389 (frames/bytes)

Table 10 Command output

Field

Description

SSID

SSID of the service template.

MAC address

Client MAC address.

Back ground

AC-BK queue.

Best effort

AC-BE queue.

Video

AC-VI queue.

Voice

AC-VO queue.

 

# Display statistics for service template 1.

<Sysname> display wlan statistics service-template 1

AP name                       : ap1

Radio ID                      : 1

Received:

  Frame count                 : 1713

  Frame bytes                 : 487061

  Data frame count            : 1683

  Data frame bytes            : 485761

  Association request count   : 2

Sent:

  Frame count                 : 62113

  Frame bytes                 : 25142076

  Data frame count            : 55978

  Data frame bytes            : 22626600

  Association response count  : 2

# Display the connection history for service template 1.

<Sysname> display wlan statistics service-template 1 connect-history

AP name                     : ap1

Radio ID                    : 1

Associations                : 132

Association failures        : 3

Reassociations              : 30

Rejections                  : 12

Exceptional deassociations  : 2

Current associations        : 57

 

AP name                     : ap1

Radio ID                    : 2

Associations                : 1004

Association failures        : 35

Reassociations              : 59

Rejections                  : 4

Exceptional deassociations  : 22

Current associations        : 300

# Display the connection history for the AP ap1.

<Sysname> display wlan statistics ap name ap1 connect-history

AP name                       : ap1

Associations                  : 1

Reassociations                : 0

Failures                      : 0

Rejections                    : 0

Exceptional deassociations    : 0

Current associations          : 1

display wlan whitelist

Use display wlan whitelist to display whitelist entries.

Syntax

display wlan whitelist

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display whitelist entries.

<Sysname> display wlan whitelist

Total number of clients: 3

 MAC addresses:

  000e-35b2-000e

  0019-5b8e-b709

  001c-f0bf-9c92

inherit exclude service-template

Use inherit exclude service-template to configure an AP to not inherit the specified service template from an AP group.

Use undo inherit exclude service-template to restore the default.

Syntax

inherit exclude service-template service-template-name

undo inherit exclude service-template service-template-name

Default

An AP inherits the service template bound to an AP group.

Views

Radio view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Examples

# Configure the AP ap1 to not inherit the service template st from an AP group.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-ap-ap1] radio 1

[Sysname-ap-ap1-radio-1] inherit exclude service-template st

map-configuration

Use map-configuration to deploy a configuration file to an AP.

Use undo map-configuration to restore the default.

Syntax

map-configuration filename

undo map-configuration

Default

No configuration file is deployed to an AP.

Views

AP view

AP group AP model view

Predefined user roles

network-admin

Parameters

filename: Specifies a configuration file by its name, a case-insensitive string of 1 to 63 characters. Make sure the configuration file is stored in the storage medium of the AC.

Usage guidelines

Contents in the configuration file must be complete commands.

The configuration file takes effect when the CAPWAP tunnel to the AC is in Run state. It does not survive an AP reboot.

An AP can only use its main IP address to establish a CAPWAP tunnel to the AC if the AP is configured by using a configuration file.

Examples

# Deploy the configuration file downconfig.txt to the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] map-configuration downconfig.txt

# Deploy the configuration file downconfig.txt to APs with model WA4320i-ACN in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] map-configuration downconfig.txt

nas-id

Use nas-id to set the network access server identifier (NAS ID).

Syntax

nas-id nas-id

undo nas-id

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, the AP uses the configuration in global configuration view.

In global configuration view, no NAS ID is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

nas-id: Specifies a NAS ID, a case-sensitive string of 1 to 63 characters.

Usage guidelines

After coming online, a client sends a RADIUS request that carries the NAS ID to the RADIUS server to indicate its network access server.

You can set the NAS ID when binding a service template to a radio, or set the NAS ID in global configuration view, AP group view, or AP view. The priorities for these configurations are in descending order.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Set the NAS ID for the AP ap1 to abc123.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-AGN

[Sysname-wlan-ap-ap1] nas-id abc123

# Set the NAS ID for the AP group group1 to abc123.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] nas-id abc123

# Set the global NAS ID to abc123.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] nas-id abc123

nas-port-id

Use nas-port-id to set the network access server port identifier (NAS port ID).

