Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Documentation Guide | 91.68 KB |
The models listed in this manual are not applicable to all regions. Please consult your local sales office for the models applicable to your region.
About This Manual
This manual is organized as follows:
l Service Features: Briefly describes the major features of the modules described in this manual.
l Software Registration: Describes how to use the software registration function.
Related Manuals
l For information about the installation, startup and configuration, software maintenance, hardware maintenance, and installation troubleshooting of the WX series access controller products, refer to H3C WX5002 Series Access Controller Installation Manual, H3C WX5002V2 Access Controller Installation Manual, H3C LS8M1WCMA0 Access Controller Module Installation Manual, H3C WX5004 Access Controller Installation Manual, H3C S5800 Series LSWM1WCM20 Card Manual, H3C S5800-60C-PWR_S5820X-28C Series LSWM1WCM10 Card Manual, H3C S5800 Series Ethernet Switches Installation Manual, H3C WX6103 Series Access Controller Installation Manual, H3C LSQM1WCMB0 Access Controller Module Installation Manual, H3C LSBM1WCM2A0 Access Controller Module Installation Manual, H3C S9500E Series LSRM1WCM2A1 Access Controller Module Manual, H3C WX6103 10G Interface Module Installation Manual, and H3C WX3000 Series Unified Switches Installation Manual.
l For the configuration examples of the WX series access controller products, log in to H3C’s website at www.h3c.com to search for the configuration guide of the related products.
To obtain the latest product documentation from www.h3c.com, follow these steps:
l Select Technical Support & Document > Technical Documents on the home page.
Introduction to Manual Volumes
The software features of the WX series access controller products are described in nine manual volumes, which are briefed as follows:
l Login Volume: Describes how to log in to an access controller product, such as logging in on the Console port, logging in through Telnet, logging in through the Web-based network management system, logging in through NMS, and how to control login users.
l Access Volume: Covers the configuration of different interfaces and link layer protocols supported by the access controller products.
l IP Services Volume: Covers the configuration of IP-related features supported by the access controller products, including IP addressing, ARP, DHCP, DNS, IP addressing configuration, IP performance, IPv6 basics, IPv6 application, adjacency table and so on.
l IP Routing Volume: Covers the configuration of static routing and routing protocols supported by the access controller points, including static routing, IPv6 static routing and so on.
l IP Multicast Volume: Covers the configuration of multicast-related protocols supported by the access controller products, including multicast VLAN, IPv6 multicast VLAN, IGMP snooping, and MLD snooping protocols.
l QoS Volume: Covers the configuration of QoS-related protocols and features supported by the access controller products, including traffic classification, traffic policing, QoS policy, congestion management, and priority mapping.
l Security Volume: Covers the configuration of some security protocols supported by the access controller products, including 802.1X, AAA, MAC authentication, PKI, Portal, ACL, SSH 2.0, SSL, port security, security protection, public key, and so on.
l System Volume: Covers the configuration of system-related protocols and features supported by the access controller products, including device management, NTP, RMON, SNMP, file system management, system maintaining and debugging, information center, user interface, MAC address table management, HTTP, user profile, hotfix, and so on.
l OAA Volume: Covers the OAP module configuration, ACSEI server configuration, and ACSEI client configuration supported by the access controller products.
l WLAN Volume: Covers the configuration of WLAN-related protocols supported by the access controller products, including WLAN service, WLAN security, WLAN roaming, WLAN RRM, WLAN IDS, WLAN QoS, WLAN mesh, and so on.
Introduction
The H3C WX series access controller products can work together with the Fit APs developed by H3C, including the H3C WA2100 series, WA2200 series, and WA2600 (802.11n) series, to provide a diversity of WLAN networking solutions.
l The WX6000 series are large-capacity high-end access controller products developed by H3C. The WX6000 series include WX6103 access controllers, LSQM1WCMB0 access controller modules, LSBM1WCM2A0 access controller modules, and LSRM1WCM2A1 access controller modules.
l The WX5000 series are mid-range access controller products developed by H3C. The WX5000 series include WX5002 access controllers, WX5002V2 access controllers, WX5004 access controllers, LS8M1WCMA0 access controller modules, LSWM1WCM10 access controller modules, and LSWM1WCM20 access controller modules.
