02 WLAN

HomeSupportReference GuidesCommand ReferencesH3C Access Controllers Command References(R5228P01)-6W10202 WLAN
Table of Contents
Related Documents
01-Text
Title Size Download
01-Text 1.90 MB

Contents

AP management commands· 1

ac· 1

ac discovery policy ipv6· 2

ap· 2

control-address· 3

control-address enable· 4

delete file· 5

description (AP group view) 6

description (AP view) 6

display wlan ap· 7

display wlan ap address· 18

display wlan ap all feature capwap· 19

display wlan ap connection· 20

display wlan ap files· 20

display wlan ap online-time· 21

display wlan ap running-configuration· 22

display wlan ap reboot-log· 23

display wlan ap statistics association-failure-record· 24

display wlan ap statistics online-record· 25

display wlan ap statistics tunnel-down-record· 26

display wlan ap-distribution· 27

display wlan ap-distribution ap-name· 28

display wlan ap-group· 29

display wlan ap-model 30

display wlan tunnel latency ap name· 32

dns domain· 33

dns server 34

download file· 35

echo-count 35

echo-interval 36

firmware-upgrade· 37

fragment-size· 38

gateway· 39

hybrid-remote-ap· 39

if-match ip· 40

if-match ipv6· 41

ip address· 42

ipv6 address· 43

keepalive-interval 43

led-mode· 44

mac-address (AP group view) 45

mac-address (AP view) 45

power-level default 46

priority· 47

provision· 48

provision auto-recovery· 49

provision auto-update· 50

reset wlan ap· 51

reset wlan ap provision· 51

reset wlan ap reboot-log· 52

reset wlan tunnel latency ap· 52

retransmit-count 53

retransmit-interval 54

save wlan ap provision· 55

serial-id (AP group view) 56

serial-id (AP view) 56

snmp-agent trap enable wlan ap· 57

snmp-agent trap enable wlan capwap· 57

statistics-interval 58

tunnel latency-detect 59

usb· 60

wlan ap· 60

wlan apdb· 61

wlan apdb file· 62

wlan ap-group· 63

wlan auto-ap enable· 64

wlan auto-ap persistent 64

wlan auto-persistent enable· 65

wlan capwap discovery-policy unicast 65

wlan detect-anomaly enable· 66

wlan global-configuration· 66

wlan image-load filepath· 67

wlan re-group· 68

wlan rename-ap· 68

wlan tcp mss· 69

Radio management commands· 70

a-mpdu· 70

a-msdu· 70

ani 71

antenna type· 72

ap-model 73

auto-channel european-gap enable· 74

beacon-interval 74

channel 75

channel auto-select 76

channel band-width· 77

channel-usage measure· 78

client dot11ac-only· 79

client dot11b-forbidden· 80

client dot11n-only· 81

client max-count 82

continuous-mode· 82

custom-antenna gain· 83

display wlan ap continuous-mode· 84

display wlan ap radio· 85

display wlan ap radio channel 86

display wlan ap radio type· 87

display wlan ap radio-statistics· 88

distance· 95

dot11ac mandatory maximum-nss· 96

dot11ac multicast-nss· 97

dot11ac support maximum-nss· 98

dot11g protection· 99

dot11n mandatory maximum-mcs· 100

dot11n multicast-mcs· 101

dot11n protection· 102

dot11n support maximum-mcs· 103

dtim·· 104

fragment-threshold· 105

green-energy-management 106

ldpc· 107

long-retry threshold· 108

max-power 109

mimo· 110

mu-txbf 111

power-lock· 112

preamble· 113

protection-mode· 113

protection-threshold· 115

radio· 115

radio· 116

rate· 117

reset wlan ap radio-statistics· 118

short-gi 119

short-retry threshold· 119

smart-antenna· 120

smart-antenna policy· 121

stbc· 122

su-txbf 123

type· 124

wlan radio· 125

WLAN access commands· 127

beacon ssid-hide· 127

broadcast-probe reply· 127

classifier acl 128

client association-location· 129

client cache aging-time· 129

client forwarding-location· 130

client forwarding-policy-name· 131

client forwarding-policy enable· 131

client frame-format 132

client idle-timeout 133

client keep-alive· 133

client keep-alive interval 134

client max-count 135

client preferred-vlan authorized· 136

client vlan-alloc· 136

customlog format wlan· 137

description· 138

display uplink client-rate-limit 138

display wlan blacklist 139

display wlan client 140

display wlan client status· 146

display wlan forwarding-policy· 148

display wlan region-code· 149

display wlan service-template· 149

display wlan statistics· 154

display wlan whitelist 156

inherit exclude service-template· 157

map-configuration· 157

nas-id· 158

nas-port-id· 159

nas-vlan· 160

quick-association enable· 161

region-code· 161

region-code-lock· 164

reset wlan client 165

reset wlan dynamic-blacklist 165

reset wlan statistics client 166

service-template· 166

service-template enable· 168

snmp-agent trap enable wlan client 168

snmp-agent trap enable wlan client-audit 169

ssid· 169

unknown-client 170

uplink client-rate-limit 170

vlan· 171

wlan client forwarding enable· 172

wlan client forwarding-policy-name· 173

wlan client reauthentication-period· 173

wlan dynamic-blacklist active-on-ap· 174

wlan dynamic-blacklist lifetime· 175

wlan forwarding-policy· 175

wlan link-test 176

wlan nas-port-id format 177

wlan permit-ap-group· 178

wlan permit-ssid· 179

wlan service-template· 179

wlan static-blacklist mac-address· 180

wlan web-server api-path· 181

wlan web-server host 181

wlan web-server max-client-entry· 182

wlan whitelist mac-address· 183

WLAN security commands· 184

akm mode· 184

cipher-suite· 185

gtk-rekey client-offline enable· 185

gtk-rekey enable· 186

gtk-rekey method· 186

key-derivation· 188

pmf 188

pmf association-comeback· 189

pmf saquery retrycount 190

pmf saquery retrytimeout 190

preshared-key· 191

ptk-lifetime· 192

ptk-rekey enable· 192

security-ie· 193

snmp-agent trap enable wlan usersec· 194

tkip-cm-time· 194

wep key· 195

wep key-id· 196

wep mode dynamic· 197

WLAN authentication commands· 198

client-security accounting-delay time· 198

client-security accounting-start trigger 199

client-security accounting-update trigger 200

client-security authentication fail-vlan· 201

client-security authentication-location· 201

client-security authentication-mode· 202

client-security authorization-fail offline· 203

client-security ignore-authentication· 203

client-security ignore-authorization· 204

client-security intrusion-protection action· 205

client-security intrusion-protection enable· 206

client-security intrusion-protection timer temporary-block· 207

client-security intrusion-protection timer temporary-service-stop· 207

display wlan client-security block-mac· 208

dot1x domain· 209

dot1x eap· 210

dot1x handshake enable· 211

dot1x handshake secure enable· 211

dot1x max-user 212

dot1x re-authenticate enable· 213

mac-authentication domain· 214

mac-authentication max-user 214

port-security oui 215

WIPS commands· 217

ap-channel-change· 217

ap-classification rule· 217

ap-flood· 218

ap-impersonation· 218

apply ap-classification rule· 219

apply classification policy· 220

apply countermeasure policy· 220

apply detect policy· 221

apply signature policy· 221

apply signature rule· 222

ap-rate-limit 223

ap-spoofing· 223

ap-timer 224

association-table-overflow· 224

authentication· 225

block mac-address· 226

classification policy· 226

client-association fast-learn enable· 227

client-online· 228

client-rate-limit 228

client-spoofing· 229

client-timer 229

countermeasure adhoc· 230

countermeasure attack all 231

countermeasure attack deauth-broadcast 231

countermeasure attack disassoc-broadcast 232

countermeasure attack honeypot-ap· 232

countermeasure attack hotspot-attack· 233

countermeasure attack ht-40-mhz-intolerance· 233

countermeasure attack malformed-packet 234

countermeasure attack man-in-the-middle· 234

countermeasure attack omerta· 235

countermeasure attack power-save· 235

countermeasure attack soft-ap· 236

countermeasure attack unencrypted-trust-client 236

countermeasure attack weak-iv· 237

countermeasure attack windows-bridge· 237

countermeasure external-ap· 238

countermeasure mac-address· 238

countermeasure misassociation-client 239

countermeasure misconfigured-ap· 239

countermeasure policy· 240

countermeasure potential-authorized-ap· 240

countermeasure potential-external-ap· 241

countermeasure potential-rogue-ap· 241

countermeasure rogue-ap· 242

countermeasure unauthorized-client 242

countermeasure uncategorized-ap· 243

countermeasure uncategorized-client 243

deauthentication-broadcast 244

detect dissociate-client enable· 244

detect policy· 245

detect signature· 246

disassociation-broadcast 246

discovered-ap· 247

display wips sensor 248

display wips statistics· 248

display wips virtual-security-domain countermeasure record· 252

display wips virtual-security-domain device· 254

display wlan nat-detect 258

flood association-request 259

flood authentication· 260

flood beacon· 261

flood block-ack· 261

flood cts· 262

flood deauthentication· 263

flood disassociation· 263

flood eap-failure· 264

flood eapol-logoff 265

flood eapol-start 266

flood eap-success· 266

flood null-data· 267

flood probe-request 268

flood reassociation-request 269

flood rts· 269

frame-type· 270

honeypot-ap· 271

hotspot-attack· 272

ht-40mhz-intolerance· 272

ht-greenfield· 273

ignorelist 273

import hotspot 274

import oui 275

invalid-oui-classify illegal 275

mac-address· 276

malformed duplicated-ie· 276

malformed fata-jack· 277

malformed illegal-ibss-ess· 278

malformed invalid-address-combination· 278

malformed invalid-assoc-req· 279

malformed invalid-auth· 280

malformed invalid-deauth-code· 281

malformed invalid-disassoc-code· 281

malformed invalid-ht-ie· 282

malformed invalid-ie-length· 283

malformed invalid-pkt-length· 283

malformed large-duration· 284

malformed null-probe-resp· 285

malformed overflow-eapol-key· 286

malformed overflow-ssid· 286

malformed redundant-ie· 287

man-in-the-middle· 288

manual-classify mac-address· 288

omerta· 289

oui 290

pattern· 290

permit-channel 291

power-save· 292

prohibited-channel 292

report-interval 293

reset wips statistics· 294

reset wips virtual-security-domain· 294

reset wips virtual-security-domain countermeasure record· 295

reset wlan nat-detect 295

rssi 296

rssi-change-threshold· 296

rssi-threshold· 297

security· 297

select sensor all 298

seq-number 298

signature policy· 299

signature rule· 300

soft-ap· 300

ssid (AP classification rule view) 301

ssid (signature view) 301

ssid-length· 302

trust mac-address· 302

trust oui 303

trust ssid· 304

unencrypted-authorized-ap· 304

unencrypted-trust-client 305

up-duration· 305

virtual-security-domain· 306

weak-iv· 306

windows-bridge· 307

wips· 308

wips enable· 308

wips virtual-security-domain· 309

wireless-bridge· 309

wlan nat-detect 310

WLAN QoS commands· 312

bandwidth-guarantee· 312

bandwidth-guarantee service-template· 313

cac policy· 314

client-rate-limit (radio view/AP group radio view) 315

client-rate-limit (service template view) 316

client-rate-limit { disable | enable } 317

client-rate-limit enable· 318

display wlan wmm·· 318

edca client (ac-be and ac-bk) 321

edca client (ac-vi and ac-vo) 323

edca radio· 324

qos priority· 325

qos trust 326

reset wlan wmm·· 327

svp map-ac· 327

wlan client-rate-limit 328

wlan max-bandwidth· 329

wmm·· 330

WLAN roaming commands· 332

authentication-mode· 332

display wlan mobility· 332

display wlan mobility group· 333

display wlan mobility roam-track mac-address· 334

group enable· 335

member 336

snmp-agent trap enable wlan mobility· 337

source· 337

tunnel-type· 338

wlan mobility group· 339

wlan mobility-group-isolation enable· 339

WLAN load balancing commands· 341

ap radio· 341

description· 341

display wlan load-balance group· 342

display wlan load-balance status service-template· 343

snmp-agent trap enable wlan load-balance· 344

wlan load-balance access-denial 345

wlan load-balance enable· 345

wlan load-balance group· 346

wlan load-balance mode bandwidth· 346

wlan load-balance mode session· 347

wlan load-balance mode traffic· 348

wlan load-balance rssi-threshold· 349

WLAN radio resource measurement commands· 350

display wlan measure-report 350

measure· 352

measure-duration· 354

measure-interval 355

resource-measure· 355

rm-capability mode· 356

Channel scanning commands· 358

scan channel blacklist 358

scan channel whitelist 359

scan idle-time· 359

scan max-service-time· 360

scan mode all 361

scan scan-time· 362

Band navigation commands· 364

band-navigation· 364

wlan band-navigation aging-time· 364

wlan band-navigation balance access-denial 365

wlan band-navigation balance session· 366

wlan band-navigation enable· 366

wlan band-navigation rssi-threshold· 367

WLAN high availability commands· 368

Dual-link backup commands· 368

backup-ac· 368

wlan tunnel-preempt 368

AP load balancing commands· 369

display wlan ap backup multislot 370

wlan ap-backup active count 370

wlan ap-backup load-balance· 371

WLAN uplink detection commands· 372

wlan uplink track· 372

WLAN 802.11r commands· 373

ft enable· 373

ft method· 373

ft reassociation-timeout 374

Wireless location commands· 376

display wlan rfid-tracking radio· 376

rfid-tracking client rate-limit 376

rfid-tracking client rate-limit cir 377

rfid-tracking dilution· 378

rfid-tracking dilution factor 379

rfid-tracking fingerprint 380

rfid-tracking fingerprint engine-address· 381

rfid-tracking fingerprint mu-report 382

rfid-tracking fingerprint raw-frame-report 383

rfid-tracking fingerprint report-format 384

rfid-tracking fingerprint report-mode· 385

rfid-tracking fingerprint tag-multicast-address· 386

rfid-tracking fingerprint vendor-port 387

rfid-tracking ignore ap-frame enable· 388

rfid-tracking ignore beacon· 389

rfid-tracking keepalive· 390

rfid-tracking mode· 391

rfid-tracking radio· 392

rfid-tracking rate-limit 392

rfid-tracking rate-limit cir 393

rfid-tracking rssi 394

rfid-tracking rssi threshold· 395

snmp-agent trap enable wlan location-aware· 396

Hotspot 2.0 commands· 398

3gpp-info· 398

authentication-type· 398

comeback-delay· 399

description· 400

dgaf enable· 400

display wlan hotspot uploaded-osu-icon· 401

domain-name· 401

gas-limit 402

hessid· 403

hotspot-policy· 403

icon-file· 404

ip-protocol 405

ip-type· 406

method· 407

nai 408

nai-realm·· 408

network-type· 410

operator-name· 411

osu-provider 412

osu-ssid· 413

policy-name· 413

roam-oi 414

uri 414

venue group· 415

venue name· 418

wan-metrics· 419

wlan hotspot-policy· 419

wlan hotspot osu-icon unload· 420

wlan hotspot osu-icon upload· 420

wlan osu-provider 421

WLAN RRM commands· 422

adjacency-factor 422

ap name· 423

calibrate-channel mode· 423

calibrate-channel monitoring time-range· 424

calibrate-channel pronto· 425

calibrate-channel self-decisive· 426

calibrate-power min· 427

calibrate-power mode· 428

calibrate-power self-decisive· 429

calibrate-power threshold· 429

channel holddown-time· 430

channel-capability mode· 431

channel-switch mode· 432

crc-error-threshold· 433

description· 434

display wlan rrm baseline· 434

display wlan rrm baseline apply-result 436

display wlan rrm-calibration-group· 437

display wlan rrm-history ap· 438

display wlan rrm-status ap· 439

interference-threshold· 442

power holddown-time· 443

power-capability mode· 443

power-constraint mode· 445

rrm·· 446

scan-only· 446

snmp-agent trap enable wlan rrm·· 447

spectrum-management 447

tolerance-level 448

wlan calibrate-channel pronto ap all 449

wlan calibrate-power pronto ap all 449

wlan rrm baseline apply· 450

wlan rrm baseline remove· 450

wlan rrm baseline save· 451

wlan rrm calibration-channel interval 452

wlan rrm-calibration-group· 452

wlan rrm calibration-power interval 453

IoT AP commands· 454

display wlan module firmware-upgrade history· 454

display wlan module-information· 455

module· 456

module enable· 457

module firmware-upgrade· 458

rfid-tracking ble advertisement 458

rfid-tracking ble advertisement enable· 460

rfid-tracking ble advertisement interval 461

serial-number 462

tx-power 462

type· 463

wlan execute module firmware-upgrade· 464

wlan execute module reset 465

wlan execute module restore-factory· 465

CM tunnel commands· 467

cmtunnel server domain· 467

display cmtunnel state· 467

Cloud connection commands· 469

cloud-management keepalive· 469

cloud-management server domain· 469

cloud-management server port 470

display cloud-management state· 470

WLAN IP snooping commands· 474

client ip-snooping http-learning enable· 474

client ipv4-snooping arp-learning enable· 474

client ipv6-snooping nd-learning enable· 475

client ipv6-snooping snmp-nd-report enable· 475

WLAN fast forwarding· 477

display wlan fast-forwarding status· 477

wlan fast-forwarding enable· 477

WLAN probe commands· 479

client-proximity-sensor 479

client-proximity-sensor ap-timer 479

client-proximity-sensor ap-udp-server 480

client-proximity-sensor client-timer 481

client-proximity-sensor coordinates· 481

client-proximity-sensor filter-list 482

client-proximity-sensor random-mac-report enable· 482

client-proximity-sensor report-ac enable· 483

client-proximity-sensor report-ac-interval 484

client-proximity-sensor report-ap enable· 484

client-proximity-sensor rssi-change-threshold· 485

client-proximity-sensor rssi-threshold· 485

client-proximity-sensor rt-report enable· 486

client-proximity-sensor server 486

client-proximity-sensor udp-server 487

display client-proximity-sensor device· 488

display client-proximity-sensor sensor 491

display client-proximity-sensor statistics receive· 491

reset client-proximity-sensor device· 492

reset client-proximity-sensor statistics· 493

WLAN process maintenance commands· 494

display maintain cpu-usage history· 494

display maintain memory-usage history· 495

maintain enable· 496

maintain process inactive-time· 496

maintain process memory-threshold· 497

WLAN forwarding commands· 498

display wlan forward statistics· 498

reset wlan forward statistics· 499

Index· 500


AP management commands

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

ac

Use ac to specify an AC for an AP.

Use undo ac to delete the specified AC information.

Syntax

ac { host-name hostname | ip ipv4-address | ipv6 ipv6-address }

undo ac { host-name | ip [ ipv4-address ] | ipv6 [ ipv6-address ] }

Default

In AP provision view, an AP uses the configuration in AP group provision view.

In AP group provision view, no AC is specified for an AP.

Views

AP provision view

AP group provision view

Predefined user roles

network-admin

Parameters

host-name host-name: Specifies an AC by its host name, a case-insensitive string of 1 to 253 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.).

ip ipv4-address: Specifies an AC by its IPv4 address.

ipv6 ipv6-address: Specifies an AC by its IPv6 address.

Usage guidelines

You can configure a maximum of three AC IPv4 addresses, three AC IPv6 addresses, and only one host name. If you configure multiple host names, the most recent configuration takes effect.

The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.

The configuration in AP provision view takes precedence over the configuration in AP group provision view.

When you execute the undo ac { ip [ ip-address ] | ipv6 [ ipv6-address ] } command, if you do not specify the ip-address or the ipv6-address argument, the command deletes all AC IPv4 or IPv6 addresses.

Examples

# Specify the AC whose IP address is 192.168.100.11 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ac ip 192.168.100.11

# Specify the AC whose IP address is 192.168.100.11 for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group1-prvs] ac ip 192.168.100.11

ac discovery policy ipv6

Use ac discovery policy ipv6 to enable an AP to prefer discovering ACs by IPv6 address.

Use undo ac discovery policy ipv6 to restore the default.

Syntax

ac discovery policy ipv6

undo ac discovery policy ipv6

Default

In AP provision view, an AP uses the configuration in AP group provision view.

In AP group provision view, an AP prefers to discover ACs by IPv4 address.

Views

AP provision view

AP group provision view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AP to discover ACs by using static IP addresses, IPv6 multicast, DHCPv6 option, IPv6 DNS, DHCPv4 options, broadcast/IPv4 multicast, and IPv4 DNS successively. If the AP connects to an AC successfully with a discovered IP address, it stops AC discovery.

Examples

# Enable AP ap1 to prefer discovering ACs by IPv6 address.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ac discovery policy ipv6

# Enable APs in AP group group1 to prefer discovering ACs by IPv6 address.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group1-prvs] ac discovery policy ipv6

ap

Use ap to create an AP grouping rule by AP names.

Use undo ap to delete an AP grouping rule by AP names.

Syntax

ap ap-name-list

undo ap ap-name-list

Default

No AP grouping rules by AP names are configured.

Views

AP group view

Predefined user roles

network-admin

Parameters

ap-name-list: Specifies a maximum of 10 space-separated AP names. An AP name is a case-insensitive string of 1 to 64 characters that can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Usage guidelines

This command does not identify whether the specified AP exists.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

If an AP grouping rule already exists in an AP group, this command deletes the rule from the AP group.

You cannot execute this command in the view of the default AP group.

Examples

# Create an AP grouping rule by AP names to add APs ap1, ap2, and ap3 to AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap ap1 ap2 ap3

Related commands

wlan ap-group

control-address

Use control-address to specify the IP address to be carried in the CAPWAP Control IP Address message element.

Use undo control-address to restore the default.

Syntax

control-address { ip ipv4-address | ipv6 ipv6-address }

undo control-address { ip | ipv6 }

Default

In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, the IP address inserted in the CAPWAP Control IP Address element is the AC's IP address.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies an IPv4 address in the CAPWAP Control IPv4 Address message element.

ipv6 ipv6-address: Specifies an IPv6 address in the CAPWAP Control IPv6 Address message element.

Usage guidelines

This command takes effect only when the AC rediscovery feature is enabled.

You can specify a maximum of three IPv4 or IPv6 addresses in the CAPWAP Control IP Address message element.

The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.

Examples

# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] control-address ip 192.168.1.1

# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in AP group view.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-ap-group-10] control-address ip 192.168.1.1

# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in global configuration view.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] control-address ip 192.168.1.1

Related commands

control-address enable

control-address enable

Use control-address enable to enable the AC rediscovery feature.

Use control-address disable to disable the AC rediscovery feature.

Use undo control-address to restore the default.

Syntax

control-address { disable | enable }

undo control-address

Default

In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, the AC rediscovery feature is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

An AC enabled with AC rediscovery adds the CAPWAP Control IP Address message element to the discovery responses sent to APs. Upon receiving such a discovery response, an AP establishes a CAPWAP tunnel with the IP address representing the optimal AC in the CAPWAP Control IP Address message element.

An AC disabled with AC rediscovery does not add the CAPWAP Control IP Address message element in discovery responses sent to APs. APs that receive the discovery responses will send join requests to the source IP address of the discovery responses to establish CAPWAP tunnels with the AC.

The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.

Examples

# Enable the AC rediscovery feature in AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] control-address enable

# Enable the AC rediscovery feature in AP group view.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-ap-group-10] control-address enable

# Enable the AC rediscovery feature in global configuration view.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration]control-address enable

Related commands

control-address

delete file

Use delete file to delete a file from an AP.

Syntax

delete file filename

Views

AP view

Predefined user roles

network-admin

Parameters

filename: Specifies a file by its file name, a string of 1 to 255 characters.

Usage guidelines

This command takes effect only after an AP establishes a CAPWAP tunnel with the master AC.

Examples

# Delete file startup.cfg from AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] delete file startup.cfg

Related commands

·          display wlan ap files

·          download file

description (AP group view)

Use description to set a description for an AP group.

Use undo description to remove the description for an AP group.

Syntax

description text

undo description

Default

No description is set for an AP group.

Views

AP group view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 64 characters.

Examples

# Set a description for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] description L3-office

Related commands

·          display wlan ap-group

·          wlan ap-group

description (AP view)

Use description to set a description for an AP.

Use undo description to remove the description for an AP.

Syntax

description text

undo description

Default

No description is set for an AP.

Views

AP view

Predefined user roles

network-admin

Parameters

text: Specifies a description for an AP, a case-sensitive string of 1 to 64 characters.

Examples

# Set a description for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-ap-ap1] description L3-office

Related commands

display wlan ap

display wlan ap

Use display wlan ap to display AP information.

Syntax

display wlan ap { all | name ap-name } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

verbose: Displays detailed information.

Examples

# Display information about all APs.

<Sysname> display wlan ap all

Total number of APs: 1

Total number of connected APs: 1

Total number of connected manual APs: 1

Total number of connected auto APs: 0

Total number of connected common APs: 1

Total number of connected WTUs: 0

Total number of inside APs: 0

Maximum supported APs: 1024

Remaining APs: 1023

Total AP licenses: 128

Remaining AP licenses: 127

Sync AP licenses: 0

 

                                 AP information

 State : I = Idle,       J  = Join,       JA = JoinAck,    IL = ImageLoad

         C = Config,     DC = DataCheck,  R  = Run   M = Master,  B = Backup

 

AP name                        APID  State Model           Serial ID

ap1                            1     I     WA536-WW        219801A1NQB117012935

Table 1 Command output

Field

Description

Total number of connected WTUs

This field is not supported in the current software version.

Total number of inside APs

This field is not supported in the current software version.

Maximum supported APs

Maximum of number of APs supported by the AC.

Total AP licenses

Total number of AP licenses.

Remaining AP licenses

Number of remaining AP licenses.

Sync AP licenses

Number of synchronized AP licenses.

APID

ID of the AP to uniquely identify the AP on the AC.

State

Current state of the AP:

·         I—Idle.

·         J—Join.

·         JA—Join acknowledge.

·         IL—The AP is downloading the version.

·         CThe AP is downloading initial configurations.

·         DCThe AP is checking data.

·         R—The AP is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully.

·         R/MThe master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully.

·         R/BThe backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully.

·         MThe AP is connected to the master AC.

·         BThe AP is connected to the backup AC.

Serial ID

Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured.

 

# Display detailed information about AP ap1.

<Sysname> display wlan ap name ap1 verbose

AP name                       : ap1

AP ID                         : 1

AP group name                 : default-group

State                         : Run

Backup type                   : Master

Online time                   : 0 days 1 hours 25 minutes 12 seconds

System up time                : 0 days 2 hours 22 minutes 12 seconds

Model                         : WA536-WW

Region code                   : CN

Region code lock              : Disable

Serial ID                     : 219801A1NQB117012935

MAC address                   : 0AFB-423B-893C

IP address                    : 192.168.1.50

UDP control port number       : 18313

UDP data port number          : N/A

H/W version                   : Ver.C

S/W version                   : R2205P01

Boot version                  : 1.01

USB state                     : N/A

Power Level                   : N/A

PowerInfo                     : N/A

Description                   : wtp1

Priority                      : 4

Echo interval                 : 10 seconds

Echo count                    : 3 counts

Keepalive interval            : 10 seconds

Statistics report interval    : 50 seconds

Fragment size (data)          : 1500

Fragment size (control)       : 1450

MAC type                      : Local MAC & Split MAC

Tunnel mode                   : Local Bridging & 802.3 Frame & Native Frame

Discovery type                : Static Configuration

Retransmission count          : 3

Retransmission interval       : 5 seconds

Firmware upgrade              : Enabled

Sent control packets          : 1

Received control packets      : 1

Echo requests                 : 147

Lost echo responses           : 0

Average echo delay            : 3

Last reboot reason            : User soft reboot

Latest IP address             : 10.1.0.2

Tunnel down reason            : Request wait timer expired

Connection count              : 1

Backup Ipv4                   : Not configured

Backup Ipv6                   : Not configured

Tunnel encryption             : Disabled

LED mode                      : Normal

Remote configuration          : Enabled

Radio 1:

    Basic BSSID               : 7848-59f6-3940

    Admin state               : Up

    Radio type                : 802.11ac

    Antenna type              : internal

    Client dot11ac-only       : Disabled

    Client dot11n-only        : Disabled

    Channel band-width        : 20/40/80MHz

    Active band-width         : 20/40/80MHz

    Secondary channel offset  : SCB

    Short GI for 20MHz        : Supported

    Short GI for 40MHz        : Supported

    Short GI for 80MHz        : Supported

    Short GI for 160MHz       : Not supported

    A-MSDU                    : Enabled

    A-MPDU                    : Enabled

    LDPC                      : Not Supported

    STBC                      : Supported

    Operational VHT-MCS Set:

        Mandatory             : Not configured

        Supported             : NSS1 0,1,2,3,4,5,6,7,8,9

                                NSS2 0,1,2,3,4,5,6,7,8,9

        Multicast             : Not configured

    Operational HT MCS Set:

        Mandatory             : Not configured

        Supported             : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

                                10, 11, 12, 13, 14, 15

        Multicast             : Not configured

    Channel                   : 44(auto)

    Channel usage(%)          : 15

    Max power                 : 20 dBm

    Operational rate:

        Mandatory             : 6, 12, 24 Mbps

        Multicast             : Auto

        Supported             : 9, 18, 36, 48, 54 Mbps

        Disabled              : Not configured

    Distance                  : 1 km

    ANI                       : Enabled

    Fragmentation threshold   : 2346 bytes

    Beacon interval           : 100 TU

    Protection threshold      : 2346 bytes

    Long retry threshold      : 4

    Short retry threshold     : 7

    Maximum rx duration       : 2000 ms

    Noise Floor               : -102 dBm

    Protection mode           : cts-to-self

    MU-TxBF                   : Enabled

    SU-TxBF                   : Enabled

    Continuous mode           : N/A

    HT protection mode        : No protection

Radio 2:

    Basic BSSID               : 7848-59f6-3950

    Admin state               : Down

    Radio type                : 802.11ac

    Antenna type              : internal

    Client dot11ac-only       : Disabled

    Client dot11n-only        : Disabled

    Channel band-width        : 20/40/80MHz

    Active band-width         : 20/40/80MHz

    Secondary channel offset  : SCN

    Short GI for 20MHz        : Supported

    Short GI for 40MHz        : Supported

    Short GI for 80MHz        : Supported

    Short GI for 160MHz       : Not supported

    A-MSDU                    : Enabled

    A-MPDU                    : Enabled

    LDPC                      : Not Supported

    STBC                      : Supported

    Operational HT MCS Set:

        Mandatory             : Not configured

        Supported             : NSS1 0,1,2,3,4,5,6,7,8,9                       

                                NSS2 0,1,2,3,4,5,6,7,8,9                       

        Multicast             : Not configured                                  

    Operational HT MCS Set:                                                    

        Mandatory             : Not configured                                 

        Supported             : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,                  

                                10, 11, 12, 13, 14, 15                         

        Multicast             : Not configured                                 

    Channel                   : 149(auto)                                       

    Channel usage(%)          : 0                                              

    Max power                 : 20 dBm                                         

    Operational rate:                                                          

        Mandatory             : 6, 12, 24 Mbps                                 

        Multicast             : Auto                                           

        Supported             : 9, 18, 36, 48, 54 Mbps                         

        Disabled              : Not configured                                 

    Distance                  : 1 km                                           

    ANI                       : Enabled                                        

    Fragmentation threshold   : 2346 bytes                                     

    Beacon interval           : 100 TU                                         

    Protection threshold      : 2346 bytes                                     

    Long retry threshold      : 4                                               

    Short retry threshold     : 7                                              

    Maximum rx duration       : 2000 ms                                        

    Noise floor               : 0 dBm                                           

    Protection mode           : cts-to-self                                    

    MU-TxBF                   : Enabled                                        

    SU-TxBF                   : Enabled                                        

    Continuous mode           : N/A                                            

    HT protection mode        : No protection                                  

Radio 3:                                                                        

    Basic BSSID               : N/A                                            

    Admin state               : Down                                           

    Radio type                : 802.11n(2.4GHz)                                

    Antenna type              : internal                                       

    Client dot11n-only        : Disabled                                       

    Channel band-width        : 20MHz                                           

    Active band-width         : 20MHz                                          

    Secondary channel offset  : SCN                                            

    Short GI for 20MHz        : Supported                                       

    Short GI for 40MHz        : Supported                                      

    A-MSDU                    : Enabled                                        

    A-MPDU                    : Enabled                                         

    LDPC                      : Not Supported                                  

    STBC                      : Supported                                      

    Operational HT MCS Set:                                                     

        Mandatory             : Not configured                                 

        Supported             : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,                  

                                10, 11, 12, 13, 14, 15                         

        Multicast             : Not configured                                 

    Channel                   : 6(auto)                                        

    Channel usage(%)          : 0                                              

    Max power                 : 20 dBm                                         

    Preamble type             : Short                                          

    Operational rate:                                                          

        Mandatory             : 1, 2, 5.5, 11 Mbps                             

        Multicast             : Auto                                           

        Supported             : 6, 9, 12, 18, 24, 36, 48, 54 Mbps              

        Disabled              : Not configured                                 

    Distance                  : 1 km                                           

    ANI                       : Enabled                                        

    Fragmentation threshold   : 2346 bytes                                     

    Beacon interval           : 100 TU                                         

    Protection threshold      : 2346 bytes                                     

    Long retry threshold      : 4                                               

    Short retry threshold     : 7                                              

    Maximum rx duration       : 2000 ms                                        

    Noise floor               : 0 dBm                                           

    Protection mode           : cts-to-self                                    

    Continuous mode           : N/A                                            

    HT protection mode        : No protection

Table 2 Command output

Field

Description

State

Current state of the AP:

·         Idle—Idle.

·         Join—Join.

·         JoinAck—Join acknowledge.

·         Image—The AP is downloading the version.

·         Config—The AP is downloading initial configurations.

·         Data Check—The AP is checking data.

·         Run—The AP is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully.

·         R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully.

·         R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully.

·         M—The AP is connected to the master AC.

·         B—The AP is connected to the backup AC.

Backup type

CAPWAP tunnel type:

·         Idle—The AP has not established a CAPWAP tunnel with the AC.

·         Master—The CAPWAP tunnel established between the AP and the master AC.

·         Backup—The CAPWAP tunnel established between the AP and the backup AC.

Region code lock

·         Enable.

·         Disable.

Serial ID

Serial ID of the AP. If no serial ID is configured, this field displays Not configured.

MAC address

MAC address of the AP. If no MAC address is configured, this field displays Not configured.

UDP control port number

Port number used by the AP to establish the CAPWAP control tunnel.

UDP data port number

Port number used by the AP to establish the CAPWAP data tunnel.

H/W version

Hardware version of the AP.

S/W version

Software version of the AP.

USB state

USB state:

·         Enabled.

·         Disabled.

This field displays N/A if no USB state information is available.

Power Level

Power level:

·         Low.

·         Middle.

·         High.

This field displays N/A if the power level is unknown.

PowerInfo

Power supply information.

Description

Description for the AP. If no description is configured, this field displays Not configured.

Priority

AP connection priority for the AC.

Echo interval

Interval for an AP to send echo requests to the AC.

Echo count

Maximum number of echo request transmission attempts.

Keepalive interval

Interval for an AP to send keepalive packets through the CAPWAP data tunnel.

Statistics report interval

Interval for an AP to send statistics reports to the AC.

Fragment size (data)

Maximum fragment size for CAPWAP data packets.

Fragment size (control)

Maximum fragment size for CAPWAP control packets.

MAC type

MAC type of the AP-AC connection:

·         Local MAC—The AP encapsulates frames in 802.3 format before sending them to the AC.

·         Split MAC—The AP encapsulates frames in 802.11 format before sending them to the AC.

·         Local & Split MAC—The AP can encapsulate frames in either 802.3 format or 802.11 format before sending them to the AC.

Tunnel mode

Supported tunnel mode of the AP:

·         Local Bridging—The AP supports local bridging and does not forward data to the AC.

·         802.3 Frame—The AP encapsulates the frames in 802.3 format to send them to the AC.

·         Native Frame—The AP encapsulates the frames in 802.11 format to send them to the AC.

·         Local Bridging & 802.3 Frame—The AP supports the Local Bridging mode and the 802.3 Frame mode.

·         802.3 Frame & Native Frame—The AP supports the 802.3 Frame mode and the Native Frame mode.

·         Local Bridging & Native Frame—The AP supports the Local Bridging mode and the Native Frame mode.

Discovery type

Discovery type of the AP:

·         Static Configuration—The AP uses the manually configured IPv4 or IPv6 address of the AC.

·         DHCP—The AP gets the IP address of an AC through DHCP.

·         DNS—The AP gets the IP address of an AC through DNS.

·         Unknown.

Retransmission count

Number of retransmission attempts for an AC request.

Retransmission interval

Interval at which AC requests can be retransmitted.

Firmware upgrade

AP software upgrade:

·         Enabled.

·         Disabled.

Sent control packets

Number of sent packets, including Change State Event Response packets after the AC enters Run state.

Received control packets

Number of received packets, including Change State Event Response packets after the AC enters Run state.

Echo requests

Number of echo requests sent by the AP in Run state.

Lost echo responses

Number of echo responses not received by the AP in Run state.

Average echo delay

Average echo delay in milliseconds.

Last reboot reason

Last reboot reason for the AP:

·         Power on.

·         Hard reboot.

·         Watchdog reboot.

·         Unknown reboot.

·         User soft reboot.

·         Kernel exception soft reboot.

·         Kernel deadloop soft reboot.

·         Auto update soft reboot.

·         Unknown soft reboot.

·         Memory exhausted.

·         Other unknown soft reboot.

Latest IP address

IP address that was most recently used by the AP.

Tunnel down reason

Cause for the CAPWAP tunnel to go down:

·         Failed to create timer.

·         Neighbor dead timer expired.

·         Request wait timer expired.

·         Data check timer expired.

·         Failed to process data channel keep-alive message.

·         Failed to process request.

·         AP was reset.

·         AP was deleted.

·         Failed to come online.

·         Serial number changed.

·         MAC address changed.

·         Number of APs exceeded the limit.

·         Processed join request in Run state.

·         Failed to create AP context.

·         Received failure result code.

·         Failed to retransmit message.

·         Failed to download image file.

·         Image file downloaded successfully.

·         File operation timer expired.

·         Failed to add tunnel.

·         Received WTP tunnel down event from AP.

·         Backup AC closed the backup tunnel.

·         Master and backup tunnel switchover.

·         Failed to inherit configuration.

·         AP authentication failed.

This field displays N/A if the CAPWAP tunnel did not go down.

Connection count

Number of times that the AP connects to the AC. It is cleared in either one of the following cases:

·         The AC reboots.

·         The serial ID of the AP changes.

The reset wlan ap command does not clear the connection count.

Backup Ipv4

IPv4 address of the backup AC. If no backup AC is specified, this field displays Not configured.

Backup Ipv6

IPv6 address of the backup AC. If no backup AC is specified, this field displays Not configured.

Tunnel encryption

·         Enabled.

·         Disabled.

LED mode

LED lighting mode:

·         quiet—All LEDs are off.

·         awake—All LEDs flash once every minute.

·         always-on—All LEDs are steady on.

·         normalHow LEDs flash in this mode varies by AP model.

Remote configuration

Remote configuration assignment:

·         Enabled.

·         Disabled.

Basic BSSID

MAC address of the radio. This field displays N/A if the AP has not established a CAPWAP tunnel with the AC.

Admin state

Radio state:

·         Up.

·         Down.

Radio type

Wireless mode:

·         2.4 GHz.

?  802.11b.

?  802.11g.

?  802.11n(2.4GHz).

·         5 GHz.

?  802.11a.

?  802.11n(5GHz).

?  802.11ac.

Client dot11ac-only

·         Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio.

·         Enabled—Allows only 802.11ac clients to associate with the radio.

Client dot11n-only

·         Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio.

·         Enabled—Allows only 802.11n or 802.11ac clients to associate with the radio.

Channel band-width

Channel bandwidth:

·         20 MHz.

·         20 or 40 MHz.

·         20/40/80 MHz.

Active band-width

Running radio bandwidth.

Secondary channel offset

Secondary channel information for the 802.11n and 802.11ac radio modes:

·         SCA (Second Channel Above)The AP operates in 40 MHz bandwidth mode, and the secondary channel is above the primary channel.

·         SCB (Second Channel Below)The AP operates in 40 MHz bandwidth mode, and the secondary channel is below the primary channel.

·         SCNThe AP does not operate in 40 MHz bandwidth mode.

Short GI for 20MHz

Whether the radio supports short GI when it operates in 20 MHz mode.

Short GI for 40MHz

Whether the radio supports short GI when it operates in 40 MHz mode.

Short GI for 80MHz

Whether the radio supports short GI when it operates in 80 MHz mode.

Short GI for 160MHz

Whether the radio supports short GI when it operates in 160 MHz mode.

A-MSDU

·         Disabled.

·         Enabled.

A-MPDU

·         Disabled.

·         Enabled.

LDPC

·         Supported.

·         Not supported.

STBC

·         Supported.

·         Not supported.

Operational VHT MCS Set

·         Supported—Supported VHT MCS set.

·         Mandatory—Mandatory VHT MCS set.

·         MulticastMulticast VHT MCS set.

Operational HT MCS Set

·         Supported—Supported MCS set.

·         Mandatory—Mandatory MCS set.

·         MulticastMulticast MCS set.

Channel

·         This field displays Number<auto> if the current channel is the optimal channel automatically selected by the AP.

·         This field displays Number if the current channel is manually configured.

·         This field displays Number<avoid radar> if the current channel is automatically selected by the AP to avoid radar signals.

Max power

Maximum transmission power of the radio.

Preamble type

Preamble type:

·         Short.

·         Long.

Operational rate

·         Mandatory.

·         Supported.

·         Multicast.

·         Disabled.

·         Not configured.

Distance

Maximum distance that the radio signal can reach.

ANI

·         Enabled.

·         Disabled.

Protection threshold

Frame length threshold required for triggering the protection mechanism.

Long retry threshold

Maximum number of retransmission attempts for frames whose length exceed the RTS threshold.

Short retry threshold

Maximum number of retransmission attempts for frames whose length is no more than the RTS threshold.

Maximum rx duration

Maximum buffer duration for frames.

Protection mode

Conflict avoidance mode:

·         cts-to-self.

·         rts-cts.

Continuous mode

Continuous mode configuration:

·         Transmission rate.

·         MCS index.

·         NSS index.

·         VHT-MCS index.

This field displays N/A if the continuous mode is not configured.

HT protection mode

802.11n protection mode:

·         No protection.

?  AP-associated clients and nearby wireless devices are operating in 802.11n mode and AP-associated clients are 802.11n clients with a bandwidth of 40 MHz.

?  AP-associated clients are 802.11n clients with a bandwidth of 20 MHz.

·         Non-member protection.
In this mode, all AP-associated clients are 802.11n clients but some nearby wireless devices are non-802.11n clients.

·         20 MHz protection.
In this mode, the AP's radio has a bandwidth of 40 MHz. AP-associated clients and nearby wireless devices are operating in 802.11n mode and a minimum of one 802.11n client with a bandwidth of 20 MHz is associated with the AP's radio.