Use the undo nas-port-id to restore the default.

Syntax

nas-port-id nas-port-id

undo nas-port-id

Default

In AP view, the AP uses the configuration in AP group view. If no NAS ID is specified in AP group view, the AP uses the configuration in global configuration view.

In AP group view, the AP uses the configuration in global configuration view.

In global configuration view, no NAS ID is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

nas-port-id: Specifies a NAS port ID, a case-sensitive string of 1 to 63 characters.

Usage guidelines

After coming online, a client sends a RADIUS request that carries the NAS port ID to the RADIUS server to indicate its network access server.

You can set the NAS port ID when binding a service template to a radio, or set the NAS port ID in global configuration view, AP group view, or AP view. The priorities for these configurations are in descending order.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Set the NAS port ID to abcd1234 for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-AGN

[Sysname-wlan-ap-ap1] nas-port-id abcd1234

# Set the NAS port ID to abcd1234 for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] nas-port-id abcd1234

# Set the global NAS port ID to abcd1234.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] nas-port-id abcd1234

nas-vlan

Use nas-vlan to set the network access server VLAN identifier (NAS VLAN ID) and enable the AC to encapsulate the VLAN ID in RADIUS requests.

Use undo nas-vlan to restore the default.

Syntax

nas-vlan vlan-id

undo nas-vlan

Default

No NAS VLAN ID is set. Authentication requests sent to the RADIUS server do not contain the NAS VLAN ID field.

Views

AP view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a NAS VLAN ID in the range of 1 to 4096.

Usage guidelines

When the NAS VLAN ID is set, the AC encapsulates the VLAN ID in RADIUS requests sent to the RADIUS server to indicate clients' network access server.

Set the NAS VLAN ID when a third-party Security Accounting Management (SAM) server is used as the RADIUS server.

Examples

# Set the NAS VLAN ID to 1234 for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] nas-vlan 1234

quick-association enable

Use quick-association enable to quick association.

Use undo quick-association to restore the default.

Syntax

quick-association enable

undo quick-association enable

Default

Quick association is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.

Examples

# Enable quick association for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1]quick-association enable

region-code

Use region-code to specify a region code.

Use undo region-code to restore the default.

Syntax

region-code code

undo region-code

Default

In AP view, the AP uses the configuration in AP group view. If no region code is specified in AP group view, the AP uses the configuration in global configuration view.

In AP group view, the AP uses the configuration in global configuration view.

In global configuration view, the region code is CN.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

code: Specifies a region code. For more information about region codes, see Table 11.