The WX6000 series and the WX5000 series provide high reliability, abundant features, and powerful WLAN access control functions. They are designed to provide WLAN access for enterprise networks and MANs, and are most suitable for applications such as WLAN access in a medium- and large-sized enterprise or campus network, wireless MAN coverage, hot spot coverage.
l The WX3000 series integrate functions of access controllers and Gigabit Ethernet switches. The WX3000 series include WX3024 unified switches, WX3010 unified switches and WX3008 unified switches. They provide overall Gigabit interfaces, support PoE+ (with each port providing the maximum power of 25W), support 802.11a/b/g/n series APs, and provide unified access control. The WX3000 series are designed for medium-/small-scaled enterprise networks and integrated access for the branches of large-scaled enterprises.
Feature List
Table 2-1 WX series access controller products feature list
|
Volume |
Features |
||
|
Login |
Access controller module basic configuration |
— |
|
|
Ethernet interface |
Link aggregation |
Port mirroring |
|
|
PPP (PPP, PPPoE) |
VLAN |
Loopback Interface and Null Interface |
|
|
WLAN interface |
Layer-2 forwarding |
MSTP |
|
|
ARP |
DHCP (Server, client) |
DNS |
|
|
IP addressing |
IP performance optimization |
IPv6 basics |
|
|
IPv6 application |
Adjacency table |
— |
|
|
Static routing |
IPv6 static routing |
||
|
Multicast VLAN |
IGMP snooping |
MLD snooping |
|
|
IPv6 multicast VLAN |
— |
— |
|
|
QoS |
— |
— |
|
|
802.1X |
AAA |
MAC authentication |
|
|
PKI |
Portal |
ACL |
|
|
SSH 2.0 |
SSL |
Port security |
|
|
Security protection |
Public key |
— |
|
|
Device management |
NTP |
RMON |
|
|
SNMP |
File system management |
System maintenance and debugging |
|
|
Basic system configuration |
Information center |
User interface |
|
|
MAC address table management |
HTTP |
User profile |
|
|
Hotfix |
— |
— |
|
|
OAA |
— |
— |
|
|
WLAN service |
WLAN security |
WLAN roaming |
|
|
WLAN RRM |
WLAN IDS |
WLAN QoS |
|
|
WLAN mesh link |
— |
— |
|
Feature Introduction
Login Volume
Table 2-2 Features in the Login Volume
|
Feature |
Documents |
Description |
|
Login |
Login Configuration
Login Commands |
l Logging into an access controller products l Logging in through the console port l Logging in through Telnet l Logging in through the Web-based network management system l Logging in through an NMS l Controlling login users |
|
Return to Feature List |
||
Access Volume
Table 2-3 Features in the Access Volume
|
Feature |
Documents |
Description |
|
Ethernet interface |
Ethernet Interface Configuration
Ethernet Interface Commands |
l General Ethernet interface configuration l Configuring a Layer-2 Ethernet interface |
|
Link aggregation |
Link Aggregation Configuration
Link Aggregation Commands |
l Link aggregation overview l Configuring a static aggregation group l Configuring an aggregate interface |
|
Port mirroring |
Port Mirroring Configuration
Port Mirroring Commands |
l Port mirroring overview l Configuring local port mirroring |
|
PPP |
PPP Configuration
PPP Commands |
l PPP overview and configuration l PPPoE overview and configuration |
|
VLAN |
VLAN Configuration
VLAN Commands |
l Configuring basic settings of VLANs and VLAN-interfaces l Configuring port-based VLAN l Configuring MAC-based VLAN |
|
Loopback Interface and Null Interface |
Loopback Interface and Null Interface Configuration
Loopback Interface and Null Interface Configuration Commands |
l Configuring a loopback interface l Configuring a null interface l Configuring a virtual-template interface and a virtual-access interface |
|
WLAN interface |
WLAN Interface Configuration
WLAN Interface Commands |
l Configuring a WLAN-ESS interface l Configuring a WLAN-mesh interface |
|
Layer-2 forwarding |
Layer 2 Forwarding Configuration
Layer 2 Forwarding Configuration Commands |
l Layer-2 forwarding overview and configuration |
|
MSTP |
MSTP Configuration
MSTP Commands |
l MSTP basic configurations |
|
Return to Feature List |
||
IP Services Volume
Table 2-4 Features in the IP Services Volume
|
Feature |
Documents |
Description |
|
ARP |
ARP Configuration
ARP Commands |
The Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address. l ARP overview l Configuring ARP l Configuring gratuitous ARP l Configuring ARP fast-reply l Configuring ARP attack defense |
|
DHCP |
DHCP Configuration
DHCP Commands |