·         Non-HT mixed.
The mode applies when none of the above mentioned modes can apply.

MU-TxBF

·         Enabled.

·         Disabled.

Support for this field depends on the AP model.

SU-TxBF

·         Enabled.

·         Disabled.

Support for this field depends on the AP model.

 

display wlan ap address

Use display wlan ap address to display AP address information.

Syntax

display wlan ap { all | name ap-name } address

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display address information for all APs.

<Sysname> display wlan ap all address

Total number of APs: 1

Total number of connected APs: 1

Total number of connected manual APs: 1

Total number of connected auto APs: 0

Total number of inside APs: 0

AP name                          IP address                     MAC address

ap1                              1.1.1.5                        000b-6b8f-fc6a

Table 3 Command output

Field

Description

AP name

Name of an AP.

IP address

IP address of an AP.

This field displays N/A for an offline AP.

MAC address

MAC address of an AP.

This field displays N/A for an offline AP.

 

display wlan ap all feature capwap

Use display wlan ap all feature capwap to display configuration status of CAPWAP features.

Syntax

display wlan ap all feature capwap

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display configuration status of CAPWAP tunnel features.

<Sysname> display wlan ap all feature capwap

AP name                       Upgrade   Encryption  Control-address   Switch-back

ap1                           Disabled  Both        Enabled            Horizontal

Table 4 Command output

Field

Description

Upgrade

AP software upgrade:

·         Enabled.

·         Disabled.

Encryption

CAPWAP tunnel encryption:

·         Control—Control tunnel encryption is enabled.

·         Data—Data tunnel encryption is enabled.

·         Both—Encryption is enabled for both control and data tunnels.

·         Disabled—Encryption is disabled for both control and data tunnels.

Control-address

AC rediscovery:

·         Enabled.

·         Disabled.

Switch-back

This field is not supported in the current software version.

The CAPWAP tunnel switch-back feature for AC hierarchy:

·         Horizontal.

·         Vertical.

·         Disabled.

·         Both.

 

display wlan ap connection

Use display wlan ap connection to display AP connection records on the AC.

Syntax

display wlan ap connection record { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display all AP connection records on the AC.

<Sysname> display wlan ap connection record all

AP name                         IP address    State     Time

ap1                             2001::3       Run       05-06 09:47:44

ap2                             2001::5       Run       05-06 09:50:38

Table 5 Command output

Field

Description

State

Current state of the AP:

·         Idle—Idle.

·         Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully.

Time

Most recent time when the AP established a CAPWAP tunnel with the AC.

 

display wlan ap files

Use display wlan ap files to display information about files and file folders on an AP.

Syntax

display wlan ap files name ap-name

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display information about files and file folders on AP ap1.

<Sysname> display wlan ap files name ap1

Directory of flash:

   0   13638656  wa5300-system.bin

   1   2573312   wa5300-boot.bin

131072 KB total (114208 KB free)

Table 6 Command output

Field

Description

0   13638656  xx.xx

File or file folder information:

·         0—Serial number, which is automatically assigned by the system.

·         13638656— File size in bytes. A hyphen (-) is displayed if it is a file folder.

·         xx.xx—Name of the file or file folder.

 

Related commands

·          delete file

·          download file

display wlan ap online-time

Use display wlan ap online-time to display the online duration for APs.

Syntax

display wlan ap online-time { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display online duration for all APs.

<Sysname> display wlan ap online-time all

AP name            IP address               Time

ap1                1.1.1.2                  0 days 0 hours 2 minutes 6 seconds

ap2                1.1.1.1                  0 days 0 hours 5 minutes 6 seconds

ap3                1.1.1.6                  0 days 0 hours 2 minutes 1 seconds

Table 7 Command output

Field

Description

IP address

IP address of an AP.

Time

Realtime association duration of an AP since the AP came online.

 

display wlan ap running-configuration

Use display wlan ap running-configuration to display running configuration for the specified AP or all APs.

Syntax

display wlan ap running-configuration { all | ap-name ap-name } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

ap-name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

verbose: Displays detailed running configuration.

Examples

# Display detailed running configuration for all APs.

<Sysname> display wlan ap running-configuration all verbose

(i) -- Inherited from AP group

(g) -- Inherited from AP global-configuration

 

#

wlan ap ap1 model WA536-WW id 5

  ap group name 1

  serial-id 219801A1NQB117012935

  region code CN (g)

  echo interval 10 (i)

  echo count 3 (i)

  retransmission count 3 (i)

  retransmission interval 5 (i)

  statistics interval 50 (i)

  fragment-size data 1500 (i)

  fragment-size control 1450 (i)

  preempt disable (g)

  firmware-upgrade enable (g)

  priority 4 (i)

  keepalive interval 10 (i)

 

  radio 1

    radio type 802.11ac (i)

    radio disable (i)

    channel auto<64> (i)

    channel unlock (i)

    fragment-threshold 2346 (i)

    max-power 20 (i)

    power unlock (i)

    distance 1 kilometer (i)

    ANI Enabled (i)

 

  radio 2

    radio type 802.11ac (i)

    radio disable (i)

    channel auto<11> (i)

    channel unlock (i)

    fragment-threshold 2346 (i)

    max-power 20 (i)

    power unlock (i)

    distance 1 kilometer (i)

    ANI Enabled (i)

 

radio 3

    radio type 802.11n(2.4GHz) (i)

    radio disable (i)

    channel auto<6> (i)

    channel unlock (i)

    fragment-threshold 2346 (i)

    max-power 20 (i)

    power unlock (i)

    distance 1 kilometer (i)

    ANI Enabled (i)

display wlan ap reboot-log

Use display wlan ap reboot-log to display the reboot logs of an AP.

Syntax

display wlan ap reboot-log name ap-name

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Usage guidelines

If the AP has suffered a system crash, you can use this command to view detailed information about the crash.

To use this command, make sure the specified AP is in Run state.

Examples

# Display reboot logs for AP ap1.

<Sysname> display wlan ap reboot-log name ap1

Debugging information is not available on the AC.

Downloading debugging data from AP. Continue? [Y/N]:y

Downloading debugging data. Please wait...

Please enter the same command again to view the log messages.

Related commands

reset wlan ap reboot-log

display wlan ap statistics association-failure-record

Use display wlan ap statistics association-failure-record to display association failure records for APs.

Syntax

display wlan ap statistics association-failure-record

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display association failure records for APs.

<Sysname> display wlan ap statistics association-failure-record

MAC address    AP ID Last failed at   Reason

9a48-45ed-0300 12312 07-07/15:56:25    AP authentication failed

Table 8 Command output

Field

Description

MAC address

MAC address of an AP.

AP ID

ID of an AP, which uniquely identifies the AP on the AC.

Last failed at

Last time an AP associated with the AC. The format is date/hh:mm:ss.

Reason

Association failure reason:

·         Failed to create data check timer.

·         Memory is not enough.

·         The AP model doesn't exist.

·         Lack of AP license.

·         MAC address conflict.

·         Failed to add APLB.

·         AP chose another AC.

·         Reached AC max capability.

·         APLB check failed.

·         Rejected AP access in HA smooth.

·         AP authentication failed.

·         Failed to create auto AP.

·         The AP information has already existed.

·         Failed to download AP image file.

·         Timer for waiting change state event request expired.

·         Time for waiting  image data request or configuration request expired.

·         Received failure result code in change state event request.

·         Failed to add tunnel.

·         AP configuration was not found.

·         Inconsistent AP IDs.

·         Failed to send query message.

·         Open image file timer expired.

 

display wlan ap statistics online-record

Use display wlan ap statistics online-record to display online AP quantity records.

Syntax

display wlan ap statistics online-record [ datetime date time [ count count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

datetime date time: Specifies the start time to display online AP quantity records. The date argument represents the date in the YYYY/MM/DD or MM/DD/YYYY format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month. The time argument represents the time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. If you do not specify this option, the command displays all statistics about online AP quantity over the past 7 days in descending order of time.

count count: Specifies the number of online AP quantity records to be displayed, in the range of 1 to 256. If you do not specify this option, 10 online AP quantity records are displayed.

Usage guidelines

The online AP quantity records are displayed one by one at intervals of 1 minute. This command supports displaying records generated only over the past 7 days. If a time is specified, this command displays the specified number of online AP quantity records generated after the specified time point.

Examples

# Display 11 online AP quantity records generated after 2017/10/11 10:25.

<Sysname> display wlan ap statistics online-record datetime 2017/10/11 10:16:11 count 11

Time                    Manual APs       Auto APs        Total        Total delta

2017-10-11 10:16:00     20               10              30           -2

2017-10-11 10:17:00     22               10              32           +6

2017-10-11 10:18:00     16               10              26           0

2017-10-11 10:19:00     16               10              26           0

2017-10-11 10:20:00     16               10              26           0

2017-10-11 10:21:00     16               10              26           0

2017-10-11 10:22:00     16               10              26           0

2017-10-11 10:23:00     16               10              26           0

2017-10-11 10:24:00     16               10              26           0

2017-10-11 10:25:00     16               10              26           0

2017-10-11 10:26:00     16               10              26           0

Table 9 Command output

Field

Description

Time

Date and time when the record was generated.

Manual APs

Number of online manual APs.

Auto APs

Number of online auto APs.

Total

Total number of online APs.

Total delta

Quantity change in comparison with the last minute.

 

display wlan ap statistics tunnel-down-record

Use display wlan ap statistics tunnel-down-record to display CAPWAP tunnel down records.

Syntax

display wlan ap statistics tunnel-down-record

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display CAPWAP tunnel down records.

<Sysname> display wlan ap statistics tunnel-down-record

AP name                             AP ID  Tunnel down at        Tunnel down reason

9a48-45ed-0300                      123    2017-07-07/15:56:25   Processed join request

in Run state

Table 10 Command output

Field

Description

AP name

Name of an AP.

AP ID

ID of an AP, which uniquely identifies the AP on the AC.

Tunnel down at

Time when the CAPWAP tunnel between an AP and the AC went down. The format is date/hh:mm:ss.

Tunnel down reason

CAPWAP tunnel down reason:

·         Failed to create data check timer.

·         Neighbor dead timer expired.

·         Request wait timer expired.

·         Failed to process data channel keepalive message.

·         Failed to process request.

·         AP was reset by admin.

·         AP was reset by Web.

·         AP was reset from OASIS.

·         WTU went offline because the WT was down—This reason is not supported in the current software version.

·         Manual AP was deleted.

·         Failed to come online.

·         Serial ID changed.

·         MAC address changed.

·         Exceeded AC max capability.

·         Processed join request in Run state.

·         Unauthenticated AP tunnel down.

·         Failed to create AP context.

·         Received failure result code in change state event request.

·         Failed to retransmit message.

·         Failed to download image file.

·         Image file downloaded successfully.

·         File operation timer expired.

·         Failed to add tunnel.

·         Received WTP tunnel down event from AP.

·         Backup AC closed the backup tunnel.

·         Master and backup tunnel switchover.

·         Failed to inherit configuration.

·         AP authentication failed.

·         Backup AP upgrade failed.

·         Board is inactive.

·         Lack of AP license.

 

display wlan ap-distribution

Use display wlan ap-distribution to display distribution information of attached APs for ACs.

Syntax

display wlan ap-distribution { all | slot slot-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all ACs.

slot slot-number: Specifies an IRF member device by its member ID.

Examples

# Display distribution information for APs attached to the specified slot.

<Sysname> display wlan ap-distribution slot 0

Total number of APs: 1

                                 AP information

 State : I = Idle,      J  = Join,       JA = JoinAck,    IL = ImageLoad

         C = Config,    DC = DataCheck,  R  = Run,   M = Master,  B = Backup

 

AP name                        APID  State Model           Serial ID

722a-d561-0300                 4     R/M   WA536-WW        219801A1NQB117012935

Table 11 Command output

Field

Description

APID

ID of the AP to uniquely identify the AP on the AC.

State

Current state of the AP:

·         I—Idle.

·         J—Join.

·         JA—Join acknowledge.

·         IL—The AP is downloading the software image version.

·         C—The AP is downloading initial configurations.

·         DC—The AP is checking data.

·         R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully.

·         R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully.

·         R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully.

·         M—The AP is connected to the master AC.

·         B—The AP is connected to the backup AC.

Model

AP model information.

Serial ID

Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured.

 

display wlan ap-distribution ap-name

Use display wlan ap-distribution ap-name to display the attachment location of an AP.

Syntax

display wlan ap-distribution ap-name ap-name

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display the attachment location of AP ap1.

<Sysname> display wlan ap-distribution ap-name ap1

The AP is attached to slot 0.

display wlan ap-group

Use display wlan ap-group to display information about all AP groups or the specified AP group.

Syntax

display wlan ap-group [ brief | name group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

brief: Displays brief information about all AP groups.

name group-name: Displays detailed information about the specified AP group. The group-name argument represents the name of an AP group, a case-insensitive string of 1 to 31 characters.

Usage guidelines

If you do not specify any parameter, this command displays detailed information about all AP groups.

Examples

# Display detailed information about all AP groups.

[Sysname] display wlan ap-group

Total number of AP groups: 2

AP group name       : default-group

Description         : Not configured

AP model            : Not configured

APs                 : Not configured

 

AP group name       : group1

Description         : abcd

AP model            : WA536-WW

AP grouping rules:

  AP name           : ap1, ap2

  Serial ID         : 219801A1NQB117012935

  MAC address       : 0AFB-423B-893C

  IPv4 address      : Not configured

  IPv6 address      : Not configured

APs                 : ap1 (AP name)

# Display detailed information about AP group group1.

[Sysname] display wlan ap-group group1

AP group name       : group1

Description         : Not configured

AP model            : WA536-WW

AP grouping rules:

  AP name           : ap1, ap2

  Serial ID         : 219801A1NQB117012935

  MAC address       : 0AFB-423B-893C

  IPv4 address      : Not configured

  IPv6 address      : Not configured

APs                 : ap1 (AP name)

# Display brief information about all AP groups.

<Sysname> display wlan ap-group brief

Total number of AP groups: 4

AP group name                  Group ID  Member APs   Online APs

default-group                  1         1            0

group1                         2         2006         1986

group2                         3         10           10

group3                         4         4            4

Related commands

wlan ap-group

display wlan ap-model

Use display wlan ap-model to display AP model information.

Syntax

display wlan ap-model { all | name model-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all AP models.

name model-name: Specifies an AP model by its name.

Examples

# Display information about AP model WA536-WW.

<Sysname> display wlan ap-model name WA536-WW

AP model        : WA536-WW

Alias           : WA536-WW

Vendor name     : H3C

Vendor ID       : 25506

License weight  : 100

Radio count     : 3

 Radio 1:

  Mode          : 802.11a, 802.11an, 802.11ac

  Default mode  : 802.11ac

  BSS count     : 16

 Radio 2:

  Mode          : 802.11a, 802.11an, 802.11ac

  Default mode  : 802.11ac

  BSS count     : 16

Radio 3:                                                                      

  Mode         : 802.11b, 802.11g, 802.11gn, 802.11gac                         

  Default mode : 802.11gn                                                      

  BSS count    : 16 

Version Support List :

Hardware Version Ver.A:                                                       

  Software Version         : R2220                                             

  Default Software Version : R2220                                             

  Image Name               : wa5300.ipe                                        

 Hardware Version Ver.B:                                                        

  Software Version         : R2220                                             

  Default Software Version : R2220                                             

  Image Name               : wa5300.ipe                                        

 Hardware Version Ver.C:                                                       

  Software Version         : R2220                                             

  Default Software Version : R2220                                             

  Image Name               : wa5300.ipe                                        

 Hardware Version Ver.D:                                                       

  Software Version         : R2220                                             

  Default Software Version : R2220                                             

  Image Name               : wa5300.ipe                                        

 Hardware Version Ver.E:                                                        

  Software Version         : R2220                                             

  Default Software Version : R2220                                             

  Image Name               : wa5300.ipe                                         

 Hardware Version Ver.F:                                                       

  Software Version         : R2220                                             

  Default Software Version : R2220                                              

  Image Name               : wa5300.ipe   

Table 12 Command output

Field

Description

AP model

AP model name.

Alias

AP model alias.

License weight

Weight of the AP model in using an AP license, in percentage.

Radio count

Number of radios.

Mode

Supported radio types.

Default mode

Default radio type.

BSS count

Maximum number of BSSs that the radio supports.

Software Version

AP' software version used to compare with the software version reported by the AP.

The default value is the AP software version stored in the APDB.

Default Software Version

AP software version stored in the APDB.

Image Name

Name of the AP image file.

 

display wlan tunnel latency ap name

Use display wlan tunnel latency ap name to display tunnel latency information for an AP.

Syntax

display wlan tunnel latency ap name ap-name

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Usage guidelines

Make sure CAPWAP tunnel latency detection is started before you execute this command.

Examples

# Display tunnel latency information for AP ap1.

<Sysname> display wlan tunnel latency ap name ap1

AP name                              : ap1

Tunnel latency                       : Enabled

Control link delay:

  Current delay                      : 1ms

  Maximum delay                      : 1ms

  Minimum delay                      : 1ms

Data link delay:

  Current delay                      : 1ms

  Maximum delay                      : 1ms

  Minimum delay                      : 1ms

Table 13 Command output

Field

Description

Tunnel latency

·         Disabled.

·         Enabled.

Current delay

The most recent delay.

 

Related commands

·          reset wlan tunnel latency ap

·          tunnel latency-detect

dns domain

Use dns domain to specify a domain name for an AP.

Use undo dns domain to restore the default.

Syntax

dns domain domain-name

undo dns domain

Default

In AP provision view, an AP uses the configuration in AP group provision view.

In AP group provision view, no domain name is specified for an AP.

Views

AP provision view

AP group provision view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters separated by dots. The string can contain letters, digits, hyphens (-), and underscores (_).

Usage guidelines

The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.

The configuration in AP provision view takes precedence over the configuration in AP group provision view.

Examples

# Set the domain name for AP ap1 to com.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] dns domain com

# Set the domain name for APs in AP group group1 to com.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group-prvs] dns domain com

Related commands

dns server

dns server

Use dns server to specify a DNS server for an AP.

Use undo dns server to restore the default.

Syntax

dns server { ip ipv4-address | ipv6 ipv6-address }

undo dns server { ip | ipv6 }

Default

In AP provision view, an AP uses the configuration in AP group provision view.

In AP group provision view, no DNS server is specified for an AP.

Views

AP provision view

AP group provision view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies a DNS server by its IPv4 address. Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.

ipv6 ipv6-address: Specifies a DNS server by its IPv6 address.

Usage guidelines

You can specify only one IPv4 address and one IPv6 address in each view.

The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.

The configuration in AP provision view takes precedence over the configuration in AP group provision view.

Examples

# Set the DNS server IP address to 192.168.100.123 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] dns server ip 192.168.100.123

# Set the DNS server IP address to 192.168.100.123 for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group-prvs] dns server ip 192.168.100.123

Related commands

dns domain

download file

Use download file to download an image file to an AP.

Syntax

download file filename

Views

AP view

Predefined user roles

network-admin

Parameters

filename: Specifies an image file by its name, a string of 1 to 255 characters.

Usage guidelines

This feature takes effect only on the master AC after a CAPWAP tunnel is established in WLAN high availability networking. For more information about WLAN high availability, see "Configuring WLAN high availability."

Examples

# Download image file main.ipe to AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan–ap-ap1] download file main.ipe

echo-count

Use echo-count to set the maximum number of echo request transmission attempts.

Use undo echo-interval to restore the default.

Syntax

echo-count count

undo echo-count

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the maximum number of echo request transmission attempts is 3.

 Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of echo request transmission attempts in the range of 3 to 60.

Usage guidelines

An AP sends echo requests to the AC at the specified echo interval to identify whether the CAPWAP control tunnel is operating correctly. The AC responds by sending echo responses. If the AP does not receive any echo responses within the keepalive time, the AP terminates the connection. If the AC does not receive any echo requests within the keepalive time, the AC terminates the connection. The keepalive time is the echo interval multiplied by the maximum number of echo request transmission attempts.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the maximum number of echo request transmission attempts to 5 for AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA536-WW

[Sysname-wlan-ap-ap3] echo-count 5

# Set the maximum number of echo request transmission attempts to 5 for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] echo-count 5

echo-interval

Use echo-interval to set the interval for an AP to send echo requests to the AC.

Use undo echo-interval to restore the default.

Syntax

echo-interval interval

undo echo-interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the interval for sending echo requests is 10 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval for sending echo requests, in the range of 5 to 80 seconds.

Usage guidelines

An AP sends echo requests to the AC at the specified echo interval to identify whether the CAPWAP control tunnel is operating correctly. The AC responds by sending echo responses. The AC terminates the connection if it does not receive any echo requests within the keepalive time. If the AP does not receive any echo responses within the keepalive time, the AP terminates the connection. The keepalive time is the echo interval multiplied by the maximum number of echo request transmission attempts set by using the echo-count count command.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the echo interval for AP ap3 to 15 seconds.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA536-WW

[Sysname-wlan-ap-ap3] echo-interval 15

# Set the echo interval for APs in AP group group1 to 15 seconds.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] echo-interval 15

firmware-upgrade

Use firmware-upgrade enable to enable the software upgrade feature.

Use firmware-upgrade disable to disable the software upgrade feature.

Use undo firmware-upgrade to restore the default.

Syntax

firmware-upgrade { disable | enable }

undo firmware-upgrade

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, the software upgrade feature is enabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

disable: Disables the software upgrade feature.

enable: Enables the software upgrade feature.

Usage guidelines

This feature enables the AC to examine whether an AP's software version matches the hardware version and software version mappings stored on the AC during CAPWAP tunnel establishment.

·          If a match is found, the AC establishes a CAPWAP tunnel with the AP.

·          If no match is found, the CAPWAP tunnel establishment proceeds as follows:

a.    The AC notifies the AP of software version inconsistency.

b.    After receiving the notification, the AP requests the software version from the AC, and then upgrades the software to establish a CAPWAP tunnel with the AC.

When this feature is disabled, the AC does not examine the software version of an AP and directly establishes a CAPWAP tunnel with the AP.

The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.

Examples

# Enable the software upgrade feature for AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA536-WW

[Sysname-wlan-ap-ap3] firmware-upgrade enable

# Enable the software upgrade feature for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] firmware-upgrade enable

# Enable the software upgrade feature globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] firmware-upgrade enable

Related commands

wlan apdb

fragment-size

Use fragment-size to set the maximum fragment size for CAPWAP control or data packets.

Use undo fragment-size to remove the configuration.

Syntax

fragment-size { control control-size | data data-size }

undo fragment-size { control | data }

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the maximum fragment size for CAPWAP control packets and data packets is 1450 bytes and 1500 bytes, respectively.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

control control-size: Specifies the maximum fragment size for CAPWAP control packets in bytes. The value range for the control-size argument is 1000 to 1450.

data data-size: Specifies the maximum fragment size for CAPWAP data packets in bytes. The value range for the control-size argument is 1000 to 1748.

Usage guidelines

This command prevents intermediate devices from dropping packets between AC and AP if the AP connects to the AC across the Internet.

Any maximum fragment size modification takes effect immediately on online APs.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the maximum fragment size for CAPWAP data packets to 1500 bytes for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-ap-ap1] fragment-size data 1500

# Set the maximum fragment size for CAPWAP data packets to 1500 bytes for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] fragment-size data 1500

gateway

Use gateway to specify a gateway for an AP.

Use undo gateway to restore the default.

Syntax

gateway { ip ipv4-address | ipv6 ipv6-address }

undo gateway { ip | ipv6 }

Default

No gateway is specified for an AP.

Views

AP provision view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies a gateway by its IPv4 address. Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.

ipv6 ipv6-address: Specifies a gateway by its IPv6 address.

Usage guidelines

You can set only one IPv4 address and one IPv6 address.

Examples

# Set the gateway IP address to 192.168.100.1 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] gateway ip 192.168.100.1

hybrid-remote-ap

Use hybrid-remote-ap enable to enable the remote AP feature.

Use hybrid-remote-ap disable to disable the remote AP feature.

Use undo hybrid-remote-ap to restore the default.

Syntax

hybrid-remote-ap { disable | enable }

undo hybrid-remote-ap

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, remote AP is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

By default, an AP stops providing services after the tunnel between the AP and the associated AC is disconnected. This command enables the AP to act as a remote AP to still provide services.

This command takes effect only on an AP that operates in local forwarding mode.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable remote AP for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] hybrid-remote-ap enable

# Enable remote AP for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] hybrid-remote-ap enable

if-match ip

Use if-match ip to create an AP grouping rule by IPv4 addresses.

Use undo if-match ip to delete AP grouping rules by IPv4 addresses.

Syntax

if-match ip ip-address { mask-length | mask }

undo if-match ip [ ip-address { mask-length | mask } ]

Default

No AP grouping rules by IP addresses are configured.

Views

AP group view

Predefined user roles

network-admin

Parameters

ip-address: Specifies an IPv4 address in dotted decimal notation.

mask-length: Specifies the mask length in the range of 1 to 31.

mask: Specifies the mask in dotted decimal notation.

Usage guidelines

You cannot execute this command in the view of the default AP group.

AP grouping rules by IPv4 addresses for an AP group or for different AP groups cannot overlap with each other.

An AP group supports a maximum of 32 AP grouping rules by IPv4 addresses.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

You can create AP grouping rules by both IPv4 addresses and IPv6 addresses for an AP group.

If you do not specify any argument in the undo form of the command, the command deletes all AP grouping rules by IPv4 addresses.

Examples

# Add APs whose IP address belongs to 192.168.0.0/16 to AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] if-match ip 192.168.0.0 16

if-match ipv6

Use if-match ipv6 to create an AP grouping rule by IPv6 addresses.

Use undo if-match ipv6 to delete AP grouping rules by IPv6 addresses.

Syntax

if-match ipv6 { ipv6-address prefix-length | ipv6-address/prefix-length }

undo if-match ip [ ipv6-address prefix-length | ipv6-address/prefix-length ]

Default

No AP grouping rules by IPv6 addresses are configured.

Views

AP group view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies the IPv6 address prefix length in the range of 1 to 128.

Usage guidelines

You cannot execute this command in the view of the default AP group.

AP grouping rules by IPv6 addresses for an AP group or for different AP groups cannot overlap with each other.

An AP group supports a maximum of 32 AP grouping rules by IPv6 addresses.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

You can create AP grouping rules by both IPv4 addresses and IPv6 addresses for an AP group.

If you do not specify any argument in the undo form of the command, the command deletes all AP grouping rules by IPv6 addresses.

Examples

# Add APs whose IPv6 address belongs to 2001:DB0::/28 to AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] if-match ipv6 2001:DB8:: 28

ip address

Use ip address to specify an IPv4 address for the management VLAN interface for an AP.

Use undo ip address to restore the default.

Syntax

ip address ip-address { mask | mask-length }

undo ip address

Default

No IP address is specified for the management VLAN interface of an AP.

Views

AP provision view

Predefined user roles

network-admin

Parameters

ip-address: Specifies an IPv4 address in dotted decimal notation.

mask: Specifies the mask in dotted decimal notation.

mask-length: Specifies the mask length in the range of 1 to 31.

Usage guidelines

Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.

The IP address of the management VLAN interface for an AP must be different from the following IP addresses:

·          IP address of the management VLAN interface of another AP.

·          AC IP address specified in provision view of any APs.

Examples

# Set the IP address of the management VLAN interface to 10.1.1.1/24 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ip address 10.1.1.1 24

ipv6 address

Use ipv6 address to specify an IPv6 address for the management VLAN interface for an AP.

Use undo ipv6 address to restore the default.

Syntax

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

undo ipv6 address

Default

No IPv6 address is specified for the management VLAN interface of an AP.

Views

AP provision view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies the prefix length in the range of 1 to 128.

Usage guidelines

The IP address of the management VLAN interface for an AP must be different from the following IP addresses:

·          IP address of the management VLAN interface of another AP.

·          AC IP address specified in provision view of any APs.

Examples

# Set the IPv6 address of the management VLAN interface to 2001::1/64 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ipv6 address 2001::1/64

keepalive-interval

Use keepalive-interval to set the data tunnel keepalive interval.

Use undo keepalive-interval to restore the default.

Syntax

keepalive-interval interval

undo keepalive-interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the data tunnel keepalive interval is 10 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval for an AP to send keepalive packets through the CAPWAP data tunnel. The value range is 1 to 255 seconds.

Examples

# Set the data tunnel keepalive interval for AP ap1 to 15 seconds.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] keepalive-interval 15

# Set the data tunnel keepalive interval for APs in AP group 1 to 15 seconds.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-ap-group-1] keepalive-interval 15

led-mode

Use led-mode to set a LED lighting mode.

Use undo led-mode to restore the default.

Syntax

led-mode { always-on | awake | normal | quiet }

undo led-mode

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the LED lighting mode is normal.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

always-on: Specifies the always-on mode. Support for this keyword depends on the AP model.

awake: Specifies the awake mode. Support for this keyword depends on the AP model.

normal: Specifies the normal mode. How LEDs flash in this mode varies by AP model.

quiet: Specifies the quiet mode.

Usage guidelines

If you set the LED lighting mode to awake or always-on in AP group view, the setting takes effect only on member APs that support the specified LED lighting mode.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the LED lighting mode to normal for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] led-mode normal

# Set the LED lighting mode to awake for APs in AP group ap1.

<Sysname> system-view

[Sysname] wlan ap-group g1

[Sysname-wlan-ap-group-g1] led-mode awake

mac-address (AP group view)

Use mac-address to create an AP grouping rule by MAC addresses.

Use undo mac-address to delete an AP grouping rule by MAC addresses.

Syntax

mac-address mac-address

undo mac-address mac-address

Default

No AP grouping rules by MAC addresses are configured.

Views

AP group view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the MAC address of an AP.

Usage guidelines

This command does not identify whether the specified AP exists.

You can configure multiple AP grouping rules by MAC addresses.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

If an AP grouping rule already exists in an AP group, this command deletes the rule from the AP group.

You cannot execute this command in the view of the default AP group.

Examples

# Create an AP grouping rule by MAC addresses for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] mac-address 0AC1-F9B2-B1C2

Related commands

wlan ap-group

mac-address (AP view)

Use mac-address to specify the MAC address for an AP.

Use undo mac-address to restore the default.

Syntax

mac-address mac-address

undo mac-address

Default

No MAC address is specified for an AP.

Views

AP view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the MAC address for an AP, in H-H-H format.

Usage guidelines

Changing or deleting the MAC address of an AP terminates the CAPWAP tunnel if the AP has established a CAPWAP tunnel with the AC. Then the AP will reestablish a CAPWAP tunnel with the AC.

Examples

# Set the MAC address of AP ap1 to 0001-0000-0000.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] mac-address 0001-0000-0000

power-level default

 

NOTE:

Support for this command depends on the AP model.

 

Use power-level default to set the default input power level for an AP in case the AP cannot obtain its input power level.

Use undo power-level default to restore the default.

Syntax

power-level default { high | low | middle }

undo power-level default

Default

In AP view, an AP uses the configuration in AP group's AP model view.

In AP group's AP model view, the default input power level of an AP is middle.

Views

AP view

AP group's AP model view

Predefined user roles

network-admin

Parameters

high: Specifies the high default input power level.

low: Specifies the low default input power level.

middle: Specifies the middle default input power level.

Usage guidelines

Configure this command for an AP in case the AP cannot obtain its input power level at startup.

The power level of an AP can be high, middle, or low. An AP automatically performs power supply mode detection to obtain its input power level at startup. If the AP fails to obtain the input power level, it operates at the low input power level before associating with an AC. After the association, it operates at the configured default input power level.

The following table shows the relationship between the AP's power supply mode and input power level:

 

Power supply mode

Input power level

·         Power adapter.

·         Multiple PoE+ ports.

·         Combination of PoE and PoE+ ports.

High

·         Single PoE+ port

·         Multiple PoE ports

Middle

Single PoE port

Low

 

An AP's support for MIMO modes and USB interfaces varies by power level, as shown in Table 14.

Table 14 AP's support for MIMO modes and USB interfaces

Input power level

MIMO modes

Whether USB interfaces can be enabled

High

1×1, 2×2, 3×3, and 4×4.

Yes.

Middle

1×1, 2×2, 3×3, and 4×4.

Yes when the MIMO mode is 1×1 or 2×2.

Low

1×1.

No.

 

The configuration in AP view takes precedence over the configuration in AP group's AP model view.

Examples

# Set the default input power level to high for AP ap1 in AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA510H-WW

[Sysname-wlan-ap-ap1] power-level default high

# Set the default input power level to high in AP model view of AP group g1.

<Sysname> system-view

[Sysname] wlan ap-group g1

[Sysname-wlan-ap-group-g1] ap-model WA510H-WW

[Sysname-wlan-ap-group-g1-ap-model-WA510H-WW] power-level default high

priority

Use priority to set the AP connection priority for the AC.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the AP connection priority for the AC is 4.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

priority: Specifies the AP connection priority for the AC, in the range of 0 to 7. A larger value represents a higher connection priority.

Usage guidelines

The AP prefers to establish a CAPWAP tunnel with an AC that has higher connection priority.

The AP connection priority only takes effect during AC discovery.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the AP connection priority for the AC to 7 for AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA536-WW

[Sysname-wlan-ap-ap3] priority 7

# Set the AP connection priority for the AC to 7 for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] priority 7

provision

Use provision to enable AP preprovisioning and enter AP provision view, or enter AP provision view. if AP preprovisioning is already enabled.

Use undo provision to disable AP preprovisioning.

Syntax

provision

undo provision

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, AP preprovisioning is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

AP preprovisioning allows you to configure network settings for APs on the AC. The AC automatically assigns these settings to the APs.

If you disable AP preprovisioning, network settings configured on the AC will be deleted. However, the operation does not affect the network settings already assigned to the APs.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable AP preprovisioning and enter AP provision view of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs]

# Enable AP preprovisioning and enter AP group provision view of AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group1-prvs]

provision auto-recovery

Use provision auto-recovery enable to enable auto loading of preprovisioned settings.

Use provision auto-recovery disable to disable auto loading of preprovisioned settings.

Use undo provision auto-recovery to restore the default.

Syntax

provision auto-recovery { disable | enable }

undo provision auto-recovery

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, auto loading of preprovisioned settings is enabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

Auto loading of preprovisioned settings ensures successful CAPWAP tunnel establishment between AP and AC. An AP uses the following procedure to discover an AC when you enable this feature:

1.        Uses the preprovisioned settings to discover an AC that has the AP's manual or auto AP configuration.

2.        Reboots and uses other methods to discover ACs if AC discovery fails.

3.        Reboots and uses the preprovisioned settings again to discover ACs if the AP still fails to discover the target AC.

This AC discovery process will be repeated until the AP discovers the target AC to establish a CAPWAP tunnel.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Disable auto loading of preprovisioned settings for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-ap-ap1] provision auto-recovery disable

# Disable auto loading of preprovisioned settings for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision auto-recovery disable

provision auto-update

Use provision auto-update enable to enable auto assignment of preprovisioned settings.

Use provision auto-update disable to disable auto assignment of preprovisioned settings.

Use undo provision auto-update to restore the default.

Syntax

provision auto-update { disable | enable }

undo provision auto-update

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, auto assignment of preprovisioned settings is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

This command enables the AC to automatically assign preprovisioned settings to an AP so that the AP can use the preprovisioned settings to come online.

This command applies only to offline APs. To deploy preprovisioned settings to online APs, use the save wlan ap provision command.

The preprovisioned settings in AP provision view has higher priority than the preprovisioned settings in AP group provision view.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable auto assignment of preprovisioned settings for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-ap-ap1] provision auto-update enable

# Enable auto assignment of preprovisioned settings for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision auto-update enable

reset wlan ap

Use reset wlan ap to reset all APs or the specified AP.

Syntax

reset wlan ap { all | ap-group group-name | model model-name | name ap-name }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all APs connected to the AC.

ap-group group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.

model model-name: Specifies an AP model by model name.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Usage guidelines

This command terminates the CAPWAP tunnel between the AP and the AC and deletes all connection information about the AP.

Examples

# Reset AP ap1.

<Sysname> reset wlan ap name ap1

Reset the AP that has established or is to establish a primary tunnel with the AC. Continue? [Y/N]:

reset wlan ap provision

Use reset wlan ap provision to delete configuration file wlan_ap_prvs.xml from all APs or the specified AP.

Syntax

reset wlan ap provision { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Usage guidelines

This command takes effect only on APs that have established CAPWAP tunnels with the master AC and are in Run state.

For this command to take effect on an AP, restart the AP after execution.

Examples

# Delete the configuration file wlan_ap_prvs.xml of AP ap1.

<Sysname> reset wlan ap provision name ap1

reset wlan ap reboot-log

Use reset wlan ap reboot-log to clear the reboot logs of all APs or the specified AP.

Syntax

reset wlan ap reboot-log { all | name ap-name }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Clear the reboot logs of AP ap1.

<Sysname> reset wlan ap reboot-log name ap1

Related commands

display wlan ap reboot-log

reset wlan tunnel latency ap

Use reset wlan tunnel latency ap to clear tunnel latency information for all APs or the specified AP.

Syntax

reset wlan tunnel latency ap { all | name ap-name }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Usage guidelines

This command takes effect only on APs that have established tunnels with the master AC and are in Run state.

Examples

# Clear tunnel latency information for AP ap1.

<Sysname> reset wlan tunnel latency ap name ap1

Related commands

·          display wlan tunnel latency ap name

·          tunnel latency-detect

retransmit-count

Use retransmit-count to set the maximum number of AC request retransmission attempts.

Use undo retransmit-count to restore the default.

Syntax

retransmit-count value

undo retransmit-count

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the maximum number of AC request retransmission attempts is 3.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

value: Specifies the maximum number of AC request retransmission attempts, in the range of 2 to 5.

Usage guidelines

The AC transmits a request sent to an AP at the retransmission interval until the maximum number of request retransmission attempts is reached or a response is received.

Requests sent by the AC to an AP include the following types:

·          Image Data Request.

·          Configuration Update Request.

·          Reset Request.

·          Data Transfer Request.

·          IEEE 802.11 WLAN Configuration Request.

·          Station Configuration Request.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the maximum number of AC request retransmission attempts to 4 for AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA536-WW

[Sysname-wlan-ap-ap3] retransmit-count 4

# Set the maximum number of AC request retransmission attempts to 4 for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] retransmit-count 4

Related commands

retransmit-interval

retransmit-interval

Use retransmit-interval to set the request retransmission interval for the AC to retransmit requests to an AP.

Use undo retransmit-interval to restore the default.

Syntax

retransmit-interval interval

undo retransmit-interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the request retransmission interval is 5 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the request retransmission interval in the range of 3 to 8 seconds.

Usage guidelines

Requests sent by the AC to an AP include the following types:

·          Image Data Request.

·          Configuration Update Request.

·          Reset Request.

·          Data Transfer Request.

·          IEEE 802.11 WLAN Configuration Request.

·          Station Configuration Request.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the request retransmission interval to 6 seconds for the AC to send requests to AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA536-WW

[Sysname-wlan-ap-ap3] retransmit-interval 6

# Set the request retransmission interval to 6 seconds for the AC to send requests to APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] retransmit-interval 6

Related commands

retransmit-count

save wlan ap provision

Use save wlan ap provision to deploy the provision configuration to all APs or the specified AP.

Syntax

save wlan ap provision { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Usage guidelines

This command saves the added or modified preprovisioned settings to the configuration file wlan_ap_prvs.xml.

This command takes effect only on online APs that have established tunnels with the master AC.

This command has the same effect as the reset wlan ap provision command if no AP preprovisioned settings exist.

Preprovisioned settings configured in provision view take effect immediately when you execute the save wlan ap provision command.

Cancellations of preprovisioned settings in provision view do not take effect when you execute the save wlan ap provision command. For the cancellations to take effect on an AP, restart the AP.

Examples

# Save the configuration in AP provision view to configuration file wlan_ap_prvs.xml on AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ac ip 192.168.0.1

[Sysname-wlan-ap-ap1-prvs] save wlan ap provision name ap1

serial-id (AP group view)

Use serial-id to create an AP grouping rule by serial IDs.

Use undo serial-id to delete an AP grouping rule by serial IDs.

Syntax

serial-id serial-id

undo serial-id serial-id

Default

No AP grouping rules by serial IDs are configured.

Views

AP group view

Predefined user roles

network-admin

Parameters

serial-id: Specifies an AP serial ID, a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command does not identify whether the specified AP exists.

You can configure multiple AP grouping rules by serial IDs.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

If an AP grouping rule already exists in an AP group, this command deletes the rule from the AP group.

You cannot execute this command in the view of the default AP group.

Examples

# Create an AP grouping rule by serial IDs for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] serial-id 219801A1NQB117012935

Related commands

wlan ap-group

serial-id (AP view)

Use serial-id to specify the serial ID for an AP.

Use undo serial-id to restore the default.

Syntax

serial-id serial-id

undo serial-id

Default

No serial ID is specified for an AP.

Views

AP view

Predefined user roles

network-admin

Parameters

serial-id: Specifies the serial ID for an AP, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Changing or deleting the serial ID of an AP terminates the CAPWAP tunnel if the AP has established a CAPWAP tunnel with an AC. Then the AP will reestablish a CAPWAP tunnel with an AC.

Examples

# Set the serial ID of AP ap1 to 219801A1NQB117012935.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-ap-ap1] serial-id 219801A1NQB117012935

snmp-agent trap enable wlan ap

Use snmp-agent trap enable wlan ap to enable SNMP notifications for AP management.

Use undo snmp-agent trap enable wlan ap to restore the default.

Syntax

snmp-agent trap enable wlan ap

undo snmp-agent trap enable wlan ap

Default

SNMP notifications are disabled for AP management.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical AP management events to an NMS, enable SNMP notifications for AP management. For AP management event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for AP management.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan ap

snmp-agent trap enable wlan capwap

Use snmp-agent trap enable wlan capwap to enable SNMP notifications for CAPWAP.

Use undo snmp-agent trap enable wlan capwap to restore the default.

Syntax

snmp-agent trap enable wlan capwap

undo snmp-agent trap enable wlan capwap

Default

SNMP notifications are disabled for CAPWAP.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical CAPWAP events to an NMS, enable SNMP notifications for CAPWAP For CAPWAP event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for CAPWAP.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan capwap

statistics-interval

Use statistics-interval to set the statistics report interval for an AP to send statistics reports to the AC.

Use undo statistics-interval to restore the default.

Syntax

statistics-interval interval

undo statistics-interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the statistics report interval is 50 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the statistics report interval in the range of 0 to 240 seconds. To disable statistics report for an AP, set the statistics report interval to 0.

Usage guidelines

Execute this command to change the interval for an AP to report its statistics. You can use these statistics to monitor the operating status of radios on the AP.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the statistics reports interval to 10 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] statistics-interval 10

# Set the statistics reports interval to 10 seconds for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] statistics-interval 10

tunnel latency-detect

Use tunnel latency-detect to configure CAPWAP tunnel latency detection.

Syntax

tunnel latency-detect { start | stop }

Default

CAPWAP tunnel latency detection is not started.