Table 11 Country code information

Country

Code

Country

Code

Andorra

AD

Korea, Republic of Korea

KR

United Arab Emirates

AE

Kenya

KE

Albania

AL

Kuwait

KW

Armenia

AM

Kazakhstan

KZ

Australia

AU

Lebanon

LB

Argentina

AR

Liechtenstein

LI

Australia

AT

Sri Lanka

LK

Azerbaijan

AZ

Lithuania

LT

Bosnia and Herzegovina

BA

Luxembourg

LU

Belgium

BE

Latvia

LV

Bulgaria

BG

Libyan

LY

Bahrain

BH

Morocco

MA

Brunei Darussalam

BN

Monaco

MC

Bolivia

BO

Moldova

MD

Brazil

BR

Macedonia

MK

Bahamas

BS

Macau

MO

Belarus

BY

Martinique

MQ

Belize

BZ

Malta

MT

Canada

CA

Mauritius

MU

Switzerland

CH

Mexico

MX

Cote d'ivoire

CI

Malay Archipelago

MY

Chile

CL

Namibia

NA

China

CN

Nigeria

NG

Colombia

CO

Nicaragua

NI

Costarica

CR

Netherlands

NL

Serbia

RS

Norway

NO

Cyprus

CY

New Zealand

NZ

Czech Republic

CZ

Oman

OM

Germany

DE

Panama

PA

Denmark

DK

Peru

PE

Dominica

DO

Poland

PL

Algeria

DZ

Philippines

PH

Ecuador

EC

Pakistan

PK

Estonia

EE

Puerto Rico

PR

Egypt

EG

Portugal

PT

Spain

ES

Paraguay

PY

Faroe Islands

FO

Qatar

QA

Finland

FI

Romania

RO

France

FR

Russian Federation

RU

Britain

GB

Saudi Arabia

SA

Georgia

GE

Sweden

SE

Gibraltar

GI

Singapore

SG

Greenland

GL

Slovenia

SI

Guadeloupe

GP

Slovak

SK

Greece

GR

San Marino

SM

Guatemala

GT

Salvador

SV

Guyana

GY

Syrian

SY

Honduras

HN

Thailand

TH

Hong Kong

HK

Tunisia

TN

Croatia

HR

Turkey

TR

Hungary

HU

Trinidad and Tobago

TT

Iceland

IS

Taiwan, Province of China

TW

India

IN

Ukraine

UA

Indonesia

ID

United States of America

US

Ireland

IE

Uruguay

UY

Israel

IL

Uzbekistan

UZ

Iraq

IQ

The Vatican City State

VA

Italy

IT

Venezuela

VE

Iran

IR

Virgin Islands

VI

Jamaica

JM

Vietnam

VN

Jordan

JO

Yemen

YE

Japan

JP

South Africa

ZA

Democratic People's Republic of Korea

KP

Zimbabwe

ZW

 

Usage guidelines

A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Specify US as the region code for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] region-code US

# Specify US as the region code for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] region-code US

# Specify US as the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code US

Related commands

region-code-lock

region-code-lock

Use region-code-lock enable to lock the region code.

Use region-code-lock disable to unlock the region code.

Use undo region-code-lock to restore the default.

Syntax

region-code-lock { disable | enable }

undo region-code-lock

Default

In AP view, the AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, the AP uses the configuration in global configuration view.

In global configuration view, the region code is not locked.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

You cannot change a region code that has been locked.

If no region code exists in AP view, the AP uses the region code in AP group view or the global region code even if you have locked the region code in AP view. If no region code exists in AP group view, the AP uses the global region code even if you have locked the region code in AP group view.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Lock the region code for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] region-code-lock enable

# Lock the region code for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] region-code-lock enable

# Lock the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code-lock enable

Related commands

region-code

reset wlan client

Use reset wlan client to log off a client or all clients.

Syntax

reset wlan client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

 Parameters

mac-address mac-address: Specifies a client by its MAC address.

all: Specifies all clients.

Examples

# Log off all clients.

<Sysname> reset wlan client all

Related commands

display wlan client

reset wlan dynamic-blacklist

Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.

Syntax

reset wlan dynamic-blacklist [ mac-address mac-address ]

Views

User view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.

Examples

# Remove all clients from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist

# Remove the specified client from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69

Related commands

display wlan blacklist

reset wlan statistics client

Use reset wlan statistics client to clear client statistics.

Syntax

reset wlan statistics client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all clients.

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Clear the statistics of all clients.

<Sysname> reset wlan statistics client all

Related commands

display wlan statistics

service-template

Use service-template to bind a service template to a radio or a radio interface.

Use undo service-template to unbind a service template from a radio or a radio interface.

Syntax

service-template service-template-name [ nas-id nas-id | nas-port-id nas-port-id ] [ ssid-hide ] [ vlan vlan-id | vlan-group vlan-group-name ]

undo service-template service-template-name

Default

In radio view, the AP uses the configuration in AP group view.

In AP group radio view, no service template is bound to a radio.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

nas-id nas-id: Specifies a NAS ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.

nas-port-id nas-port-id: Specifies a NAS port ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.

ssid-hide: Hides SSIDs in beacon frames.

vlan vlan-id: Specifies a VLAN to be bound to the radio by its VLAN ID in the range of 1 to 4094. If you do not specify this option, the radio uses the VLAN bound to the service template. If the specified VLAN does not exist, this command creates the VLAN when clients come online.

vlan-group vlan-group-name: Specifies a VLAN group to be bound to the radio by the VLAN group name, a string of 1 to 16 characters. If you do not specify this option, the radio uses the VLAN bound to the service template.

Usage guidelines

Before you bind a service template to a radio or a radio interface, you must create the service template.

You can use the vlan-group command to create a VLAN group. For more information, see Layer 2—LAN Switching Command References.