The Dynamic Host Configuration Protocol (DHCP) is built on a client-server model, in which a client sends a configuration request and then the server returns a reply to send configuration parameters such as an IP address to the client. l DHCP overview l DHCP server configuration l DHCP client configuration l DHCP relay agent configuration l DHCP snooping configuration l BOOTP client configuration |
|
DNS |
DNS Configuration
DNS Commands |
The Domain Name System (DNS) is a distributed database that applies to TCP/IP application programs. It functions to resolve between hostnames and IP addresses. l DNS overview l DNS client configuration l DNS proxy configuration |
|
IP Addressing |
IP Addressing Configuration
IP Addressing Commands |
|
|
IP performance optimization |
IP Performance Optimization Configuration
IP Performance Optimization Commands |
In some network environments, you need to adjust the IP parameters to achieve best network performance. IP performance configuration involves mainly the following tasks: l Configuring TCP timers l Configuring the size of the TCP receive/send buffer l Configuring the device to/not to send ICMP error messages |
|
IPv6 basics |
IPv6 Basics Configuration
IPv6 Basics Commands |
Internet Protocol version 6 (IPv6) was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4). l IPv6 overview l Configuring basic IPv6 functions l IPv6 NDP configuration l PMTU discovery configuration l TCP6 configuration l IPv6 FIB forwarding configuration l ICMPv6 error packet sending configuration l IPv6 DNS configuration |
|
IPv6 application |
IPv6 Application Configuration
IPv6 Application Commands |
l IPv6 application overview l Ping IPv6 and Traceroute IPv6 l FTP and TFTP configuration l IPv6 Telnet |
|
Adjacency Table |
Adjacency Table Configuration
Adjacency Table Commands |
l Adjacency table overview |
|
Return to Feature List |
||
IP Routing Volume
Table 2-5 Features in the IP Routing Volume
|
Feature |
Documents |
Description |
|
IP routing overview |
IP Routing Basics Configuration
IP Routing Basics Commands |
An overview of IP routing. l IP routing and routing table l Routing protocols overview |
|
Static routing |
Static Routing Configuration
Static Routing Commands |
Static routes are manually configured by the administrator. The proper configuration and usage of static routes can improve network performance and ensure bandwidth for important network applications. Static routing configuration involves mainly the following tasks: l Configuring a static route |
|
IPv6 static routing |
IPv6 Static Routing Configuration
IPv6 Static Routing Commands |
Similar to IPv4 static routes, IPv6 static routes work well in simple IPv6 network environments. l Configuring an IPv6 static route |
|
Return to Feature List |
||
IP Multicast Volume
Table 2-6 Features in the IP Multicast Volume
|
Feature |
Documents |
Description |
|
Multicast VLAN |
Multicast VLAN Configuration
Multicast VLAN Commands |
With the multicast VLAN feature configured on Layer 2 devices, the Layer 3 device needs to replicate the multicast traffic only in the multicast VLAN instead of making a separate copy of the multicast traffic in each user VLAN. This saves the network bandwidth and lessens the burden of the Layer 3 device. l Port-based multicast VLAN |
|
IGMP snooping |
IGMP Snooping Configuration
IGMP Snooping Commands |
Internet Group Management Protocol Snooping (IGMP snooping) is a multicast constraining mechanism that runs on Layer 2 devices to manage and control multicast groups. l IGMP snooping overview l Configuring basic functions of IGMP snooping l Configuring IGMP snooping port functions l Configuring IGMP snooping querier l Configuring an IGMP snooping policy |
|
MLD snooping |
MLD Snooping Configuration
MLD Snooping Commands |
Multicast Listener Discovery Snooping (MLD snooping) is an IPv6 multicast constraining mechanism that runs on Layer 2 devices to manage and control IPv6 multicast groups. l MLD snooping overview l Configuring basic functions of MLD snooping l Configuring MLD snooping port functions l Configuring MLD snooping querier l Configuring an MLD snooping policy |
|
IPv6 Multicast VLAN |
IPv6 Multicast VLAN Configuration
IPv6 Multicast VLAN Commands |
With the IPv6 multicast VLAN feature configured on Layer 2 devices, the Layer 3 device needs to replicate the multicast traffic only in the IPv6 multicast VLAN instead of making a separate copy of the multicast traffic in each user VLAN. This saves the network bandwidth and lessens the burden of the Layer 3 device. l Port-based IPv6 multicast VLAN |