Views

AP view

Predefined user roles

network-admin

Parameters

start: Starts CAPWAP tunnel latency detection.

stop: Stops CAPWAP tunnel latency detection.

Usage guidelines

CAPWAP tunnel latency detection enables an AC to detect the transmission latency of CAPWAP control frames or data frames from an AP to the AC and back.

When an AP goes offline, CAPWAP tunnel latency detection automatically stops. When the AP comes online again, you need to execute the tunnel latency-detect start command to start CAPWAP tunnel latency detection.

The tunnel latency-detect start command takes effect only on APs that have established CAPWAP tunnels with the master AC and are in Run state.

Examples

# Start CAPWAP tunnel latency detection for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] tunnel latency-detect start

Related commands

·          display wlan tunnel latency ap name

·          reset wlan tunnel latency ap

usb

 

NOTE:

Support for this command depends on the AP model.

 

Use usb enable to enable USB interfaces on APs.

Use usb disable to disable USB interfaces on APs.

Use undo usb to restore the default.

Syntax

usb { disable | enable }

undo usb

Default

In AP view, an AP uses the configuration in AP group's AP model view.

In AP group's AP model view, USB interfaces are disabled.

Views

AP view

AP group's AP model view

Predefined user roles

network-admin

Usage guidelines

This command takes effect on an AP only when either of the following requirements is met:

·          The power level of the AP is high.

·          The power level of the AP is middle and the MIMO mode is 1×1 or 2×2.

For information about power levels, see "power-level default." For information about MIMO modes, see radio management in WLAN Configuration Guide.

The configuration in AP view takes precedence over the configuration in AP group's AP model view.

Examples

# Enable USB interfaces in AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA510H-WW

[Sysname-wlan-ap-ap1] usb enable

# Enable USB interfaces in AP model view of AP group g1.

<Sysname> system-view

[Sysname] wlan ap-group g1

[Sysname-wlan-ap-group-g1] ap-model WA510H-WW

[Sysname-wlan-ap-group-g1-ap-model-WA510H-WW] usb enable

Related commands

power-level default

wlan ap

Use wlan ap to create an AP and enter AP view.

Use undo wlan ap to delete an AP.

Syntax

wlan ap ap-name [ model model-name ]

undo wlan ap ap-name

Default

No manual AP exists.

Views

System view

Predefined user roles

network-admin

Parameters

ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

model model-name: Specifies the model name of the AP. You must specify the model name when you create an AP.

Usage guidelines

If the specified AP already exists, the wlan ap command enters AP view.

If the specified AP has established a CAPWAP tunnel, the undo wlan ap command also terminates the tunnel.

Examples

# Create AP ap1 with model WA536-WW.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1]

wlan apdb

Use wlan apdb to configure the mapping between a software version and a hardware version of an AP model.

Use undo wlan apdb to restore the default.

Syntax

wlan apdb model-name hardware-version software-version

undo wlan apdb model-name hardware-version

Default

The software version for a hardware version of an AP model is the software version that is stored in APDB user scripts.

Views

System view

Predefined user roles

network-admin

Parameters

model-name: Specifies an AP model name in the APDB.

hardware-version: Specifies a hardware version in the APDB.

software-version: Specifies an AP software version, a case-insensitive string of 1 to 31 characters.

Usage guidelines

CAUTION

CAUTION:

To avoid CAPWAP tunnel establishment failure, use this command under the guidance of H3C Support.

 

This command is used together with the software upgrade feature for software version consistency check during software upgrade.

Use this command only when the software version you expect for an AP is inconsistent with the software version specified for the AP model stored in the APDB.

Examples

# Configure the mapping between software version E2108 and hardware version Ver.C of AP model WA536-WW.

<Sysname> system-view

[Sysname] wlan apdb WA536-WW Ver.C E2108

Related commands

firmware-upgrade

wlan apdb file

Use wlan apdb file to load an APDB user script.

Use undo wlan apdb file to delete an APDB user script.

Syntax

wlan apdb file user.apdb

undo wlan apdb file

Default

No APDB user script is loaded.

Views

System view

Predefined user roles

network-admin

Parameters

user.apdb: Specifies an APDB user profile by its name, a case-sensitive string of 1 to 63 characters. apdb is the filename extension.

Usage guidelines

When you load an APDB user script, follow these restrictions and guidelines:

·          Make sure the user script is valid. Invalid scripts can cause loading failure.

·          The AP models in the user script must be different from the AP models in the system script.

·          If you load multiple user scripts on the AC, the most recently loaded user script overwrites the old user scripts.

·          If you rename the user script in the file system, reload the user script to prevent AP model configuration in the user script from being lost after an AC reboot.

·          If you replace the user script with a new user script in the file system, reload the new user script. If the new user script does not include AP model information saved in the replaced user script, the AP model information will be lost after an AC reboot.

·          If you delete a user script in the file system, the AP model configuration in the user script will be lost after an AC reboot.

If an old user script already exists, follow these restrictions and guidelines when you load an APDB user script:

·          If a manual AP or an online auto AP whose model is listed in the old user script exists ,you can load a new user script only when you delete the corresponding AP model information on the AC.

·          If APs of an AP model listed in the old user script have been added to an AP group, you can load a new user script only when you remove the APs from the AP group.

·          If the old user script includes an AP model whose software version was already configured, you can load a new user script only when you use the wlan apdb command to restore the original software version.

Examples

# Load user script user.apdb.

<Sysname> system-view

[Sysname] wlan apdb file user.apdb

Related commands

wlan apdb

wlan ap-group

Use wlan ap-group to create an AP group.

Use undo wlan ap-group to delete an AP group.

Syntax

wlan ap-group group-name

undo wlan ap-group group-name

Default

The default AP group default-group exists.

Views

System view

Predefined user roles

network-admin

Parameters

group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

If the specified AP group exists, this command enters the AP group view.

The default AP group cannot be deleted.

Examples

# Create an AP group with name group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1]

Related commands

display wlan ap-group

wlan auto-ap enable

Use wlan auto-ap enable to enable the auto AP feature.

Use undo wlan auto-ap enable to disable the auto AP feature.

Syntax

wlan auto-ap enable

undo wlan auto-ap enable

Default

The auto AP feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables an AP to connect to an AC without manual AP configuration. It simplifies configuration when you deploy a large number of APs in a WLAN.

To configure an auto AP, you must use auto-AP persistence to convert the auto AP to a manual AP or configure it through an AP group.

Examples

# Enable the auto AP feature.

<Sysname> system-view

[Sysname] wlan auto-ap enable

wlan auto-ap persistent

Use wlan auto-ap persistent to convert online auto APs to manual APs.

Syntax

wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ] }

Views

System view

Predefined user roles

network-admin

Parameters

all: Specifies all online auto APs. If you specify this keyword, the command converts all online auto APs to manual APs with their names unchanged.

auto-ap-name: Specifies an online auto AP.

new-ap-name: Specifies a new name for the AP, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-). If you do not specify this argument, the converted manual AP uses the name of the auto AP.

Examples

# Convert the auto AP whose MAC address is 0001-ab12-cd36 to manual AP ap2.

<Sysname> system-view

[Sysname] wlan auto-ap persistent name 0001-ab12-cd36 ap2

wlan auto-persistent enable

Use wlan auto-persistent enable to enable auto AP conversion to convert auto APs automatically to manual APs after they come online.

Use undo wlan auto-persistent enable to restore the default.

Syntax

wlan auto-persistent enable

undo wlan auto-persistent enable

Default

Auto AP conversion is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only on auto APs that come online after you execute this command. For auto APs that are already online, use the wlan auto-ap persistent command to convert them to manual APs.

Examples

# Enable auto AP conversion.

<Sysname> system-view

[Sysname] wlan auto-persistent enable

wlan capwap discovery-policy unicast

Use wlan capwap discovery-policy unicast to enable an AC to respond only to unicast discovery requests.

Use undo wlan capwap discovery-policy to restore the default.

Syntax

wlan capwap discovery-policy unicast

undo wlan capwap discovery-policy

Default

An AC can respond to unicast, multicast, and broadcast discovery requests.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the AC to respond only to unicast discovery requests.

<Sysname> system-view

[Sysname] wlan capwap discovery-policy unicast

wlan detect-anomaly enable

Use wlan detect-anomaly enable to enable service anomaly detection.

Use undo wlan detect-anomaly enable to disable service anomaly detection.

Syntax

wlan detect-anomaly enable

undo wlan detect-anomaly enable

Default

Service anomaly detection is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Perform this task on the master AC in an IRF fabric.

This feature enables an AC to check service status and start a 10-minute timer upon detecting that no APs are associated with the AC.

When the timer expires, the AC performs either of the following operations:

·          Restarts if no AP is online.

·          Deletes the timer if a minimum of one AP is online.

If APs come online and then all go offline before the timer expires, the AC restarts the 10-minute timer upon detecting that the last online AP goes offline.

As a best practice, enable this feature for an AC to recover automatically in case of service anomaly.

Examples

# Enable service anomaly detection.

<Sysname> system-view

[Sysname] wlan detect-anomaly enable

wlan global-configuration

Use wlan global-configuration to enter global configuration view.

Syntax

wlan global-configuration

Views

System view

Predefined user roles

network-admin

Usage guidelines

The configuration priorities for an AP in AP view, AP group view, and global configuration view are in descending order. If no settings are configured in one view, the settings in the view with a lower priority are used. If no settings are configured in any one of the three views, the AP uses the default configuration in the view that has the lowest priority.

Examples

# Enter global configuration view.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration]

wlan image-load filepath

Use wlan image-load filepath to specify the preferred location for the AC to obtain an AP image file for software version assignment.

Use undo wlan image-load filepath to restore the default.

Syntax

wlan image-load filepath { local | ram }

undo wlan image-load filepath

Default

The AC prefers the AP image file stored in the RAM when assigning a software version to APs.

Views

System view

Predefined user roles

network-admin

Parameters

local: Specifies the local folder as the preferred location to obtain an AP image file. If no AP image file exists on the local folder, the AC obtains the AP image file from the RAM. If no AP image file exists on the RAM, the AC fails to obtain an AP image file.

ram: Specifies the RAM as the preferred location to obtain an AP image file. If no AP image file exists on the RAM, the AC obtains the AP image file from the local folder. If no AP image file exists on the local folder, the AC fails to obtain an AP image file.

Usage guidelines

The AC image file contains AP image files. The AC reads the AP image files into the RAM when it starts.

Specify the local keyword only when the following conditions are met:

·          The required AP image file is not contained in the AC's image file.

·          The software version an AP uses when it comes online has been specified using the wlan apdb command.

When you specify the local keyword, make sure the AC uses a CF card as the default file system and the AP image file is stored in the root directory of the file system on the AC.

The AC can assign only .ipe AP image files to APs.

Examples

# Specify the local folder as the preferred location to obtain an AP image file for AP software version assignment.

<Sysname> system-view

[Sysname] wlan image-load filepath local

wlan re-group

Use wlan re-group to move an AP grouping rule or a list of AP grouping rules to the specified AP group.

Syntax

wlan re-group { ap ap-name | ap-group old-group-name | mac-address mac-address | serial-id serial-id } group-name

Views

System view

Predefined user roles

network-admin

Parameters

ap ap-name: Specifies an AP grouping rule by AP names.

ap-group old-group-name: Specifies the source AP group. The source AP group cannot be the default AP group.

mac-address mac-address: Specifies an AP grouping rule by MAC addresses.

serial-id serial-id: Specifies an AP grouping rule by serial IDs.

group-name: Specifies the target AP group. The target AP group cannot be the default AP group.

Examples

# Create AP group group1, and create AP grouping rules by AP names to add APs ap1, ap2, and ap3 to AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap ap1 ap2 ap3

[Sysname-wlan-ap-group-group1] quit

# Create an AP group named group2, and move an AP grouping rule by AP names to AP group group2.

[Sysname] wlan ap-group group2

[Sysname-wlan-ap-group-group2] quit

[Sysname] wlan re-group ap ap1 group2

wlan rename-ap

Use wlan rename-ap to rename a manual AP.

Syntax

wlan rename-ap ap-name new-ap-name

Views

System view

Predefined user roles

network-admin

Parameters

ap-name: Specifies a manual AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

new-ap-name: Specifies a new AP name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Change the name of AP ap1 to ap1-office.

<Sysname> system-view

[Sysname] wlan rename-ap ap1 ap1-office

wlan tcp mss

Use wlan tcp mss to set the maximum TCP segment size (MSS) for CAPWAP tunnels.

Use undo wlan tcp mss to restore the default.

Syntax

wlan tcp mss value

undo wlan tcp mss

Default

The TCP MSS is 1460 bytes for CAPWAP tunnels.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the TCP MSS in bytes in the range of 128 to 2048.

Usage guidelines

This command sets the value of the MSS option in SYN packets transmitted over a CAPWAP tunnel.

The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the size of a TCP segment is smaller than or equal to the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, TCP fragments the segment based on the receiver's MSS.

Examples

# Set the TCP MSS to 2000 bytes for CAPWAP tunnels.

<Sysname> system-view

[Sysname] wlan tcp mss 2000


Radio management commands

a-mpdu

Use a-mpdu enable to enable the A-MPDU aggregation method.

Use a-mpdu disable to disable the A-MPDU aggregation method.

Use undo a-mpdu to restore the default.

Syntax

a-mpdu { disable | enable }

undo a-mpdu

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the A-MPDU aggregation method is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Disable the A-MPDU aggregation method for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] a-mpdu disable

# Disable the A-MPDU aggregation method for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] a-mpdu disable

a-msdu

Use a-msdu enable to enable the A-MSDU aggregation method.

Use a-msdu disable to disable the A-MSDU aggregation method.

Use undo a-msdu to restore the default.

Syntax

a-msdu { disable | enable }

undo a-msdu

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the A-MSDU aggregation method is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The device can receive but cannot send A-MSDUs.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Disable the A-MSDU aggregation method for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] a-msdu disable

# Disable the A-MSDU aggregation method for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] a-msdu disable

ani

Use ani enable to enable Adaptive Noise Immunity (ANI).

Use ani disable to disable ANI.

Use undo ani to restore the default.

Syntax

ani { disable | enable }

undo ani

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, ANI is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

ANI enables the device to adjust the anti-noise level based on the environment to reduce interference from the surrounding environment.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable ANI for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] ani enable

# Enable ANI for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] ani enable

antenna type

Use antenna type to set the antenna type for an AP.

Use undo antenna type to restore the default.

Syntax

antenna type antenna-type

undo antenna type

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the default antenna type for an AP varies by device model.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

antenna-type: Specifies an antenna type, a string of 1 to 10 characters. Antenna types supported by an AP vary by device model.

Usage guidelines

If an AP uses a third-party antenna, you must set the antenna type to the type of antenna that the AP uses.

The antenna gain automatically changes after you set the antenna type to ensure that the transmit power is within the correct range.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the antenna type to internal for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] antenna type internal

# Set the antenna type to internal for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] antenna type internal

ap-model

Use ap-model to create an AP model and enter its view.

Use undo ap-model to remove an AP model and all its configuration.

Syntax

ap-model ap-model

undo ap-model ap-model

Default

No AP model exists.

Views

AP group view

Predefined user roles

network-admin

Parameters

ap-model: Specifies an AP model by its name.

Examples

# Create the AP model WA536-WW.

<System> system-view

[System] wlan ap-group group1

[System-wlan-ap-group-group1] ap-model WA536-WW

[System-wlan-ap-group-group1-ap-model-WA536-WW]

auto-channel european-gap enable

Use auto-channel european-gap enable to configure 2.4 GHz radios to use the European gap for auto channel selection.

Use undo auto-channel european-gap enable to restore the default.

Syntax

auto-channel european-gap enable

undo auto-channel european-gap enable

Default

2.4 GHz radios use non-European channel gap 5 to automatically select channels 1, 6, and 11.

Views

Global configuration view

Predefined user roles

network-admin

Usage guidelines

Configure this command for 2.4 GHz radios to use European channel gap 6 to automatically select channels 1, 7, and 13.

Examples

# Configure 2.4 GHz radios to use the European channel gap for auto channel selection.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] auto-channel european-gap enable

Examples

channel

beacon-interval

Use beacon-interval to set the beacon interval.

Use undo beacon-interval to restore the default.

Syntax

beacon-interval interval

undo beacon-interval

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the beacon interval is 100 Time Units (TUs).

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

interval: Specifies the beacon interval in the range of 32 to 8191 TUs.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the beacon interval to 1000 TUs for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] beacon-interval 1000

# Set the beacon interval to 1000 TUs for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] beacon-interval 1000

channel

Use channel to specify a working channel for a radio.

Use undo channel to restore the default.

Syntax

channel { channel-number | auto { lock | unlock } }

undo channel [ auto ]

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, an AP automatically selects a channel for the radio and the channel is unlocked.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

channel-number: Specifies a channel by its number. The value range for this argument varies by country code and radio mode.

auto lock: Configures the AP to automatically select a channel for a radio and lock the channel.

auto unlock: Configures the AP to automatically select a channel for a radio and not lock the channel.

Usage guidelines

When radar signals are detected on the working channel of a radio, either of the following cases occurs:

·          If the channel is a manually specified channel, the radio changes its channel, and switches back to the specified channel after 30 minutes and then starts the quiet timer. If no radar signals are detected within the quiet time, the radio starts to use the channel. If radar signals are detected within the quiet time, the radio changes its channel.

·          If the channel is an automatically assigned channel, the radio changes its channel.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Specify the working channel 149 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] channel 149

# Specify the working channel 149 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel 149

channel auto-select

Use channel auto-select to configure the channel selection blacklist or whitelist.

Use undo channel auto-select to remove the specified channels from the channel selection blacklist or whitelist.

Syntax

channel auto-select { blacklist | whitelist } channel-number

undo channel auto-select { blacklist | whitelist } { all | channel-number }

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, no channel selection blacklist or whitelist exists.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

blacklist: Adds channels to the channel selection blacklist. An AP will not select channels in the blacklist.

whitelist: Adds channels to the channel selection whitelist. An AP will only select channels in the whitelist.

channel-number: Specifies channels by their channel numbers. The value range for this argument varies by country code and radio mode.

all: Specifies all channels in the channel selection blacklist or whitelist.

Usage guidelines

You cannot configure both the channel selection blacklist and whitelist for the same AP.

This command takes effect only on APs operating in auto channel selection mode.

Examples

# Add channels 149, 153, and 157 to the channel selection whitelist for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] channel auto-select whitelist 149 153 157

# Add channels 149, 153, and 157 to the channel selection whitelist for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel auto-select whitelist 149 153 157

Related commands

channel

channel band-width

Use channel band-width to set the bandwidth mode.

Use undo channel band-width to restore the default.

Syntax

channel band-width { 20 | 40 [ auto-switch ] | 80 }

undo channel band-width

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the bandwidth mode is 80 MHz for 802.11ac radios, 20 MHz for 802.11gac radios, 40 MHz for 802.11an radios, and 20 MHz for 802.11gn radios.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

20: Sets the bandwidth mode to 20 MHz.

40: Sets the bandwidth mode to 40 MHz.

80: Sets the bandwidth mode to 80 MHz.

auto-switch: Allows a radio to switch its bandwidth mode between 20 MHz and 40 MHz. This keyword is applicable only to 802.11gn and 802.11gac radios.

Usage guidelines

This command is applicable only to 802.11n, 802.11ac and 802.11gac radios. When you change the mode of a radio, the default setting of this command for the new radio mode is restored.

If the bandwidth mode is set to 40 MHz, the radio uses the 40 MHz bandwidth if two adjacent channels that can be bound together exist. If there are no adjacent channels that can be bound together, the radio uses the 20 MHz bandwidth.

If the bandwidth mode is set to 80 MHz, the radio uses the 80 MHz bandwidth if adjacent channels that can be bound together exist. If adjacent channels can be bound to an 80 MHz channel do not exist, but two adjacent channels that can be bound to a 40 MHz channel exist, the 40 MHz bandwidth is used. If no adjacent channels can be bound together, the radio uses the 20 MHz bandwidth.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the bandwidth mode to 40 MHz for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] channel band-width 40

# Set the bandwidth mode to 40 MHz for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel band-width 40

channel-usage measure

Use channel-usage measure to perform on-demand channel usage measurement.

Syntax

channel-usage measure

Views

Radio view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AP to scan supported channels and display the channel usage after scanning. It takes about one second to scan a channel.

Examples

# Perform on-demand channel usage measurement on radio 2 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] channel-usage measure

Please wait......Done.

Channel  Usage

1        63%

2        61%

3        55%

4        45%

5        64%

6        74%

7        66%

8        48%

9        35%

10       38%

11       54%

12       30%

13       72%

client dot11ac-only

Use client dot11ac-only enable to allow access for only 802.11ac clients.

Use client dot11ac-only disable to disable the feature.

Use undo client dot11ac-only to restore the default.

Syntax

client dot11ac-only { disable | enable }

undo client dot11ac-only

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, 802.11ac radios accept 802.11a, 802.11an, and 802.11ac clients, and 802.11gac radios accept 802.11b, 802.11gn, and 802.11gac clients.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.

To enable a radio to accept 802.11a/b/g/n and 802.11ac clients, you must disable this feature on the radio.

Configuring this command on a radio will cause non-802.11ac clients that are associated with the radio to go offline.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Allow access for only 802.11ac clients for AP ap1.

<System> system-view

[System] wlan ap ap1 model WA536-WW

[System-wlan-ap-ap1] radio 1

[System-wlan-ap-ap1-radio-1] type dot11ac

[System-wlan-ap-ap1-radio-1] client dot11ac-only enable

# Allow access for only 802.11ac clients for APs with model WA536-WW in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA536-WW

[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] client dot11ac-only enable

Related commands

dot11ac mandatory maximum-nss

client dot11b-forbidden

Use client dot11b-forbidden enable to configure a radio to reject 802.11b clients.

Use client dot11b-forbidden disable to configure a radio to accept 802.11b clients.

Use undo client dot11b-forbidden to restore the default.

Syntax

client dot11b-forbidden { disable | enable }

undo client dot11b-forbidden

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, a radio accepts 802.11b clients.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

Enabling an 802.11g or 802.11gn radio to reject 802.11b clients reduces the impact of low-speed 802.11b clients and speeds up wireless data transmission.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Configure AP ap1 to reject 802.11b clients.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] client dot11b-forbidden enable

# Configure APs with model WA536-WW in AP group apgroup1 to reject 802.11b clients.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-model-WA536-WW-radio-1] client dot11b-forbidden enable

client dot11n-only

Use client dot11n-only enable to allow access for only 802.11n and 802.11ac clients.

Use client dot11n-only disable to disable the feature.

Use undo client dot11n-only to restore the default.

Syntax

client dot11n-only { disable | enable }

undo client dot11n-only

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, 802.11an radios accept 802.11a, 802.11an, and 802.11ac clients. 802.11gn radios accept 802.11b/g and 802.11gn clients. 802.11ac radios accept 802.11a, 802.11an, and 802.11ac clients. 802.11gac radios accept 802.11b/g, 802.11gn, and 802.11gac clients.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

To enable a radio to accept 802.11a/b/g, 802.11n, and 802.11ac clients, you must disable this feature on the radio.

Configuring this command on a radio will cause 802.11a/b/g clients that are associated with the radio to go offline.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Allow access for only 802.11n and 802.11ac clients for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] client dot11n-only enable

# Allow access for only 802.11n and 802.11ac clients for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client dot11n-only enable

client max-count

Use client max-count to set the maximum number of clients that can associate with an AP.

Use undo client max-count to restore the default.

Syntax

client max-count max-number

undo client max-count

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, no limit is set for the number of clients that can associate with an AP.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of clients that can associate with an AP. The value range for this argument varies by AP model.

Usage guidelines

When the maximum number of clients is reached on an AP, the AP stops accepting new clients.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum number of clients that can associate with an AP to 38 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] client max-count 38

# Set the maximum number of clients that can associate with an AP to 38 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client max-count 38

continuous-mode

Use continuous-mode to enable the continuous mode for a radio.

Use undo continuous-mode to restore the default.

Syntax

continuous-mode { mcs mcs-index | nss nss-index vht-mcs vhtmcs-index | rate rate-value }

undo continuous-mode

Default

The continuous mode is disabled.

Views

Radio view

Predefined user roles

network-admin

Parameters

mcs mcs-index: Specifies the MCS index in the range of 0 to 76. This option applies only to 802.11n, 802.11ac, and 802.11gac radios.

nss nss-index vht-mcs vhtmcs-index: Specifies the VHT-MCS index. The value ranges for the nss-index and vhtmcs-index arguments are 1 to 8 and 0 to 9, respectively. This option applies only to 802.11ac and 802.11gac radios.

rate rate-value: Specifies the transmit rate in Mbps. This option applies to all radio types.

Usage guidelines

This feature is used for network testing only. Do not use it under any other circumstances.

It enables continuous data packet sending at the specified rate. When the feature is enabled, do not perform any other operations except changing the transmit rate.

Examples

# Enable the continuous mode and set the transmit rate to 6 Mbps.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] continuous-mode rate 6

Related commands

display wlan ap continuous-mode

custom-antenna gain

IMPORTANT

IMPORTANT:

This command is applicable only when an AP uses a third-party antenna.

 

Use custom-antenna gain to set the antenna gain.

Use undo custom-antenna gain to restore the default.

Syntax

custom-antenna gain antenna-gain

undo custom-antenna gain

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the antenna gain is 0 dBi.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

antenna-gain: Specifies the antenna gain in the range of 0 to 20 dBi.

Usage guidelines

If an AP uses a third-party antenna, you must set the antenna gain to the gain of the antenna that the AP uses.

Effective Isotropic Radiated Power (EIRP) is the actual transmit power of an antenna, and it is the sum of the antenna gain and the maximum transmit power of the radio. If the configured antenna gain causes the EIRP to exceed the threshold, the antenna gain configuration fails.

Changing the radio mode automatically changes the antenna gain.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the antenna gain to 2 dBi for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] custom-antenna gain 2

# Set the antenna gain to 2 dBi for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] custom-antenna gain 2

display wlan ap continuous-mode

Use display wlan ap continuous-mode to display information about the continuous mode.

Syntax

display wlan ap continuous-mode { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display information about the continuous mode for radios on AP ap1.

<Sysname> display wlan ap continuous-mode name ap1

AP name    Radio ID    Radio type      Rate    Mcs-Index   Nss   Vht-mcs

ap1        1           802.11a         6       N/A         N/A   N/A

Table 15 Command output

Field

Description

Mcs-Index

MCS index.

Nss

NSS index.

Vht-mcs

VHT-MCS index.

 

Related commands

continuous-mode

display wlan ap radio

Use display wlan ap radio to display AP radio information.

Syntax

display wlan ap { all | name ap-name } radio [ frequency-band { 5 | 2.4 } ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

frequency-band: Specifies a frequency band.

5: Specifies the 5 GHz frequency band.

2.4: Specifies the 2.4 GHz frequency band.

Examples

# Display radio information for all APs.

<Sysname> display wlan ap all radio

Total number of APs: 1

Total number of connected APs: 1

Total number of connected manual APs: 1

Total number of connected auto APs: 0

Total number of connected common APs: 1

Total number of connected WTUs: 0

Total number of inside APs: 0

Maximum supported APs: 256

Remaining APs: 255

Total AP licenses: 128

Remaining AP licenses: 127

 

AP name                  RID State Channel          Usage TxPower Clients

                                                    (%)   (dBm)

ap1                      1   Up    149(auto)        10     20     5

ap1                      2   Up    11(auto)         15     20     10

# Display 2.4 GHz radio information for AP ap1.

<Sysname> display wlan ap name ap1 radio frequency-band 2.4

AP name                  RID State Channel          Usage TxPower Clients

                                                    (%)   (dBm)

ap1                      2   Up    11(auto)         15     20     15

Table 16 Command output

Field

Description

Total number of connected WTUs

Total number of connected WTUs. This field is not supported in the current software version.

Total number of inside APs

Total number of inside APs. This field is not supported in the current software version.

Maximum supported APs

Maximum number of supported APs.

Remaining APs

Remaining number of supported APs. The value equals the number of maximum supported APs minus the number of connected common APs.

Total AP licenses

Total number of AP licenses.

Remaining AP licenses

Number of remaining AP licenses. Each WA536-WW AP occupies one AP license.

State

Radio state:

·         Up.

·         Down.

Usage

Channel usage.

TxPower (dBm)

Transmission power. By default, the maximum supported power is used to transmit packets.

Clients

Number of online clients.

 

display wlan ap radio channel

Use display wlan ap radio channel to display radio channel information.

Syntax

display wlan ap { all | name ap-name } radio channel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display radio channel information for AP ap3.

<Sysname> display wlan ap name ap3 radio channel

AP name                  RID Channel          Band-width           CenterFreq

                                              (MHz)

ap3                       1  36(auto)         20/40/80/160/(80+80) 42/58

ap3                       2  149              20/40/80             155

ap3                       3  11(auto)         20                   0

Table 17 Command output

Field

Description

Band-width (MHz)

Supported channel bandwidth.

CenterFreq

Central frequencies. This field is available only when the supported channel bandwidth reaches 80 MHz. This field displays the central frequencies for both the main and the secondary channels when 160 MHz or 80+80 MHz bandwidth is supported.

 

display wlan ap radio type

Use display wlan ap radio type to display radio type information.

Syntax

display wlan ap { all | name ap-name } radio type

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display radio type information for AP ap1.

<Sysname> display wlan ap name ap1 radio type

AP name                  RID  AP state  Radio state  Radio type

ap1                      1    Up        Up           802.11n(5GHz)

ap1                      2    Up        Down         802.11n(2.4GHz)

Table 18 Command output

Field

Description

AP state

AP state:

·         Up—The AP has established a CAPWAP tunnel with the AC.

·         Down—The AP has not established a CAPWAP tunnel with the AC.

Radio state

Radio state:

·         Up.

·         Down.

 

display wlan ap radio-statistics

Use display wlan ap radio-statistics to display radio statistics.

Syntax

display wlan ap { all | name ap-name } radio-statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters.

Examples

# Display radio statistics for AP ap1.

<Sysname> display wlan ap name ap1 radio-statistics

                                 Radio Statistics

--------------------------------------------------------------------------------

 AP name: ap1                                   Radio ID: 1

--------------------------------------------------------------------------------

Transmitted frame statistics:

  Total frames                              : 836532

  Total frame bytes                         : 214040681

  Unicast frames                            : 4

  Unicast frame bytes                       : 900

  Broadcast/Multicast frames                : 836528

  Broadcast/Multicast frame bytes           : 214039781

  Other frames                              : 0

  Other frame bytes                         : 0

 

  Discarded frames                          : 0

  Failed RTS frames                         : 0

  Retransmissions                           : 6

  Successful RTS frames                     : 0

  Retransmitted frames                      : 3

  No-ACK frames                             : 1555

  Authentication frames                     : 1

  Association frames                        : 1

 

  Packet statistics by size:

    Smaller than or equal to 128            : 747

    Between 128 and 512 (inclusive)         : 85983

    Between 512 and 1024 (inclusive)        : 0

    Larger than 1024                        : 0

 

  Packet statistics by rate:

         1 Mbps                    : 0                   2 Mbps    : 0

       5.5 Mbps                    : 0                   6 Mbps    : 0

         9 Mbps                    : 0                  11 Mbps    : 0

        12 Mbps                    : 0                  18 Mbps    : 0

        24 Mbps                    : 880                36 Mbps    : 0

        48 Mbps                    : 0                  54 Mbps    : 0

 

  Packet statistics by 802.11n rate:

       6.5 Mbps                    : 0                 7.2 Mbps    : 0

        13 Mbps                    : 0                13.5 Mbps    : 0

      14.4 Mbps                    : 0                  15 Mbps    : 0

      19.5 Mbps                    : 0                21.7 Mbps    : 0

        26 Mbps                    : 0                  27 Mbps    : 0

      28.9 Mbps                    : 0                29.3 Mbps    : 0

        30 Mbps                    : 0                32.5 Mbps    : 0

        39 Mbps                    : 0                40.5 Mbps    : 0

      43.3 Mbps                    : 0                  45 Mbps    : 0

        52 Mbps                    : 0                  54 Mbps    : 0

      57.8 Mbps                    : 0                58.5 Mbps    : 0

        60 Mbps                    : 0                  65 Mbps    : 0

      72.2 Mbps                    : 0                  78 Mbps    : 1

        81 Mbps                    : 0                86.7 Mbps    : 0

      87.8 Mbps                    : 0                  90 Mbps    : 0

      97.5 Mbps                    : 0                 104 Mbps    : 3

       108 Mbps                    : 0               115.6 Mbps    : 0

       117 Mbps                    : 0                 120 Mbps    : 0

     121.5 Mbps                    : 0                 130 Mbps    : 0

       135 Mbps                    : 0               144.4 Mbps    : 0

       150 Mbps                    : 0                 156 Mbps    : 0

       162 Mbps                    : 0               173.3 Mbps    : 0

     175.5 Mbps                    : 0                 180 Mbps    : 0

       195 Mbps                    : 0                 200 Mbps    : 0

       216 Mbps                    : 0               216.7 Mbps    : 0

       234 Mbps                    : 0                 240 Mbps    : 0

       243 Mbps                    : 0                 260 Mbps    : 0

     263.3 Mbps                    : 0                 270 Mbps    : 0

     288.9 Mbps                    : 0               292.5 Mbps    : 0

       300 Mbps                    : 0                 324 Mbps    : 0

       325 Mbps                    : 0                 351 Mbps    : 0

       360 Mbps                    : 0               364.5 Mbps    : 0

       390 Mbps                    : 0                 400 Mbps    : 0

       405 Mbps                    : 0               433.3 Mbps    : 0

       450 Mbps                    : 0                 468 Mbps    : 0

       486 Mbps                    : 0                 520 Mbps    : 0

     526.5 Mbps                    : 0                 540 Mbps    : 0

       585 Mbps                    : 0                 600 Mbps    : 0

       650 Mbps                    : 0                 702 Mbps    : 0

       780 Mbps                    : 0               866.7 Mbps    : 0

     877.5 Mbps                    : 0                 975 Mbps    : 0

      1053 Mbps                    : 0                1170 Mbps    : 0

      1300 Mbps                    : 0

--------------------------------------------------------------------------------

Received frame statistics:

  Total frames                         : 420815

  Total frame bytes                    : 24112652

  Unicast frames                       : 585

  Unicast frame bytes                  : 15357

  Broadcast/Multicast frames           : 420230

  Broadcast/Multicast frame bytes      : 24097295

  Fragmented frames                    : 0

  Duplicate frames                     : 0

  FCS failures                         : 474471639

  Decryption errors                    : 0

  Authentication frames                : 1

  Association frames                   : 1

 

  Packet statistics by size:

    Smaller than or equal to 128            : 420759

    Between 128 and 512 (inclusive)         : 54

    Between 512 and 1024 (inclusive)        : 0

    Larger than 1024                        : 0

 

  Packet statistics by rate:

         6 Mbps                    : 420115              9 Mbps    : 0

        12 Mbps                    : 0                  18 Mbps    : 0

        24 Mbps                    : 0                  36 Mbps    : 1

        48 Mbps                    : 0                  54 Mbps    : 2

 

  Packet statistics by 802.11n rate:

       6.5 Mbps                    : 0                 7.2 Mbps    : 0

        13 Mbps                    : 0                13.5 Mbps    : 0

      14.4 Mbps                    : 0                  15 Mbps    : 0

      19.5 Mbps                    : 0                21.7 Mbps    : 0

        26 Mbps                    : 0                  27 Mbps    : 0

      28.9 Mbps                    : 0                29.3 Mbps    : 0

        30 Mbps                    : 0                32.5 Mbps    : 0

        39 Mbps                    : 0                40.5 Mbps    : 0

      43.3 Mbps                    : 0                  45 Mbps    : 0

        52 Mbps                    : 1                  54 Mbps    : 2

      57.8 Mbps                    : 0                58.5 Mbps    : 17

        60 Mbps                    : 0                  65 Mbps    : 10

      72.2 Mbps                    : 0                  78 Mbps    : 48

        81 Mbps                    : 0                86.7 Mbps    : 70

      87.8 Mbps                    : 0                  90 Mbps    : 0

      97.5 Mbps                    : 0                 104 Mbps    : 87

       108 Mbps                    : 0               115.6 Mbps    : 170

       117 Mbps                    : 130               120 Mbps    : 0

     121.5 Mbps                    : 0                 130 Mbps    : 140

       135 Mbps                    : 0               144.4 Mbps    : 22

       150 Mbps                    : 0                 156 Mbps    : 0

       162 Mbps                    : 0               173.3 Mbps    : 0

     175.5 Mbps                    : 0                 180 Mbps    : 0

       195 Mbps                    : 0                 200 Mbps    : 0

       216 Mbps                    : 0               216.7 Mbps    : 0

       234 Mbps                    : 0                 240 Mbps    : 0

       243 Mbps                    : 0                 260 Mbps    : 0

     263.3 Mbps                    : 0                 270 Mbps    : 0

     288.9 Mbps                    : 0               292.5 Mbps    : 0

       300 Mbps                    : 0                 324 Mbps    : 0

       325 Mbps                    : 0                 351 Mbps    : 0

       360 Mbps                    : 0               364.5 Mbps    : 0

       390 Mbps                    : 0                 400 Mbps    : 0

       405 Mbps                    : 0               433.3 Mbps    : 0

       450 Mbps                    : 0                 468 Mbps    : 0

       486 Mbps                    : 0                 520 Mbps    : 0

     526.5 Mbps                    : 0                 540 Mbps    : 0

       585 Mbps                    : 0                 600 Mbps    : 0

       650 Mbps                    : 0                 702 Mbps    : 0

       780 Mbps                    : 0               866.7 Mbps    : 0

     877.5 Mbps                    : 0                 975 Mbps    : 0

      1053 Mbps                    : 0                1170 Mbps    : 0

      1300 Mbps                    : 0

--------------------------------------------------------------------------------

 

                                 Radio Statistics

--------------------------------------------------------------------------------

 AP name: ap1                                   Radio ID: 2

--------------------------------------------------------------------------------

Transmitted frame statistics:

  Total frames                              : 13134

  Total frame bytes                         : 3259997

  Unicast frames                            : 11

  Unicast frame bytes                       : 3518

  Broadcast/Multicast frames                : 13123

  Broadcast/Multicast frame bytes           : 3256479

  Other frames                              : 0

  Other frame bytes                         : 0

 

  Discarded frames                          : 0

  Failed RTS frames                         : 0

  Retransmissions                           : 58

  Successful RTS frames                     : 0

  Retransmitted frames                      : 11

  No-ACK frames                             : 7541

  Authentication frames                     : 14

  Association frames                        : 8

 

  Packet statistics by size:

    Smaller than or equal to 128            : 1020

    Between 128 and 512 (inclusive)         : 11386

    Between 512 and 1024 (inclusive)        : 0

    Larger than 1024                        : 0

 

  Packet statistics by rate:

         1 Mbps                    : 0                   2 Mbps    : 0

       5.5 Mbps                    : 0                   6 Mbps    : 0

         9 Mbps                    : 0                  11 Mbps    : 1121

        12 Mbps                    : 0                  18 Mbps    : 0

        24 Mbps                    : 0                  36 Mbps    : 0

        48 Mbps                    : 0                  54 Mbps    : 0

 

  Packet statistics by 802.11n rate:

       6.5 Mbps                    : 3                 7.2 Mbps    : 0

        13 Mbps                    : 1                13.5 Mbps    : 0

      14.4 Mbps                    : 0                  15 Mbps    : 0

      19.5 Mbps                    : 4                21.7 Mbps    : 0

        26 Mbps                    : 0                  27 Mbps    : 0

      28.9 Mbps                    : 0                29.3 Mbps    : 0

        30 Mbps                    : 0                32.5 Mbps    : 0

        39 Mbps                    : 1                40.5 Mbps    : 0

      43.3 Mbps                    : 0                  45 Mbps    : 0

        52 Mbps                    : 0                  54 Mbps    : 0

      57.8 Mbps                    : 0                58.5 Mbps    : 0

        60 Mbps                    : 0                  65 Mbps    : 0

      72.2 Mbps                    : 0                  78 Mbps    : 0

        81 Mbps                    : 0                86.7 Mbps    : 0

      87.8 Mbps                    : 0                  90 Mbps    : 0

      97.5 Mbps                    : 0                 104 Mbps    : 1

       108 Mbps                    : 0               115.6 Mbps    : 0

       117 Mbps                    : 1                 120 Mbps    : 0

     121.5 Mbps                    : 0                 130 Mbps    : 0

       135 Mbps                    : 0               144.4 Mbps    : 0

       150 Mbps                    : 0                 156 Mbps    : 0

       162 Mbps                    : 0               173.3 Mbps    : 0

     175.5 Mbps                    : 0                 180 Mbps    : 0

       195 Mbps                    : 0                 200 Mbps    : 0

       216 Mbps                    : 0               216.7 Mbps    : 0

       234 Mbps                    : 0                 240 Mbps    : 0

       243 Mbps                    : 0                 260 Mbps    : 0

     263.3 Mbps                    : 0                 270 Mbps    : 0

     288.9 Mbps                    : 0               292.5 Mbps    : 0

       300 Mbps                    : 0                 324 Mbps    : 0

       325 Mbps                    : 0                 351 Mbps    : 0

       360 Mbps                    : 0               364.5 Mbps    : 0

       390 Mbps                    : 0                 400 Mbps    : 0

       405 Mbps                    : 0               433.3 Mbps    : 0

       450 Mbps                    : 0                 468 Mbps    : 0

       486 Mbps                    : 0                 520 Mbps    : 0

     526.5 Mbps                    : 0                 540 Mbps    : 0

       585 Mbps                    : 0                 600 Mbps    : 0

       650 Mbps                    : 0                 702 Mbps    : 0

       780 Mbps                    : 0               866.7 Mbps    : 0

     877.5 Mbps                    : 0                 975 Mbps    : 0

      1053 Mbps                    : 0                1170 Mbps    : 0

      1300 Mbps                    : 0

--------------------------------------------------------------------------------

 Received frame statistics:

  Total frames                         : 32156

  Total frame bytes                    : 3076192

  Unicast frames                       : 1613

  Unicast frame bytes                  : 102957

  Broadcast/Multicast frames           : 30543

  Broadcast/Multicast frame bytes      : 2973235

  Fragmented frames                    : 0

  Duplicate frames                     : 2

  FCS failures                         : 9978084

  Decryption errors                    : 0

  Authentication frames                : 14

  Association frames                   : 8

 

  Packet statistics by size:

    Smaller than or equal to 128            : 25327

    Between 128 and 512 (inclusive)         : 6097

    Between 512 and 1024 (inclusive)        : 0

    Larger than 1024                        : 0

 

  Packet statistics by rate:

         1 Mbps                    : 28718               2 Mbps    : 1895

       5.5 Mbps                    : 284                 6 Mbps    : 29

         9 Mbps                    : 12                 11 Mbps    : 0

        12 Mbps                    : 10                 18 Mbps    : 24

        24 Mbps                    : 11                 36 Mbps    : 5

        48 Mbps                    : 4                  54 Mbps    : 0

 

  Packet statistics by 802.11n rate:

       6.5 Mbps                    : 45                7.2 Mbps    : 0

        13 Mbps                    : 53               13.5 Mbps    : 0

      14.4 Mbps                    : 0                  15 Mbps    : 0

      19.5 Mbps                    : 120              21.7 Mbps    : 0

        26 Mbps                    : 136                27 Mbps    : 0

      28.9 Mbps                    : 0                29.3 Mbps    : 0

        30 Mbps                    : 0                32.5 Mbps    : 0

        39 Mbps                    : 59               40.5 Mbps    : 0

      43.3 Mbps                    : 0                  45 Mbps    : 0

        52 Mbps                    : 17                 54 Mbps    : 0

      57.8 Mbps                    : 0                58.5 Mbps    : 20

        60 Mbps                    : 0                  65 Mbps    : 4

      72.2 Mbps                    : 0                  78 Mbps    : 0

        81 Mbps                    : 0                86.7 Mbps    : 0

      87.8 Mbps                    : 0                  90 Mbps    : 0

      97.5 Mbps                    : 0                 104 Mbps    : 0

       108 Mbps                    : 0               115.6 Mbps    : 0

       117 Mbps                    : 0                 120 Mbps    : 0

     121.5 Mbps                    : 0                 130 Mbps    : 0

       135 Mbps                    : 0               144.4 Mbps    : 0

       150 Mbps                    : 0                 156 Mbps    : 0

       162 Mbps                    : 0               173.3 Mbps    : 0

     175.5 Mbps                    : 0                 180 Mbps    : 0

       195 Mbps                    : 0                 200 Mbps    : 0

       216 Mbps                    : 0               216.7 Mbps    : 0

       234 Mbps                    : 0                 240 Mbps    : 0

       243 Mbps                    : 0                 260 Mbps    : 0

     263.3 Mbps                    : 0                 270 Mbps    : 0

     288.9 Mbps                    : 0               292.5 Mbps    : 0

       300 Mbps                    : 0                 324 Mbps    : 0

       325 Mbps                    : 0                 351 Mbps    : 0

       360 Mbps                    : 0               364.5 Mbps    : 0

       390 Mbps                    : 0                 400 Mbps    : 0

       405 Mbps                    : 0               433.3 Mbps    : 0

       450 Mbps                    : 0                 468 Mbps    : 0

       486 Mbps                    : 0                 520 Mbps    : 0

     526.5 Mbps                    : 0                 540 Mbps    : 0

       585 Mbps                    : 0                 600 Mbps    : 0

       650 Mbps                    : 0                 702 Mbps    : 0

       780 Mbps                    : 0               866.7 Mbps    : 0

     877.5 Mbps                    : 0                 975 Mbps    : 0

      1053 Mbps                    : 0                1170 Mbps    : 0

      1300 Mbps                    : 0

---------------------------------------------------------------------------------

Table 19 Command output

Field

Description

Transmitted frame statistics

Total frames

Total number of transmitted frames, including probe responses and beacon frames.