The VLAN ID or VLAN group configured using this command takes precedence over the VLAN ID configured for a service template.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Bind the service template service1 and the VLAN group vg1 to radio 1.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-ap-ap1] radio 1

[Sysname-ap-ap1-radio-1] service-template service1 vlan-group vg1

# Bind the service template service1 and the VLAN group vg1 to radio 1 in the AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4620i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4620i-ACN] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4620i-ACN-radio-1] service-template service1 vlan-group vg1

Related commands

vlan-group

service-template enable

Use service-template enable to enable a service template.

Use undo service-template enable to disable a service template.

Syntax

service-template enable

undo service-template enable

Default

A service template is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

If the number of BSSs on an AC exceeds the limit, you cannot enable a new service template.

Examples

# Enable the service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] service-template enable

snmp-agent trap enable wlan client

Use snmp-agent trap enable wlan client to enable SNMP notification for WLAN access.

Use undo snmp-agent trap enable wlan client to restore the default.

Syntax

snmp-agent trap enable wlan client

undo snmp-agent trap enable wlan client

Default

SNMP notification is disabled for WLAN access.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for WLAN access.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client

snmp-agent trap enable wlan client-audit

Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.

Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.

Syntax

snmp-agent trap enable wlan client-audit

undo snmp-agent trap enable wlan client-audit

Default

SNMP notification is disabled for client audit.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for client audit.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client-audit

ssid

Use ssid to set an SSID for a service template.

Use undo ssid to delete the SSID of a service template.

Syntax

ssid ssid-name

undo ssid

Default

No SSID is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

Disable the service template before you execute this command.

As a best practice, set a unique SSID for a service template.

Examples

# Set the SSID to lynn for the service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] ssid lynn

unknown-client

Use unknown-client to set the way that an AP processes traffic from unknown clients.

Use undo unknown-client to restore the default.

Syntax

unknown-client { deauthenticate | drop }

undo unknown-client

Default

An AP drops packets from unknown clients and deauthenticates these clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

deauthenticate: Drops packets from unknown clients and deauthenticates these clients.

drop: Drops packets from unknown clients.

Examples

# Configure the AP ap1 to drop packets from unknown clients but not deauthenticate these clients.

<Sysname> system-view

[Sysname] wlan service-template example

[Sysname -wlan-st-example] unknown-client drop

uplink client-rate-limit

Use uplink client-rate-limit to configure uplink client rate limit.

Use undo uplink client-rate-limit to restore the default.

Syntax

uplink client-rate-limit { inbound | outbound } mode { dynamic | static } global cir committed-information-rate [ user cir committed-information-rate ]

undo uplink client-rate-limit { inbound | outbound }

Default

Uplink client rate limit is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

inbound: Limits the rate of incoming packets on uplink Ethernet interfaces.

outbound: Limit the rate of outgoing packets on uplink Ethernet interfaces.

mode: Specifies the uplink client rate limit mode.

dynamic: Specifies the dynamic mode. In this mode, you need to specify only the global CIR. The per-client CIR is the global CIR divided by the number of clients.

static: Specifies the static mode. In this mode, you need to specify both the global CIR and the per-client CIR.

global cir committed-information-rate: Specifies the global CIR in the range of 50 to 1000000 kbps.

user cir committed-information-rate: Specifies the per-client CIR in the range of 50 to 1000000 kbps.

Usage guidelines

The following matrix shows the command and hardware compatibility:

 

Hardware series

Model

Uplink client rate limit compatibility

WX1800H series

WX1804H

No

WX1810H

WX1820H

Yes

WX2500H series

WX2510H

WX2540H

WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3024H

Yes

WX3010H-L

WX3024H-L

No

WX3500H series

WX3508H

WX3510H

WX3520H

WX3540H

No

WX5500E series

WX5510E

WX5540E

No

WX5500H series

WX5540H

WX5560H

WX5580H

No

Access controller modules

EWPXM1MAC0F

EWPXM1WCME0

EWPXM2WCMD0F

LSQM1WCMX20

LSQM1WCMX40

LSUM1WCME0

LSUM1WCMX20RT

LSUM1WCMX40RT

No

 

If you rate limit packets in both inbound and outbound directions, make sure the rate limit modes are the same.

If you execute this command multiple times to rate limit packets in one direction, the most recent configuration takes effect.