|
Return to Feature List |
||
QoS Volume
Table 2-7 Features in the QoS Volume
|
Feature |
Documents |
Description |
|
QoS |
QoS Configuration
QoS Commands |
Quality of Service (QoS) refers to the ability to provide improved service by solving the core issues such as delay, jitter, and packet loss ratio in the packet forwarding process. Peak information rate (PIR) and hardware queuing are not supported. l QoS overview l Line rate configuration l QoS policy configuration l Congestion management configuration l Priority mapping configuration |
|
Return to Feature List |
||
Security Volume
Table 2-8 Features in the Security Volume
|
Feature |
Documents |
Description |
|
802.1X |
802.1X Configuration
802.1X Commands |
As a port-based access control protocol, 802.1X authenticates and controls accessing devices at the port level. l 802.1X overview l Configuring 802.1X l Configuring a guest VLAN |
|
AAA |
AAA Configuration
AAA Commands |
Authentication, authorization and accounting (AAA) provides a uniform framework used for configuring these three security functions to implement the network security management. l AAA overview and configuration l RADIUS overview and configuration l HWTACAS overview and configuration l LDAP overview and configuration |
|
MAC authentication |
MAC Authentication Configuration
MAC Authentication Commands |
MAC authentication provides a way for authenticating users based on ports and MAC addresses. l MAC authentication overview and MAC authentication-related concepts l Configuring MAC authentication l Configuring an MAC-based guest VLAN |
|
PKI |
PKI Configuration
PKI Commands |
The Public Key Infrastructure (PKI) is a hierarchical framework designed for providing information security through public key technologies and digital certificates and verifying the identities of the digital certificate owners. l PKI overview l PKI configuration, including configuring entity DN, configuring PKI domain, submitting a PKI certificate request, retrieving a PKI certificate manually, destroying a local RSA key pair, deleting a certificate, and configuring a certificate attribute-based access control policy. |
|
Portal |
Portal Configuration
Portal Commands |
l Portal overview l Basic portal configuration l Port-free rule configuration l Authentication subnet configuration l Logging out users l Local portal server configuration |
|
ACL |
ACL Configuration
ACL Commands |
Access control list (ACL) is used for identifying traffic. ACL herein does not support flow templates l IPv4 ACL and IPv6 ACL overview l IPv4 ACL configuration l IPv6 ACL configuration |
|
SSH 2.0 |
SSH2.0 Configuration
SSH2.0 Commands |
Secure Shell (SSH) offers an approach to securely logging into a remote device. By encryption and strong authentication, it protects devices against attacks such as IP spoofing and plain text password interception. l SSH 2.0 overview l Configuring a device as an SSH server or client l SFTP overview l Configuring a device as an SFTP server or client |
|
SSL |
SSL Configuration
SSL Commands |
Secure Sockets Layer (SSL) is a security protocol providing secure connection service for TCP-based application layer protocols, for example, HTTP protocol. It is widely used in E-business and online bank fields to provide secure data transmission over the Internet. l SSL overview l Configuring a device as an SSL server or client |
|
Port security |
Port Security Configuration
Port Security Commands |
Port security is a MAC address-based security mechanism for network access controlling. It is an extension to the existing 802.1X authentication and MAC authentication. l Setting the maximum number of secure MAC addresses l Setting the port security mode l Configuring port security features l Configuring secure MAC addresses |
|
Security protection |
Security Protection Configuration
Security Protection Commands |
Denial of service (DoS) attacks use normal service requests to occupy many resources of legal users to impact the services. To protect the system against DoS attacks, you can use the security protection function. l Security protection overview l Configuring security protection l Configuring security protection and rate limits for protocols |
|
Public key |
Public Key Configuration
Public Key Commands |