Total frame bytes

Total bytes of transmitted frames, including probe responses and beacon frames.

Unicast frames

Total number of transmitted unicast frames, excluding probe responses.

Unicast frame bytes

Total bytes of transmitted unicast frames, excluding probe responses.

Broadcast/Multicast frames

Total number of transmitted broadcast and multicast frames, excluding beacon frames.

Broadcast/Multicast frame bytes

Total bytes of transmitted broadcast and multicast frames, excluding beacon frames.

Others frames

Total number of other transmitted frames.

Others frame bytes

Total bytes of other transmitted frames.

Packet statistics by rate

Total number of packets classified by 802.11a/b/g rates.

Packet statistics by 802.11n rate

Total number of packets classified by 802.11n rates. This field is not available if the device does not support 802.11n.

Received frame statistics

 

Total frames

Total number of received frames.

Total frame bytes

Total bytes of received frames.

Unicast frames

Total number of received unicast frames.

Unicast frame bytes

Total bytes of received unicast frames.

Broadcast/Multicast frames

Total number of received broadcast and multicast frames.

Broadcast/Multicast frame bytes

Total bytes of received broadcast and multicast frames.

Fragmented frames

Total number of received fragmented frames.

FCS failures

Total number of received packets with FCS failures.

Decryption errors

Total number of received packets with decryption errors.

 

distance

Use distance to set the maximum transmission distance.

Use undo distance to restore the default.

Syntax

distance distance

undo distance

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the maximum transmission distance is 1 km (0.62 miles).

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

distance: Specifies the maximum transmission distance in the range of 1 to 40 km (0.62 to 24.86 miles).

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum transmission distance to 5 km (3.11 miles) for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] distance 5

# Set the maximum transmission distance to 5 km (3.11 miles) for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] distance 5

dot11ac mandatory maximum-nss

Use dot11ac mandatory maximum-nss to set the maximum mandatory NSS.

Use undo dot11ac mandatory maximum-nss to restore the default.

Syntax

dot11ac mandatory maximum-nss nss-number

undo dot11ac mandatory maximum-nss

Default

In radio view, the default settings are as follows:

·          If the maximum supported NSS is set, no maximum mandatory NSS is set.

·          If the maximum supported NSS is not set, the radio uses the configuration in AP group view.

In AP group radio view, no maximum mandatory NSS is set.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

nss-number: Specifies the maximum mandatory NSS in the range of 1 to 8.

Usage guidelines

This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.

The maximum mandatory NSS cannot be greater than the maximum supported NSS.

After you modify the maximum mandatory NSS, clients that are associated with the radio and that do not support the modified NSS will go offline.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum mandatory NSS to 7 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11ac

[Sysname-wlan-ap-ap1-radio-1] dot11ac mandatory maximum-nss 7

# Set the maximum mandatory NSS to 7 for APs with model WA536-WW in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA536-WW

[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11ac

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] dot11ac mandatory maximum-nss 7

Related commands

dot11ac support maximum-nss

dot11ac multicast-nss

Use dot11ac multicast-nss to set the multicast NSS and specify a VHT-MCS index.

Use undo dot11ac multicast-nss to restore the default.

Syntax

dot11ac multicast-nss nss-number vht-mcs index

undo dot11ac multicast-nss

Default

In radio view, the default settings are as follows:

·          If the maximum supported NSS or the maximum mandatory NSS is set, no multicast NSS is set.

·          If neither the maximum supported NSS nor the maximum mandatory NSS is set, the radio uses the configuration in AP group view.

In AP group radio view, no multicast NSS is set.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

nss-number: Specifies the multicast NSS in the range of 1 to 8.

Index: Specifies a VHT-MCS index in the range of 0 to 9.

Usage guidelines

This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.

Before configuring this command, you must configure the dot11ac mandatory maximum-nss command.

The multicast NSS cannot be greater than the maximum mandatory NSS.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum mandatory NSS, multicast NSS, and VHT-MCS index for AP 1 to 2, 2, and 2, respectively.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11ac

[Sysname-wlan-ap-ap1-radio-1] dot11ac mandatory maximum-nss 2

[Sysname-wlan-ap-ap1-radio-1] dot11ac multicast-nss 2 vht-mcs 2

# Set the maximum mandatory NSS, multicast NSS, and VHT-MCS index for APs with model WA536-WW in AP group 1 to 2, 2, and 2, respectively.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA536-WW

[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] dot11ac mandatory maximum-nss 2

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] dot11ac multicast-nss 2 vht-mcs 2

Related commands

dot11ac mandatory maximum-nss

dot11ac support maximum-nss

Use dot11ac support maximum-nss to set the maximum supported NSS.

Use undo dot11ac support maximum-nss to restore the default.

Syntax

dot11ac support maximum-nss nss-number

undo dot11ac support maximum-nss

Default

In radio view, the default settings are as follows:

·          If the maximum mandatory NSS is set, the maximum supported NSS is 8.

·          If the maximum mandatory NSS is not set, the radio uses the configuration in AP group view.

In AP group radio view, the maximum supported NSS is 8.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

nss-number: Specifies the maximum supported NSS in the range of 1 to 8.

Usage guidelines

This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.

The maximum supported NSS cannot be smaller than the maximum mandatory NSS.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum supported NSS to 7 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11ac

[Sysname-wlan-ap-ap1-radio-1] dot11ac support maximum-nss 7

# Set the maximum supported NSS to 7 for APs with model WA536-WW in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA536-WW

[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11ac

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] dot11ac support maximum-nss 7

Related commands

dot11ac mandatory maximum-nss

dot11g protection

Use dot11g protection enable to enable 802.11g protection.

Use dot11g protection disable to disable 802.11g protection.

Use undo dot11g protection to restore the default.

Syntax

dot11g protection { disable | enable }

undo dot11g protection

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, 802.11g protection is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11g, 802.11n (2.4 GHz), and 802.11gac radios. If you change the mode of a radio to a mode other than 802.11g, 802.11n (2.4 GHz), or 802.11gac, 802.11g protection configuration is removed.

802.11g or 802.11n devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11b signals are detected on the channel.

802.11g protection automatically takes effect when 802.11b clients associate with an 802.11g, 802.11n (2.4 GHz), or 802.11gac AP.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable 802.11g protection for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] type dot11gn

[Sysname-wlan-ap-ap1-radio-2] dot11g protection enable

# Enable 802.11g protection for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 2

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-2] type dot11gn

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-2] dot11g protection enable

Related commands

protection-mode

dot11n mandatory maximum-mcs

Use dot11n mandatory maximum-mcs to set the maximum mandatory MCS index.

Use undo dot11n mandatory maximum-mcs to restore the default.

Syntax

dot11n mandatory maximum-mcs index

undo dot11n mandatory maximum-mcs

Default

In radio view, the default settings are as follows:

·          If the maximum supported MCS index is set, no maximum mandatory MCS index is set.

·          If the maximum supported MCS index is not set, the radio uses the configuration in AP group view.

In AP group radio view, no maximum mandatory MCS index is set.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

index: Specifies the maximum mandatory MCS index in the range of 0 to 76.

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

Before configuring the dot11n multicast-mcs command, you must set the maximum mandatory MCS index.

After you modify the maximum mandatory MCS index, clients that are associated with the radio and that do not support the modified MCS index will go offline.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum mandatory MCS index to 14 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] dot11n mandatory maximum-mcs 14

# Set the maximum mandatory MCS index to 14 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n mandatory maximum-mcs 14

dot11n multicast-mcs

Use dot11n multicast-mcs to set the multicast MCS index.

Use undo dot11n multicast-mcs to restore the default.

Syntax

dot11n multicast-mcs index

undo dot11n multicast-mcs

Default

In radio view, the default settings are as follows:

·          If the maximum mandatory MCS index or the maximum supported MCS index is set, no multicast MCS index is set.

·          If neither the maximum mandatory MCS index nor the maximum supported MCS index is set, the radio uses the configuration in AP group view.

In AP group radio view, no multicast MCS index is set.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

index: Specifies the multicast MCS index in the range of 0 to 76.

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The multicast MCS index takes effect only when 802.11n clients exist.

If 802.11a/b/g clients exist, the AP and clients use the 802.11a/b/g multicast rate to multicast packets.

The multicast MCS index maps to a rate in 20 MHz bandwidth mode regardless of whether the bandwidth mode is 20 MHz or 40 MHz.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the multicast MCS index to 14 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] dot11n mandatory maximum-mcs 14

[Sysname-wlan-ap-ap1-radio-1] dot11n multicast-mcs 14

# Set the multicast MCS index to 14 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n mandatory maximum-mcs 14

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n multicast-mcs 14

dot11n protection

Use dot11n protection enable to enable 802.11n protection.

Use dot11n protection disable to disable 802.11n protection.

Use undo dot11n protection to restore the default.

Syntax

dot11n protection { disable | enable }

undo dot11n protection

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, 802.11n protection is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. If you change the mode of a radio to a mode other than 802.11n, 802.11ac, and 802.11gac, the 802.11n protection configuration is removed.

802.11n devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11a/b/g signals are detected on the channel.

802.11n protection automatically takes effect when 802.11a/b/g clients associate with an 802.11n, 802.11ac, or 802.11gac AP.

The configuration in radio view takes precedence over the configuration in AP group radio view.

 

 

NOTE:

802.11n devices refer to 802.11n and 802.11ac devices.

 

Examples

# Enable 802.11n protection for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] dot11n protection enable

# Enable 802.11n protection for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n protection enable

Related commands

protection-mode

dot11n support maximum-mcs

Use dot11n support maximum-mcs to set the maximum supported MCS index.

Use undo dot11n support maximum-mcs to restore the default.

Syntax

dot11n support maximum-mcs index

undo dot11n support maximum-mcs

Default

In radio view, the default settings are as follows:

·          If the maximum mandatory MCS index is set, the maximum supported MCS index is 76.

·          If the maximum mandatory MCS index is not set, the radio uses the configuration in AP group view.

In AP group radio view, the maximum supported MCS index is 76.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

index: Specifies the maximum supported MCS index in the range of 0 to 76.

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The maximum supported MCS index cannot be smaller than the maximum mandatory MCS index.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum supported MCS index to 14 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] dot11n support maximum-mcs 14

# Set the maximum supported MCS index to 14 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n support maximum-mcs 14

dtim

Use dtim to set the DTIM (Delivery Traffic Indication Map) interval.

Use undo dtim to restore the default.

Syntax

dtim counter

undo dtim

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the DTIM interval is 1, and the AP sends buffered broadcast and multicast frames after every beacon frame.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

counter: Specifies the DTIM interval in the range of 1 to 31.

Usage guidelines

An AP periodically broadcasts a beacon compliant with the Delivery Traffic Indication Map (DTIM). After the AP broadcasts the beacon, it sends buffered broadcast and multicast frames based on the value of the DTIM interval. For example, if you set the DTIM interval to 5, the AP sends buffered broadcast and multicast frames every five beacon frames.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the DTIM interval to 5 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] dtim 5

# Set the DTIM interval to 5 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dtim 5

fragment-threshold

Use fragment-threshold to set the frame fragmentation threshold.

Use undo fragment-threshold to restore the default.

Syntax

fragment-threshold size

undo fragment-threshold

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the fragmentation threshold is 2346 bytes.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

size: Specifies the fragmentation threshold in the range of 256 to 2346 bytes. The value for this argument must be an even number.

Usage guidelines

Frames larger than the fragmentation threshold are fragmented before transmission. Frames smaller than the fragmentation threshold are transmitted without fragmentation.

In a WLAN with great interference, decrease the fragmentation threshold to improve the network throughput and efficiency

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the fragmentation threshold to 2048 bytes for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] fragment-threshold 2048

# Set the fragmentation threshold to 2048 bytes for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] fragment-threshold 2048

green-energy-management

Use green-energy-management enable to enable the energy saving feature.

Use green-energy-management disable to disable the energy saving feature.

Use undo green-energy-management to restore the default.

Syntax

green-energy-management { disable | enable }

undo green-energy-management

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the energy saving feature is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

After you enable the energy saving feature, the multiple-input and multiple-output (MIMO) mode of a radio automatically changes to 1x1 if no clients associate with the radio. This reduces power consumption.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable the energy saving feature for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] green-energy-management enable

# Enable the energy saving feature for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] green-energy-management enable

ldpc

Use ldpc enable to enable LDPC.

Use ldpc disable to disable LDPC.

Use undo ldpc to restore the default.

Syntax

ldpc { disable | enable }

undo ldpc

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, LDPC is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The device can receive but cannot send LDPC packets.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Disable LDPC for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] ldpc disable

# Disable LDPC for APs with model WA536-WW in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA536-WW

[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] ldpc disable

long-retry threshold

Use long-retry threshold to set the maximum number of hardware retransmissions for large frames.

Use undo long-retry threshold to restore the default.

Syntax

long-retry threshold count

undo long-retry threshold

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the maximum number of hardware retransmissions is 4 for large frames.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of hardware retransmissions for large frames, in the range of 1 to 15.

Usage guidelines

Perform this task to set the maximum number of hardware retransmissions for frames larger than the RTS threshold.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum number of hardware retransmissions for large frames to 5 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] long-retry threshold 5

# Set the maximum number of hardware retransmissions for large frames to 5 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] long-retry threshold 5

Related commands

protection-threshold

short-retry threshold

max-power

Use max-power to set the maximum transmit power.

Use undo max-power to restore the default.

Syntax

max-power radio-power

undo max-power

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, an AP uses the maximum supported transmit power.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

radio-power: Specifies the maximum transmit power. The value range for this argument varies by AP model.

Usage guidelines

The transmit power range supported by a radio varies by country code, channel, AP model, radio mode, antenna type, and bandwidth mode. If you change these attributes for a radio after you set the maximum transmit power, the configured maximum transmit power might be out of the supported transmit power range. If this happens, the system automatically adjusts the maximum transmit power to a valid value.

If you enable power lock, the locked power becomes the maximum transmit power.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum transmit power to 15 dBm for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] max-power 15

# Set the maximum transmit power to 15 dBm for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] max-power 15

mimo

Use mimo to specify a MIMO mode for a radio.

Use undo mimo to restore the default.

Syntax

mimo { 1x1 | 2x2 | 3x3 | 4x4 }

undo mimo

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the default setting varies by AP model.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

1x1: Sends and receives signals through one spatial stream.

2x2: Sends and receives signals through two spatial streams.

3x3: Sends and receives signals through three spatial streams.

4x4: Sends and receives signals through four spatial streams.

Usage guidelines

MIMO enables a radio to send and receive wireless signals through multiple spatial streams to improve system capacity and spectrum usage without requiring higher bandwidth.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the MIMO mode to 2x2 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] mimo 2x2

# Set the MIMO mode to 2x2 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] mimo 2x2

mu-txbf

 

NOTE:

Support for this command depends on the AP model.

 

Use mu-txbf enable to enable multi-user transmit beamforming (TxBF).

Use mu-txbf disable to disable multi-user TxBF.

Use undo mu-txbf to restore the default.

Syntax

mu-txbf { disable | enable }

undo mu-txbf

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, multi-user TxBF is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.

TxBF enables an AP to adjust transmitting parameters based on the channel information to focus RF signals on intended clients. This feature improves the RF signal quality.

Multi-user TxBF is part of 802.11ac Wave2. Multi-user TxBF enables an AP to focus different RF signals on their intended clients to reduce interference and transmission delay. This improves traffic throughput and bandwidth usage. Multi-user TxBF is applicable to WLANs that have a large number of clients and require high bandwidth usage and low transmission delay.

Multi-user TxBF takes effect only when single-user TxBF is enabled.

As a best practice, do not modify the default MIMO settings for an AP enabled with multi-user TxBF.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable multi-user TxBF for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] su-txbf enable

[Sysname-wlan-ap-ap1-radio-1] mu-txbf enable

# Enable multi-user TxBF for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] su-txbf enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] mu-txbf enable

Related commands

mimo

su-txbf

power-lock

Use power-lock enable to enable power lock.

Use power-lock disable to disable power lock.

Use undo power-lock to restore the default.

Syntax

power-lock { disable | enable }

undo power-lock

Default

·          In radio view, a radio uses the configuration in AP group view.

·          In AP group radio view, power lock is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

If you enable power lock, the current power is locked and becomes the maximum transmit power. The locked power still takes effect after the AC restarts.

If a radio enabled with power lock switches to a new channel that provides lower power than the locked power, the maximum power supported by the new channel takes effect.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable power lock for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] power-lock enable

# Enable power lock for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] power-lock enable

preamble

Use preamble to set the preamble type.

Use undo preamble to restore the default.

Syntax

preamble { long | short }

undo preamble

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the short preamble is used.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

long: Specifies a long preamble. A long preamble ensures compatibility with all wireless devices of early models.

short: Specifies a short preamble. A short preamble can improve network performance.

Usage guidelines

This command is applicable only to 802.11b, 802.11g, and 802.11gn radios.

A preamble is a set of bits in a packet header to synchronize transmission signals between sender and receiver.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the preamble type to long for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] preamble long

# Set the preamble type to long for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 2

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-2] preamble long

protection-mode

Use protection-mode to specify a collision avoidance mode.

Use undo protection-mode to restore the default.

Syntax

protection-mode { cts-to-self | rts-cts }

undo protection-mode

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the CTS-to-self mode is used.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

cts-to-self: Specifies the CTS-to-self mode.

rts-cts: Specifies the RTS/CTS mode.

Usage guidelines

You can specify either of the following collision avoidance modes for an AP:

·          RTS/CTS—An AP sends an RTS packet to a client before sending data to the client. After receiving the RTS packet, the client sends a CTS packet to the AP. The AP begins to send data after receiving the CTS packet, and other devices that detect the RTS or CTS packet do not send data within a specific time period.

·          CTS-to-self—An AP sends a CTS packet with its own MAC address as the destination MAC address before sending data to a client. After receiving the CTS-to-self packet, the AP begins to send data, and other devices that detect the CTS-to-self packet do not send data within a specific time period.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Specify the RTS/CTS mode for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] protection-mode rts-cts

# Specify the RTS/CTS mode for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 2

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-2] protection-mode rts-cts

Related commands

·          dot11g protection

·          dot11n protection

·          protection-threshold

protection-threshold

Use protection-threshold to set the RTS threshold.

Use undo protection-threshold to restore the default.

Syntax

protection-threshold size

undo protection-threshold

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the RTS threshold is 2346 bytes.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

size: Specifies the RTS threshold in the range of 0 to 2346 bytes.

Usage guidelines

The system performs collision avoidance only for packets larger than the RTS threshold.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the RTS threshold to 2048 bytes for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] protection-threshold 2048

# Set the RTS threshold to 2048 bytes for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] protection-threshold 2048

Related commands

protection-mode

radio

Use radio to enter radio view.

Syntax

radio radio-id

Views

AP view

AP group AP model view

Predefined user roles

network-admin

Parameters

radio-id: Specifies a radio by its ID. The value range for this argument varies by device model.

Examples

# Enter radio view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1]

# Enter AP group radio view.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-apgroup1-ap-model-WA536-WW] radio 1

radio

Use radio enable to enable a radio.

Use radio disable to disable a radio.

Use undo radio to restore the default.

Syntax

radio { disable | enable }

undo radio

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, a radio is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable radio 1 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] radio enable

# Enable radio 1 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] radio enable

rate

Use rate to set the transmission rates for a radio.

Use undo rate to restore the default.

Syntax

rate { multicast { auto | rate-value } | { disabled | mandatory | supported } rate-value }

undo rate

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view:

·          802.11a/802.11an/802.11ac:

?  Prohibited ratesNone.

?  Mandatory rates6, 12, and 24.

?  Multicast rateSelected from the mandatory rates.

?  Supported rates9, 18, 36, 48, and 54.

·          802.11b:

?  Prohibited ratesNone.

?  Mandatory rates1 and 2.

?  Multicast rateThe maximum mandatory rate.

?  Supported rates5.5 and 11.

·          802.11g/802.11gn/802.11gac:

?  Prohibited ratesNone.

?  Mandatory rates1, 2, 5.5, and 11.

?  Multicast rateSelected from the mandatory rates.

?  Supported rates6, 9, 12, 18, 24, 36, 48, and 54.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

disabled: Specifies rates that cannot be used by an AP.

mandatory: Specifies rates that the clients must support to associate with an AP.

multicast: Specifies the rate at which an AP multicasts packets. The multicast rate must be selected from the mandatory rates.

supported: Specifies rates that an AP supports. After a client associates with an AP, the client can select a higher or lower rate from the supported rates to communicate with the AP.

auto: Automatically selects a mandatory rate as the multicast rate.

rate-value: Specifies the rate value in Mbps. You can set multiple rates and separate them by spaces. The available values for this argument are as follows:

·          802.11a/802.11an/802.11ac6, 9, 12, 18, 24, 36, 48, and 54.

·          802.11b1, 2, 5.5, and 11.

·          802.11g/802.11gn/802.11gac1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54.

Usage guidelines

The mandatory rates and multicast rate cannot be null. When there is only one mandatory rate, you cannot specify the mandatory rate as a supported rate or prohibited rate.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rate mandatory 6 12 24

# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] rate mandatory 6 12 24

reset wlan ap radio-statistics

Use reset wlan ap radio-statistics to clear radio statistics.

Syntax

reset wlan ap { all | name ap-name } radio-statistics

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Clear radio statistics for AP ap1.

<Sysname> reset wlan ap name ap1 radio-statistics

short-gi

Use short-gi enable to enable short Guard Interval (GI).

Use short-gi disable to disable short GI.

Use undo short-gi to restore the default.

Syntax

short-gi { disable | enable }

undo short-gi

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, short GI is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Disable short GI for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] short-gi disable

# Disable short GI for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] short-gi disable

short-retry threshold

Use short-retry threshold to set the maximum number of hardware retransmissions for small frames.

Use undo short-retry threshold to restore the default.

Syntax

short-retry threshold count

undo short-retry threshold

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the maximum number of hardware retransmissions is 7 for small frames.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of hardware retransmissions for small frames, in the range of 1 to 15.

Usage guidelines

Perform this task to set the maximum number of hardware retransmissions for frames smaller than or equal to the RTS threshold.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum number of hardware retransmissions for small frames to 10 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] short-retry threshold 10

# Set the maximum number of hardware retransmissions for small frames to 10 for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] short-retry threshold 10

Related commands

long-retry threshold

protection-threshold

smart-antenna

Use smart-antenna enable to enable the smart antenna feature.

Use smart-antenna disable to disable the smart antenna feature.

Use undo smart-antenna to restore the default.

Syntax

smart-antenna { disable | enable }

undo smart-antenna

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the smart antenna feature is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable smart antenna for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] smart-antenna enable

# Enable smart antenna for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] smart-antenna enable

smart-antenna policy

Use smart-antenna policy to specify a smart antenna mode.

Use undo smart-antenna policy to restore the default.

Syntax

smart-antenna policy { auto | high-availability | high-throughput }

undo smart-antenna policy

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, the auto mode is used.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

auto: Specifies the auto mode. When this mode is enabled, high availability mode is used for audio and video packets, and high throughput mode is used for other packets.

high-availability: Specifies the high availability mode. This mode ensures stable bandwidth for clients and is applicable to WLANs that require stable bandwidth.

high-throughput: Specifies the high throughput mode. This mode ensures as more associations as possible and is applicable to WLANs that require high performance.

Usage guidelines

The smart antenna mode configuration takes effect only after you enable the smart antenna feature.

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the smart antenna mode to high-availability for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] smart-antenna policy high-availability

# Set the smart antenna mode to high-availability for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] smart-antenna policy high-availability

stbc

Use stbc enable to enable STBC.

Use stbc disable to disable STBC.

Use undo stbc to restore the default.

Syntax

stbc { disable | enable }

undo stbc

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, STBC is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable STBC for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] stbc enable

# Enable STBC for APs with model WA536-WW in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA536-WW

[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11an

[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] stbc enable

su-txbf

 

NOTE:

Support for this command depends on the AP model.

 

Use su-txbf enable to enable single-user TxBF.

Use su-txbf disable to disable single-user TxBF.

Use undo su-txbf to restore the default.

Syntax

su-txbf { disable | enable }

undo su-txbf

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, single-user TxBF is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.

Single-user TxBF enables an AP to improve the signal to one intended client. Single-user TxBF is applicable to WLANs that have widely spread clients, poor network quality, and serious signal attenuation.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable single-user TxBF for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] su-txbf enable

# Enable single-user TxBF for APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] su-txbf enable

Related commands

mimo

mu-txbf

type

Use type to specify a radio mode.

Use undo type to restore the default.

Syntax

type { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn }

undo type

Default

The default setting varies by AP model.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

dot11a: Specifies the 802.11a radio mode.

dot11ac: Specifies the 802.11ac radio mode.

dot11an: Specifies the 802.11n (5 GHz) radio mode.

dot11b: Specifies the 802.11b radio mode.

dot11g: Specifies the 802.11g radio mode.

dot11gac: Specifies the 802.11gac radio mode.

dot11gn: Specifies the 802.11n (2.4 GHz) radio mode.

Usage guidelines

CAUTION

CAUTION:

Modifying the mode of an enabled radio logs off all associated clients.

 

When you change the radio mode in AP group radio view, the default settings for the radio mode related commands are restored.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the radio mode to 802.11n (5 GHz) for radio 1 on AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

# Set the radio mode to 802.11n (5 GHz) for radio 1 on APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an

wlan radio

Use wlan radio enable to enable all radios.

Use wlan radio disable to disable all radios.

Use undo wlan radio to restore the default.

Syntax

wlan radio { disable | enable }

undo wlan radio

Default

Radios are disabled unless they are already enabled in radio view or AP group radio view.

Views

System view

Predefined user roles

network-admin

Usage guidelines

CAUTION

CAUTION:

This feature takes effect on all manual APs and online auto APs.

 

If you execute both the wlan radio { disable | enable } command and the radio { disable | enable } command, the most recent configuration takes effect.

Examples

# Enable all radios.

<Sysname> system-view

[Sysname] wlan radio enable

Related commands

radio { disable | enable }

 


WLAN access commands

beacon ssid-hide

Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames.

Use undo beacon ssid-hide to restore the default.

Syntax

beacon ssid-hide

undo beacon ssid-hide

Default

The SSID is advertised in beacon frames.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command enables a radio to not carry SSIDs in the beacon frames and to not respond to probe requests after the specified service template is bound to the radio.

Examples

# Disable advertising the SSID in beacon frames.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] beacon ssid-hide

broadcast-probe reply

Use broadcast-probe reply enable to enable an AP to respond to broadcast probe requests.

Use broadcast-probe reply disable to disable an AP from responding to broadcast probe requests.

Use undo broadcast-probe reply to restore the default.

Syntax

broadcast-probe reply { disable | enable }

undo broadcast-probe reply

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, an AP responds to broadcast probe requests.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

Broadcast probe requests do not carry an SSID. Upon receiving a broadcast probe request, an AP responds with a probe response that carries service information for the AP. To ensure that clients that send unicast probe requests can associate with the AP, disable the AP from responding to broadcast probe requests.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Disable the AP ap1 from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] broadcast-probe reply disable

# Disable APs in the AP group group1 from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] broadcast-probe reply disable

classifier acl

Use classifier acl to configure a forwarding rule for a forwarding policy.

Use undo classifier acl to remove a forwarding rule.

Syntax

classifier acl { acl-number | ipv6 ipv6-acl-number } behavior { local | remote }

undo classifier acl { acl-number | ipv6 ipv6-acl-number }

Default

No forwarding rules are configured.

Views

Forwarding policy view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an IPv4 or Layer 2 ACL number in the range of 2000 to 4999.

ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 2000 to 3999.

behavior: Specifies a forwarding mode for traffic that matches the specified ACL.

local: Specifies the local forwarding mode.

remote: Specifies the centralized forwarding mode.

Usage guidelines

A forwarding rule takes effect immediately after it is created. You can configure a maximum of 1000 forwarding rules for a forwarding policy.

Examples

# Configure a forwarding rule to locally forward packets that match ACL 2000.

<sysname> system-view

[sysname] wlan forwarding-policy abc

[sysname-wlan-fp-abc] classifier acl 2000 behavior local

client association-location

Use client association-location to enable client association at the AC or APs.

Use undo client association-location to restore the default.

Syntax

client association-location { ac | ap }

undo client association-location

Default

Client association is performed at the AC.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Enables client association at the AC.

ap: Enables client association at APs.

Usage guidelines

Make sure the service template is disabled before you execute this command.

Examples

# Enable client association at the AC.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client association-location ac

client cache aging-time

Use client cache aging-time to set the client cache aging time.

Use undo client cache aging-time to restore the default.

Syntax

client cache aging-time aging-time

undo client cache aging-time

Default

The client cache aging time is 180 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the aging time in the range of 0 to 86400 seconds. If you set the aging time to 0, the device deletes the cache information of a client immediately after the client goes offline.

Usage guidelines

Make sure the service template is disabled before you execute this command.

The client cache saves information such as the PMK list and access VLAN for clients. If a client roams to another AP before the cache aging time expires, the client can inherit the cache information. If a client does not come online before the cache aging time expires, its cache information is cleared.

Examples

# Set the client cache aging time to 100 seconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client cache aging-time 100

client forwarding-location

Use client forwarding-location to specify the client data traffic forwarder.

Use undo client forwarding-location to restore the default.

Syntax

client forwarding-location { ac | ap [ vlan { vlan-start [ to vlan-end ] } ] }

undo client forwarding-location

Default

The AC forwards client data traffic.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Enables the AC to forward client data traffic.

ap: Enables APs to forward client data traffic.

vlan vlan-start to vlan-end: Specifies a VLAN ID range. The value range for the vlan-start and vlan-end arguments is 1 to 4094. If you do not specify this option, APs forward client data traffic from all VLANs.

Usage guidelines

Make sure the service template is disabled before you execute this command.

If APs forward client data traffic, you can specify a VLAN or a VLAN range for the APs to forward client data traffic from the specified VLANs. The AC forwards data traffic from other VLANs.

Make sure client traffic forwarding is enabled when the AC is configured as the client traffic forwarder.

Examples

# Configure APs to forward client data traffic from all VLANs.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-location ap

client forwarding-policy-name

Use client forwarding-policy-name to apply a forwarding policy to a service template.

Use undo client forwarding-policy-name to remove a forwarding policy from a service template.

Syntax

client forwarding-policy-name policy-name

undo client forwarding-policy-name

Default

No forwarding policy is applied to a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Make sure the AC and its associated APs are in different network segments.

Make sure the service template is disabled before you execute this command.

For the forwarding policy to take effect, you must enable policy-based forwarding and specify the AC to perform client authentication for the service template.

Examples

# Apply the forwarding policy strategy to service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-policy-name strategy

Related commands

·          client forwarding-policy enable

·          client-security authentication-location

client forwarding-policy enable

Use client forwarding-policy enable to enable policy-based forwarding for a service template.

Use undo client forwarding-policy enable to disable policy-based forwarding for a service template.

Syntax

client forwarding-policy enable

undo client forwarding-policy enable

Default

Policy-based forwarding is disabled for a service template.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Enable policy-based forwarding for a service template for the following forwarding policies to take effect:

·          The forwarding policy applied to the service template.

·          The forwarding policy applied to a user profile that uses the service template.

Examples

# Enable policy-based forwarding for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-policy enable

Related commands

client-security authentication-location

client frame-format

Use client frame-format to set the encapsulation mode for client data frames..

Use undo client frame-format to restore the default.

Syntax

client frame-format { dot3 | dot11 }

undo client frame-format

Default

Client data frames are encapsulated in 802.3 format.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot3: Configures the client data frames to be encapsulated in 802.3 format.

dot11: Configures the client data frames to be encapsulated in 802.11 format.

Usage guidelines

Make sure the service template is disabled before you execute this command.

This command takes effect only in centralized forwarding mode.

Examples

# Configure the client data frames to be encapsulated in 802.11 format.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client frame-format dot11

Related commands

client forwarding-location

client idle-timeout

Use client idle-timeout to set the client idle timeout timer.

Use undo client idle-timeout to restore the default.

Syntax

client idle-timeout interval

undo client idle-timeout

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, the client idle timeout timer is 3600 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.

Usage guidelines

If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the client idle timeout timer to 2000 seconds for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] client idle-timeout 2000

# Set the client idle timeout timer to 2000 seconds for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client idle-timeout 2000

client keep-alive

Use client keep-alive enable to enable client keepalive.

Use client keep-alive disable to disable client keepalive.

Use undo client keep-alive to restore the default.

Syntax

client keep-alive { disable | enable }

undo client keep-alive

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, client keepalive is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

disable: Disables client keepalive.

enable: Enables client keepalive.

Usage guidelines

This feature enables an AP to send keepalive packets to clients at the client keepalive interval to identify whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable client keepalive for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] client keep-alive enable

# Enable client keepalive for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client keep-alive enable

Related commands

client keep-alive interval

client keep-alive interval

Use client keep-alive interval to set the client keepalive interval.

Use undo client keep-alive interval to restore the default.

Syntax

client keep-alive interval value

undo client keep-alive interval

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, the client keepalive interval is 300 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.

Usage guidelines

Enable client keepalive before you execute this command.

This command enables an AP to send keepalive packets to clients at the client keepalive interval to identify whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the keepalive interval to 20 seconds for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] client keep-alive interval 20

# Set the keepalive interval to 20 seconds for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client keep-alive interval 20

Related commands

client keep-alive enable

client max-count

Use client max-count to set the maximum number of associated clients for a service template.

Use undo client max-count to restore the default.

Syntax

client max-count max-number

undo client max-count

Default

The number of associated clients for a service template is not limited.

Views

Service template view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of clients in the range of 1 to 2007.

Usage guidelines

When this feature is configured, new clients cannot access the WLAN when the maximum number is reached.

Examples

# Set the maximum number of associated clients to 38 for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client max-count 38

client preferred-vlan authorized

Use client preferred-vlan authorized to configure clients to prefer the authorization VLAN after roaming.

Use undo client preferred-vlan authorized to configure client VLANs to remain unchanged after client roaming.

Syntax

client preferred-vlan authorized

undo client preferred-vlan authorized

Default

Clients prefer the authorization VLAN after roaming.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This feature takes effect only on 802.1X and MAC authentication clients.

Typically, the VLAN of a client remains unchanged after client roaming. However, if the client triggers a security alert configured on IMC after roams to another AP, the issued authorization VLAN for user isolation takes effect.

Examples

# Configure clients to prefer the authorization VLAN after roaming.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client preferred-vlan authorized

client vlan-alloc

Use client vlan-alloc to specify the VLAN allocation method for clients.

Use undo client vlan-alloc to restore the default.

Syntax

client vlan-alloc { dynamic | static }

undo client vlan-alloc { dynamic | static }

Default

The VLAN allocation method for clients is dynamic.

Views

Service template view

Predefined user roles

network-admin

Parameters

dynamic: Specifies dynamic VLAN allocation.

static: Specifies static VLAN allocation.

Usage guidelines

When a client comes online for the first time, the radio assigns a random VLAN to it. When the client comes online again, the VLAN assigned to the client depends on the allocation method.

·          Static allocationThe client inherits the VLAN that has been assigned to it. If the IP address lease has not expired, the client will use the same IP address. This method helps save IP addresses.

·          Dynamic allocation—The client is re-assigned a VLAN. This method balances clients in all VLANs.

Examples

# Specify the VLAN allocation method for clients as dynamic.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client vlan-alloc dynamic

customlog format wlan

Use customlog format wlan to enable the device to generate client logs in the specified format.

Use undo customlog format wlan to restore the default.

Syntax

customlog format wlan { normal | sangfor }

undo customlog format wlan

Default

The device generates client logs only in the H3C format.

Views

System view

Predefined user roles

network-admin

Parameters

normal: Specifies normal format.

sangfor: Specifies sangfor format.

Usage guidelines

By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.

You can configure the device to generate client logs in one of the following formats:

·          normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.

·          sangfor—Logs AP MAC address, client IP address, and client MAC address.

This feature does not affect the generation of client logs in H3C format.

Examples

# Enable the device to generate client logs in sangfor format.

<Sysname> system-view

[Sysname] customlog format wlan sangfor

description

Use description to configure a description for a service template.

Use undo description to restore the default.

Syntax

description text

undo description

Default

A service template does not have a description.

Views

Service template view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 64 characters.

Examples

# Configure the description as wlanst for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] description wlanst

display uplink client-rate-limit

Use display uplink client-rate-limit to display uplink client rate limit settings.

Syntax

display uplink client-rate-limit

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The following matrix shows the command and hardware compatibility:

 

Hardware series

Model

Uplink client rate limit compatibility

WX1800H series

WX1804H

No

WX1810H

WX1820H

WX1840H

Yes

WX3800H series

WX3820H

WX3840H

No

WX5800H series

WX5860H

No

 

Examples

# Display uplink client rate limit settings.

<Sysname> display uplink client-rate-limit

Direction: Inbound

  Status: Enabled

  Mode: Static

  Global CIR: 2000 kbps

  User CIR: 100 kbps

Direction: Outbound

  Status: Disabled

Table 20 Command output

Field

Description

Direction

Client rate limit direction:

·         Inbound.

·         Outbound.

Status

Client rate limit status:

·         Enabled.

·         Disabled.

Mode

Client rate limit mode:

·         Dynamic.

·         Static.

Global CIR

Global CIR in kbps.

User CIR

Per-client CIR in kbps.

 

Related commands

uplink client-rate-limit

display wlan blacklist

Use display wlan blacklist to display blacklist entries.

Syntax

display wlan blacklist { dynamic | static }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Specifies the dynamic blacklist.

static: Specifies the static blacklist.

Examples

# Display static blacklist entries.

<Sysname> display wlan blacklist static

Total number of clients: 3

 MAC addresses:

  000e-35b2-000e

  0019-5b8e-b709

  001c-f0bf-9c92

# Display dynamic blacklist entries.

<Sysname> display wlan blacklist dynamic

Total number of clients: 3

MAC address     APID  Lifetime (s)  Duration (hh:mm:ss)

000f-e2cc-0001  1     300           00:02:11

000f-e2cc-0002  2     300           00:01:17

000f-e2cc-0003  3     300           00:02:08

Table 21 Command output

Field

Description

MAC address

Client MAC address.

APID

ID of the AP that detects the rogue client.

Lifetime (s)

Lifetime of the entry in seconds.

Duration (hh:mm:ss)

Duration for the entry since the entry was added to the dynamic blacklist.

 

display wlan client

Use display wlan client to display client information.

Syntax

display wlan client [ ap ap-name [ radio radio-id ] | mac-address mac-address | service-template service-template-name | frequency-band { 2.4 | 5 } ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Displays information about clients that are connected to the specified AP. The AP name is a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

radio radio-id: Displays information about clients that are connected to the specified radio. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays information about all clients that are connected to the specified AP.

mac-address mac-address: Specifies a client by its MAC address.

service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.

frequency-band: Displays information about clients working on the specified band.

2.4: Specifies the 2.4 GHz band.

5: Specifies the 5 GHz band.

verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.

Examples

# Display brief information about all clients.

<Sysname> display wlan client

Total number of clients: 3

 

MAC address    Username             AP name               R IP address      VLAN

000f-e265-6400 N/A                  ap1                   1 1.1.1.1         100

000f-e265-6401 user                 ap2                   1 3.0.0.3         200

84db-ac14-dd08 N/A                  ap1                   1 1::2:0:0:3      1

Table 22 Command output

Field

Description

MAC address

Client MAC address.

Username

Client username.

·         The field displays the client username if the client uses 802.1X or MAC authentication.

·         The field displays N/A if the client does not use 802.1X or MAC authentication.

NOTE:

If the client uses portal authentication, this field does not display the portal username of the client.

AP name

Name of the AP that the client is associated with.

R

ID of the radio that the client is associated with.

IP address

IPv4 address of the client.

VLAN ID

ID of the VLAN to which the client belongs.