When this feature is configured, an AP discards non-HTTP packets if both the global CIR and the per-client CIR are exceeded. For an HTTP packet, the AP discards the packet if the global CIR, the per-client CIR, and the HTTP CIR are all exceeded. The HTTP CIR depends on the configured global CIR.

Examples

# Configure dynamic uplink client rate limit.

<Sysname> system-view

[Sysname] uplink client-rate-limit outbound mode dynamic global cir 51200

Related commands

display uplink client-rate-limit

vlan

Use vlan to assign clients coming online through a service template to a VLAN.

Use undo vlan to restore the default.

Syntax

vlan vlan-id

undo vlan

Default

Clients are assigned to VLAN 1 after coming online through a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094. If the specified VLAN does not exist, this command creates the VLAN when clients come online.

Usage guidelines

Disable the service template before you execute this command.

Examples

# Assign clients coming online through service template service1 to VLAN 2.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] vlan 2

wlan client forwarding enable

Use wlan client forwarding enable to enable client traffic forwarding.

Use undo wlan client forwarding enable to disable client traffic forwarding.

Syntax

wlan client forwarding enable

undo wlan client forwarding enable

Default

Client traffic forwarding is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable this feature if you configure the AC as the client traffic forwarder.

Examples

# Disable client traffic forwarding.

<Sysname> system-view

[Sysname] undo wlan client forwarding enable

Related commands

client forwarding-location

wlan client forwarding-policy-name

Use wlan client forwarding-policy-name to apply a forwarding policy to a user profile.

Use undo wlan client forwarding-policy-name to remove a forwarding policy from a user profile.

Syntax

wlan client forwarding-policy-name policy-name

undo wlan client forwarding-policy-name

Default

No forwarding policy is applied to a user profile.

Views

User profile view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Make sure the AC and its associated APs are in different network segments.

For the AC to perform policy-based forwarding for clients that use a user profile, apply a forwarding policy to the user profile. After a client passes authentication, the authentication server sends the user profile name specified for the client to the AC. The AC will forward traffic of the client based on the forwarding policy applied to the user profile.

For the forwarding policy applied to a user profile to take effect, perform the following tasks for the service template that the user profile uses:

·     Enable policy-based forwarding.

·     Specify the AC to perform client authentication.

If you modify or delete the applied forwarding policy, the change takes effect when the client comes online again.

The AC preferentially uses the forwarding policy applied to a user profile to direct client traffic forwarding. If the user profile of a client does not have a forwarding policy applied, the AC uses the forwarding policy applied to the service template.

Examples

# Apply the forwarding policy policyname to the user profile profilename.

<Sysname> system-view

[Sysname] user-profile profilename

[Sysname-user-profile-profilename] wlan client forwarding-policy-name policyname

Related commands

·     client forwarding-policy enable

·     client-security authentication-location

wlan client reauthentication-period

Use wlan client reauthentication-period to set the idle period before client reauthentication.

Use undo wlan client reauthentication-period to restore the default.

Syntax

wlan client reauthentication-period [ period-value ]

undo wlan client reauthentication-period

Default

The idle period is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

period-value: Specifies the idle period in the range of 1 to 3600 seconds. By default, the idle period is 10 seconds.

Usage guidelines

Set the idle period before client reauthentication to reduce reauthentication failures.

When URL redirection is enabled for WLAN MAC authentication clients, an AP logs off a client that has passed MAC authentication. At the next MAC authentication attempt, the client can pass MAC authentication and access the WLAN. With the idle period configured, the AP adds the client to the dynamic blacklist after logging off the client and the client entry ages out after the specified idle period.

Examples

# Set the idle period before client reauthentication to 100 seconds.

<Sysname> system-view

[Sysname] wlan client reauthentication-period 100

wlan dynamic-blacklist active-on-ap

Use wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on APs.

Use undo wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on the AC.

Syntax

wlan dynamic-blacklist active-on-ap

undo wlan dynamic-blacklist active-on-ap

Default

The dynamic blacklist takes effect on APs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If you configure the dynamic blacklist to take effect on the AC, all APs connected to the AC will reject the client in the dynamic blacklist. If you configure the dynamic blacklist to take effect on APs, the AP associated with the client in the dynamic blacklist will reject the client, but the client can still associate with other APs connected to the AC. As a best practice, configure the dynamic blacklist to take effect on the AC in high-density environments.