Asymmetric key algorithm is also called public key algorithm. Both ends have their own key pair, consisting of a private key and a public key. The private key is kept secret while the public key may be distributed widely. The private key cannot be practically derived from the public key. The information encrypted with the public key/private key can be decrypted only with the corresponding private key/public key. l Public key algorithm overview l Configuring the local asymmetric key pair l Configuring the public key of a peer |
|
Return to Feature List |
||
System Volume
Table 2-9 Features in the System Volume
|
Feature |
Documents |
Description |
|
Device management |
Device Management Configuration
Device Management Commands |
Through the device management function, you can view the current working state of a device, configure running parameters, and perform daily device maintenance and management. BootWare validity check is not supported. Device management configuration involves mainly the following tasks: l Device management overview l Device management configuration, including rebooting a device, configuring the scheduled automatic execution function, specifying a file for the next device boot, and upgrading the Boot ROM l Registering software |
|
NTP |
NTP Configuration
NTP Commands |
The Network Time Protocol (NTP) synchronizes timekeeping among distributed time servers and clients. NTP configuration involves mainly the following tasks: l NTP overview l Configuring NTP operation mode l Configuring the local clock as a reference source l Configuring optional parameters of NTP l Configuring access control rights l Configuring NTP authentication |
|
RMON |
RMON Configuration
RMON Commands |
Remote Monitoring (RMON) is implemented based on the Simple Network Management Protocol (SNMP) and is fully compatible with the existing SNMP framework without the need of any modification on SNMP. l RMON overview l Configuring RMON |
|
SNMP |
SNMP Configuration
SNMP Commands |
The Simple Network Management Protocol (SNMP) offers a framework to monitor network devices through TCP/IP protocol suite. It provides a set of basic operations in monitoring and maintaining the Internet. SNMP configuration involves mainly the following tasks: l SNMP overview l Configuring basic functions of SNMP l Configuring the MIB style |
|
File system management |
File System Management Configuration
File System Management Commands |
The files used for device operation are stored in the storage device. A major function of the file system is to manage storage devices. File system management configuration involves mainly the following tasks: l Configuring file management l Configuring the FTP server/client l Configuring the TFTP client |
|
System maintaining and debugging |
System Maintenance and Debugging Configuration
System Maintenance and Debugging Commands |
For the majority of protocols and features supported, the system provides corresponding debugging information to help users diagnose errors. System maintaining and debugging configuration involves mainly the following tasks: l System maintaining and debugging overview l Configuring system maintaining and debugging l Configuring the ping and tracert commands |
|
Basic system configuration |
Basic System Configuration
Basic System Configuration Commands |
l Displaying device configurations l Quick configuration l Performing basic system configurations l CLI introduction |
|
Information center |
Information Center Configuration
Information Center Commands |
As the system information hub, the information center classifies and manages system information. Information center configuration involves mainly the following task: l Information center overview l Configuring the information center |
|
User interface |
User Interface Configuration
User Interface Commands |
User interface view is a feature that allows you to manage asynchronous serial interfaces that work in flow mode. By operating in user interface view, you can centralize the management of various configurations. User interface configuration involves mainly the following tasks: l User interface overview l Configuring asynchronous serial interface attributes l Configuring terminal attributes l Configuring a command to be auto-executed l Configuring a user privilege level l Configuring access restriction/supported protocols on VTY user interface(s) |
|
MAC address table management |
MAC Address Table Configuration
MAC Address Table Commands |
A device maintains a MAC address table for frame forwarding. Each entry in this table indicates the MAC address of a connected device, to which interface this device is connected and to which VLAN the interface belongs. l MAC address table overview l Configuring MAC address table management |