 

# Display detailed information about all clients.

<Sysname> display wlan client verbose

Total number of clients: 1

 

MAC address                        : 000f-e265-6400

IPv4 address                       : 10.1.1.114

IPv6 address                       : 2001::1234:5678:0102:0304

Username                           : N/A

AID                                : 1

AP ID                              : 1

AP name                            : ap1

Radio ID                           : 1

SSID                               : office

BSSID                              : 0026-3e08-1150

VLAN ID                            : 3

Sleep count                        : 0

Wireless mode                      : 802.11ac

Channel bandwidth                  : 80MHz

SM power save                      : Enabled

SM power save mode                 : Dynamic

Short GI for 20MHz                 : Supported

Short GI for 40MHz                 : Supported

Short GI for 80MHz                 : Supported

Short GI for 160/80+80MHz          : Not supported

STBC RX capability                 : Not supported

STBC TX capability                 : Not supported

LDPC RX capability                 : Not supported

SU beamformee capability           : Not supported

MU beamformee capability           : Not supported

Beamformee STS capability          : N/A

Block Ack                          : TID 0 In

Supported VHT-MCS set              : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

                                     NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set               : 0, 1, 2, 3, 4, 5, 6, 7,

                                     8, 9, 10, 11, 12, 13, 14,

                                     15, 16, 17, 18, 19, 20,

                                     21, 22, 23

Supported rates                    : 6, 9, 12, 18, 24, 36,

                                     48, 54 Mbps

QoS mode                           : WMM

Listen interval                    : 10

RSSI                               : 62

Rx/Tx rate                         : 130/195 Mbps

Authentication method              : Open system

Security mode                      : PRE-RSNA

AKM mode                           : Not configured

Cipher suite                       : N/A

User authentication mode           : Bypass

Authorization ACL ID               : 3001(Not effective)

Authorization user profile         : N/A

Roam status                        : N/A

Key derivation                     : SHA1

PMF status                         : Enabled

Forward policy                     : Not configured

Online time                        : 0days 0hours 1minutes 13seconds

FT status                          : Inactive

Table 23 Command output

Field

Description

MAC address

Client MAC address.

IPv4 address

Client IPv4 address.

IPv6 address

Client IPv6 address.

Username

Client username.

·         The field displays the client username if the client uses 802.1X or MAC authentication.

·         The field displays N/A if the client does not use 802.1X or MAC authentication.

NOTE:

If the client uses portal authentication, this field does not display the portal username of the client.

AID

Association ID

AP ID

ID of the AP that the client is associated with.

AP name

Name of the AP that the client is associated with.

Radio ID

ID of the radio that the client is associated with.

SSID

SSID with which the client is associated.

VLAN ID

ID of the VLAN to which the client belongs.

Sleep count

Number of transitions to the sleep state.

Wireless mode

Wireless mode:

·         802.11a.

·         802.11b.

·         802.11g.

·         802.11gn.

·         802.11an.

·         802.11ac.

Channel bandwidth

Channel bandwidth, 20 MHz, 40 MHz, 80 MHz, or 160 MHz.

20/40 BSS Coexistence Management

Whether the client supports 20/40MHz channel bandwidth coexistence.

SM Power Save

SM Power Save:

·         EnabledOnly one antenna of a client operates in active state, and others operate in sleep state to save power.

·         Disabled.

SM power save mode

Power saving mode.

·         Dynamic.

·         Static.

Short GI for 20MHz

Whether the client supports short GI when its channel bandwidth is 20 MHz.

·         Supported.

·         Not supported.

Short GI for 40MHz

Whether the client supports short GI when its channel bandwidth is 40 MHz.

·         Supported.

·         Not supported.

Short GI for 80MHz

Whether the client supports short GI when its channel bandwidth is 80 MHz.

·         Supported.

·         Not supported.

Short GI for 160/80+80MHz

Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz.

·         Supported.

·         Not supported.

STBC Rx Capability

Client STBC receive capability.

·         Not Supported.

·         Supported.

STBC Tx Capability

Client STBC transmission capability.

·         Not Supported.

·         Supported.

LDPC Rx capability

Client LDPC receive capability.

·         Not Supported.

·         Supported.

SU beamformee capability

Client SU beamformee capability.

·         Not Supported.

·         Supported.

MU beamformee capability

Client MU beamformee capability.

·         Not Supported.

·         Supported.

Beamformee STS capability

Client beamformee STS capability.

·         Not Supported.

·         Supported.

Block Ack

Negotiation result of Block ACK with TID.

·         IN—Sends Block ACK for traffic from the inbound direction.

·         OUT—Sends Block ACK for traffic from the outbound direction.

·         BOTH—Sends Block ACK for traffic from both inbound and outbound directions.

Supported VHT-MCS set

VHT-MCS supported by the client.

Supported HT MCS set

HT-MCS supported by the client.

QoS mode

QoS mode:

·         N/A—WMM is not supported.

·         WMM—WMM is supported.

WMM information negotiation is carried out between an AP and a client that both support WMM.

Listen interval

Interval at which the client wakes up to listen to beacon frames. It is counted by beacon interval.

RSSI

Received signal strength indication. This value indicates the client signal strength detected by the AP.

Rx/Tx rate

Sending and receiving rates of data, management, and control frames.

Authentication method

Authentication method, open system or shared key.

Security mode

Security mode:

·         RSN—Beacons and probe responses carry RSN IE.

·         WPA—Beacons and probe responses carry WPA IE.

·         PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE.

AKM mode

AKM mode:

·         802.1X.

·         PSK.

·         Not configured.

Cipher suite

Cipher suite:

·         N/A.

·         WEP40.

·         WEP104.

·         WEP128.

·         CCMP.

·         TKIP.

User authentication mode

User authentication mode:

·         Bypass—No client authentication.

·         MAC.

·         802.1X.

·         OUI.

Authorization ACL ID

Authorized ACL number:

·         This field displays the ACL number if the authorized ACL takes effect.

·         This field displays the ACL number + Not effective if the authorized ACL does not take effect.

·         This field displays N/A if the authentication server is configured without any authorized ACL.

Authorization user profile

Name of the authorized user profile:

·         This field displays the authorized user profile name if the authorized user profile takes effect.

·         This field displays the authorized user profile name + Not effective if the authorized user profile does not take effect.

·         This field displays N/A if the authentication server is configured without any authorized user profile.

Roam status

Roam status:

·         Roaming in progress.

·         Inter-AC slow roaming.

·         Inter-AC fast roaming.

·         Intra-AC slow roaming.

·         Intra-AC fast roaming.

·         This field displays N/A if the client stays in one BSS after coming online.

Key derivation

Key derivation type:

·         SHA1—Uses the HMAC-SHA1 hash algorithm.

·         SHA256—Uses the HMAC-SHA256 hash algorithm.

·         N/A—No key derivation algorithm is involved for the authentication type.

PMF status

PMF status:

·         Enabled—Management frame protection is enabled.

·         Disabled—Management frame protection is disabled.

·         N/A—Management frame protection is not involved.

Forward policy

WLAN forwarding policy.

·         Not configured—No WLAN forwarding policy is configured.

·         policy-name.

Online time

Client online duration.

FT status

Fast BSS transition (FT).

·         Active—FT is enabled.

·         Inactive—FT is disabled.

 

display wlan client status

Use display wlan client status to display client status information.

Syntax

display wlan client status [ mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.

verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.

Examples

# Display brief status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804

Total number of clients: 1

 

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name          RID

001c-f08f-f804  41ms         0     39/117Mbps      0.00%    ap2              2

# Display brief status information about all clients.

<Sysname> display wlan client status

Total number of clients: 2

 

MAC address     Access time  RSSI  Rx/Tx rate      Discard  AP name          RID

000b-c002-9d09  41ms         65    39/117Mbps      0.00%    ap2              2

000f-e265-6401  10ms         62    130/195Mbps     0.00%    ap1              1

Table 24 Command output

Field

Description

MAC address

Client MAC address.

Access time

Time the client took to associate with the WLAN.

RSSI

RSSI of the client.

Rx/Tx rate

Rates at which the client receives and sends data, management packets, and control packets.

Discard

Ratio of packets discarded by the client.

AP name

Name of the AP that the client is associated with.

RID

ID of the radio that the client is associated with.

 

# Display detailed status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose

Total number of clients: 1

 

MAC address                       : 001c-f08f-f804

AP name                           : ap2

Radio ID                          : 2

Access time                       : 41 ms

RSSI                              : 0

Rx/Tx rate                        : 39/117 Mbps

Received:

 Retransmitted packets            : 84

 Retransmitted packet ratio       : 64.12%

Sent:

 Retransmitted packets            : 0

 Retransmitted packet ratio       : 0.00%

Discarded:

 Discarded packets                : 0

 Discarded packet ratio           : 0.00%

Table 25 Command output

Field

Description

MAC address

Client MAC address.

AP name

Name of the AP that the client is associated with.

Radio ID

ID of the radio that the client is associated with.

Access time

Time the client took to associate with the WLAN.

RSSI

RSSI of the client.

Rx/Tx rate

Rates at which the client receives and sends data, management packets, and control packets.

Received

Received packet statistics:

·         Retransmitted packets.

·         Retransmitted packet ratio.

Sent

Sent packet statistics:

·         Retransmitted packets.

·         Retransmitted packet ratio.

Discarded

Discarded packet statistics:

·         Discarded packets.

·         Discarded packet ratio.

 

display wlan forwarding-policy

Use display wlan forwarding-policy to display WLAN forwarding policy information.

Syntax

display wlan forwarding-policy [ policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameter

policy-name: Specifies a WLAN forwarding policy by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all WLAN forwarding policies.

Examples

# Display information about all WLAN forwarding policies.

<Sysname> display wlan forwarding-policy

Total number of forwarding policies: 2

 

Forwarding policy name: fwd1

 Classifier ACL 2000: Local

 Classifier ACL 2004: Local

 Classifier IPv6 ACL 2001: Remote

 Classifier IPv6 ACL 2002: Remote

 

Forwarding policy name: fwd2

 Classifier ACL 4021: Local

 Classifier IPv6 ACL 2000: Remote

 Classifier IPv6 ACL 3024: Remote

Table 26 Command output

Field

Description

Classifier ACL number

IPv4 packet forwarding mode:

·         Local—Local forwarding.

·         Remote—Centralized forwarding.

Classifier IPv6 ACL number

IPv6 packet forwarding mode:

·         Local—Local forwarding.

·         Remote—Centralized forwarding.

 

Related commands

wlan forwarding-policy

display wlan region-code

Use display wlan region-code to display region code information for all APs or the specified AP.

Syntax

display wlan region-code ap { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display region code information for all APs.

<Sysname> display wlan region-code ap all

Region Code

-----------------------------------------------------------------------

AP name                         Region Code

ap1                             CN  CHINA

ap2                             CN  CHINA

ap3                             CN  CHINA

Table 27 Command output

Field

Description

Region Code

Region code. For more information about region codes, see Table 30.

 

display wlan service-template

Use display wlan service-template to display service template information.

Syntax

display wlan service-template [ service-template-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.

verbose: Displays detailed service template information.

Examples

# Display brief information about all service templates.

<Sysname> display wlan service-template

Total number of service templates: 2

Service template name          SSID                 Status

1                              2333                 Enabled

2                              3222                 Enabled

# Display detailed information about all service templates.

<Sysname> display wlan service-template verbose

Service template name         : service1

Description                   : Not configured

SSID                          : wuxianfuwu

SSID-hide                     : Disabled

User-isolation                : Disabled

Service template status       : Disabled

Maximum clients per BSS       : 64

Frame format                  : Dot3

Seamless roam status          : Disabled

Seamless roam RSSI threshold  : 0

Seamless roam RSSI gap        : 0

VLAN ID                       : 1

AKM mode                      : PSK

Security IE                   : RSN

Cipher suite                  : CCMP

TKIP countermeasure time      : 100 sec

PTK lifetime                  : 43200 sec

PTK rekey                     : Enabled

GTK rekey                     : Enabled

GTK rekey method              : Time-based

GTK rekey time                : 86400 sec

GTK rekey client-offline      : Enabled

User authentication mode      : Bypass

Intrusion protection          : Disabled

Intrusion protection mode     : Temporary-block

Temporary block time          : 180 sec

Temporary service stop time   : 20 sec

Fail VLAN ID                  : 1

802.1X handshake              : Enabled

802.1X handshake secure       : Disabled

802.1X domain                 : my-domain

MAC-auth domain               : Not configured

Max 802.1X users per BSS      : 4096

Max MAC-auth users per BSS    : 4096

802.1X re-authenticate        : Enabled

Authorization fail mode       : Online

Accounting fail mode          : Online

Authorization                 : Permitted

Key derivation                : SHA1

PMF status                    : Optional

Hotspot policy number         : Not configured

Forwarding policy status      : Disabled

Forward policy name           : Not configured

Forwarder                     : AC

FT status                     : Enabled

QoS trust                     : Port

QoS priority                  : 0

Table 28 Command output

Field

Description

SSID

SSID of the service template.

SSID-hide

Whether the SSID is hidden in beacons.

·         Disabled.

·         Enabled.

User-isolation

Use isolation:

·         Disabled.

·         Enabled.

Service template status

Service template status:

·         Disabled.

·         Enabled.

Maximum clients per BSS

Maximum number of clients that the BSS supports.

Frame format

Client data frame encapsulation format:

·         Dot3—802.3 format.

·         Dot11802.11 format.

Seamless roam status

Seamless roaming:

·         Disabled.

·         Enabled.

This field is not supported in the current release.

Seamless roam RSSI threshold

Seamless roaming RSSI threshold.

This field is not supported in the current release.

Seamless roam RSSI gap

Seamless roaming RSSI gap.

This field is not supported in the current release.

VLAN ID

ID of the VLAN to which clients belong after they come online through the service template.

AKM mode

AKM mode, 802.1X or PSK.

Security IE

Security IE:

·         RSN.

·         WPA.

Cipher suite

Cipher suite:

·         WEP40.

·         WEP104.

·         WEP128.

·         TKIP.

·         CCMP.

TKIP countermeasure time

TKIP countermeasure time. The value 0 represents no countermeasures are taken.

PTK rekey

Whether PTK rekey is enabled:

·         Enabled.

·         Disabled.

GTK rekey

Whether GTK rekey is enabled:

·         Enabled.

·         Disabled.

GTK rekey method

GTK rekey method, time-based or packet-based.

GTK rekey time

GTK rekey interval.

GTK rekey packets

Number of packets that can be transmitted before the GTK is refreshed.

GTK rekey client-offline

Whether client-off GTK rekey is enabled:

·         Enabled.

·         Disabled.

User authentication mode

Authentication mode:

·         Bypass—No authentication.

·         MAC.

·         MAC-or-802.1X.

·         802.1X.

·         802.1X-or-MAC.

·         OUI-or-802.1X.

Intrusion protection

Whether intrusion protection is enabled:

·         Enabled.

·         Disabled.

Intrusion protection mode

Intrusion protection mode:

·         Temporary-block—Temporarily adds intruders to the block list.

·         Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets.

·         Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets.

Temporary block time

Temporary block time in seconds.

Temporary service stop time

Temporary service stop time in seconds.

Fail VLAN ID

ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured.

Critical VLAN ID

ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the Critical VLAN ID is not configured.

802.1X handshake

Whether 802.1X handshake is enabled:

·         Enabled.

·         Disabled.

802.1X handshake secure

Whether secure 802.1X handshake is enabled:

·         Enabled.

·         Disabled.

802.1X domain

802.1X authentication domain. This field displays Not configured if the domain is not configured.

MAC-auth domain

MAC authentication domain. This field displays Not configured if the domain is not configured.

Max 802.1X users per BSS

Maximum number of supported 802.1X users in a BSS.

Max MAC-auth users per BSS

Maximum number of supported users that pass the MAC authentication in a BSS.

802.1X re-authenticate

Whether 802.1X reauthentication is enabled:

·         Enabled.

·         Disabled.

Authorization fail mode

Authorization fail mode:

·         OfflineClients are logged off when authorization fails.

·         OnlineClients are not logged off when authorization fails.

Accounting fail mode

Accounting fail mode:

·         OfflineClients are logged off when accounting fails.

·         OnlineClients are not logged off when accounting fails.

Authorization

Authorization information:

·         Permitted—Applies the authorization information issued by the RADIUS server or the local device.

·         Ignored—Ignores the authorization information issued by the RADIUS server or the local device.

Key derivation

Key derivation type:

·         SHA1—Uses the HMAC-SHA1 hash algorithm.

·         SHA256—Uses the HMAC-SHA256 hash algorithm.

·         SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm.

PMF status

PMF status:

·         Disabled—Management frame protection is disabled.

·         Optional—Management frame protection in optional mode is enabled.

·         Mandatory—Management frame protection in mandatory mode is enabled.

Forwarding policy status

WLAN forwarding policy status:

·         Disabled.

·         Enabled.

Forward policy name

WLAN forwarding policy name:

·         Not configured—No WLAN forwarding policy is configured.

·         policy-name.

Forwarder

Client traffic forwarder:

·         AC.

·         AP.

FT status

FT status:

·         Disabled.

·         Enabled.

QoS trust

QoS priority trust mode:

·         Port—Port priority trust mode.

·         Dot11e—802.11e priority trust mode.

QoS priority

Port priority in the range of 0 to 7.

 

display wlan statistics

Use display wlan statistics to display client statistics or service template statistics.

Syntax

display wlan statistics { ap { all | name ap-name } connect-history | client [ mac-address mac-address ] | service-template service-template-name [ connect-history ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap: Specifies APs.

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

connect-history: Displays the connection history.

client: Specifies client statistics.

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.

service-template service-template-name: Specifies a service template by its name. If you also specify the connect-history keyword, the command displays the connection history for the specified service template.

Examples

# Display statistics for all clients.

<Sysname> display wlan statistics client

MAC address                : 0014-6c8a-43ff

AP name                    : ap1

Radio ID                   : 1

SSID                       : office

BSSID                      : 000f-e2ff-7700

RSSI                       : 31

Sent frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 9/1230 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 2/76 (frames/bytes)

Received frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 18/2437 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 7/468 (frames/bytes)

Discarded frames:

  Back ground              : 0/0 (frames/bytes)

  Best effort              : 0/0 (frames/bytes)

  Video                    : 0/0 (frames/bytes)

  Voice                    : 5/389 (frames/bytes)

Table 29 Command output

Field

Description

SSID

SSID of the service template.

MAC address

Client MAC address.

Back ground

AC-BK queue.

Best effort

AC-BE queue.

Video

AC-VI queue.

Voice

AC-VO queue.

 

# Display statistics for service template 1.

<Sysname> display wlan statistics service-template 1

AP name                       : ap1

Radio ID                      : 1

Received:

  Frame count                 : 1713

  Frame bytes                 : 487061

  Data frame count            : 1683

  Data frame bytes            : 485761

  Association request count   : 2

Sent:

  Frame count                 : 62113

  Frame bytes                 : 25142076

  Data frame count            : 55978

  Data frame bytes            : 22626600

  Association response count  : 2

# Display the connection history for service template 1.

<Sysname> display wlan statistics service-template 1 connect-history

AP name                     : ap1

Radio ID                    : 1

Associations                : 132

Association failures        : 3

Reassociations              : 30

Rejections                  : 12

Exceptional deassociations  : 2

Current associations        : 57

 

AP name                     : ap1

Radio ID                    : 2

Associations                : 1004

Association failures        : 35

Reassociations              : 59

Rejections                  : 4

Exceptional deassociations  : 22

Current associations        : 300

# Display the connection history for the AP ap1.

<Sysname> display wlan statistics ap name ap1 connect-history

AP name                       : ap1

Associations                  : 1

Reassociations                : 0

Failures                      : 0

Rejections                    : 0

Exceptional deassociations    : 0

Current associations          : 1

display wlan whitelist

Use display wlan whitelist to display whitelist entries.

Syntax

display wlan whitelist

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display whitelist entries.

<Sysname> display wlan whitelist

Total number of clients: 3

 MAC addresses:

  000e-35b2-000e

  0019-5b8e-b709

  001c-f0bf-9c92

inherit exclude service-template

Use inherit exclude service-template to configure an AP to not inherit the specified service template from an AP group.

Use undo inherit exclude service-template to restore the default.

Syntax

inherit exclude service-template service-template-name

undo inherit exclude service-template service-template-name

Default

An AP inherits the service template bound to an AP group.

Views

Radio view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Examples

# Configure the AP ap1 to not inherit the service template st from an AP group.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-ap-ap1] radio 1

[Sysname-ap-ap1-radio-1] inherit exclude service-template st

map-configuration

Use map-configuration to deploy a configuration file to an AP.

Use undo map-configuration to restore the default.

Syntax

map-configuration filename

undo map-configuration

Default

No configuration file is deployed to an AP.

Views

AP view

AP group AP model view

Predefined user roles

network-admin

Parameters

filename: Specifies a configuration file by its name, a case-insensitive string of 1 to 63 characters. Make sure the configuration file is stored in the storage medium of the AC.

Usage guidelines

Contents in the configuration file must be complete commands.

The configuration file takes effect when the CAPWAP tunnel to the AC is in Run state. It does not survive an AP reboot.

An AP can only use its main IP address to establish a CAPWAP tunnel to the AC if the AP is configured by using a configuration file.

Examples

# Deploy the configuration file downconfig.txt to the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] map-configuration downconfig.txt

# Deploy the configuration file downconfig.txt to APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] map-configuration downconfig.txt

nas-id

Use nas-id to set the network access server identifier (NAS ID).

Syntax

nas-id nas-id

undo nas-id

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, the AP uses the configuration in global configuration view.

In global configuration view, no NAS ID is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

nas-id: Specifies a NAS ID, a case-sensitive string of 1 to 63 characters.

Usage guidelines

After coming online, a client sends a RADIUS request that carries the NAS ID to the RADIUS server to indicate its network access server.

You can set the NAS ID when binding a service template to a radio, or set the NAS ID in global configuration view, AP group view, or AP view. The priorities for these configurations are in descending order.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Set the NAS ID for the AP ap1 to abc123.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] nas-id abc123

# Set the NAS ID for the AP group group1 to abc123.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] nas-id abc123

# Set the global NAS ID to abc123.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] nas-id abc123

nas-port-id

Use nas-port-id to set the network access server port identifier (NAS port ID).

Use the undo nas-port-id to restore the default.

Syntax

nas-port-id nas-port-id

undo nas-port-id

Default

In AP view, the AP uses the configuration in AP group view. If no NAS ID is specified in AP group view, the AP uses the configuration in global configuration view.

In AP group view, the AP uses the configuration in global configuration view.

In global configuration view, no NAS ID is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

nas-port-id: Specifies a NAS port ID, a case-sensitive string of 1 to 63 characters.

Usage guidelines

After coming online, a client sends a RADIUS request that carries the NAS port ID to the RADIUS server to indicate its network access server.

You can set the NAS port ID when binding a service template to a radio, or set the NAS port ID in global configuration view, AP group view, or AP view. The priorities for these configurations are in descending order.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Set the NAS port ID to abcd1234 for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] nas-port-id abcd1234

# Set the NAS port ID to abcd1234 for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] nas-port-id abcd1234

# Set the global NAS port ID to abcd1234.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] nas-port-id abcd1234

nas-vlan

Use nas-vlan to set the network access server VLAN identifier (NAS VLAN ID) and enable the AC to encapsulate the VLAN ID in RADIUS requests.

Use undo nas-vlan to restore the default.

Syntax

nas-vlan vlan-id

undo nas-vlan

Default

No NAS VLAN ID is set. Authentication requests sent to the RADIUS server do not contain the NAS VLAN ID field.

Views

AP view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a NAS VLAN ID in the range of 1 to 4096.

Usage guidelines

When the NAS VLAN ID is set, the AC encapsulates the VLAN ID in RADIUS requests sent to the RADIUS server to indicate clients' network access server.

Set the NAS VLAN ID when a third-party Security Accounting Management (SAM) server is used as the RADIUS server.

Examples

# Set the NAS VLAN ID to 1234 for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] nas-vlan 1234

quick-association enable

Use quick-association enable to quick association.

Use undo quick-association to restore the default.

Syntax

quick-association enable

undo quick-association enable

Default

Quick association is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.

Examples

# Enable quick association for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1]quick-association enable

region-code

Use region-code to specify a region code.

Use undo region-code to restore the default.

Syntax

region-code code

undo region-code

Default

In AP view, the AP uses the configuration in AP group view. If no region code is specified in AP group view, the AP uses the configuration in global configuration view.

In AP group view, the AP uses the configuration in global configuration view.

In global configuration view, no region code is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

code: Specifies a region code. For more information about region codes, see Table 30.

Table 30 Country code information

Country

Code

Country

Code

Andorra

AD

Korea, Republic of Korea

KR

United Arab Emirates

AE

Kenya

KE

Albania

AL

Kuwait

KW

Armenia

AM

Kazakhstan

KZ

Australia

AU

Lebanon

LB

Argentina

AR

Liechtenstein

LI

Australia

AT

Sri Lanka

LK

Azerbaijan

AZ

Lithuania

LT

Bosnia and Herzegovina

BA

Luxembourg

LU

Belgium

BE

Latvia

LV

Bulgaria

BG

Libyan

LY

Bahrain

BH

Morocco

MA

Brunei Darussalam

BN

Monaco

MC

Bolivia

BO

Moldova

MD

Brazil

BR

Macedonia

MK

Bahamas

BS

Macau

MO

Belarus

BY

Martinique

MQ

Belize

BZ

Malta

MT

Canada

CA

Mauritius

MU

Switzerland

CH

Mexico

MX

Cote d'ivoire

CI

Malay Archipelago

MY

Chile

CL

Namibia

NA

China

CN

Nigeria

NG

Colombia

CO

Nicaragua

NI

Costarica

CR

Netherlands

NL

Serbia

RS

Norway

NO

Cyprus

CY

New Zealand

NZ

Czech Republic

CZ

Oman

OM

Germany

DE

Panama

PA

Denmark

DK

Peru

PE

Dominica

DO

Poland

PL

Algeria

DZ

Philippines

PH

Ecuador

EC

Pakistan

PK

Estonia

EE

Puerto Rico

PR

Egypt

EG

Portugal

PT

Spain

ES

Paraguay

PY

Faroe Islands

FO

Qatar

QA

Finland

FI

Romania

RO

France

FR

Russian Federation

RU

Britain

GB

Saudi Arabia

SA

Georgia

GE

Sweden

SE

Gibraltar

GI

Singapore

SG

Greenland

GL

Slovenia

SI

Guadeloupe

GP

Slovak

SK

Greece

GR

San Marino

SM

Guatemala

GT

Salvador

SV

Guyana

GY

Syrian

SY

Honduras

HN

Thailand

TH

Hong Kong

HK

Tunisia

TN

Croatia

HR

Turkey

TR

Hungary

HU

Trinidad and Tobago

TT

Iceland

IS

, Province of China

TW

India

IN

Ukraine

UA

Indonesia

ID

United States of America

US

Ireland

IE

Uruguay

UY

Israel

IL

Uzbekistan

UZ

Iraq

IQ

The Vatican City State

VA

Italy

IT

Venezuela

VE

Iran

IR

Virgin Islands

VI

Jamaica

JM

Vietnam

VN

Jordan

JO

Yemen

YE

Japan

JP

South Africa

ZA

Democratic People's Republic of Korea

KP

Zimbabwe

ZW

 

Usage guidelines

A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Specify US as the region code for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] region-code US

# Specify US as the region code for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] region-code US

# Specify US as the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code US

Related commands

region-code-lock

region-code-lock

Use region-code-lock enable to lock the region code.

Use region-code-lock disable to unlock the region code.

Use undo region-code-lock to restore the default.

Syntax

region-code-lock { disable | enable }

undo region-code-lock

Default

In AP view, the AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, the AP uses the configuration in global configuration view.

In global configuration view, the region code is not locked.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

You cannot change a region code that has been locked.

If no region code exists in AP view, the AP uses the region code in AP group view or the global region code even if you have locked the region code in AP view. If no region code exists in AP group view, the AP uses the global region code even if you have locked the region code in AP group view.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Lock the region code for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] region-code-lock enable

# Lock the region code for the AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] region-code-lock enable

# Lock the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code-lock enable

Related commands

region-code

reset wlan client

Use reset wlan client to log off a client or all clients.

Syntax

reset wlan client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

 Parameters

mac-address mac-address: Specifies a client by its MAC address.

all: Specifies all clients.

Examples

# Log off all clients.

<Sysname> reset wlan client all

Related commands

display wlan client

reset wlan dynamic-blacklist

Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.

Syntax

reset wlan dynamic-blacklist [ mac-address mac-address ]

Views

User view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.

Examples

# Remove all clients from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist

# Remove the specified client from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69

Related commands

display wlan blacklist

reset wlan statistics client

Use reset wlan statistics client to clear client statistics.

Syntax

reset wlan statistics client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all clients.

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Clear the statistics of all clients.

<Sysname> reset wlan statistics client all

Related commands

display wlan statistics

service-template

Use service-template to bind a service template to a radio or a radio interface.

Use undo service-template to unbind a service template from a radio or a radio interface.

Syntax

service-template service-template-name [ nas-id nas-id | nas-port-id nas-port-id ] [ ssid-hide ] [ vlan vlan-id | vlan-group vlan-group-name ]

undo service-template service-template-name

Default

In radio view, the AP uses the configuration in AP group view.

In AP group radio view, no service template is bound to a radio.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

nas-id nas-id: Specifies a NAS ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.

nas-port-id nas-port-id: Specifies a NAS port ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.

ssid-hide: Hides SSIDs in beacon frames.

vlan vlan-id: Specifies a VLAN to be bound to the radio by its VLAN ID in the range of 1 to 4094. If you do not specify this option, the radio uses the VLAN bound to the service template. If the specified VLAN does not exist, this command creates the VLAN when clients come online.

vlan-group vlan-group-name: Specifies a VLAN group to be bound to the radio by the VLAN group name, a string of 1 to 16 characters. If you do not specify this option, the radio uses the VLAN bound to the service template.

Usage guidelines

Before you bind a service template to a radio or a radio interface, you must create the service template.

You can use the vlan-group command to create a VLAN group. For more information, see Layer 2—LAN Switching Command References.

The VLAN ID or VLAN group configured using this command takes precedence over the VLAN ID configured for a service template.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Bind the service template service1 and the VLAN group vg1 to radio 1.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-ap-ap1] radio 1

[Sysname-ap-ap1-radio-1] service-template service1 vlan-group vg1

# Bind the service template service1 and the VLAN group vg1 to radio 1 in the AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] service-template service1 vlan-group vg1

Related commands

vlan-group

service-template enable

Use service-template enable to enable a service template.

Use undo service-template enable to disable a service template.

Syntax

service-template enable

undo service-template enable

Default

A service template is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

If the number of BSSs on an AC exceeds the limit, you cannot enable a new service template.

Examples

# Enable the service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] service-template enable

snmp-agent trap enable wlan client

Use snmp-agent trap enable wlan client to enable SNMP notification for WLAN access.

Use undo snmp-agent trap enable wlan client to restore the default.

Syntax

snmp-agent trap enable wlan client

undo snmp-agent trap enable wlan client

Default

SNMP notification is disabled for WLAN access.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for WLAN access.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client

snmp-agent trap enable wlan client-audit

Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.

Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.

Syntax

snmp-agent trap enable wlan client-audit

undo snmp-agent trap enable wlan client-audit

Default

SNMP notification is disabled for client audit.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for client audit.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client-audit

ssid

Use ssid to set an SSID for a service template.

Use undo ssid to delete the SSID of a service template.

Syntax

ssid ssid-name

undo ssid

Default

No SSID is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

Disable the service template before you execute this command.

As a best practice, set a unique SSID for a service template.

Examples

# Set the SSID to lynn for the service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] ssid lynn

unknown-client

Use unknown-client to set the way that an AP processes traffic from unknown clients.

Use undo unknown-client to restore the default.

Syntax

unknown-client { deauthenticate | drop }

undo unknown-client

Default

An AP drops packets from unknown clients and deauthenticates these clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

deauthenticate: Drops packets from unknown clients and deauthenticates these clients.

drop: Drops packets from unknown clients.

Examples

# Configure the AP ap1 to drop packets from unknown clients but not deauthenticate these clients.

<Sysname> system-view

[Sysname] wlan service-template example

[Sysname -wlan-st-example] unknown-client drop

uplink client-rate-limit

Use uplink client-rate-limit to configure uplink client rate limit.

Use undo uplink client-rate-limit to restore the default.

Syntax

uplink client-rate-limit { inbound | outbound } mode { dynamic | static } global cir committed-information-rate [ user cir committed-information-rate ]

undo uplink client-rate-limit { inbound | outbound }

Default

Uplink client rate limit is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

inbound: Limits the rate of incoming packets on uplink Ethernet interfaces.

outbound: Limit the rate of outgoing packets on uplink Ethernet interfaces.

mode: Specifies the uplink client rate limit mode.

dynamic: Specifies the dynamic mode. In this mode, you need to specify only the global CIR. The per-client CIR is the global CIR divided by the number of clients.

static: Specifies the static mode. In this mode, you need to specify both the global CIR and the per-client CIR.

global cir committed-information-rate: Specifies the global CIR in the range of 50 to 1000000 kbps.

user cir committed-information-rate: Specifies the per-client CIR in the range of 50 to 1000000 kbps.

Usage guidelines

The following matrix shows the command and hardware compatibility:

 

Hardware series

Model

Uplink client rate limit compatibility

WX1800H series

WX1804H

No

WX1810H

WX1820H

WX1840H

Yes

WX3800H series

WX3820H

WX3840H

No

WX5800H series

WX5860H

No

 

If you rate limit packets in both inbound and outbound directions, make sure the rate limit modes are the same.

If you execute this command multiple times to rate limit packets in one direction, the most recent configuration takes effect.

When this feature is configured, an AP discards non-HTTP packets if both the global CIR and the per-client CIR are exceeded. For an HTTP packet, the AP discards the packet if the global CIR, the per-client CIR, and the HTTP CIR are all exceeded. The HTTP CIR depends on the configured global CIR.

Examples

# Configure dynamic uplink client rate limit.

<Sysname> system-view

[Sysname] uplink client-rate-limit outbound mode dynamic global cir 51200

Related commands

display uplink client-rate-limit

vlan

Use vlan to assign clients coming online through a service template to a VLAN.

Use undo vlan to restore the default.

Syntax

vlan vlan-id

undo vlan

Default

Clients are assigned to VLAN 1 after coming online through a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094. If the specified VLAN does not exist, this command creates the VLAN when clients come online.

Usage guidelines

Disable the service template before you execute this command.

Examples

# Assign clients coming online through service template service1 to VLAN 2.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] vlan 2

wlan client forwarding enable

Use wlan client forwarding enable to enable client traffic forwarding.

Use undo wlan client forwarding enable to disable client traffic forwarding.

Syntax

wlan client forwarding enable

undo wlan client forwarding enable

Default

Client traffic forwarding is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable this feature if you configure the AC as the client traffic forwarder.

Examples

# Disable client traffic forwarding.

<Sysname> system-view

[Sysname] undo wlan client forwarding enable

Related commands

client forwarding-location

wlan client forwarding-policy-name

Use wlan client forwarding-policy-name to apply a forwarding policy to a user profile.

Use undo wlan client forwarding-policy-name to remove a forwarding policy from a user profile.

Syntax

wlan client forwarding-policy-name policy-name

undo wlan client forwarding-policy-name

Default

No forwarding policy is applied to a user profile.

Views

User profile view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Make sure the AC and its associated APs are in different network segments.

For the AC to perform policy-based forwarding for clients that use a user profile, apply a forwarding policy to the user profile. After a client passes authentication, the authentication server sends the user profile name specified for the client to the AC. The AC will forward traffic of the client based on the forwarding policy applied to the user profile.

For the forwarding policy applied to a user profile to take effect, perform the following tasks for the service template that the user profile uses:

·          Enable policy-based forwarding.

·          Specify the AC to perform client authentication.

If you modify or delete the applied forwarding policy, the change takes effect when the client comes online again.

The AC preferentially uses the forwarding policy applied to a user profile to direct client traffic forwarding. If the user profile of a client does not have a forwarding policy applied, the AC uses the forwarding policy applied to the service template.

Examples

# Apply the forwarding policy policyname to the user profile profilename.

<Sysname> system-view

[Sysname] user-profile profilename

[Sysname-user-profile-profilename] wlan client forwarding-policy-name policyname

Related commands

·          client forwarding-policy enable

·          client-security authentication-location

wlan client reauthentication-period

Use wlan client reauthentication-period to set the idle period before client reauthentication.

Use undo wlan client reauthentication-period to restore the default.

Syntax

wlan client reauthentication-period [ period-value ]

undo wlan client reauthentication-period

Default

The idle period is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

period-value: Specifies the idle period in the range of 1 to 3600 seconds. By default, the idle period is 10 seconds.

Usage guidelines

Set the idle period before client reauthentication to reduce reauthentication failures.

When URL redirection is enabled for WLAN MAC authentication clients, an AP logs off a client that has passed MAC authentication. At the next MAC authentication attempt, the client can pass MAC authentication and access the WLAN. With the idle period configured, the AP adds the client to the dynamic blacklist after logging off the client and the client entry ages out after the specified idle period.

Examples

# Set the idle period before client reauthentication to 100 seconds.

<Sysname> system-view

[Sysname] wlan client reauthentication-period 100

wlan dynamic-blacklist active-on-ap

Use wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on APs.

Use undo wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on the AC.

Syntax

wlan dynamic-blacklist active-on-ap

undo wlan dynamic-blacklist active-on-ap

Default

The dynamic blacklist takes effect on APs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If you configure the dynamic blacklist to take effect on the AC, all APs connected to the AC will reject the client in the dynamic blacklist. If you configure the dynamic blacklist to take effect on APs, the AP associated with the client in the dynamic blacklist will reject the client, but the client can still associate with other APs connected to the AC. As a best practice, configure the dynamic blacklist to take effect on the AC in high-density environments.

Examples

# Configure the dynamic blacklist to take effect on the AC.

<Sysname> system-view

[Sysname] undo wlan dynamic-blacklist active-on-ap

wlan dynamic-blacklist lifetime

Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries.

Use undo wlan dynamic-blacklist lifetime to restore the default.

Syntax

wlan dynamic-blacklist lifetime lifetime

undo wlan dynamic-blacklist lifetime

Default

The aging time is 300 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

lifetime: Specifies the aging time in the range of 1 to 3600 seconds.

Usage guidelines

The configured aging time takes effect only on entries added to the dynamic blacklist afterwards.

Examples

# Set the aging time for dynamic blacklist entries to 3600 seconds.

<Sysname> system-view

[Sysname] wlan dynamic-blacklist lifetime 3600

wlan forwarding-policy

Use wlan forwarding-policy to create a forwarding policy and enter forwarding policy view.

Use undo wlan forwarding-policy to delete a forwarding policy.

Syntax

wlan forwarding-policy policy-name

undo wlan forwarding-policy policy-name

Default

No forwarding policies are created.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

If the specified forwarding policy exists, the command enters forwarding policy view.

Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.

You can create a maximum of 1000 forwarding policies.

Examples

# Create the forwarding policy abc and enter its view.

<Sysname> system-view

[Sysname] wlan forwarding-policy abc

[Sysname-wlan-fp-abc]

wlan link-test

Use wlan link-test to test wireless link quality.

Syntax

wlan link-test mac-address

Views

Any view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the client MAC address in the H-H-H format.

Usage guidelines

Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.

The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.

Examples

# Test the quality of the wireless link to the client with the MAC address 60a4-4cda-eff0.

<Sysname> wlan link-test 60a4-4cda-eff0

Testing link to 60a4-4cda-eff0. Press CTRL + C to break.

                              Link Status

-----------------------------------------------------------------------

MAC address: 60a4-4cda-eff0

-----------------------------------------------------------------------

VHT-MCS  Rate(Mbps)  Tx packets  Rx packets  RSSI  Retries  RTT(ms)

-----------------------------------------------------------------------

NSS = 1

-----------------------------------------------------------------------

 0       6.5         5           5           54     0       0

 1       13          5           5           51     0       0

 2       19.5        5           5           49     0       0

 3       26          5           5           47     0       0

 4       39          5           5           45     0       0

 5       52          5           5           45     0       0

 6       58.5        5           5           44     0       0

 7       65          5           5           44     0       0

 8       78          5           5           44     0       0

-----------------------------------------------------------------------

Table 31 Command output

Field

Description

No./MCS/VHT-MCS

·         No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients.

·         MCS—MCS index for link quality test on 802.11n clients.

·         VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients.

Rate(Mbps)

Rate at which the AP sends wireless link quality detection frames.

Tx packets

Number of wireless link quality detection frames sent by the AP.

Rx packets

Number of responses received by the AP.

RSSI

RSSI of the client detected by the AP.

Retries

Number of wireless link quality retransmissions by the AP.

RTT(ms)

Round trip time for link quality test frames from the AP to the client.

NSS

Number of spatial streams for link quality test on 802.11n or 802.11ac clients.

 

wlan nas-port-id format

Use wlan nas-port-id format to set the format of NAS port IDs for wireless clients.

Use undo wlan nas-port-id format to restore the default.

Syntax

wlan nas-port-id format { 2 | 4 }

undo wlan nas-port-id format

Default

Clients use format 2 to generate NAS port IDs.

Views

System view

Predefined user roles

network-admin

Parameters

2: Specifies the SlotID00IfNOVlanID format.

·          SlotID—Slot ID for client access, a string of two characters.

·          IfNO—Interface number for client access, a string of three characters.

·          VlanID—VLAN ID for client access, a string of nine characters.

4: Specifies the slot=**;subslot=**;port=**;vlanid=**;vlanid2=** format. The vlanid2 field is available only for clients accessing the WLAN through an interface configured with VLAN termination.

Usage guidelines

802.1X and MAC-authenticated clients fill NAS port IDs in the specified format in RADIUS packets.

If a NAS port ID has been specified by using the nas-port-id command, clients use the specified NAS port ID.

Examples

# Set the NAS port ID format to format 4.

<Sysname> system-view

[Sysname] wlan nas-port-id format 4

Related commands

nas-port-id

wlan permit-ap-group

Use wlan permit-ap-group to specify a permitted AP group for client access.

Use undo permit-ap-group to delete a permitted AP group.

Syntax

wlan permit-ap-group ap-group-name

undo wlan permit-ap-group [ ap-group-name ]

Default

No permitted AP group is specified for client access.

Views

User profile view

Predefined user roles

network-admin

Parameters

ap-group-name: Specifies an AP group by its name, a string of 1 to 31 characters.

Usage guidelines

If you do not specify the ap-group-name argument when executing the undo command, the command deletes all permitted AP groups.

If no permitted AP group is specified for client access, client access is not restricted.

If you specify a permitted AP group for client access, clients can only access APs in the AP group.

Examples

# Specify the AP group group1 as the permitted AP group for client access.

<Sysname> system-view

[Sysname] user-profile profile1

[Sysname-user-profile-profile1] wlan permit-ap-group group1

wlan permit-ssid

Use wlan permit-ssid to specify a permitted SSID for client access.

Use undo permit-ssid to delete a permitted SSID.

Syntax

wlan permit-ssid ssid-name

undo wlan permit-ssid [ ssid-name ]

Default

No permitted SSID is specified for client access.

Views

User profile view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

If you do not specify the ap-group-name argument when executing the undo command, the command deletes all permitted SSIDs.

If no permitted SSID is specified for client access, client access is not restricted.

If you specify a permitted SSID for client access, clients can only access WLANs through the SSID.