Examples

# Configure the dynamic blacklist to take effect on the AC.

<Sysname> system-view

[Sysname] undo wlan dynamic-blacklist active-on-ap

wlan dynamic-blacklist lifetime

Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries.

Use undo wlan dynamic-blacklist lifetime to restore the default.

Syntax

wlan dynamic-blacklist lifetime lifetime

undo wlan dynamic-blacklist lifetime

Default

The aging time is 300 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

lifetime: Specifies the aging time in the range of 1 to 3600 seconds.

Usage guidelines

The configured aging time takes effect only on entries added to the dynamic blacklist afterwards.

Examples

# Set the aging time for dynamic blacklist entries to 3600 seconds.

<Sysname> system-view

[Sysname] wlan dynamic-blacklist lifetime 3600

wlan forwarding-policy

Use wlan forwarding-policy to create a forwarding policy and enter forwarding policy view.

Use undo wlan forwarding-policy to delete a forwarding policy.

Syntax

wlan forwarding-policy policy-name

undo wlan forwarding-policy policy-name

Default

No forwarding policies are created.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

If the specified forwarding policy exists, the command enters forwarding policy view.

Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.

You can create a maximum of 1000 forwarding policies.

Examples

# Create the forwarding policy abc and enter its view.

<Sysname> system-view

[Sysname] wlan forwarding-policy abc

[Sysname-wlan-fp-abc]

wlan link-test

Use wlan link-test to test wireless link quality.

Syntax

wlan link-test mac-address

Views

Any view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the client MAC address in the H-H-H format.

Usage guidelines

Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.

The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.

Examples

# Test the quality of the wireless link to the client with the MAC address 60a4-4cda-eff0.

<Sysname> wlan link-test 60a4-4cda-eff0

Testing link to 60a4-4cda-eff0. Press CTRL + C to break.

                              Link Status

-----------------------------------------------------------------------

MAC address: 60a4-4cda-eff0

-----------------------------------------------------------------------

VHT-MCS  Rate(Mbps)  Tx packets  Rx packets  RSSI  Retries  RTT(ms)

-----------------------------------------------------------------------

NSS = 1

-----------------------------------------------------------------------

 0       6.5         5           5           54     0       0

 1       13          5           5           51     0       0

 2       19.5        5           5           49     0       0

 3       26          5           5           47     0       0

 4       39          5           5           45     0       0

 5       52          5           5           45     0       0

 6       58.5        5           5           44     0       0

 7       65          5           5           44     0       0

 8       78          5           5           44     0       0

-----------------------------------------------------------------------

Table 12 Command output

Field

Description

No./MCS/VHT-MCS

·     No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients.

·     MCS—MCS index for link quality test on 802.11n clients.

·     VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients.

Rate(Mbps)

Rate at which the AP sends wireless link quality detection frames.

Tx packets

Number of wireless link quality detection frames sent by the AP.

Rx packets

Number of responses received by the AP.

RSSI

RSSI of the client detected by the AP.

Retries

Number of wireless link quality retransmissions by the AP.

RTT(ms)

Round trip time for link quality test frames from the AP to the client.

NSS

Number of spatial streams for link quality test on 802.11n or 802.11ac clients.

 

wlan permit-ap-group

Use wlan permit-ap-group to specify a permitted AP group for client access.

Use undo permit-ap-group to delete a permitted AP group.

Syntax

wlan permit-ap-group ap-group-name

undo wlan permit-ap-group [ ap-group-name ]

Default

No permitted AP group is specified for client access.

Views

User profile view

Predefined user roles

network-admin

Parameters

ap-group-name: Specifies an AP group by its name, a string of 1 to 31 characters.

Usage guidelines

If you do not specify the ap-group-name argument when executing the undo command, the command deletes all permitted AP groups.

If no permitted AP group is specified for client access, client access is not restricted.

If you specify a permitted AP group for client access, clients can only access APs in the AP group.

Examples

# Specify the AP group group1 as the permitted AP group for client access.

<Sysname> system-view

[Sysname] user-profile profile1

[Sysname-user-profile-profile1] wlan permit-ap-group group1

wlan permit-ssid

Use wlan permit-ssid to specify a permitted SSID for client access.

Use undo permit-ssid to delete a permitted SSID.