|
HTTP |
HTTP Configuration
HTTP Commands |
The Hypertext Transfer Protocol (HTTP) is used for transferring web page information across the Internet. It is an application-level protocol in the TCP/IP protocol suite. The connection-oriented Transport Control Protocol (TCP) is adopted on the transport layer. l HTTP configuration l HTTPS configuration |
|
User profile |
User Profile Configuration
User Profile Commands |
User profile provides a configuration template to save predefined configurations. l User profile overview l Creating a user profile l Configuring a user profile l Enabling a user profile |
|
Telnet |
Telnet Configuration Commands |
Basic commands for telnetting to a device |
|
Hotfix |
Hotfix Configuration
Hotfix Commands |
Hotfix is a fast and cost-effective method to repair software defect of a device. Compared with another method, software version upgrade, hotfix can upgrade the software without interrupting the running services of the device, that is, it can repair the software defect of the current version without rebooting the device. l Hotfix overview l One-step patch installation l Step-by-step patch installation l Step-by-step patch uninstallation l One-step patch uninstallation |
|
Return to Feature List |
||
OAA Volume
Table 2-10 Features in the OAA Volume
|
Feature |
Documents |
Description |
|
OAA |
OAA Configuration
OAA Commands |
Open Application Architecture (OAA) is an open hardware and software system. Open Application Platform (OAP) is developed based on OAA. It can be an independent network device; a board used as an extended part of a device; or an independent module of a device. l OAP module overview l Logging in to the operating system of an OAP module l Configuring the management IP address of an OAP module l Resetting the system of an OAP module l ACSEI overview l ACSEI server/client configuration |
|
Return to Feature List |
||
WLAN Volume
Table 2-11 Features in the WLAN Volume
|
Feature |
Documents |
Description |
|
WLAN service |
WLAN Service Configuration
WLAN Service Commands |
l WLAN service overview l Configuring WLAN service l Configuring an AP group l Configuring SSID-based access control l Configuring AC hot backup l Configuring wireless user isolation |
|
WLAN security |
WLAN Security Configuration
|
l WLAN security overview l WLAN security configuration |
|
WLAN roaming |
WLAN Roaming Configuration
WLAN Roaming Commands |
l WLAN roaming overview |
|
WLAN RRM |
WLAN RRM Configuration
WLAN RRM Commands |
l WLAN RRM overview l Configuring data transmit rates l Configuring dynamic frequency selection l Configuring transmit power control l Configuring scan parameters l Configuring power constraint l Enabling spectrum management l Configuring the auto-channel set l Configuring WLAN load balancing l Enabling dot11g protection |
|
WLAN IDS |
WLAN IDS Configuration
WLAN IDS Commands |
l Configuring WLAN IDS l Configuring WLAN IDS frame filtering |
|
WLAN QoS |
WLAN QoS Configuration
WLAN QoS Commands |
l WLAN QoS overview l WMM configuration |
|
WLAN mesh link |
WLAN Mesh Link Configuration
WLAN Mesh Link Commands |
l WDS overview l WLAN mesh configuration introduction |
|
Return to Feature List |
||
The H3C WX series access controller products provide the software registration function to protect the legitimate interest of authorized users. To add a valid license, you need to input the license key and activation key. The license function is used for controlling the number of APs accessing an access controller product. The maximum number of APs allowed to access an access controller product depends on your device model.
To register software, use the license append command to add a valid license. If you input an incorrect license key or activation key, you will fail to add a license. If the maximum number of APs allowed to access the access controller product is reached, you are not allowed to add a new license. To check the software registration information, you can use the display license command.
Follow these steps to register software and display software registration information:
|
To do… |
Use the command… |
|
|
Add a license |
license append license-key activation-key |
Required Available in system view |
|
Display the device serial number and checksum |
display device serial-number |
Available in any view |
|
Display the software registration information |
display license |
Available in any view |