Examples

# Specify the SSID ssid1 as the permitted SSID for client access.

<Sysname> system-view

[Sysname] user-profile profile1

[Sysname-user-profile-profile1] wlan permit-ssid ssid1

wlan service-template

Use wlan service-template to create a service template.

Use undo wlan service-template to delete a service template.

Syntax

wlan service-template service-template-name

undo wlan service-template service-template-name

Default

No service template exists.

Views

System view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If the specified service template exists, the command enters service template view.

You cannot delete a service template that has been bound to a radio.

Examples

# Create service template service1 and enter its view.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1]

wlan static-blacklist mac-address

Use wlan static-blacklist mac-address to add a client to the static blacklist.

Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.

Syntax

wlan static-blacklist mac-address mac-address

undo wlan static-blacklist [ mac-address mac-address ]

Default

No clients exist in the static blacklist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

If you add an online client to the static blacklist, the command logs off the client.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.

Do not add multicast or broadcast MAC addresses to the static blacklist.

Examples

# Add the MAC address 001c-f0bf-9c92 to the static blacklist.

<Sysname> system-view

[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92

Related commands

display wlan blacklist

wlan web-server api-path

Use wlan web-server api-path to specify the path of the Web server to which client information is reported.

Use undo wlan web-server api-path to restore the default.

Syntax

wlan web-server api-path path

undo wlan web-server api-path

Default

The path of the Web server is not specified.

Views

System view

Predefined user roles

network-admin

Parameters

path: Specifies a path, a case-sensitive string of 1 to 256 characters.

Usage guidelines

The Web server accepts client information only when the server's host name, port number, and path are specified.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the path of the Web server as /wlan/dev-cfg.

<Sysname> system-view

[Sysname] wlan web-server api-path /wlan/dev-cfg

Related commands

wlan web-server host

wlan web-server max-client-entry

wlan web-server host

Use wlan web-server host to specify the host name and port number of the Web server to which client information is reported.

Use undo wlan web-server host to restore the default.

Syntax

wlan web-server host host-name port port-number

undo wlan web-server host

Default

The host name and port number of the Web server are not specified.

Views

System view

Predefined user roles

network-admin

Parameters

host host-name: Specifies a host name, a case-insensitive string of 3 to 127 characters that can contain letters, digits, hyphens (-), underscores (_), and dots (.).

port port-number: Specifies a port number in the range of 1 to 65534.

Usage guidelines

The Web server accepts client information only when the server's host name, port number, and path are specified.

Client information changes are reported to the Web server in real time.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the host name and port number of the Web server as www.abc.com and 668, respectively.

<Sysname> system-view

[Sysname] wlan web-server host www.abc.com port 668

Related commands

wlan web-server api-path

wlan web-server max-client-entry

wlan web-server max-client-entry

Use wlan web-server max-client-entry to set the maximum number of client entries to be reported at a time.

Use undo wlan web-server max-client-entry to restore the default.

Syntax

wlan web-server max-client-entry number

undo wlan web-server max-client-entry

Default

A maximum of 10 client entries can be reported at a time.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of client entries, in the range of 1 to 25.

Examples

# Set the maximum number of client entries to be reported at a time to 12.

<Sysname> system-view

[Sysname] wlan web-server max-client-entry 12

Related commands

wlan web-server api-path

wlan web-server host

wlan whitelist mac-address

Use wlan whitelist mac-address to add a client to the whitelist.

Use undo wlan whitelist mac-address to remove a client from the whitelist.

Syntax

wlan whitelist mac-address mac-address

undo wlan whitelist [ mac-address mac-address ]

Default

No clients exist in the whitelist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.

If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.

Do not add multicast or broadcast MAC addresses to the whitelist.

Examples

# Add the MAC address 001c-f0bf-9c92 to the whitelist.

<Sysname> system-view

[Sysname] wlan whitelist mac-address 001c-f0bf-9c92

This command will disconnect all clients. Continue? [Y/N]:

Related commands

display wlan whitelist


WLAN security commands

akm mode

Use akm mode to set an authentication and key management (AKM) mode.

Use undo akm mode to restore the default.

Syntax

akm mode { dot1x | private-psk | psk | anonymous-dot1x }

undo akm mode

Default

No AKM mode is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

dot1x: Specifies 802.1X as the AKM mode.

private-psk: Specifies private PSK as the AKM mode.

psk: Specifies PSK as the AKM mode.

anonymous-dot1x: Specifies WiFi alliance anonymous 802.1X as the AKM mode.

Usage guidelines

You must set the AKM mode for RSNA networks.

Each WLAN service template supports only one AKM mode. Set the AKM mode only when the WLAN service template is disabled.

Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.

Each of the following AKM modes must be used with a specific authentication mode:

·          802.1X AKM—802.1X authentication mode.

·          Private PSK AKM—MAC authentication mode.

·          PSK AKM—MAC or bypass authentication mode.

·          WiFi alliance anonymous 802.1X AKM802.1X authentication mode.

For more information about the authentication mode, see "Configuring WLAN user access authentication."

Examples

# Set the PSK AKM mode.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] akm mode psk

Related commands

·          cipher-suite

·          security-ie

cipher-suite

Use cipher-suite to specify the cipher suite used for frame encryption.

Use undo cipher-suite to remove the configuration.

Syntax

cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }

undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }

Default

No cipher suite is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

ccmp: Specifies the AES-CCMP cipher suite.

tkip: Specifies the TKIP cipher suite.

wep40: Specifies the WEP40 cipher suite.

wep104: Specifies the WEP104 cipher suite.

wep128: Specifies the WEP128 cipher suite.

Usage guidelines

You must set the cipher suite for RSNA networks. Set a cipher suite only when the WLAN service template is disabled.

Set the TKIP or CCMP cipher suite when you configure the RSN IE or WPA IE.

The WEP cipher suite includes three types, WEP40, WEP104, and WEP128. Each WLAN service template supports only one type of WEP cipher suite. After you set a type of WEP cipher suite, you must create and apply a key of the same type.

WEP128 cannot be set if the CCMP or TKIP cipher suite is configured.

Examples

# Set the TKIP cipher suite for frame encryption.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite tkip

Related commands

·          security-ie

·          wep key

·          wep key-id

gtk-rekey client-offline enable

Use gtk-rekey client-offline enable to enable offline-triggered GTK update.

Use undo gtk-rekey client-offline to restore the default.

Syntax

gtk-rekey client-offline enable

undo gtk-rekey client-offline enable

Default

Offline-triggered GTK update is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

Enable offline-triggered GTK update only when GTK update is enabled.

Examples

# Enable offline-triggered GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey client-offline enable

Related commands

gtk-rekey enable

gtk-rekey enable

Use gtk-rekey enable to enable GTK update.

Use undo gtk-rekey enable to disable GTK update.

Syntax

gtk-rekey enable

undo gtk-rekey enable

Default

GTK update is enabled.

Views

WLAN service template view

Predefined user roles

network-admin

Examples

# Enable GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey enable

gtk-rekey method

Use gtk-rekey method to set a GTK update method.

Use undo gtk-rekey method to restore the default.

Syntax

gtk-rekey method { packet-based [ packet ] | time-based [ time ] }

undo gtk-rekey method

Default

The GTK is updated at an interval of 86400 seconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

packet-based packet: Specifies the number of packets (including multicasts and broadcasts) that are transmitted before the GTK is updated. The value range for the packet argument is 5000 to 4294967295 and the default is 10000000.

time-based time: Specifies the interval at which the GTK is updated. The value range for the time argument is 180 to 604800 seconds and the default is 86400 seconds.

Usage guidelines

Set the GTK update method only when GTK update is enabled.

The most recent configuration overwrites the previous one. For example, if you set the packet-based method and then set the time-based method, the time-based method takes effect.

If you set the GTK update method after the service template is enabled, the change takes effect when the following conditions exist:

·          If you change the GTK update interval, the new interval takes effect when the old timer times out.

·          If you change the packet number threshold, the new threshold takes effect immediately.

·          If you change the GTK update method to packet-based, the new method takes effect when the timer is deleted and the packet number threshold is reached.

·          If you change the GTK update method to time-based, the configuration takes effect immediately.

Examples

# Enable time-based GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey method time-based 3600

# Enable packet-based GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey method packet-based 600000

Related commands

gtk-rekey enable

key-derivation

Use key-derivation to set the key derivation function (KDF).

Use undo key-derivation to restore the default.

Syntax

key-derivation { sha1 | sha1-and-sha256 | sha256 }

undo key-derivation

Default

The KDF is the HMAC-SHA1 algorithm.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

sha1: Specifies the HMAC-SHA1 algorithm as the KDF.

sha256: Specifies the HMAC-SHA256 algorithm as the KDF.

sha1-and-sha256: Specifies the HMAC-SHA1 algorithm and the HMAC-SHA256 algorithm as the KDFs.

Usage guidelines

KDFs take effect only for a network that uses the RSNA mechanism.

As a best practice, configure the HMAC-SHA256 algorithm as the KDF if management frame protection is enabled.

Examples

# Configure the HMAC-SHA256 algorithm as the KDF.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] key-derivation sha256

Related commands

·          akm mode

·          cipher-suite

·          security-ie

pmf

Use pmf to enable management frame protection.

Use undo pmf to restore the default.

Syntax

pmf { mandatory | optional }

undo pmf

Default

Management frame protection is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

mandatory: Specifies the mandatory mode. Only clients that support management frame protection can access the WLAN.

optional: Specifies the optional mode. All clients can access the WLAN.

Usage guidelines

Management frame protection takes effect only for a network that uses the RSNA mechanism and is configured with the CCMP cipher suite and RSN security information element.

Examples

# Enable management frame protection in optional mode.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf optional

Related commands

·          cipher-suite

·          security-ie

pmf association-comeback

Use pmf association-comeback to set the association comeback time.

Use undo pmf association-comeback to restore the default.

Syntax

pmf association-comeback time

undo pmf association-comeback

Default

The association comeback time is 1 second.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Specifies the association comeback time in the range of 1 to 20 seconds.

Usage guidelines

If an AP rejects the current association or reassociation request from a client, it returns an association/reassociation response that carries the association comeback time. The AP starts to receive the association or reassociation request from the client when the association comeback time times out.

Examples

# Set the association comeback time to 2 seconds.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf association-comeback 2

pmf saquery retrycount

Use pmf saquery retrycount to maximum retransmission attempts for SA query requests.

Use undo pmf saquery retrycount to restore the default.

Syntax

pmf saquery retrycount count

undo pmf saquery retrycount

Default

The maximum retransmission attempt number is 4 for SA query requests.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum retransmission attempts for SA query requests, in the range of 1 to 16.

Usage guidelines

If an AP does not receive an acknowledgment for the SA query request after retransmission attempts reach the maximum number, the AP determines that the client is offline.

Examples

# Set the number of maximum retransmission attempt to 3 for SA query requests.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf saquery retrycount 3

Related commands

·          pmf

·          pmf saquery retrytimeout

pmf saquery retrytimeout

Use pmf saquery retrytimeout to set the interval for sending SA query requests.

Use undo pmf saquery retrytimeout to restore the default.

Syntax

pmf saquery retrytimeout timeout

undo pmf saquery retrytimeout

Default

The interval for sending SA query requests is 200 milliseconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

timeout: Specifies the interval for an AP to send SA query requests, in the range of 100 to 500 milliseconds.

Examples

# Set the interval for sending SA query requests to 300 milliseconds.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf saquery retrytimeout 300

Related commands

·          pmf

·          pmf saquery retrycount

preshared-key

Use preshared-key to set the PSK.

Use undo preshared-key to restore the default.

Syntax

preshared-key { pass-phrase | raw-key } { cipher | simple } string

undo preshared-key

Default

No PSK is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

pass-phrase: Sets a PSK, a character string.

raw-key: Sets a PSK, a hexadecimal number.

cipher: Sets a ciphertext key.

simple: Sets a plaintext key. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies a key string. This argument is case sensitive. Key length varies by key type:

·          pass-phrase—Its plaintext form is 8 to 63 characters. Its encrypted form is 8 to 117 characters.

·          raw-key—Its plaintext form is 64 hexadecimal digits. Its encrypted form is 8 to 117 characters.

Usage guidelines

Set the PSK only when the WLAN service template is disabled and the AKM mode is PSK. If you set the PSK when the AKM mode is 802.1X, the WLAN service template can be enabled but the PSK configuration does not take effect.

You can set only one PSK for a WLAN service template.

Examples

# Configure simple character string 12345678 as the PSK.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] akm mode psk

[Sysname-wlan-st-security] preshared-key pass-phrase simple 12345678

Related commands

akm mode

ptk-lifetime

Use ptk-lifetime to set the PTK lifetime.

Use undo ptk-lifetime to restore the default.

Syntax

ptk-lifetime time

undo ptk-lifetime

Default

The PTK lifetime is 43200 seconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Specifies the lifetime of the PSK, in the range of 180 to 604800 seconds.

Usage guidelines

If you configure the PTK lifetime when the service template is enabled, the configuration takes effect after the old timer times out.

Examples

# Set the PTK lifetime to 200 seconds.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] ptk-lifetime 200

ptk-rekey enable

Use ptk-rekey enable to enable PTK update.

Use undo ptk-rekey enable to disable PTK update.

Syntax

ptk-rekey enable

undo ptk-rekey enable

Default

PTK update is enabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to update PTK after the configured PTK lifetime expires.

Examples

# Enable PTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] ptk-rekey enable

Related commands

ptk-lifetime

security-ie

Use security-ie to enable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.

Use undo security-ie to disable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.

Syntax

security-ie { osen | rsn | wpa }

undo security-ie { osen | rsn | wpa }

Default

OSEN IE, RSN IE, and WPA IE are disabled in beacon and probe responses.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

osen: Enables the OSEN IE in the beacon and probe response frames sent by the AP. The OSEN IE advertises the OSEN capabilities of the AP.

rsn: Enables the RSN IE in the beacon and probe response frames sent by the AP. The RSN IE advertises the RSN capabilities of the AP.

wpa: Enables the WPA IE in the beacon and probe response frames sent by the AP. The WPA IE advertises the WPA capabilities of the AP.

Usage guidelines

You must set the security IE for RSNA networks. Set a security IE only when the WLAN service template is disabled and the CCMP or TKIP cipher suite is configured.

You can set both the WPA IE and RSN IE for the same WLAN service template. The WPA IE and RSN IE cannot be used together with the OSEN IE for a WLAN service template.

Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.

Examples

# Enable the RSN IE in beacon and probe responses.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] security-ie rsn

Related commands

·          akm mode

·          cipher-suite

snmp-agent trap enable wlan usersec

Use snmp-agent trap enable wlan usersec to enable SNMP notifications for WLAN security.

Use undo snmp-agent trap enable wlan usersec to disable SNMP notifications for WLAN security.

Syntax

snmp-agent trap enable wlan usersec

undo snmp-agent trap enable wlan usersec

Default

SNMP notifications are disabled for WLAN security.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN security events to an NMS, enable SNMP notifications for WLAN security. For WLAN security event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for WLAN security.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan usersec

tkip-cm-time

Use tkip-cm-time to set the TKIP MIC failure hold time.

Use undo tkip-cm-time to restore the default.

Syntax

tkip-cm-time time

undo tkip-cm-time

Default

The TKIP MIC failure hold time is 0 seconds. The AP does not take any countermeasures.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Sets the TKIP MIC failure hold time in the range of 0 to 3600 seconds.

Usage guidelines

Set the TKIP MIC failure hold time only when the TKIP cipher suite is configured.

If you configure the MIC failure hold time when the service template is enabled, the configuration takes effect after the old timer times out.

If the AP detects two MIC failures within the MIC failure hold time, it disassociates all clients for 60 seconds.

Examples

# Set the TKIP MIC failure hold time to 180 seconds.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] tkip-cm-time 180

Related commands

cipher-suite

wep key

Use wep key to set a WEP key.

Use undo wep key to delete the configured WEP key.

Syntax

wep key key-id { wep40 | wep104 | wep128 } { pass-phrase | raw-key } { cipher | simple } string

undo wep key key-id

Default

No WEP key is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

key-id: Sets the key ID in the range of 1 to 4.

wep40: Sets the WEP40 key.

wep104: Sets the WEP104 key.

wep128: Sets the WEP128 key.

pass-phrase: Sets a WEP key, a character string.

raw-key: Sets a WEP key, a hexadecimal number.

cipher: Sets a ciphertext key.

simple: Sets a plaintext key. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies a key string. This argument is case sensitive. The cipher key length is in the range of 37 to 73 characters. The plaintext key length varies by key type:

·          wep40 pass-phrase (plaintext)—5 characters.

·          wep104 pass-phrase (plaintext)—13 characters.

·          wep128 pass-phrase (plaintext)—16 characters.

·          wep40 raw-key (plaintext)—10 hexadecimal digits.

·          wep104 raw-key (plaintext)—26 hexadecimal digits.

·          wep128 raw-key (plaintext)—32 hexadecimal digits.

Usage guidelines

Set a WEP key only when the WLAN service template is disabled and the cipher suite WEP is configured. You can set a maximum of four WEP keys.

Examples

# Configure the cipher suite WEP40 and configure plain text 12345 as WEP key 1.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite wep40

[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345

Related commands

·          cipher-suite

·          wep key-id

wep key-id

Use wep key-id to apply a WEP key.

Use undo wep key-id to restore the default.

Syntax

wep key-id { 1 | 2 | 3 | 4 }

undo wep key-id

Default

Key 1 is applied.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

1: Specifies the WEP key whose ID is 1.

2: Specifies the WEP key whose ID is 2.

3: Specifies the WEP key whose ID is 3.

4: Specifies the WEP key whose ID is 4.

Usage guidelines

Apply a WEP key only when the WLAN service template is disabled.

In the RSNA mechanism, key 1 is the negotiated key. To apply a WEP key, specify a WEP key whose ID is not 1.

You can only apply an existing WEP key.

Examples

# Configure the cipher suite WEP40, configure plain text 12345 as WEP key 1, and apply WEP key 1.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite wep40

[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345

[Sysname-wlan-st-security] wep key-id 1

Related commands

wep key

wep mode dynamic

Use the wep mode dynamic command to enable the dynamic WEP mechanism.

Use the undo wep mode dynamic command to disable the dynamic WEP mechanism.

Syntax

wep mode dynamic

undo wep mode dynamic

Default

The dynamic WEP mechanism is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

Enable the dynamic WEP mechanism only when the WLAN service template is disabled.

The dynamic WEP mechanism requires 802.1X authentication for user access authentication.

Do not apply WEP key 4 if the dynamic WEP mechanism is enabled.

Examples

# Enable the dynamic WEP mechanism.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] wep mode dynamic

Related commands

·          cipher-suite

·          client-security authentication-mode (WLAN access commands)

·          wep key

·          wep key-id

 


WLAN authentication commands

This chapter describes WLAN-specific authentication commands. For more information about 802.1X and MAC authentication commands, see Security Command Reference.

client-security accounting-delay time

Use client-security accounting-delay time to configure the accounting delay.

Use undo client-security accounting-delay time to restore the default.

Syntax

client-security accounting-delay time time [ no-ip-logoff ]

undo client-security accounting-delay time

Default

The device sends a start-accounting request for a client only when the device learns the IP address of that client.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Sets the accounting delay timer. The value range for the time argument is 1 to 600 seconds.

no-ip-logoff: Logs off a client if the device has failed to obtain the client IP address before the delay timer expires. If you do not specify this keyword, the device sends a start-accounting request immediately after the accounting delay timer expires.

Usage guidelines

The accounting delay timer operates in conjunction with an IP-based accounting-start trigger. The timer specifies the maximum interval for the device to learn the IP address of an 802.1X or MAC authenticated client before it takes the specified action.

The timer starts when a client passes 802.1X or MAC authentication. If the device has failed to learn an IP address that matches the IP-based accounting-start trigger before the accounting delay timer expires, the device takes either of the following actions:

·          Sends a start-accounting request immediately if the no-ip-logoff action is not specified.

·          Logs off the client if the no-ip-logoff action is specified.

Configure the accounting delay timer depending on the typical amount of time for the device to learn the IP address of a client. As a best practice, increase the delay timer on a low-performance network.

The timer takes effect only on clients that come online after the timer is configured.

Examples

# Set the accounting delay timer to 15 seconds in service template service1. Configure the device to log off a client if it has failed to learn the required client IP address before the delay timer expires.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-delay time 15 no-ip-logoff

Related commands

client-security accounting-start trigger

client-security accounting-start trigger

Use client-security accounting-start trigger to configure an accounting-start trigger for clients.

Use undo client-security accounting-start trigger to restore the default.

Syntax

client-security accounting-start trigger { ipv4 | ipv4-ipv6 | ipv6 | none }

undo client-security accounting-start trigger

Default

The accounting-start trigger is based on IPv4 address type.

Views

Service template view

Predefined user roles

network-admin

Parameters

ipv4: Sends an accounting-start request if an 802.1X or MAC authenticated client uses an IPv4 address.

ipv4-ipv6: Sends an accounting-start request if an 802.1X or MAC authenticated client uses an IPv4 or IPv6 address.

ipv6: Sends an accounting-start request if an 802.1X or MAC authenticated client uses an IPv6 address.

none: Sends a start-accounting request when a client passes authentication without examining its IP address type.

Usage guidelines

This command takes effect only on clients that have passed 802.1X or MAC authentication. For more information about accounting, see AAA in Security Configuration Guide.

For the accounting-start trigger to take effect, follow these guidelines:

·          If the trigger is IP address type based, you must enable learning IP addresses of that type. For information about wireless client IP address learning, see WLAN IP snooping in WLAN Configuration Guide.

·          The IP-based trigger must match the requirement of the accounting server for the IP version.

The trigger takes effect only on clients that come online after the trigger is configured.

Examples

# Configure an IPv6 address-based accounting-start trigger in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-start trigger ipv6

Related commands

·          client ipv4-snooping arp-learning enable

·          client ipv4-snooping dhcp-learning enable

·          client ipv6-snooping dhcpv6-learning enable

·          client ipv6-snooping nd-learning enable

·          client ipv6-snooping snmp-nd-report enable

·          client-security accounting-delay time

·          client-security accounting-update trigger

client-security accounting-update trigger

Use client-security accounting-update trigger to specify an event-based accounting-update trigger.

Use undo client-security accounting-update trigger to restore the default.

Syntax

client-security accounting-update trigger { ipv4 | ipv4-ipv6 | ipv6 }

undo client-security accounting-update trigger

Default

No event-based accounting-update trigger is configured. The device sends update-accounting requests to the accounting server only regularly at server-assigned or user-defined real-time accounting intervals.

Views

Service template view

Predefined user roles

network-admin

Parameters

ipv4: Sends an update-accounting request when the IPv4 address of an online 802.1X or MAC authenticated client changes.

ipv4-ipv6: Sends an update-accounting request when the IPv4 or IPv6 address of an online 802.1X or MAC authenticated client changes.

ipv6: Sends an update-accounting request when the IPv6 address of an online 802.1X or MAC authenticated client changes.

Usage guidelines

Use accounting-update trigger in conjunction with the accounting-start trigger. The accounting-update trigger can take effect only if you have configured the accounting-start trigger by using the client-security accounting-start trigger command.

In addition to the event-based accounting-update trigger, you can set a regular accounting-update interval by using the timer realtime-accounting command.

The accounting-update trigger takes effect only on clients that come online after the trigger is configured.

Examples

# Configure an IPv6 address change-based accounting-update trigger in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-update trigger ipv6

Related commands

·          client-security accounting-start trigger

·          timer realtime-accounting (Security Command Reference)

client-security authentication fail-vlan

Use client-security authentication fail-vlan to configure an Auth-Fail VLAN for a service template.

Use undo client-security authentication fail-vlan to restore the default.

Syntax

client-security authentication fail-vlan vlan-id

undo client-security authentication fail-vlan

Default

No Auth-Fail VLAN is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies the ID of the Auth-Fail VLAN, in the range of 1 to 4094. Make sure the VLAN has been created.

Usage guidelines

A WLAN Auth-Fail VLAN accommodates clients that have failed WLAN authentication because of the failure to comply with the organization security strategy. For example, the VLAN accommodates clients that have entered wrong passwords. The Auth-Fail VLAN does not accommodate WLAN clients that have failed authentication for authentication timeouts or network connection problems.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure VLAN 10 as the Auth-Fail VLAN in service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] client-security authentication fail-vlan 10

client-security authentication-location

Use client-security authentication-location to specify the authenticator for WLAN clients.

Use undo client-security authentication-location to restore the default.

Syntax

client-security authentication-location { ac | ap }

undo client-security authentication-location

Default

The AC acts as the authenticator to authenticate WLAN clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Specifies the AC as the authenticator.

ap: Specifies the AP as the authenticator.

Usage guidelines

You cannot specify the AP as the authenticator if the AC is configured to forward client data traffic (by using the client forwarding-location command). For information about the client forwarding-location command, see "WLAN access commands."

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure the AC as the authenticator for WLAN clients in service template s1.

<Sysname> system-view

[Sysname] wlan service-template s1

[Sysname-wlan-st-s1] client-security authentication-location ac

Related commands

client forwarding-location

client-security authentication-mode

Use client-security authentication-mode to set the authentication mode for WLAN clients.

Use undo client-security authentication-mode to restore the default.

Syntax

client-security authentication-mode { dot1x | dot1x-then-mac | mac | mac-then-dot1x | oui-then-dot1x }

undo client-security authentication-mode

Default

The WLAN authentication mode is Bypass. The device does not perform authentication for WLAN clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot1x: Performs 802.1X authentication only.

dot1x-then-mac: Performs 802.1X authentication first, and then MAC authentication. If the client passes 802.1X authentication, MAC authentication is not performed.

mac: Performs MAC authentication only.

mac-then-dot1x: Performs MAC authentication first, and then 802.1X authentication. If the client passes MAC authentication, 802.1X authentication is not performed.

oui-then-dot1x: Performs OUI authentication first, and then 802.1X authentication. If the client passes OUI authentication, 802.1X authentication is not performed.

Usage guidelines

A service template allows access of multiple authenticated clients in any authentication mode. To set the maximum number of 802.1X clients, use the dot1x max-user command. To set the maximum number of MAC authentication clients, use the mac-authentication max-user command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Set the authentication mode to mac for WLAN clients in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security authentication-mode mac

client-security authorization-fail offline

Use client-security authorization-fail offline to enable the authorization-fail-offline feature.

Use undo client-security authorization-fail offline to disable the authorization-fail-offline feature.

Syntax

client-security authorization-fail offline

undo client-security authorization-fail offline

Default

The authorization-fail-offline feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

The authorization-fail-offline feature logs off WLAN clients that fail ACL or user profile authorization.

A WLAN client fails ACL or user profile authorization in the following situations:

·          The device or server fails to authorize the specified ACL or user profile to the client.

·          The authorized ACL or user profile does not exist.

If this feature is disabled, the device does not log off WLAN clients that fail ACL or user profile authorization. However, the device outputs logs to report the failure.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the authorization-fail-offline feature for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security authorization-fail offline

client-security ignore-authentication

Use client-security ignore-authentication to configure the device to ignore the 802.1X or MAC authentication failures.

Use undo client-security ignore-authentication to restore the default.

Syntax

client-security ignore-authentication

undo client-security ignore-authentication

Default

The device does not ignore the authentication failures for wireless clients that perform 802.1X authentication or perform RADIUS-based MAC authentication.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command applies to the following clients:

·          Clients that perform 802.1X authentication.

This command enables the device to ignore the 802.1X authentication failures and allow clients that have failed 802.1X authentication to come online.

·          Clients that perform both RADIUS-based MAC authentication and portal authentication.

Typically, a client must pass MAC authentication and portal authentication in turn to access network resources. The client provides username and password each time portal authentication is performed.

This command simplifies the authentication process for a client as follows:

?  If the RADIUS server already records the client's MAC authentication information, the client passes MAC authentication. The device allows the client to access network resources without performing portal authentication.

?  If the RADIUS server does not record the client's MAC authentication information, the client fails MAC authentication. The device ignores the MAC authentication failures and performs portal authentication for the client. If the client passes portal authentication, it can access network resources. The MAC address of the portal authenticated client will be recorded as MAC authentication information on the RADIUS server. At the next authentication attempt, the client will pass MAC authentication and access network resources without performing portal authentication.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For RSN + 802.1X clients to roam to a new AP, do not use this command.

Examples

# Configure the device to ignore 802.1X or MAC authentication failures in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security ignore-authentication

client-security ignore-authorization

Use client-security ignore-authorization to configure the device to ignore the authorization information received from the authentication server (a RADIUS server or the local device).

Use undo client-security ignore-authorization to restore the default.

Syntax

client-security ignore-authorization

undo client-security ignore-authorization

Default

The device uses the authorization information from the server.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

After a client passes RADIUS or local authentication, the server performs authorization based on the authorization attributes configured for the user account. For example, the server can assign a VLAN. If you do not want the device to use these authorization attributes for clients, configure this command to ignore the authorization information from the server.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure the device to ignore the authorization information from the authentication server for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security ignore-authorization

client-security intrusion-protection action

Use client-security intrusion-protection action to configure the intrusion protection action that the device takes when intrusion protection detects illegal frames.

Use undo client-security intrusion-protection action to restore the default.

Syntax

client-security intrusion-protection action { service-stop | temporary-block | temporary-service-stop }

undo client-security intrusion-protection action

Default

The intrusion protection action is temporary-block.

Views

Service template view

Predefined user roles

network-admin

Parameters

service-stop: Stops the BSS where an illegal frame is received until the BSS is enabled manually on the radio interface.

temporary-block: Adds the source MAC address of an illegal frame to the blocked MAC address list for a period. To set the period, use the client-security intrusion-protection timer temporary-block command.

temporary-service-stop: Stops the BSS where an illegal frame is received for a period. To set the period, use the client-security intrusion-protection timer temporary-service-stop command.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For this command to take effect, you must also use the client-security intrusion-protection enable command to enable the intrusion protection feature.

Examples

# Configure the device to stop the BSS where intrusion protection detects illegal frames for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action service-stop

Related commands

·          client-security intrusion-protection enable

·          client-security intrusion-protection timer temporary-block

·          client-security intrusion-protection timer temporary-service-stop

client-security intrusion-protection enable

Use client-security intrusion-protection enable to enable the intrusion protection feature.

Use undo client-security intrusion-protection enable to disable the intrusion protection feature.

Syntax

client-security intrusion-protection enable

undo client-security intrusion-protection enable

Default

The intrusion protection feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

When the device receives an association request from an illegal client, the device takes the predefined protection action on the BSS where the request is received. A client is illegal if its MAC address fails WLAN authentication. To set the protection action, use the client-security intrusion-protection action command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the intrusion protection feature for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

Related commands

client-security intrusion-protection action

client-security intrusion-protection timer temporary-block

Use client-security intrusion-protection timer temporary-block to set the period during which a MAC address is blocked by intrusion protection.

Use undo client-security intrusion-protection timer temporary-block to restore the default.

Syntax

client-security intrusion-protection timer temporary-block time

undo client-security intrusion-protection timer temporary-block

Default

An illegal MAC address is blocked for 180 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Sets the period during which a MAC address is blocked. The value range is 60 to 300 seconds.

Usage guidelines

This command takes effect only when the intrusion protection action is temporary-block.

If you change the blocking period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.

Examples

# Configure service template service1 to block illegal MAC addresses for 120 seconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-block

[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-block 120

Related commands

·          client-security intrusion-protection action

·          client-security intrusion-protection enable

client-security intrusion-protection timer temporary-service-stop

Use client-security intrusion-protection timer temporary-service-stop to set the BSS silence period for intrusion protection.

Use undo client-security intrusion-protection timer temporary-service-stop to restore the default.

Syntax

client-security intrusion-protection timer temporary-service-stop time

undo client-security intrusion-protection timer temporary-service-stop

Default

The BSS silence period is 20 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Sets the period during which a BSS is disabled. The value range is 10 to 300 seconds.

Usage guidelines

This command takes effect only when the intrusion protection action is temporary-service-stop.

If you change the BSS silence period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.

Examples

# Set the BSS silence period to 30 seconds for intrusion protection in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-service-stop

[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-service-stop 30

Related commands

·          client-security intrusion-protection action

·          client-security intrusion-protection enable

display wlan client-security block-mac

Use display wlan client-security block-mac to display blocked MAC address information for WLAN clients.

Syntax

display wlan client-security block-mac [ ap ap-name [ radio radio-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and minus signs (-). If you do not specify this option, the command displays information about all blocked MAC addresses.

radio radio-id: Specifies a radio by its ID. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays blocked MAC address information for all radios on the specified AP.

Usage guidelines

A MAC address that fails authentication is added to the blocked MAC address list when the intrusion protection action is temporary-block.

Examples

# Display information about all blocked MAC addresses.

<Sysname> display wlan client-security block-mac

MAC address         AP ID       RADIO ID     BSSID

0002-0002-0002      1           1            00ab-0de1-0001

000d-88f8-0577      1           1            0ef1-0001-02c1

 

Total entries: 2

Table 32 Command output

Field

Description

MAC address

Blocked MAC address, in the format of H-H-H.

AP ID

AP ID of the blocked MAC address.

RADIO ID

Radio ID of the blocked MAC address.

BSSID

BSS ID of the blocked MAC address, in the format of H-H-H.

Total entries

Number of blocked MAC addresses.

 

Related commands:

·          client-security intrusion-protection action

·          client-security intrusion-protection timer temporary-block

dot1x domain

Use dot1x domain to specify an authentication domain for 802.1X clients on a service template.

Use undo dot1x domain to restore the default.

Syntax

dot1x domain domain-name

undo dot1x domain

Default

No authentication domain is specified for 802.1X clients on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

802.1X chooses an authentication domain for WLAN clients in the following order:

1.        Authentication domain specified on the service template.

2.        Domain specified by username.

3.        Default authentication domain.

Examples

# Specify domain my-domain as the authentication domain for 802.1X clients in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x domain my-domain

dot1x eap

Use dot1x eap to specify an EAP mode for 802.1X authentication.

Use undo dot1x eap to restore the default.

Syntax

dot1x eap { extended | standard }

undo dot1x eap

Default

The EAP mode is standard.

Views

Service template view

Predefined user roles

network-admin

Parameters

extended: Specifies the extended EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the proprietary EAP protocol.

standard: Specifies the standard EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the standard EAP protocol.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When you configure this command, specify the extended keyword for iNode clients and the standard keyword for other clients.

This command is required only when an IMC server is used as the RADIUS server.

Examples

# Set the EAP mode for 802.1X authentication to extended in service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] dot1x eap extended

dot1x handshake enable

Use dot1x handshake enable to enable the 802.1X online user handshake feature.

Use undo dot1x handshake enable to disable the 802.1X online user handshake feature.

Syntax

dot1x handshake enable

undo dot1x handshake enable

Default

The 802.1X online user handshake feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

The online user handshake feature checks the connection status of online 802.1X clients by periodically sending handshake messages to the clients. The device sets a client to the offline state if it does not receive responses from the client after making the maximum handshake attempts within the handshake timer. To set the handshake timer, use the dot1x timer handshake-period command. To set the maximum handshake attempts, use the dot1x retry command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the online user handshake feature for 802.1X clients in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x handshake enable

Related commands

·          dot1x handshake secure enable

·          dot1x retry (Security Command Reference)

·          dot1x timer handshake-period (Security Command Reference)

dot1x handshake secure enable

Use dot1x handshake secure enable to enable the 802.1X online user handshake security feature.

Use undo dot1x handshake secure enable to disable the 802.1X online user handshake security feature.

Syntax

dot1x handshake secure enable

undo dot1x handshake secure enable

Default

The online user handshake security feature is disabled for 802.1X clients.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For the online user handshake security feature to take effect, you must enable online user handshake.

The online user handshake security feature protects only authenticated online 802.1X clients.

Examples

# Enable the online user handshake security feature for 802.1X clients in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x handshake enable

[Sysname-wlan-st-service1] dot1x handshake secure enable

Related commands

dot1x handshake enable

dot1x max-user

Use dot1x max-user to set the maximum number of concurrent 802.1X clients on a service template.

Use undo dot1x max-user to restore the default.

Syntax

dot1x max-user count

undo dot1x max-user

Default

A maximum of 4096 concurrent 802.1X clients are allowed on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

count: Sets the maximum number of concurrent 802.1X clients. The value range is 1 to 4096.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When the maximum number is reached, the service template denies subsequent 802.1X clients.

Examples

# Set the maximum number of concurrent 802.1X clients to 32 in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x max-user 500

dot1x re-authenticate enable

Use dot1x re-authenticate enable to enable the 802.1X periodic online user reauthentication feature on a service template.

Use undo dot1x re-authenticate enable to disable the feature on a service template.

Syntax

dot1x re-authenticate enable

undo dot1x re-authenticate enable

Default

The 802.1X periodic online user reauthentication feature is disabled on a service template.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Periodic reauthentication enables the device to periodically authenticate online 802.1X clients on a service template. This feature checks the connection status of online clients and updates the authorization attributes assigned by the server, such as the ACL, VLAN, and user profile.

You can use the dot1x timer reauth-period command to configure the interval for reauthentication.

The server-assigned session timeout timer (Session-Timeout attribute) and termination action (Termination-Action attribute) together can affect the periodic online user reauthentication feature. To display the server-assigned Session-Timeout and Termination-Action attributes, use the display dot1x connection command (see Security Command Reference).

·          If the termination action is Default (logoff), periodic online user reauthentication on the template takes effect only when the periodic reauthentication timer is shorter than the session timeout timer.

·          If the termination action is Radius-request, the periodic online user reauthentication configuration on the template does not take effect. The device reauthenticates the online 802.1X clients after the session timeout timer expires.

Examples

# Enable the 802.1X periodic online user reauthentication feature in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x re-authenticate enable

Related commands

dot1x timer (Security Command Reference)

mac-authentication domain

Use mac-authentication domain to specify an authentication domain for MAC authentication clients on a service template.

Use undo mac-authentication domain to restore the default.

Syntax

mac-authentication domain domain-name

undo mac-authentication domain

Default

No authentication domain is specified for MAC authentication clients on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

MAC authentication chooses an authentication domain for WLAN clients in the following order:

1.        Authentication domain specified on the service template.

2.        Global authentication domain specified in system view.

3.        Default authentication domain.

Examples

# Specify the domain my-domain as the authentication domain for MAC authentication clients in service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] mac-authentication domain my-domain

mac-authentication max-user

Use mac-authentication max-user to set the maximum number of concurrent MAC authentication clients on a service template.

Use undo mac-authentication max-user to restore the default.

Syntax

mac-authentication max-user count

undo mac-authentication max-user

Default

A maximum of 4096 concurrent MAC authentication clients are allowed on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

count: Sets the maximum number of concurrent MAC authentication clients. The value range for this argument is 1 to 4096.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When the maximum number is reached, the service template denies subsequent MAC authentication clients.

Examples

# Configure service template service1 to support a maximum of 32 concurrent MAC authentication clients.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] mac-authentication max-user 32

port-security oui

Use port-security oui to configure an OUI value for OUI authentication.

Use undo port-security oui to delete the OUI value with the specified OUI index.

Syntax

port-security oui index index-value mac-address oui-value

undo port-security oui index index-value

Default

No OUI values are configured.

Views

System view

Predefined user roles

network-admin

Parameters

index-value: Sets the OUI index in the range of 1 to 16.

oui-value: Specifies an OUI string, a 48-bit MAC address in the H-H-H format. The system uses only the 24 high-order bits as the OUI value.

Usage guidelines

You can configure a maximum of 16 OUI values.

An OUI, the first 24 binary bits of a MAC address, is assigned by IEEE to uniquely identify a device vendor. Use this command when you configure a device to allow wired packets from certain devices to pass authentication or allow their wireless packets to initiate authentication. For example, when a company allows only IP phones of vendor A in the Intranet, use this command to specify the OUI of vendor A.

The OUI values configured by using this command apply only when the authentication mode is oui-or-dot1x. A port in oui-or-dot1x mode permits frames from one 802.1X authenticated user and one user whose MAC address contains a specific OUI.

Examples

# Configure an OUI value of 000d2a, and set the index to 4.

<Sysname> system-view

[Sysname] port-security oui index 4 mac-address 000d-2a10-003

 


WIPS commands

ap-channel-change

Use ap-channel-change to configure channel change detection.

Use undo ap-channel-change to disable channel change detection.

Syntax

ap-channel-change [ quiet quiet-value ]

undo ap-channel-change

Default

Channel change detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a channel change. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a channel change within the quiet time.

Examples

# Enable channel change detection and set the quiet time to 5 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-channel-change quiet 5

ap-classification rule

Use ap-classification rule to create an AP classification rule and enter its view. If the AP classification rule already exists, the command enters AP classification rule view.

Use undo ap-classification rule to remove an AP classification rule.

Syntax

ap-classification rule rule-id

undo ap-classification rule rule-id

Default

No AP classification rule is created.

Views

WIPS view

Predefined user roles

network-admin

Parameters

rule-id: Specifies an AP classification rule by its ID in the range of 1 to 65535.

Examples

# Create AP classification rule 1 and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

ap-flood

Use ap-flood to configure AP flood attack detection.

Use undo ap-flood to disable AP flood attack detection.

Syntax

ap-flood [ apnum apnum-value | exceed exceed-value | quiet quiet-value ] *

undo ap-flood

Default

AP flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

apnum apnum-value: Specifies the AP number threshold in the range of 10 to 200. The default AP number threshold is 80.

exceed exceed-value: Specifies the maximum number of excessive APs allowed. The value range for the exceed-value argument is 10 to 200 and the default value is 80. If the number of APs exceeds the sum of the AP number threshold and the maximum number of excessive APs allowed, WIPS triggers an AP flood attack alarm.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP flood attack within the quiet time.

Examples

# Enable AP flood attack detection, and set the apnum-value, exceed-value, and quiet-value arguments to 50, 50, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-flood apnum 50 exceed 50 quiet 100

ap-impersonation

Use ap-impersonation to configure AP impersonation attack detection.

Use undo ap-impersonation to restore the default.

Syntax

ap-impersonation [ quiet quiet-value ]

undo ap-impersonation

Default

AP impersonation attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP impersonation attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP impersonation attack within the quiet time.

Examples

# Enable AP impersonation attack detection, and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-impersonation quiet 360

apply ap-classification rule

Use apply ap-classification rule to bind an AP classification rule to a classification policy.

Use undo apply ap-classification rule to restore the default.

Syntax

apply ap-classification rule rule-id { authorized-ap | { { external-ap | misconfigured-ap | rogue-ap } [ severity-level level ] } }

undo apply ap-classification rule rule-id

Default

No AP classification rule is bound to a classification policy.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

rule-id: Specifies an AP classification rule by its ID in the range of 1 to 65535.

authorized-ap: Specifies APs that match the AP classification rule as authorized APs.

external-ap: Specifies APs that match the AP classification rule as external APs.

misconfigured-ap: Specifies APs that match the AP classification rule as misconfigured APs.

rogue-ap: Specifies APs that match the AP classification rule as rogue APs.

level: Specifies a severity level for the AP that matches the AP classification rule, in the range of 1 to 100. The default severity level is 50.