Syntax

wlan permit-ssid ssid-name

undo wlan permit-ssid [ ssid-name ]

Default

No permitted SSID is specified for client access.

Views

User profile view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

If you do not specify the ap-group-name argument when executing the undo command, the command deletes all permitted SSIDs.

If no permitted SSID is specified for client access, client access is not restricted.

If you specify a permitted SSID for client access, clients can only access WLANs through the SSID.

Examples

# Specify the SSID ssid1 as the permitted SSID for client access.

<Sysname> system-view

[Sysname] user-profile profile1

[Sysname-user-profile-profile1] wlan permit-ssid ssid1

wlan service-template

Use wlan service-template to create a service template.

Use undo wlan service-template to delete a service template.

Syntax

wlan service-template service-template-name

undo wlan service-template service-template-name

Default

No service template exists.

Views

System view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If the specified service template exists, the command enters service template view.

You cannot delete a service template that has been bound to a radio.

Examples

# Create service template service1 and enter its view.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1]

wlan static-blacklist mac-address

Use wlan static-blacklist mac-address to add a client to the static blacklist.

Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.

Syntax

wlan static-blacklist mac-address mac-address

undo wlan static-blacklist [ mac-address mac-address ]

Default

No clients exist in the static blacklist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

If you add an online client to the static blacklist, the command logs off the client.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.

Examples

# Add the MAC address 001c-f0bf-9c92 to the static blacklist.

<Sysname> system-view

[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92

Related commands

display wlan blacklist

wlan web-server api-path

Use wlan web-server api-path to specify the path of the Web server to which client information is reported.

Use undo wlan web-server api-path to restore the default.

Syntax

wlan web-server api-path path

undo wlan web-server api-path

Default

The path of the Web server is not specified.

Views

System view

Predefined user roles

network-admin

Parameters

path: Specifies a path, a case-sensitive string of 1 to 256 characters.

Usage guidelines

The Web server accepts client information only when the server's host name, port number, and path are specified.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the path of the Web server as /wlan/dev-cfg.

<Sysname> system-view

[Sysname] wlan web-server api-path /wlan/dev-cfg

Related commands

wlan web-server host

wlan web-server max-client-entry

wlan web-server host

Use wlan web-server host to specify the host name and port number of the Web server to which client information is reported.

Use undo wlan web-server host to restore the default.

Syntax

wlan web-server host host-name port port-number

undo wlan web-server host

Default

The host name and port number of the Web server are not specified.

Views

System view

Predefined user roles

network-admin

Parameters

host host-name: Specifies a host name, a case-insensitive string of 3 to 127 characters that can contain letters, digits, hyphens (-), underscores (_), and dots (.).

port port-number: Specifies a port number in the range of 1 to 65534.

Usage guidelines

The Web server accepts client information only when the server's host name, port number, and path are specified.

Client information changes are reported to the Web server in real time.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the host name and port number of the Web server as www.abc.com and 668, respectively.

<Sysname> system-view

[Sysname] wlan web-server host www.abc.com port 668

Related commands

wlan web-server api-path

wlan web-server max-client-entry

wlan web-server max-client-entry

Use wlan web-server max-client-entry to set the maximum number of client entries to be reported at a time.

Use undo wlan web-server max-client-entry to restore the default.

Syntax

wlan web-server max-client-entry number

undo wlan web-server max-client-entry

Default

A maximum of 10 client entries can be reported at a time.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of client entries, in the range of 1 to 25.

Examples

# Set the maximum number of client entries to be reported at a time to 12.

<Sysname> system-view

[Sysname] wlan web-server max-client-entry 12

Related commands

wlan web-server api-path

wlan web-server host

wlan whitelist mac-address

Use wlan whitelist mac-address to add a client to the whitelist.

Use undo wlan whitelist mac-address to remove a client from the whitelist.

Syntax

wlan whitelist mac-address mac-address

undo wlan whitelist [ mac-address mac-address ]

Default

No clients exist in the whitelist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.

If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.

Examples

# Add the MAC address 001c-f0bf-9c92 to the whitelist.

<Sysname> system-view

[Sysname] wlan whitelist mac-address 001c-f0bf-9c92

This command will disconnect all clients. Continue? [Y/N]:

Related commands

display wlan whitelist