Examples

# Bind AP classification rule 1 to the classification policy home, specify APs that match AP classification rule 1 as rogue APs, and set the severity level to 80.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] apply ap-classification rule 1 rogue-ap severity-level 80

Related commands

ap-classification rule

apply classification policy

Use apply classification policy to apply a classification policy to a virtual security domain (VSD).

Use undo apply classification policy to remove a classification policy from a VSD.

Syntax

apply classification policy policy-name

undo apply classification policy policy-name

Default

No classification policy is applied to a VSD.

Views

VSD view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a classification policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Apply the classification policy policy1 to the VSD home.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain home

[Sysname-wips-vsd-home] apply classification policy policy1

apply countermeasure policy

Use apply countermeasure policy to apply a countermeasure policy to a VSD.

Use undo apply countermeasure policy to remove a countermeasure policy from a VSD.

Syntax

apply countermeasure policy policy-name

undo apply countermeasure policy policy-name

Default

No countermeasure policy is applied to a VSD.

Views

VSD view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a countermeasure policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Apply the countermeasure policy policy2 to the VSD home.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain home

[Sysname-wips-vsd-home] apply countermeasure policy policy2

apply detect policy

Use apply detect policy to apply an attack detection policy to a VSD.

Use undo apply detect policy to remove an attack detection policy from a VSD.

Syntax

apply detect policy policy-name

undo apply detect policy policy-name

Default

No attack detection policy is applied to a VSD.

Views

VSD view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an attack detection policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Apply the attack detection policy policy2 to the VSD home.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain home

[Sysname-wips-vsd-home] apply detect policy policy2

apply signature policy

Use apply signature policy to apply a signature policy to a VSD.

Use undo apply signature policy to restore the default.

Syntax

apply signature policy policy-name

undo apply signature policy policy-name

Default

No signature policy is applied to a VSD.

Views

VSD view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a signature policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Apply the signature policy policy1 to the VSD home.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain home

[Sysname-wips-vsd-home] apply signature policy policy1

apply signature rule

Use apply signature rule to bind a signature to a signature policy.

Use undo apply signature rule to restore the default.

Syntax

apply signature rule rule-id

undo apply signature rule rule-id

Default

No signature is bound to a signature policy.

Views

Signature policy view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a signature by its ID in the range of 1 to 65535.

Examples

# Bind signature 1 to the signature policy office.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature policy office

[Sysname-wips-sig-office] apply signature rule 1

ap-rate-limit

Use ap-rate-limit to rate limit AP entry learning.

Use undo ap-rate-limit to restore the default.

Syntax

ap-rate-limit [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo ap-rate-limit

Default

The statistics collection interval for learned AP entries is 60 seconds, the quiet time is 1200 seconds, and the AP entry threshold is 64.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for learned AP entries, in the range of 1 to 3600 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP entry attack. The value range for the quiet-value argument is 1200 to 3600 seconds. WIPS does not trigger an alarm even if it detects an AP entry attack and stops learning new entries within the quiet time.

threshold threshold-value: Specifies the number of AP entries that triggers an AP entry attack alarm. The value range for the threshold-value argument is 1 to 4096.

Examples

# Rate limit AP entry learning.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-rate-limit interval 60 quiet 1600 threshold 100

ap-spoofing

Use ap-spoofing to enable AP spoofing attack detection.

Use undo ap-spoofing to disable AP spoofing attack detection.

Syntax

ap-spoofing [ quiet quiet-value ]

undo ap-spoofing

Default

AP spoofing attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP spoofing attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP spoofing attack within the quiet time.

Examples

# Enable AP spoofing attack detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-spoofing quiet 360

ap-timer

Use ap-timer to set the AP entry timer.

Use undo ap-timer to restore the default.

Syntax

ap-timer [ inactive inactive-value aging aging-value ]

undo ap-timer

Default

The inactive time is 300 seconds, and the aging time is 600 seconds.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

inactive inactive-value: Specifies the inactive time in the range of 60 to 1200 seconds. When an AP neither receives nor sends frames within the specified inactive time, WIPS sets the AP to inactive state.

aging aging-value: Specifies the aging time for an AP entry, in the range of 120 to 86400 seconds. When an AP neither receives nor sends frames within the specified aging time, WIPS deletes the entry. The aging time must be greater than the inactive time.

Examples

# Set the inactive time to 120 seconds, and set the aging time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-timer inactive 120 aging 360

association-table-overflow

Use association-table-overflow to configure association/reassociation DoS attack detection.

Use undo association-table-overflow to disable association/reassociation DoS attack detection.

Syntax

association-table-overflow [ quiet quiet-value ]

undo association-table-overflow

Default

Association/reassociation DoS attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an association/reassociation DoS attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an association/reassociation DoS attack within the quiet time.

Examples

# Enable association/reassociation DoS attack detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] association-table-overflow quiet 100

authentication

Use authentication to configure an AP classification rule to match the authentication mode of APs.

Use undo authentication to restore the default.

Syntax

authentication { equal | include } { 802.1x | none | other | psk }

undo authentication

Default

An AP classification rule does not match the authentication mode of APs.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

equal: Matches authentication modes equal to the specified authentication mode.

include: Matches authentication modes that include the specified authentication mode.

802.1x: Specifies the 802.1X authentication mode.

none: Specifies no authentication.

other: Specifies an authentication mode other than 802.1X and PSK.

psk: Specifies the PSK authentication mode.

Examples

# Configure AP classification rule 1 to match APs that use the PSK authentication mode.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] authentication equal psk

block mac-address

Use block mac-address to add the MAC address of an AP or client to the static prohibited device list.

Use undo block mac-address to remove one or all MAC addresses from the static prohibited device list.

Syntax

block mac-address mac-address

undo block mac-address { mac-address | all }

Default

No MAC address is added to the static prohibited device list.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

mac-address: Specifies an AP or client by its MAC address, in the H-H-H format.

all: Specifies all MAC addresses.

Examples

# Add the MAC address 78AC-C0AF-944F to the static prohibited device list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] block mac-address 78AC-C0AF-944F

classification policy

Use classification policy to create a classification policy and enter its view.

Use undo classification policy to remove a classification policy.

Syntax

classification policy policy-name

undo classification policy policy-name

Default

No classification policy is created.

Views

WIPS view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a classification policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Create the classification policy home and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home]

client-association fast-learn enable

Use client-association fast-learn enable to enable fast learning of client association entries.

Use undo client-association fast-learn enable to disable fast learning of client association entries.

Syntax

client-association fast-learn enable

undo client-association fast-learn enable

Default

Fast learning of client association entries is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Usage guidelines

Client association entries are entries saved on the AC after a client associates with an AP.

If this feature is not enabled, the sensor can learn the client association entries only after a client is associated with an AP successfully. After this feature is enabled, the sensor can learn the client association entries during the association process.

If the sensor learned the client association entries during the association process, the sensor will update the entries every time it detects an association request or response between the AP and the client.

This feature improves the association efficiency but reduces the association accuracy. As a best practice, enable this feature only when fast attack detection and countermeasures are required in the network.

Examples

# Enable fast learning of client association entries.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy 1

[Sysname-wips-dtc-1] client-association fast-learn enable

client-online

Use client-online to configure an AP classification rule to match the number of associated clients for APs.

Use undo client-online to restore the default.

Syntax

client-online value1 [ to value2 ]

undo client-online

Default

An AP classification rule does not match the number of associated clients for APs.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

value1 to value2: Specifies a value range for the number of associated clients for APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 128 for both the value1 and value2 arguments, and value2 must be greater than value1.

Examples

# Configure AP classification rule 1 to match APs that are associated with 20 to 40 clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] client-online 20 to 40

client-rate-limit

Use client-rate-limit to rate limit client entry learning.

Use undo client -rate-limit to restore the default.

Syntax

client-rate-limit [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo client-rate-limit

Default

The statistics collection interval for learned client entries is 60 seconds, the quiet time is 1200 seconds, and the client entry threshold is 512.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for learned client entries, in the range of 1 to 3600 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a client entry attack. The value range for the quiet-value argument is 1200 to 3600 seconds. WIPS does not trigger an alarm even if it detects a client entry attack and stops learning new entries within the quiet time.

threshold threshold-value: Specifies the number of client entries that triggers a client entry attack alarm. The value range for the threshold-value argument is 1 to 4096.

Examples

# Rate limit client entry learning.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] client-rate-limit interval 80 quiet 1600 threshold 100

client-spoofing

Use client-spoofing to enable client spoofing attack detection.

Use undo client-spoofing to disable client spoofing attack detection.

Syntax

client-spoofing [ quiet quiet-value ]

undo client-spoofing

Default

Client spoofing attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a client spoofing attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a client spoofing attack within the quiet time.

Examples

# Enable client spoofing attack detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] client-spoofing quiet 360

client-timer

Use client-timer to set the client entry timer.

Use undo client-timer to restore the default.

Syntax

client-timer inactive inactive-value aging aging-value

undo client-timer

Default

The inactive time is 300 seconds, and the aging time is 600 seconds.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

inactive inactive-value: Specifies the inactive time in the range of 60 to 1200 seconds. When a client neither receives nor sends frames within the specified inactive time, WIPS sets the client to inactive state.

aging aging-value: Specifies the aging time for a client entry, in the range of 120 to 86400 seconds. When a client neither receives nor sends frames within the specified aging time, WIPS deletes the entry. The aging time must be greater than the inactive time.

Examples

# Set the inactive time to 120 seconds, and set the aging time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] client-timer inactive 120 aging 360

countermeasure adhoc

Use countermeasure adhoc to enable WIPS to take countermeasures against Ad hoc devices.

Use undo countermeasure adhoc to restore the default.

Syntax

countermeasure adhoc

undo countermeasure adhoc

Default

WIPS does not take countermeasures against Ad hoc devices.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against Ad hoc devices.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure adhoc

countermeasure attack all

Use countermeasure attack all to enable WIPS to take countermeasures against all attackers.

Use undo countermeasure attack all to restore the default.

Syntax

countermeasure attack all

undo countermeasure attack all

Default

WIPS does not take countermeasures against all attackers.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against all attackers.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack all

countermeasure attack deauth-broadcast

Use countermeasure attack deauth-broadcast to enable WIPS to take countermeasures against devices that launch broadcast deauthentication attacks.

Use undo countermeasure deauth-broadcast to restore the default.

Syntax

countermeasure attack deauth-broadcast

undo countermeasure attack deauth-broadcast

Default

WIPS does not take countermeasures against devices that launch broadcast deauthentication attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch broadcast deauthentication attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack deauth-broadcast

countermeasure attack disassoc-broadcast

Use countermeasure attack disassoc-broadcast to enable WIPS to take countermeasures against devices that launch broadcast disassociation attacks.

Use undo countermeasure attack disassoc-broadcast to restore the default.

Syntax

countermeasure attack disassoc-broadcast

undo countermeasure attack disassoc-broadcast

Default

WIPS does not take countermeasures against devices that launch broadcast disassociation attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch broadcast disassociation attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack disassoc-broadcast

countermeasure attack honeypot-ap

Use countermeasure attack honeypot-ap to enable WIPS to take countermeasures against honeypot APs.

Use undo countermeasure attack honeypot-ap to restore the default.

Syntax

countermeasure attack honeypot-ap

undo countermeasure attack honeypot-ap

Default

WIPS does not take countermeasures against honeypot APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against honeypot APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack honeypot-ap

countermeasure attack hotspot-attack

Use countermeasure attack hotspot-attack to enable WIPS to take countermeasures against devices that launch hotspot attacks.

Use undo countermeasure attack hotspot-attack to restore the default.

Syntax

countermeasure attack hotspot-attack

undo countermeasure attack hotspot-attack

Default

WIPS does not take countermeasures against devices that launch hotspot attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch hotspot attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack hotspot-attack

countermeasure attack ht-40-mhz-intolerance

Use countermeasure attack ht-40-mhz-intolerance to enable WIPS to take countermeasures against devices with the 40 MHz bandwidth mode disabled.

Use undo countermeasure attack ht-40-mhz-intolerance to restore the default.

Syntax

countermeasure attack ht-40-mhz-intolerance

undo countermeasure attack ht-40-mhz-intolerance

Default

WIPS does not take countermeasures against devices with the 40 MHz bandwidth mode disabled.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices with the 40 MHz bandwidth mode disabled.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack ht-40-mhz-intolerance

countermeasure attack malformed-packet

Use countermeasure attack malformed-packet to enable WIPS to take countermeasures against devices that send malformed packets.

Use undo countermeasure attack malformed-packet to restore the default.

Syntax

countermeasure attack malformed-packet

undo countermeasure attack malformed-packet

Default

WIPS does not take countermeasures against devices that send malformed packets.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that send malformed packets.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack malformed-packet

countermeasure attack man-in-the-middle

Use countermeasure attack man-in-the-middle to enable WIPS to take countermeasures against devices that launch MITM attacks.

Use undo countermeasure attack man-in-the-middle to restore the default.

Syntax

countermeasure attack man-in-the-middle

undo countermeasure attack man-in-the-middle

Default

WIPS does not take countermeasures against devices that launch MITM attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch MITM attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack man-in-the-middle

countermeasure attack omerta

Use countermeasure attack omerta to enable WIPS to take countermeasures against devices that launch Omerta attacks.

Use undo countermeasure attack omerta to restore the default.

Syntax

countermeasure attack omerta

undo countermeasure attack omerta

Default

WIPS does not take countermeasures against devices that launch Omerta attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch Omerta attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack omerta

countermeasure attack power-save

Use countermeasure attack power-save to enable WIPS to take countermeasures against devices that launch power save attacks.

Use undo countermeasure attack power-save to restore the default.

Syntax

countermeasure attack power-save

undo countermeasure attack power-save

Default

WIPS does not take countermeasures against devices that launch power save attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch power save attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack power-save

countermeasure attack soft-ap

Use countermeasure attack soft-ap to enable WIPS to take countermeasures against soft APs.

Use undo countermeasure attack soft-ap to restore the default.

Syntax

countermeasure attack soft-ap

undo countermeasure attack soft-ap

Default

WIPS does not take countermeasures against soft APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against soft APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack soft-ap

countermeasure attack unencrypted-trust-client

Use countermeasure attack unencrypted-trust-client to enable WIPS to take countermeasures against unencrypted authorized clients.

Use undo countermeasure attack unencrypted-trust-client to restore the default.

Syntax

countermeasure attack unencrypted-trust-client

undo countermeasure attack unencrypted-trust-client

Default

WIPS does not take countermeasures against unencrypted authorized clients.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against unencrypted authorized clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack unencrypted-trust-client

countermeasure attack weak-iv

Use countermeasure attack weak-iv to enable WIPS to take countermeasures against devices that use weak IVs

Use undo countermeasure  weak-iv to restore the default.

Syntax

countermeasure attack weak-iv

undo countermeasure attack weak-iv

Default

WIPS does not take countermeasures against devices that use weak IVs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that use weak IVs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack weak-iv

countermeasure attack windows-bridge

Use countermeasure attack windows-bridge to enable WIPS to take countermeasures against devices that launch Windows bridge attacks.

Use undo countermeasure attack windows-bridge to restore the default.

Syntax

countermeasure attack windows-bridge

undo countermeasure attack windows-bridge

Default

WIPS does not take countermeasures against devices that launch Windows bridge attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch Windows bridge attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack windows-bridge

countermeasure external-ap

Use countermeasure external-ap to enable WIPS to take countermeasures against external APs.

Use undo countermeasure external-ap to restore the default.

Syntax

countermeasure external-ap

undo countermeasure external-ap

Default

WIPS does not take countermeasures against external APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against external APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure external-ap

countermeasure mac-address

Use countermeasure mac-address to enable WIPS to take countermeasures against the device with the specified MAC address.

Use undo countermeasure mac-address to remove the configuration.

Syntax

countermeasure mac-address mac-address

undo countermeasure mac-address { mac-address | all }

Default

WIPS does not take countermeasures against detected devices.

Views

Countermeasure policy view

Predefined user roles

network-admin

Parameters

mac-address: Specifies an AP or a client by its MAC address in the H-H-H format.

all: Specifies all APs and clients.

Usage guidelines

You can configure this command multiple times to enable WIPS to take countermeasures against multiple devices.

Examples

# Enable WIPS to take countermeasures against the device with the MAC address 2a11-1fa1-141f.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure mac-address 2a11-1fa1-141f

countermeasure misassociation-client

Use countermeasure misassociation-client to enable WIPS to take countermeasures against misassociated clients.

Use undo countermeasure misassociation-client to restore the default.

Syntax

countermeasure misassociation-client

undo countermeasure misassociation-client

Default

WIPS does not take countermeasures against misassociated clients.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against misassociated clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure misassociation-client

countermeasure misconfigured-ap

Use countermeasure misconfigured-ap to enable WIPS to take countermeasures against misconfigured APs.

Use undo countermeasure misconfigured-ap to restore the default.

Syntax

countermeasure misconfigured-ap

undo countermeasure misconfigured-ap

Default

WIPS does not take countermeasures against misconfigured APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against misconfigured APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure misconfigured-ap

countermeasure policy

Use countermeasure policy to create a countermeasure policy and enter its view.

Use undo countermeasure policy to remove a countermeasure policy.

Syntax

countermeasure policy policy-name

undo countermeasure policy policy-name

Default

No countermeasure policy is created.

Views

WIPS view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a countermeasure policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Create the countermeasure policy home and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home]

countermeasure potential-authorized-ap

Use countermeasure potential-authorized-ap to enable WIPS to take countermeasures against potential-authorized APs.

Use undo countermeasure potential-authorized-ap to restore the default.

Syntax

countermeasure potential-authorized-ap

undo countermeasure potential-authorized-ap

Default

WIPS does not take countermeasures against potential-authorized APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against potential-authorized APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure potential-authorized-ap

countermeasure potential-external-ap

Use countermeasure potential-external-ap to enable WIPS to take countermeasures against potential-external APs.

Use undo countermeasure potential-external-ap to restore the default.

Syntax

countermeasure potential-external-ap

undo countermeasure potential-external-ap

Default

WIPS does not take countermeasures against potential-external APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against potential-external APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure potential-external-ap

countermeasure potential-rogue-ap

Use countermeasure potential-rogue-ap to enable WIPS to take countermeasures against potential-rogue APs.

Use undo countermeasure potential-rogue-ap to restore the default.

Syntax

countermeasure potential-rogue-ap

undo countermeasure potential-rogue-ap

Default

WIPS does not take countermeasures against potential-rogue APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against potential-rogue APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure potential-rogue-ap

countermeasure rogue-ap

Use countermeasure rogue-ap to enable WIPS to take countermeasures against rogue APs.

Use undo countermeasure rogue-ap to restore the default.

Syntax

countermeasure rogue-ap

undo countermeasure rogue-ap

Default

WIPS does not take countermeasures against rogue APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against rogue APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure rogue-ap

countermeasure unauthorized-client

Use countermeasure unauthorized-client to enable WIPS to take countermeasures against unauthorized clients.

Use undo countermeasure unauthorized-client to restore the default.

Syntax

countermeasure unauthorized-client

undo countermeasure unauthorized-client

Default

WIPS does not take countermeasures against unauthorized clients.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against unauthorized clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure unauthorized-client

countermeasure uncategorized-ap

Use countermeasure uncategorized-ap to enable WIPS to take countermeasures against uncategorized APs.

Use undo countermeasure uncategorized-ap to restore the default.

Syntax

countermeasure uncategorized-ap

undo countermeasure uncategorized-ap

Default

WIPS does not take countermeasures against uncategorized APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against uncategorized APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure uncategorized-ap

countermeasure uncategorized-client

Use countermeasure uncategorized-client to enable WIPS to take countermeasures against uncategorized clients.

Use undo countermeasure uncategorized-client to restore the default.

Syntax

countermeasure uncategorized-client

undo countermeasure uncategorized-client

Default

WIPS does not take countermeasures against uncategorized clients.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against uncategorized clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure uncategorized-client

deauthentication-broadcast

Use deauthentication-broadcast to configure broadcast deauthentication attack detection.

Use undo deauthentication-broadcast to disable broadcast deauthentication attack detection.

Syntax

deauthentication-broadcast [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo deauthentication-broadcast

Default

Broadcast deauthentication attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for broadcast deauthentication frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a broadcast deauthentication attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a broadcast deauthentication attack within the quiet time.

threshold threshold-value: Specifies the number of broadcast deauthentication frames that triggers a broadcast deauthentication attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable broadcast deauthentication attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] deauthentication-broadcast interval 100 threshold 100 quiet 360

detect dissociate-client enable

Use detect dissociate-client enable to enable WIPS to detect unassociated clients.

Use undo detect dissociate-client enable to disable WIPS from detecting unassociated clients.

Syntax

detect dissociate-client enable

undo detect dissociate-client enable

Default

WIPS does not detect unassociated clients.

Views

Attack detection policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to detect unassociated clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] detect dissociate-client enable

detect policy

Use detect policy to create an attack detection policy and enter its view.

Use undo detect policy to remove an attack detection policy.

Syntax

detect policy policy-name

undo detect policy policy-name

Default

No attack detection policy is created.

Views

WIPS view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an attack detection policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Create the attack detection policy home and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home]

detect signature

Use detect signature to enable user-defined attack detection based on signatures.

Use undo detect signature to disable user-defined attack detection based on signatures.

Syntax

detect signature [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo detect

Default

User-defined attack detection based on signatures is enabled.

Views

Signature policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for packets that match a signature. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a user-defined attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a user-defined attack within the quiet time.

threshold threshold-value: Specifies the number of packets matching a signature that triggers a user-defined attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable WIPS to detect packets that match a signature, and set the interval-value, threshold-value, and quiet-value arguments to 60, 100, and 360, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature policy home

[Sysname-wips-sig-home] detect signature interval 60 threshold 100 quiet 360

disassociation-broadcast

Use disassociation-broadcast to configure broadcast disassociation attack detection.

Use undo disassociation-broadcast to disable broadcast disassociation attack detection.

Syntax

disassociation-broadcast [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo disassociation-broadcast

Default

Broadcast disassociation attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for broadcast disassociation frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a broadcast disassociation attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a broadcast disassociation attack within the quiet time.

threshold threshold-value: Specifies the number of broadcast disassociation frames that triggers a broadcast disassociation attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable broadcast disassociation attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] disassociation-broadcast interval 100 threshold 100 quiet 360

discovered-ap

Use discovered-ap to configure an AP classification rule to match the number of sensors that detect an AP.

Use undo discovered-ap to restore the default.

Syntax

discovered-ap value1 [ to value2 ]

undo discovered-ap

Default

An AP classification rule does not match the number of sensors that detect an AP.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

value1 to value2: Specifies a value range for the number of sensors that detect an AP. The value 1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 1 to 128 for both the value1 and value2 arguments, and value2 must be greater than value1.

Examples

# Configure AP classification rule 1 to match APs that are detected by 10 to 128 sensors.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] discovered-ap 10 to 128

display wips sensor

Use display wips sensor to display information about all sensors.

Syntax

display wips sensor

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all sensors.

<Sysname> display wips sensor

Total number of sensors: 1

Sensor ID    Sensor name                VSD name               Radio ID   Status

3            ap1                        aaa                    1          Active

Table 33 Command output

Field

Description

VSD name

Name of the VSD to which the AP belongs.

Radio ID

ID of the radio enabled with WIPS.

Status

Status of the sensor:

·         ActiveThe sensor is enabled with WIPS.

·         InactiveThe sensor is not enabled with WIPS.

 

display wips statistics

Use display wips statistics to display attack detection information collected from sensors.

Syntax

display wips statistics [ receive | virtual-security-domain vsd-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

receive: Displays attack detection statistics information that the AC receives from sensors in all VSDs.

virtual-security-domain vsd-name: Displays attack detection statistics information that the AC receives from sensors in the specified VSD.

Examples

# Display attack detection information collected from sensors in all VSDs.

<Sysname> display wips statistics receive

Information from sensor 3

 Information about attack statistics:

   Detected association-request flood messages: 0

   Detected authentication flood messages: 0

   Detected beacon flood messages: 0

   Detected block-ack flood messages: 0

   Detected cts flood messages: 0

   Detected deauthentication flood messages: 0

   Detected disassociation flood messages: 0

   Detected eapol-start flood messages: 0

   Detected null-data flood messages: 0

   Detected probe-request flood messages: 0

   Detected reassociation-request flood messages: 0

   Detected rts flood messages: 0

   Detected eapol-logoff flood messages: 0

   Detected eap-failure flood messages: 0

   Detected eap-success flood messages: 0

   Detected duplicated-ie messages: 0

   Detected fata-jack messages: 0

   Detected illegal-ibss-ess messages: 0

   Detected invalid-address-combination messages: 0

   Detected invalid-assoc-req messages: 0

   Detected invalid-auth messages: 0

   Detected invalid-deauth-code messages: 0

   Detected invalid-disassoc-code messages: 0

   Detected invalid-ht-ie messages: 0

   Detected invalid-ie-length messages: 0

   Detected invalid-pkt-length messages: 0

   Detected large-duration messages: 0

   Detected null-probe-resp messages: 0

   Detected overflow-eapol-key messages: 0

   Detected overflow-ssid messages: 0

   Detected redundant-ie messages: 0

   Detected AP spoof AP messages: 0

   Detected AP spoof client messages: 0

   Detected AP spoof ad-hoc messages: 0

   Detected ad-hoc spoof AP messages: 0

   Detected client spoof AP messages: 0

   Detected weak IV messages: 0

   Detected excess AP messages: 0

   Detected excess client messages: 0

   Detected signature rule messages: 0

   Detected 40MHZ messages: 0

   Detected power save messages: 0

   Detected omerta messages: 0

   Detected windows bridge messages: 0

   Detected soft AP messages: 0

   Detected broadcast disassoc messages: 2

   Detected broadcast deauth messages: 0

   Detected AP impersonate messages: 0

   Detected HT greenfield messages: 0

   Detected association table overflow messages: 0

   Detected wireless bridge messages: 0

   Detected AP flood messages: 11

Table 34 Command output

Field

Description

Information from sensor n

Information collected from sensor n, where n represents the ID of the sensor.

Detected association-request flood messages

Number of detected messages for association request flood attacks.

Detected authentication flood messages

Number of detected messages for authentication request flood attacks.

Detected beacon flood messages

Number of detected messages for beacon flood attacks.

Detected block-ack flood messages

Number of detected messages for Block Ack flood attacks.

Detected cts flood messages

Number of detected messages for CTS flood attacks.

Detected deauthentication flood messages

Number of detected messages for deauthentication flood attacks.

Detected disassociation flood messages

Number of detected messages for disassociation flood attacks.

Detected eapol-start flood messages

Number of detected messages for EAPOL-start flood attacks.

Detected null-data flood messages

Number of detected messages for null data flood attacks.

Detected probe-request flood messages

Number of detected messages for probe request flood attacks.

Detected reassociation-request flood messages

Number of detected messages for reassociation request flood attacks.

Detected rts flood messages

Number of detected messages for RTS flood attacks.

Detected eapol-logoff flood messages

Number of detected messages for EAPOL-logoff flood attacks.

Detected eap-failure flood messages

Number of detected messages for EAP-failure flood attacks.

Detected eap-success flood messages

Number of detected messages for EAP-success flood attacks.

Detected duplicated-ie messages

Number of detected messages for malformed packets with duplicated IE.

Detected fata-jack messages

Number of detected messages for FATA-Jack malformed packets.

Detected illegal-ibss-ess messages

Number of detected messages for malformed packets with abnormal IBSS and ESS setting.

Detected invalid-address-combination messages

Number of detected messages for malformed packets with invalid source address.

Detected invalid-assoc-req messages

Number of detected messages for malformed association request frames.

Detected invalid-auth messages

Number of detected messages for malformed authentication request frames.

Detected invalid-deauth-code messages

Number of detected messages for malformed packets with invalid deauthentication code.

Detected invalid-disassoc-code messages

Number of detected messages for malformed packets with invalid disassociation code.

Detected invalid-ht-ie messages

Number of detected messages for malformed packets with malformed HT IE.

Detected invalid-ie-length messages

Number of detected messages for malformed packets with invalid IE length.

Detected invalid-pkt-length messages

Number of detected messages for malformed packets with invalid packet length.

Detected large-duration messages

Number of detected messages for malformed packets with oversized duration.

Detected null-probe-resp messages

Number of detected messages for malformed probe response frames.

Detected overflow-eapol-key messages

Number of detected messages for malformed packets with oversized EAPOL key.

Detected overflow-ssid messages

Number of detected messages for malformed packets with oversized SSID.

Detected redundant-ie messages

Number of detected messages for malformed packets with redundant IE.

Detected AP spoof AP messages

Number of detected messages for AP spoofing (AP spoofs AP) attacks.

Detected AP spoof client messages

Number of detected messages for client spoofing (AP spoofs client) attacks.

Detected AP spoof ad-hoc messages

Number of detected messages for Ad hoc spoofing (AP spoofs Ad hoc) attacks.

Detected ad-hoc spoof AP messages

Number of detected messages for AP spoofing (Ad hoc spoofs AP) attacks.

Detected client spoof AP messages

Number of detected messages for AP spoofing (client spoofs AP) attacks.

Detected weak IV messages

Number of detected messages for weak IVs.

Detected excess AP messages

Number of detected messages for AP entry attacks.

Detected excess client messages

Number of detected messages for client entry attacks.

Detected 40MHZ messages

Number of detected messages for clients disabled with the 40 MHz bandwidth mode.

Detected power save messages

Number of detected messages for power saving attacks.

Detected omerta messages

Number of detected messages for Omerta attacks.

Detected windows bridge messages

Number of detected messages for Windows bridge.

Detected soft AP messages

Number of detected messages for soft APs.

Detected broadcast disassoc messages

Number of detected messages for broadcast disassociation attacks.

Detected broadcast deauth messages

Number of detected messages for broadcast deauthentication attacks.

Detected AP impersonate messages

Number of detected messages for AP impersonation attacks.

Detected HT greenfield messages:

Number of detected messages for HT greenfield APs.

Detected association table overflow messages

Number of detected messages for association/reassociation DoS attacks.

Detected wireless bridge messages

Number of detected messages for wireless bridge.

Detected AP flood messages

Number of detected messages for AP flood attacks.

 

# Display attack detection information collected from sensors in the specified VSD.

<Sysname> display wips statistics virtual-security-domain 111

Information from VSD 111

Information about attack statistics:

   Detected hotspot attack messages: 1

   Detected unencrypted authorized AP messages: 0

   Detected unencrypted trust client messages: 0

   Detected honeypot AP messages: 1

   Detected man in the middle messages: 1

   Detected AP channel change messages: 0

Table 35 Command output

Field

Description

Detected hotspot attack messages

Number of detected messages for hotspot attacks.

Detected unencrypted authorized AP messages

Number of detected messages for unencrypted authorized APs.

Detected unencrypted trust client messages

Number of detected messages for unencrypted authorized clients.

Detected honeypot AP messages

Number of detected messages for honeypot APs.

Detected man in the middle messages

Number of detected messages for MITM attacks.

Detected AP channel change messages

Number of detected messages for channel changes.

 

Related commands

reset wips statistics

display wips virtual-security-domain countermeasure record

Use display wips virtual-security-domain countermeasure record to display information about countermeasures that WIPS has taken against rogue devices.

Syntax

display wips virtual-security-domain vsd-name countermeasure record

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Display information about countermeasures that WIPS has taken against rogue devices for the VSD office.

<Sysname> display wips virtual-security-domain office countermeasure record

Total 3 times countermeasure, current 3 countermeasure record in virtual-security-domain office

 

Reason: Attack; Ass - associated; Black - blacklist;

        Class - classification; Manu - manual;

 

MAC address    Type   Reason   Countermeasure AP     Radio ID   Time

1000-0000-00e3 AP     Manu     ap1                    1          2016-05-03/09:32:01

1000-0000-00e4 AP     Manu     ap2                    1          2016-05-03/09:32:11

2000-0000-f282 Client Black    ap3                    1          2016-05-03/09:31:56

Table 36 Command output

Field

Description

Total 3 times countermeasure, current 3 countermeasure record in virtual-security-domain office

Number of successful countermeasures. This field can display up to 1024 countermeasure records.

MAC Address

MAC address of the wireless device against which WIPS has taken countermeasures.

Type

Type of the wireless device: AP or Client.

Reason

Reason why WIPS takes countermeasures against the wireless device:

·         Attack—WIPS takes countermeasures against the device because it is an attacker.

·         Ass—WIPS takes countermeasures against the device because WIPS has taken countermeasures against its associated AP.

·         Black—After WIPS takes countermeasures against the client, the client is added to the blacklist when it associates with an AP.

·         Class—WIPS takes countermeasures against the device based on its device type.

·         Manu—WIPS takes countermeasures against the device based on its MAC address.

Countermeasure AP

Name of the sensor that takes countermeasures against the wireless device.

Radio ID

Radio ID of the sensor that takes countermeasures against the wireless device.

Time

Time when the AC informs the sensor of taking countermeasures against the wireless device.

 

Related commands

reset wips virtual-security-domain countermeasure record

display wips virtual-security-domain device

Use display wips virtual-security-domain device to display information about wireless devices detected in a VSD.

Syntax

display wips virtual-security-domain vsd-name device [ ap [ ad-hoc | authorized | external | misconfigured | potential-authorized | potential-external | potential-rogue | rogue ] | client [ [ dissociative-client ] | [ authorized | misassociation | unauthorized | uncategorized ] ] | mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

device: Displays wireless device information.

ap: Displays AP information.

ad-hoc: Displays information about APs operating in Ad hoc mode.

authorized: Displays information about authorized APs.

external: Displays information about external APs.

misconfigured: Displays information about misconfigured APs.

potential-authorized: Displays information about potential-authorized APs.

potential-external: Displays information about potential-external APs.

potential-rogue: Displays information about potential-rogue APs.

rogue: Displays information about rogue APs.

client: Displays client information.

dissociative-client: Displays unassociated client information.

authorized: Displays information about authorized clients.

misassociation: Displays information about misassociated clients.

unauthorized: Displays information about unauthorized clients.

uncategorized: Displays information about uncategorized clients.

mac-address mac-address: Displays information about a specific wireless device. The mac-address argument represents the MAC address of the wireless device and is in the H-H-H format.

verbose: Displays detailed device information.

Examples

# Display information about wireless devices detected in the VSD office.

<Sysname> display wips virtual-security-domain office device

Total 200 detected devices in virtual-security-domain office

 

Class: Auth - authorization; Ext - external; Mis - mistake;

       Unauth - unauthorized; Uncate - uncategorized;

       (A) - associate; (C) - config; (P) - potential

 

MAC address    Type   Class    Duration    Sensors Channel Status

1000-0000-0000 AP     Ext(P)   00h 10m 46s 1       11      Active

1000-0000-0001 AP     Ext(P)   00h 10m 46s 1       6       Active

1000-0000-0002 AP     Ext(P)   00h 10m 46s 1       1       Active

Table 37 Command output

Field

Description

Type

Wireless device type: AP, Client, or Mesh.

Class

Category of the wireless device.

Duration

Duration since the wireless device entered the current state.

Sensors

Number of sensors that have detected the wireless device.

Channel

Channel on which the wireless device was most recently detected.

Status

Status of the AP or client:

·         Active—The AP or client is active.

·         Inactive—The AP or client is inactive.

 

# Display detailed information about wireless devices detected in the VSD a.

<Sysname> display wips virtual-security-domain a device verbose

Total 2 detected devices in virtual-security-domain a

 

 AP: 1000-0000-0000

   Mesh Neighbor: None

   Classification: Mis(C)

   Severity level: 0

   Classify way: Auto

   Status: Active

   Status duration: 00h 27m 57s

   Vendor: Not found

   SSID: service

   Radio type: 802.11g

   Countermeasuring: No

   Security: None

   Encryption method: None

   Authentication method: None

   Broadcast SSID: Yes

   QoS supported: No

   Ad-hoc: No

   Beacon interval: 100 TU

   Up duration: 00h 27m 57s

Channel band-width supported: 20MHZ

   Hotspot AP: No

   Soft AP: No

   Honeypot AP: No

   Total number of reported sensors: 1

     Sensor 1:

       Sensor ID: 3

       Sensor name: 1

       Radio ID: 1

       RSSI: 15

       Channel: 149

       First reported time: 2014-06-03/09:05:51

       Last reported time: 2014-06-03/09:05:51

   Total number of associated clients: 1

     01: 2000-0000-0000

Client: 2000-0000-0000

  Last reported associated AP: 1000-0000-0000

  Classification: Uncate

  Severity level: 0

  Classify way: Auto

  Dissociative status: No

  Status: Active

  Status duration: 00h 00m 02s

  Vendor: Not found

  Radio type: 802.11a

  40mhz intolerance: No

  Countermeasuring: No

  Man in the middle: No

  Total number of reported sensors: 1

     Sensor 1:

       Sensor ID: 2

       Sensor name: 1

       Radio ID: 1

       RSSI: 50

       Channel: 149

       First reported time: 2014-06-03/14:52:56

       Last reported time: 2014-06-03/14:52:56

       Reported associated AP: 1000-0000-0000

Table 38 Command output

Field

Description

AP

MAC address of the AP.

Mesh Neighbor

MAC address of the mesh AP's neighbor.

Client

MAC address of the client.

Last reported associated AP

MAC address of the associated AP that the client most recently reports.

Classification

Category of the AP or client:

·         AP category options include the following:

?  ad_hoc

?  authorized

?  rogue

?  misconfigured

?  external

?  potential-authorized

?  potential-rogue

?  potential-external

?  uncategorized

·         Client category options include the following:

?  authorized

?  unauthorized

?  misassociated

?  uncategorized

Severity level

Severity level of the device.

Classify way

AP or client classification method:

·         Manual—Manual classification.

·         Invalid OUI—Added to the invalid OUI list.

·         Block List—Added to the prohibited device list.

·         Associated—APs that are connected to the AC.

·         Trust List—Added to the permitted device list.

·         User Define—User-defined classification.

·         AutoAutomatic classification.

Dissociative status

Whether the client is an unassociated client.

Status

Status of the AP or client:

·         Active—The AP or client is active.

·         Inactive—The AP or client is inactive.

Status duration

Duration since the wireless device entered the current state.

Vendor

OUI of the device. This field displays the device OUI if the OUI matches an imported OUI. This field displays Not found if no OUI is configured for the device or the OUI does not match any imported OUIs.

SSID

SSID of the wireless service provided by the AP.

Radio Type

Radio mode of the wireless device.

40mhz intolerance

Whether the client supports 40 MHz bandwidth mode.

Countermeasuring

Whether WIPS is taking countermeasures against the wireless device:

·         No

·         Yes

Man in the middle

Whether an MITM attack is detected.

Security

Security method. Options include the following:

·         None

·         WEP

·         WPA

·         WPA2

Encryption method

Data encryption method. Options include the following:

·         TKIP

·         CCMP

·         WEP

·         None

Authentication method

Authentication method. Options include the following:

·         None

·         PSK

·         802.1X

·         Others—Authentication methods except for PSK authentication and 802.1X authentication.

Broadcast SSID

Whether the AP broadcasts the SSID. This field displays nothing if the AP does not broadcast the SSID.

QoS supported

Whether the wireless device supports QoS.

Ad-hoc

Whether the wireless device is in Ad hoc mode.

Beacon interval

Beacon interval in TU. One TU is equal to 1024 milliseconds.

Channel band-width supported

Supported channel bandwidth mode:

·         20/40/80MHZ

·         20/40MHZ

·         20MHZ

Hotspot AP

Whether the AP is a hotspot attack AP.

Soft AP

Whether the AP is a soft AP.

Honeypot AP

Whether the AP is a honeypot AP.

Sensor n

Sensor that detected the wireless device. n represents the ID assigned by the system.

Channel

Channel on which the sensor most recently detected the wireless device.

First reported time

Time when the sensor first detected the wireless device.

Last reported time

Time when the sensor most recently detected the wireless device.

n: H-H-H

MAC address of the client associated with the AP. n represents the number assigned by the system.

Reported associated AP

MAC address of the associated AP that the sensor reports.

 

Related commands

reset wips virtual-security-domain device

display wlan nat-detect

Use display wlan nat-detect to display information about clients with NAT configured.

Syntax

display wlan nat-detect [ mac-address mac-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all detected NAT-configured clients.

Examples

# Display information about all detected NAT-configured clients.

<Sysname> display wlan nat-detect

Total 1 detected clients with NAT configured

 

MAC address    Last report         First report         Duration

0a98-2044-0000 2015-08-24/11:05:23 2015-08-24/10:05:23  01h 15m 00s

Table 39 Command output

Field

Description

Total number detected clients with NAT configured

Number of detected NAT-configured clients.

MAC address

MAC address of the detected client.

Last report

Time when the client was most recently detected.

First report

Time when the client was detected for the first time.

Duration

Duration since the client is configured with NAT.

 

Related commands

reset wlan nat-detect

flood association-request

Use flood association-request to configure association request flood attack detection.

Use undo flood association-request to restore the default.

Syntax

flood association-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood association-request

Default

Association request flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for association request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an association request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an association request flood attack within the quiet time.

threshold threshold-value: Specifies the number of association request frames that triggers an association request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable association request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood association-request interval 100 threshold 100 quiet 360

flood authentication

Use flood authentication to configure authentication request flood attack detection.

Use undo flood authentication to restore the default.

Syntax

flood authentication [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood authentication

Default

Authentication request flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for authentication request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an authentication request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an authentication request flood attack within the quiet time.

threshold threshold-value: Specifies the number of authentication request frames that triggers an authentication request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable authentication request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood authentication interval 100 threshold 100 quiet 360

flood beacon

Use flood beacon to configure beacon flood attack detection.

Use undo flood beacon to restore the default.

Syntax

flood beacon [ interval interval-value | quiet quiet-value | threshold threshold-value] *

undo flood beacon

Default

Beacon flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for beacon frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a beacon flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a beacon flood attack within the quiet time.

threshold threshold-value: Specifies the number of beacon frames that triggers a beacon flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable beacon flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood beacon interval 100 threshold 100 quiet 360

flood block-ack

Use flood block-ack to configure Block Ack flood attack detection.

Use undo flood block-ack to restore the default.

Syntax

flood block-ack [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood block-ack

Default

Block Ack flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for Block Ack frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a Block Ack flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a Block Ack flood attack within the quiet time.

threshold threshold-value: Specifies the number of Block Ack frames that triggers a Block Ack flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable Block Ack flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood block-ack interval 100 threshold 100 quiet 360

flood cts

Use flood cts to configure CTS flood attack detection.

Use undo flood cts to restore the default.

Syntax

flood cts [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood cts

Default

CTS flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for CTS frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a CTS flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a CTS flood attack within the quiet time.

threshold threshold-value: Specifies the number of CTS frames that triggers a CTS flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable CTS flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood cts interval 100 threshold 100 quiet 360

flood deauthentication

Use flood deauthentication to configure deauthentication flood attack detection.

Use undo flood deauthentication to restore the default.

Syntax

flood deauthentication [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood deauthentication

Default

Deauthentication flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for deauthentication frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a deauthentication flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a deauthentication flood attack within the quiet time.

threshold threshold-value: Specifies the number of deauthentication frames that triggers a deauthentication flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable deauthentication flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood deauthentication interval 100 threshold 100 quiet 360

flood disassociation

Use flood disassociation to configure disassociation flood attack detection.

Use undo flood disassociation to restore the default.

Syntax

flood disassociation [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood disassociation

Default

Disassociation flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for disassociation frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a disassociation flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a disassociation flood attack within the quiet time.

threshold threshold-value: Specifies the number of disassociation frames that triggers a disassociation flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable disassociation flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood disassociation interval 100 threshold 100 quiet 360

flood eap-failure

Use flood eap-failure to configure EAP-failure flood attack detection.

Use undo flood eap-failure to restore the default.

Syntax

flood eap-failure [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood eap-failure

Default

EAP-failure flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for EAP-failure frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAP-failure flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAP-failure flood attack within the quiet time.

threshold threshold-value: Specifies the number of EAP-failure frames that triggers an EAP-failure flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable EAP-failure flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood eap-failure interval 100 threshold 100 quiet 360

flood eapol-logoff

Use flood eapol-logoff to configure EAPOL-logoff flood attack detection.

Use undo flood eapol-logoff to restore the default.

Syntax

flood eapol-logoff [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood eapol-logoff

Default

EAPOL-logoff flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for EAPOL-logoff frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAPOL-logoff flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAPOL-logoff flood attack within the quiet time.

threshold threshold-value: Specifies the number of EAPOL-logoff frames that triggers an EAPOL-logoff flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable EAPOL-logoff flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood eapol-logoff interval 100 threshold 100 quiet 360

flood eapol-start

Use flood eapol-start to configure EAPOL-start flood attack detection.

Use undo flood eapol-start to restore the default.

Syntax

flood eapol-start [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood eapol-start

Default

EAPOL-start flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for EAPOL-start frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAPOL-start flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAPOL-start flood attack within the quiet time.

threshold threshold-value: Specifies the number of EAPOL-start frames that triggers an EAPOL-start flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable EAPOL-start flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood eapol-start interval 100 threshold 100 quiet 360

flood eap-success

Use flood eap-success to configure EAP-success flood attack detection.

Use undo flood eap-success to restore the default.

Syntax

flood eap-success [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood eap-success

Default

EAP-success flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for EAP-success frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAP-success flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAP-success flood attack within the quiet time.

threshold threshold-value: Specifies the number of EAP-success frames that triggers an EAP-success flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable EAP-success flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood eap-success interval 100 threshold 100 quiet 360

flood null-data

Use flood null-data to configure null data flood attack detection.

Use undo flood null-data to restore the default.

Syntax

flood null-data [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood null-data

Default

Null data flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for null data frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a null data flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a null data flood attack within the quiet time.

threshold threshold-value: Specifies the number of null data frames that triggers a null data flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable null data flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood null-data interval 100 threshold 100 quiet 360

flood probe-request

Use flood probe-request to configure probe request flood attack detection.

Use undo flood probe-request to restore the default.

Syntax

flood probe-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood probe-request

Default

Probe request flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for probe request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a probe request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a probe request flood attack within the quiet time.

threshold threshold-value: Specifies the number of probe request frames that triggers a probe request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable probe request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood probe-request interval 100 threshold 100 quiet 360

flood reassociation-request

Use flood reassociation-request to configure reassociation request flood attack detection.

Use undo flood reassociation-request to restore the default.

Syntax

flood reassociation-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood reassociation-request

Default

Reassociation request flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for reassociation request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a reassociation request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a reassociation request flood attack within the quiet time.

threshold threshold-value: Specifies the number of reassociation request frames that triggers a reassociation request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable reassociation request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood reassociation-request interval 100 threshold 100 quiet 360

flood rts

Use flood rts to configure RTS flood attack detection.

Use undo flood rts to restore the default.

Syntax

flood rts [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood rts

Default

RTS flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for RTS frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an RTS flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an RTS flood attack within the quiet time.

threshold threshold-value: Specifies the number of RTS frames that triggers an RTS flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable RTS flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood rts interval 100 threshold 100 quiet 360

frame-type

Use frame-type to configure a subsignature to match the frame type of a frame.

Use undo frame-type to restore the default.

Syntax

frame-type { control | data | management [ frame-subtype { association-request | association-response | authentication | beacon | deauthentication | disassociation | probe-request } ] }

undo frame-type

Default

No subsignature is configured to match the frame type of a frame.

Views

Signature view

Predefined user roles

network-admin

Parameters

control: Matches control frames.

data: Matches data frames.

management: Matches management frames.

frame-subtype: Specifies a frame subtype.

association-request: Matches association request frames.

association-response: Matches association response frames.

authentication: Matches authentication frames.

beacon: Matches beacon frames.

deauthentication: Matches deauthentication frames.

disassociation: Matches disassociation frames.

probe-request: Matches probe request frames.

Examples

# Configure a subsignature to match data frames for signature 1.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[wips-sig-rule-1] frame-type data

honeypot-ap

Use honeypot-ap to configure honeypot AP detection.

Use undo honeypot-ap to disable honeypot AP detection.

Syntax

honeypot-ap [ similarity similarity-value | quiet quiet-value ] *

undo honeypot-ap

Default

Honeypot AP detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

similarity similarity-value: Specifies the similarity threshold that triggers a honeypot AP alarm, in the range of 70 to 100 in percentage. The default value is 80%. An AP is determined as a honeypot AP if the similarity between the SSID of the AP and the SSID of a legitimate AP reaches the threshold.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a honeypot AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a honeypot AP within the quiet time.

Examples

# Enable honeypot AP detection, and set the similarity threshold and quiet time to 90% and 10 seconds, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] honeypot-ap similarity 90 quiet 10

hotspot-attack

Use hotspot-attack to configure hotspot attack detection.

Use undo hotspot-attack to disable hotspot attack detection.

Syntax

hotspot-attack [ quiet quiet-value ]

undo hotspot-attack

Default

Hotspot attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a hotspot attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a hotspot attack within the quiet time.

Examples

# Enable hotspot attack detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] hotspot-attack quiet 100

ht-40mhz-intolerance

Use ht-40mhz-intolerance to configure detection on clients with the 40 MHz bandwidth mode disabled.

Use undo ht-40mhz-intolerance to disable detection on clients with the 40 MHz bandwidth mode disabled.

Syntax

ht-40mhz-intolerance [ quiet quiet-value ]

undo ht-40mhz-intolerance

Default

Detection on clients with the 40 MHz bandwidth mode disabled is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a client with the 40 MHz bandwidth mode disabled. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a client with the 40 MHz bandwidth mode disabled within the quiet time.

Examples

# Enable detection on clients with the 40 MHz bandwidth mode disabled and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ht-40mhz-intolerance quiet 100

ht-greenfield

Use ht-greenfield to configure HT-greenfield AP detection.

Use undo ht-greenfield to disable HT-greenfield AP detection.

Syntax

ht-greenfield [ quiet quiet-value ]

undo ht-greenfield

Default

HT-greenfield AP detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an HT-greenfield AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an HT-greenfield AP within the quiet time.

Examples

# Enable HT-greenfield AP detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ht-greenfield quiet 100

ignorelist

Use ignorelist to add a MAC address to the alarm-ignored device list.

Use undo ignorelist to remove a specific or all MAC addresses from the alarm-ignored device list.

Syntax

ignorelist mac-address mac-address

undo ignorelist mac-address { mac-address | all }

Default

No MAC address is added to the alarm-ignored device list.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in the H-H-H format.

all: Specifies all MAC addresses in the alarm-ignored device list.

Usage guidelines

For wireless devices in the alarm-ignored device list, WIPS only monitors them but does not generate any alarms.

Examples

# Add the MAC address 2a11-1fa1-1311 to the alarm-ignored device list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ignorelist mac-address 2a11-1fa1-1311

import hotspot

Use import hotspot to import hotspots from a configuration file.

Use undo import hotspot to remove the configuration.

Syntax

import hotspot file-name

undo import hotspot

Default

No hotspot is imported.

Views

WIPS view

Predefined user roles

network-admin

Parameters

file-name: Specifies a configuration file by its name, a case-insensitive string of 1 to 255 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).

Usage guidelines

You can import hotspots from only one configuration file.

Examples

# Import hotspots from the configuration file hotspot_cfg.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] import hotspot hotspot_cfg

import oui

Use import oui to import OUIs from a configuration file.

Use undo import oui to cancel the configuration.

Syntax

import oui file-name

undo import oui

Default

No OUI is imported.

Views

WIPS view

Predefined user roles

network-admin

Parameters

oui: Specifies a configuration file by its name, a case-insensitive string of 1 to 255 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).

Usage guidelines

You can download the configuration file from the IEEE website.

You can import OUIs from only one configuration file.

Examples

# Import OUIs from the configuration file oui_import_cfg.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] import oui oui_import_cfg

Related commands

invalid-oui-classify illegal

invalid-oui-classify illegal

Use invalid-oui-classify illegal to configure WIPS to classify devices with invalid OUIs as rogue devices.

Use undo invalid-oui-classify to restore the default.

Syntax

invalid-oui-classify illegal

undo invalid-oui-classify

Default

WIPS does not classify devices with invalid OUIs as rogue devices.

Views

Classification policy view

Predefined user roles

network-admin

Examples

# Configure WIPS to classify devices with invalid OUIs as rogue devices.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] invalid-oui-classify illegal

Related commands

import oui

mac-address

Use mac-address to configure a subsignature to match the MAC address of a frame.

Use undo mac-address to restore the default.

Syntax

mac-address { bssid | destination | source } mac-address

undo mac-address

Default

No subsignature is configured to match the MAC address of a frame.

Views

Signature view

Predefined user roles

network-admin

Parameters

bssid: Matches the specified BSSID.

destination: Matches the specified destination MAC address.

source: Matches the specified source MAC address.

mac-address: Specifies a MAC address in the H-H-H format.

Examples

# Configure a subsignature to match frames with the source MAC address 000f-e201-0101 for signature 1.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[Sysname-wips-sig-rule-1] mac-address source 000f-e201-0101

malformed duplicated-ie

Use malformed duplicated-ie to enable WIPS to detect malformed packets with duplicated IE.

Use undo malformed duplicated-ie to restore the default.

Syntax

malformed duplicated-ie [ quiet quiet-value ]

undo malformed duplicated-ie

Default

WIPS does not detect malformed packets with duplicated IE.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a duplicated IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a duplicated IE within the quiet time.

Usage guidelines

This function is applicable to all management frames. WIPS considers a packet malformed if the packet has an duplicate IE. This detection is not applicable to vendor-defined IEs.

Examples

# Enable WIPS to detect malformed packets with duplicated IE and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed duplicated-ie quiet 360

malformed fata-jack

Use malformed fata-jack to enable WIPS to detect FATA-Jack malformed packets.

Use undo malformed fata-jack to restore the default.

Syntax

malformed fata-jack [ quiet quiet-value ]

undo malformed fata-jack

Default

WIPS does not detect FATA-Jack malformed packets.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a FATA-Jack malformed packet. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a FATA-Jack malformed packet within the quiet time.

Usage guidelines

This function is applicable to authentication frames. WIPS considers an authentication frame malformed if the value of the authentication algorithm number is 2.

Examples

# Enable WIPS to detect FATA-Jack malformed packets and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed fata-jack quiet 360

malformed illegal-ibss-ess

Use malformed illegal-ibss-ess to enable WIPS to detect malformed packets with abnormal IBSS and ESS setting.

Use undo malformed illegal-ibss-ess to restore the default.

Syntax

malformed illegal-ibss-ess [ quiet quiet-value ]

undo malformed illegal-ibss-ess

Default

WIPS does not detect malformed packets with abnormal IBSS and ESS setting.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an abnormal IBSS and ESS setting. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an abnormal IBSS and ESS setting within the quiet time.

Usage guidelines

This function is applicable to beacon frames and probe response frames. WIPS considers a frame malformed if both IBSS and ESS are set to 1 in the frame.

Examples

# Enable WIPS to detect malformed packets with abnormal IBSS and ESS setting and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed illegal-ibss-ess quiet 360

malformed invalid-address-combination

Use malformed invalid-address-combination to enable WIPS to detect malformed packets with invalid source address.

Use undo malformed invalid-address-combination to restore the default.

Syntax

malformed invalid-address-combination [ quiet quiet-value ]

undo malformed invalid-address-combination

Default

WIPS does not detect malformed packets with invalid source address.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid source address. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid source address within the quiet time.

Usage guidelines

This function is applicable to all management frames. WIPS considers a frame malformed in the following situations:

·          The TO DS of the frame is 1, indicating that the frame is sent to the AP by a client.

·          The source MAC address of the frame is a multicast or broadcast address.

Examples

# Enable WIPS to detect malformed packets with invalid source address and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-address-combination quiet 360

malformed invalid-assoc-req

Use malformed invalid-assoc-req to enable WIPS to detect malformed association request frames.

Use undo malformed invalid-assoc-req to restore the default.

Syntax

malformed invalid-assoc-req [ quiet quiet-value ]

undo malformed invalid-assoc-req

Default

WIPS does not detect malformed association request frames.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed association request frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed association request frame within the quiet time.

Usage guidelines

This function is applicable to association request frames. WIPS considers a frame malformed if the SSID length in the frame is 0.

Examples

# Enable WIPS to detect malformed association request frames and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-assoc-req quiet 360

malformed invalid-auth

Use malformed invalid-auth to enable WIPS to detect malformed authentication request frames.

Use undo malformed invalid-auth to restore the default.

Syntax

malformed invalid-auth [ quiet quiet-value ]

undo malformed invalid-auth

Default

WIPS does not detect malformed authentication request frames.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed authentication request frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed authentication request frame within the quiet time.

Usage guidelines

This function is applicable to authentication request frames. WIPS considers a frame malformed in the following situations:

·          The authentication algorithm number does not conform to the 802.11 protocol and is larger than 3.

·          The authentication transaction sequence number, indicating the authentication process between the client and the AP, is 1 and the status code is not 0.

·          The authentication transaction sequence number is larger than 4.

Examples

# Enable WIPS to detect malformed authentication request frames and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-auth quiet 360

malformed invalid-deauth-code

Use malformed invalid-deauth-code to enable WIPS to detect malformed packets with invalid deauthentication code.

Use undo malformed invalid-deauth-code to restore the default.

Syntax

malformed invalid-deauth-code [ quiet quiet-value ]

undo malformed invalid-deauth-code

Default

WIPS does not detect malformed packets with invalid deauthentication code.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid deauthentication code. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid deauthentication code within the quiet time.

Usage guidelines

This function is applicable to deauthentication frames. WIPS considers a frame malformed if the reason code in the frame is 0 or in the range of 67 to 65535.

Examples

# Enable WIPS to detect malformed packets with invalid deauthentication code and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-deauth-code quiet 360

malformed invalid-disassoc-code

Use malformed invalid-disassoc-code to enable WIPS to detect malformed packets with invalid disassociation code.

Use undo malformed invalid-disassoc-code to restore the default.

Syntax

malformed invalid-disassoc-code [ quiet quiet-value ]

undo malformed invalid-disassoc-code

Default

WIPS does not detect malformed packets with invalid disassociation code.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid disassociation code. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid disassociation code within the quiet time.

Usage guidelines

This function is applicable to disassociation frames. WIPS considers a frame malformed if the reason code in the frame is 0 or in the range of 67 to 65535.

Examples

# Enable WIPS to detect malformed packets with invalid disassociation code and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-disassoc-code quiet 360

malformed invalid-ht-ie

Use malformed invalid-ht-ie to enable WIPS to detect malformed packets with malformed HT IE.

Use undo malformed invalid-ht-ie to restore the default.

Syntax

malformed invalid-ht-ie [ quiet quiet-value ]

undo malformed invalid-ht-ie

Default

WIPS does not detect malformed packets with malformed HT IE.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed HT IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed HT IE within the quiet time.

Usage guidelines

This function is applicable to beacon, probe response, association response, and reassociation response frames. WIPS considers a frame malformed in the following situations:

·          The SM power save value of the HT capabilities IE is 2.

·          The secondary channel offset value of the HT operation IE is 2.

Examples

# Enable WIPS to detect malformed packets with malformed HT IE and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-ht-ie quiet 360

malformed invalid-ie-length

Use malformed invalid-ie-length to enable WIPS to detect malformed packets with invalid IE length.

Use undo malformed invalid-ie-length to restore the default.

Syntax

malformed invalid-ie-length [ quiet quiet-value ]

undo malformed invalid-ie-length

Default

WIPS does not detect malformed packets with invalid IE length.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid IE length. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid IE length within the quiet time.

Usage guidelines

This function is applicable to all management frames. WIPS considers a frame malformed if the length of an IE in the frame does not conform to the 802.11 protocol.

Examples

# Enable WIPS to detect malformed packets with invalid IE length and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-ie-length quiet 360

malformed invalid-pkt-length

Use malformed invalid-pkt-length to enable WIPS to detect malformed packets with invalid packet length.

Use undo malformed invalid-pkt-length to restore the default.

Syntax

malformed invalid-pkt-length [ quiet quiet-value ]

undo malformed invalid-pkt-length

Default

WIPS does not detect malformed packets with invalid packet length.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid packet length. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid packet length within the quiet time.

Usage guidelines

This function is applicable to all management frames. WIPS considers a frame malformed if the remaining length of the IE is not zero after the packet payload is resolved.

Examples

# Enable WIPS to detect malformed packets with invalid packet length and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-pkt-length quiet 360

malformed large-duration

Use malformed large-duration to enable WIPS to detect malformed packets with oversized duration.

Use undo malformed large-duration to restore the default.

Syntax

malformed large-duration [ quiet quiet-value | threshold value ]

undo malformed large-duration

Default

WIPS does not detect malformed packets with oversized duration.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized duration. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized duration within the quiet time.

threshold value: Specifies the duration size that triggers WIPS to determine an oversized duration and trigger an alarm. The value range for the value argument is 1 to 32767 and the default value is 5000.

Usage guidelines

This function is applicable to unicast management frames, unicast data frames, RTS, CTS, and ACK frames. WIPS considers a frame malformed if the duration value in the frame is larger than the specified threshold.

Examples

# Enable WIPS to detect malformed packets with oversized duration and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed large-duration quiet 360

malformed null-probe-resp

Use malformed null-probe-resp to enable WIPS to detect malformed probe response frames.

Use undo malformed null-probe-resp to restore the default.

Syntax

malformed null-probe-resp [ quiet quiet-value ]

undo malformed null-probe-resp

Default

WIPS does not detect malformed probe response frames.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed probe response frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed probe response frame within the quiet time.

Usage guidelines

This function is applicable to probe response frames. WIPS considers a frame malformed if the frame is not a mesh frame and its SSID length is 0, the packet is determined as a malformed packet.

Examples

# Enable WIPS to detect malformed probe response frames and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed null-probe-resp quiet 360

malformed overflow-eapol-key

Use malformed overflow-eapol-key to enable WIPS to detect malformed packets with oversized EAPOL key.

Use undo malformed overflow-eapol-key to restore the default.

Syntax

malformed overflow-eapol-key [ quiet quiet-value ]

undo malformed overflow-eapol-key

Default

WIPS does not detect malformed packets with oversized EAPOL key.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized EAPOL key. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized EAPOL key within the quiet time.

Usage guidelines

This function is applicable to EAPOL-Key frames. WIPS considers a frame malformed if the TO DS is 1 and the key length is larger than 0 in the frame. A malicious EAPOL-Key frame might result in DOS attacks.

Examples

# Enable WIPS to detect malformed packets with oversized EAPOL key and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed overflow-eapol-key quiet 360

malformed overflow-ssid

Use malformed overflow-ssid to enable WIPS to detect malformed packets with oversized SSID.

Use undo malformed overflow-ssid to restore the default.

Syntax

malformed overflow-ssid [ quiet quiet-value ]

undo malformed overflow-ssid

Default

WIPS does not detect malformed packets with oversized SSID.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized SSID. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized SSID within the quiet time.

Usage guidelines

This function is applicable to beacon, probe request, probe response, and association request frames. WIPS considers a frame malformed if the SSID length in the frame is larger than 32, which does not conform to the 802.11 protocol.

Examples

# Enable WIPS to detect malformed packets with oversized SSID and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed overflow-ssid quiet 360

malformed redundant-ie

Use malformed redundant-ie to enable WIPS to detect malformed packets with redundant IE.

Use undo malformed redundant-ie to restore the default.

Syntax

malformed redundant-ie [ quiet quiet-value ]

undo malformed redundant-ie

Default

WIPS does not detect malformed packets with redundant IE.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a redundant IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a redundant IE within the quiet time.

Usage guidelines

This function is applicable to all management frames.  WIPS considers a frame malformed if an IE in the frame is neither a necessary IE to the frame nor a reserved IE.

Examples

# Enable WIPS to detect malformed packets with redundant IE and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed redundant-ie quiet 360

man-in-the-middle

Use man-in-the-middle to configure man-in-the-middle (MITM) attack detection.

Use undo man-in-the-middle to disable MITM attack detection.

Syntax

man-in-the-middle [ quiet quiet-value ]

undo man-in-the-middle

Default

MITM attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an MITM attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an MITM attack within the quiet time.

Usage guidelines

Enable honeypot AP detection before you enable MITM attack detection.

Examples

# Enable MITM attack detection.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] honeypot-ap

[Sysname-wips-dtc-home] man-in-the-middle

manual-classify mac-address

Use manual-classify mac-address to specify a category for an AP.

Use undo manual-classify mac-address to restore the default.

Syntax

manual-classify mac-address mac-address { authorized-ap | external-ap | misconfigured-ap | rogue-ap }

undo manual-classify mac-address { mac-address | all }

Default

No category is specified for an AP.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

mac-address: Specifies an AP by its MAC address, in the H-H-H format.

authorized-ap: Specifies the AP as an authorized AP.

external-ap: Specifies the AP as an external AP.

misconfigured-ap: Specifies the AP as a misconfigured AP.

rogue-ap: Specifies the AP as a rogue AP.

all: Specifies all APs.

Examples

# Specify the AP whose MAC address is 000f-00e2-0001 as an authorized AP.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] manual-classify mac-address 000f-00e2-0001 authorized-ap

omerta

Use omerta to configure Omerta attack detection.

Use undo omerta to disable Omerta attack detection.

Syntax

omerta [ quiet quiet-value ]

undo omerta

Default

Omerta attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an Omerta attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an Omerta attack within the quiet time.

Examples

# Enable Omerta attack detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] omerta quiet 100

oui

Use oui to configure an AP classification rule to match the OUI information of APs.

Use undo oui to restore the default.

Syntax

oui oui-info

undo oui

Default

An AP classification rule does not match the OUI information of APs.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

oui-info: Specifies the OUI information in the XXXXXX format, a case-insensitive hexadecimal string.

Examples

# Configure AP classification rule 1 to match APs with the OUI 000fe4.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] oui 000fe4

pattern

Use pattern to configure a subsignature to match the specified bits of a frame.

Use undo pattern to restore the default.

Syntax

pattern pattern-number offset offset-value mask mask value1 [ to value2 ] [ from-payload ]

undo pattern { pattern-number | all }

Default

No subsignature is configured to match the specified bits of a frame.

Views

Signature view

Predefined user roles

network-admin

Parameters

pattern-number: Specifies a subsignature that matches the specified bits of a frame by its number in the range of 0 to 65535.

offset offset-value: Specifies the offset from the specified bit to the reference bit. The value range for the offset-value argument is 0 to 2346 bits. The reference bit can be the first bit of the frame head (default) or the frame payload.

mask mask: Specifies a two-byte mask that is used for the AND operation with the specified bits. The mask is in hexadecimal format and the value range for the mask is 0 to ffff.

value1 [ to value2 ]: Specifies a value range for the specified bits. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 65535 for both the value1 and value2 arguments, and value2 cannot be smaller than value1.

from-payload: Specifies the first bit of the frame payload as the reference bit. If you do not specify this keyword, the first bit of the frame head is the reference bit.

Examples

# Configure a subsignature to match the second and third bits from the frame head of a frame. If the values of the second and third bytes of a frame are within the range of 0x0015 to 0x0020, the frame matches the subsignature.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[Sysname-wips-sig-rule-1] pattern 1 offset 8 mask ffff 15 to 20

permit-channel

Use permit-channel to add one or multiple channels to the permitted channel list.

Use undo permit-channel to remove the specified or all channels from the permitted channel list.

Syntax

permit-channel channel-id-list

undo permit-channel { channel-id-list | all }

Default

No channel is added to the permitted channel list.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

channel-id-list: Specifies a space-separated list of up to 10 permitted channel items. Each item specifies a channel number or a range of channel numbers in the form of value1 to value2. The value range for channel numbers is 1 to 224. The value for the value2 argument must be equal to or greater than the value for the value1 argument.

all: Specifies all permitted channels.

Usage guidelines

To prevent WIPS from taking all channels as prohibited channels, use this command to configure a permitted channel list before you configure prohibited channel detection.

Examples

# Add channel 1 to the permitted channel list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] permit-channel 1

Related commands

prohibited-channel

power-save

Use power-save to configure power saving attack detection.

Use undo power-save to disable power saving attack detection.

Syntax

power-save [ interval interval-value | minoffpacket packet-value | onoffpercent percent-value | quiet quiet-value ] *

undo power-save

Default

Power saving attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for power save frames. The value range for the interval-value argument is 1 to 3600 seconds, and the default value is 10 seconds.

minoffpacket packet-value: Specifies the threshold for the number of power save off frames that triggers power save attack analysis. If the number of off frames from a client reaches the threshold, WIPS analyzes the power save frames to determine whether a power save attack occurs. The value range for the argument is 10 to 150, and the default is 50.

onoffpercent percent-value: Specifies the threshold for the ratio between the power save on frames and off frames from a client. WIPS triggers an alarm for a power save attack when the threshold is reached. The value range for this argument is 0 to 100, and the default is 80.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a power saving attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a power saving attack within the quiet time.

Examples

# Enable power saving attack detection, and set the interval-value, packet-value, percent-value, and quiet-value arguments to 20, 20, 90, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] power-save interval 20 minoffpacket 20 onoffpercent 90 quiet 100

prohibited-channel

Use prohibited-channel to configure prohibited channel detection.

Use undo prohibited-channel to disable prohibited channel detection.

Syntax

prohibited-channel [ quiet quiet-value ]

undo prohibited-channel

Default

Prohibited channel detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a prohibited channel. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a prohibited channel within the quiet time.

Usage guidelines

To prevent WIPS from taking all channels as prohibited channels, use the permit-channel command to configure a permitted channel list before you configure prohibited channel detection.

Examples

# Enable prohibited channel detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] prohibited-channel quiet 100

Related commands

permit-channel

report-interval

Use report-interval to set the interval at which APs report information about detected devices.

Use undo report-interval to restore the default.

Syntax

report-interval interval

undo report-interval

Default

APs report information about detected devices every 30000 milliseconds.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which APs report information about detected devices, in the range of 1000 to 300000 milliseconds.

Examples

# Set the interval at which APs report information about detected devices to 10000 milliseconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] report-interval 10000

reset wips statistics

Use reset wips statistics to clear information collected from all sensors.

Syntax

reset wips statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear information collected from all sensors.

<Sysname> reset wips statistics

Related commands

display wips statistics receive

reset wips virtual-security-domain

Use reset wips virtual-security-domain to clear the learned AP or client entries in a VSD.

Syntax

reset wips virtual-security-domain vsd-name device { ap { all | mac-address mac-address } | client { all | mac-address mac-address } | all }

Views

User view

Predefined user roles

network-admin

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

device: Clears device entries.

ap: Clears AP entries.

all: Clears entries for all APs.

mac-address mac-address: Clears the entries for an AP. The mac-address argument represents the MAC address of the AP.

client: Clears client entries.

all: Clears entries for all clients.

mac-address mac-address: Clears the entries for a client. The mac-address argument represents the MAC address of the client

all: Clears entries for all APs and clients.

Examples

# Clear the learned AP and client entries in the VSD aaa.

<Sysname> reset wips virtual-security-domain aaa device all

Related commands

display wips virtual-security-domain device

reset wips virtual-security-domain countermeasure record

Use reset wips virtual-security-domain countermeasure record to clear information about countermeasures that WIPS has taken against rogue devices.

Syntax

reset wips virtual-security-domain vsd-name countermeasure record

Views

User view

Predefined user roles

network-admin

Parameters

vsd-name: Specify a VSD by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Clear information about countermeasures that WIPS has taken against rogue devices for the VSD aaa.

<Sysname> reset wips virtual-security-domain aaa countermeasure record

Related commands

display wips virtual-security-domain countermeasure record

reset wlan nat-detect

Use reset wlan nat-detect to clear information about clients with NAT configured.

Syntax

reset wlan nat-detect

Views

User view

Predefined user roles

network-admin

network-operator

Examples

# Clear information about clients with NAT configured.

<Sysname> reset wlan nat-detect

Related commands

display wlan nat-detect

rssi

Use rssi to configure an AP classification rule to match the RSSI of APs.

Use undo rssi to restore the default.

Syntax

rssi value1 [ to value2 ]

undo rssi

Default

An AP classification rule does not match the RSSI of APs.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

value1 [ to value2 ]: Specifies a value range for the RSSI of APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 100 for both the value1 and value2 arguments, and value2 cannot be smaller than value1.

Examples

# Configure AP classification rule 1 to match APs with an RSSI of 20 to 40.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] rssi 20 to 40

rssi-change-threshold

Use rssi-change-threshold to set the RSSI difference threshold for wireless device detection.

Use undo rssi-change-threshold to restore the default.

Syntax

rssi-change-threshold threshold-value

undo rssi-change-threshold

Default

The RSSI difference threshold is 20.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

threshold-value: Specifies the RSSI difference threshold for wireless device detection, in the range of 1 to 100.

Examples

# Set the RSSI difference threshold to 80 for wireless device detection.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] rssi-change-threshold 80

rssi-threshold

Use rssi-threshold to set the RSSI threshold for client or AP detection.

Use undo rssi-threshold to restore the default.

Syntax

rssi-threshold { ap ap-rssi-value | client client-rssi-value }

undo rssi-threshold { ap | client }

Default

The RSSI thresholds for client and AP detection are not set.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

ap ap-rssi-value: Specifies the RSSI threshold for AP detection, in the range of 1 to 100.

client client-rssi-value: Specifies the RSSI threshold for client detection, in the range of 1 to 100.

Examples

# Configure WIPS to ignore APs with an RSSI lower than 80.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] rssi-threshold ap 80

security

Use security to configure an AP classification rule to match the security mode used by APs.

Use undo security to restore the default.

Syntax

security { equal | include } { clear | wep | wpa | wpa2 }

undo security

Default

No AP classification rule is configured to match the security mode used by APs.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

equal: Matches security modes equal to the specified security mode.

include: Matches security modes that include the specified security mode.

clear: Specifies the clear security mode.

wep: Specifies the WEP security mode.

wpa: Specifies the WPA security mode.

wpa2: Specifies the WPA2 security mode.

Examples

# Configure AP classification rule 1 to match APs that use the WEP security mode.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] security equal wep

select sensor all

Use select sensor all to enable all sensors that detect an attacker to take countermeasures against the attacker.

Use undo select sensor all to remove the configuration.

Syntax

select sensor all

undo select sensor all

Default

Only the sensor that most recently detects the attacker takes countermeasures against the attacker.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable all sensors that detect an attacker to take countermeasures against the attacker.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-ctm-home] select sensor all

seq-number

Use seq-number to configure a subsignature to match the sequence number of a frame.

Use undo seq-number to restore the default.

Syntax

seq-number seq-value1 [ to seq-value2 ]

undo seq-number

Default

No subsignature is configured to match the sequence number of a frame.

Views

Signature view

Predefined user roles

network-admin

Parameters

seq-value1 [ to seq-value2 ]: Specifies a value range for the sequence number of a frame. The seq-value1 and seq-value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 4095 for both the seq-value1 and seq-value2 arguments, and seq-value2 cannot be smaller than seq-value1.

Examples

# Configure a subsignature to match frames with the sequence number 100.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[wips-sig-rule-1] seq-number 100

signature policy

Use signature policy to create a signature policy and enter its view. If the specified signature policy already exists, this command enters signature policy view.

Use undo signature policy to remove a signature policy.

Syntax

signature policy policy-name

undo signature policy policy-name

Default

No signature policy is created.

Views

WIPS view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a signature policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Create a signature policy named home and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature policy home

signature rule

Use signature rule to create a signature and enter its view. If the specified signature already exists, the command enters signature view.

Use undo signature rule to remove a signature.

Syntax

signature rule rule-id

undo signature rule rule-id

Default

No signature is created.

Views

WIPS view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a signature by its ID in the range of 1 to 65535.

Examples

# Create signature 1 and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

soft-ap

Use soft-ap to configure soft AP detection.

Use undo soft-ap to disable soft AP detection.

Syntax

soft-ap [ convert-time time-value ]

undo soft-ap

Default

Soft AP detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

convert-time time-value: Specifies the interval at which a soft AP switches between its role of client and AP. The value range for the time-value argument is 5 to 600 seconds, and the default is 10 seconds.

Examples

# Enable soft AP detection and set the time-value argument to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] soft-ap convert-time 100

ssid (AP classification rule view)

Use ssid to configure an AP classification rule to match the SSID of the wireless service for APs.

Use undo ssid to restore the default.

Syntax

ssid [ case-sensitive ] [ not ] { equal | include } ssid-string

undo ssid

Default

An AP classification rule does not match the SSID of the wireless service for APs.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

case-sensitive: Concerns the case of the SSID.

not: Matches SSIDs that are not equal to or do not include the specified SSID.

equal: Matches SSIDs equal to the specified SSID.

include: Matches SSIDs that include the specified SSID.

ssid-string: Specifies an SSID, a case-sensitive string of 1 to 32 characters.

Examples

# Configure AP classification rule 1 to match APs using wireless services with the SSID abc.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] ssid equal abc

ssid (signature view)

Use ssid to configure a subsignature to match the SSID of a frame.

Use undo ssid to restore the default.

Syntax

ssid [ case-sensitive ] [ not ] { equal | include } string

undo ssid

Default

No subsignature is configured to match the SSID of a frame.

Views

Signature view

Predefined user roles

network-admin

Parameters

case-sensitive: Concerns the case of the SSID.

not: Matches SSIDs that are not equal to or do not include the specified SSID.

equal: Matches SSIDs equal to the specified SSID.

include: Matches SSIDs that include the specified SSID.

string: Specifies an SSID, a case-sensitive string of 1 to 32 characters.

Examples

# Configure a subsignature to match frames with the SSID office for signature 1.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[Sysname-wips-sig-rule-1] ssid equal office

ssid-length

Use ssid-length to configure a subsignature to match the SSID length in a frame.

Use undo ssid-length to restore the default.

Syntax

ssid-length length-value1 [ to length-value2 ]

undo ssid-length

Default

No subsignature is configured to match the SSID length in a frame.

Views

Signature rule

Predefined user roles

network-admin

Parameters

length-value1 [ to length-value2 ]: Specifies the value range for the SSID length. The length-value1 and length-value2 arguments specify the start value and end value for the value range, respectively. The value range is 1 to 32 for both the length-value1 and length-value2 arguments, and length-value2 cannot be smaller than length-value1.

Examples

# Configure a subsignature to match frames in which the SSID length is 10.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[Sysname-wips-sig-1] ssid-length 10

trust mac-address

Use trust mac-address to add the MAC address of an AP or client to the permitted device list.

Use undo trust mac-address to remove one or all MAC addresses from the permitted device list.

Syntax

trust mac-address mac-address

undo trust mac-address { mac-address | all }

Default

No MAC address is added to the permitted device list.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address.

all: Specifies all MAC addresses.

Examples

# Add the MAC address 78AC-C0AF-944F to the permitted device list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] trust mac-address 78AC-C0AF-944F

trust oui

Use trust oui to add an OUI to the trusted OUI list.

Use undo trust oui to remove one or all OUIs from the trusted OUI list.

Syntax

trust oui oui

undo trust oui { oui | all }

Default

No OUI is added to the trusted OUI list.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

oui: Specifies an OUI by its name, a case-insensitive string of 6 characters.

all: Specifies all OUIs.

Examples

# Add the OUIs 000fe4 and 000fe5 to the trusted OUI list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] trust oui 000fe4

[Sysname-wips-cls-home] trust oui 000fe5

trust ssid

Use trust ssid to add an SSID to the trusted SSID list.

Use undo trust ssid to remove one or all SSIDs from the trusted SSID list.

Syntax

trust ssid ssid-name

undo trust ssid { ssid-name | all }

Default

No SSID is added to the trusted SSID list.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.

all: Specifies all SSIDs.

Examples

# Add the SSID flood1 to the trusted SSID list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] trust ssid flood1

unencrypted-authorized-ap

Use unencrypted-authorized-ap to configure unencrypted authorized AP detection.

Use undo unencrypted-authorized-ap to disable unencrypted authorized AP detection.

Syntax

unencrypted-authorized-ap [ quiet quiet-value ]

undo unencrypted-authorized-ap

Default

Unencrypted authorized AP detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an unencrypted authorized AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an unencrypted authorized AP within the quiet time.

Examples

# Enable unencrypted authorized AP detection and set the quiet time to 10 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] unencrypted-authorized-ap quiet 10

unencrypted-trust-client

Use unencrypted-trust-client to configure unencrypted authorized client detection.

Use undo unencrypted-trust-client to disable unencrypted authorized client detection.

Syntax

unencrypted-trust-client [ quiet quiet-value ]

undo unencrypted-trust-client

Default

Unencrypted authorized client detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an unencrypted authorized client. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an unencrypted authorized client within the quiet time.

Examples

# Enable unencrypted authorized client detection and set the quiet time to 10 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] unencrypted-trust-client quiet 10

up-duration

Use up-duration to configure an AP classification rule to match the running time of APs.

Use undo up-duration to restore the default.

Syntax

up-duration value1 [ to value2 ]

undo up-duration

Default

An AP classification rule does not match the running time of APs.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

value1 [ to value2 ]: Specifies the value range for the running time of APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 2592000 seconds for both the value1 and value2 arguments, and value2 must be greater than value1.

Examples

# Configure AP classification rule 1 to match APs with a running time of 2000 to 40000 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] up-duration 2000 to 40000

virtual-security-domain

Use virtual-security-domain to create a VSD and enter its view.

Use undo virtual-security-domain to remove a VSD.

Syntax

virtual-security-domain vsd-name

undo virtual-security-domain vsd-name

Default

No VSD is created.

Views

WIPS view

Predefined user roles

network-admin

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Create the VSD office and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain office

[Sysname-wips-vsd-office]

weak-iv

Use weak-iv to enable weak IV detection.

Use undo weak-iv to restore the default.

Syntax

weak-iv [ quiet quiet-value ]

undo weak-iv

Default

Weak IV detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a weak IV. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a weak IV within the quiet time.

Examples

# Enable weak IV detection.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] weak-iv

windows-bridge

Use windows-bridge to configure Windows bridge detection.

Use undo windows-bridge to disable Windows bridge detection.

Syntax

windows-bridge [ quiet quiet-value ]

undo windows-bridge

Default

Windows bridge detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a Windows bridge. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a Windows bridge within the quiet time.

Examples

# Enable Windows bridge detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] windows-bridge quiet 360

wips

Use wips to enter WIPS view.

Use undo wips to clear all configurations in WIPS view.

Syntax

wips

undo wips

Default

No configuration exists in WIPS view.

Views

System view

Predefined user roles

network-admin

Examples

# Enter WIPS view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips]

wips enable

Use wips enable to enable WIPS.

Use undo wips enable to restore the default.

Syntax

wips enable

undo wips enable

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, WIPS is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Examples

# Enable WIPS for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] wips enable

# Enable WIPS for radio 1 of APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] wips enable

wips virtual-security-domain

Use wips virtual-security-domain to add an AP to a VSD.

Use undo wips virtual-security-domain to remove an AP from the VSD.

Syntax

wips virtual-security-domain vsd-name

undo wips virtual-security-domain

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, an AP group is not added to any VSD.

Views

AP view

Predefined user roles

network-admin

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Add AP 1 to the VSD office.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] wips virtual-security-domain office

# Add AP group apgroup1 to VSD office.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] wips virtual-security-domain office

wireless-bridge

Use wireless-bridge to configure wireless bridge detection.

Use undo wireless-bridge to disable wireless bridge detection.

Syntax

wireless-bridge [ quiet quiet-value ]

undo wireless-bridge

Default

Wireless bridge detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a wireless bridge. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a wireless bridge within the quiet time.

Examples

# Enable wireless bridge detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] wireless-bridge quiet 100

wlan nat-detect

Use wlan nat-detect enable to enable detection on clients with NAT configured.

Use wlan nat-detect disable to disable detection on clients with NAT configured.

Use undo wlan nat-detect to restore the default.

Syntax

wlan nat-detect { disable | enable }

undo wlan nat-detect

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, detection on clients with NAT configured is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

disable: Disables detection on clients with NAT configured.

enable: Enables detection on clients with NAT configured.

Usage guidelines

The device generates an alarm when it detects a client configured with NAT. To view information about detected NAT-configured clients, use the display wlan nat-detect command.

Examples

# Enable detection on clients with NAT configured for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] wlan nat-detect enable

# Enable detection on clients with NAT configured for APs in AP group aaa.

<Sysname> system-view

[Sysname] wlan ap-group aaa

[Sysname-wlan-ap-group-aaa] wlan nat-detect enable


WLAN QoS commands

bandwidth-guarantee

Use bandwidth-guarantee enable to enable bandwidth guaranteeing.

Use bandwidth-guarantee disable to disable bandwidth guaranteeing.

Use undo bandwidth-guarantee to restore the default.

Syntax

bandwidth-guarantee { disable | enable }

undo bandwidth-guarantee

Default

In radio view:

·          If the service template setting in AP group view is used, an AP uses the configuration in AP group view.

·          If a service template is manually bound to a radio, bandwidth guaranteeing is disabled.

In AP group radio view, bandwidth guaranteeing is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command enables clients that are associated with the same radio to get the guaranteed bandwidth when the network is congested. To set the guaranteed bandwidth, use the bandwidth-guarantee service-template command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable bandwidth guaranteeing for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] service-template 1

[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee enable

# Enable bandwidth guaranteeing for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] bandwidth-guarantee enable

Related commands

bandwidth-guarantee service-template

bandwidth-guarantee service-template

Use bandwidth-guarantee service-template to set a guaranteed bandwidth percentage for the specified service template.

Use undo bandwidth-guarantee service-template to cancel the guaranteed bandwidth percentage configuration for the specified service template.

Syntax

bandwidth-guarantee service-template service-template-name percent percent

undo bandwidth-guarantee { all | service-template service-template-name }

Default

In radio view:

·          If the service template setting in AP group view is used, an AP uses the configuration in AP group view.

·          If a service template is manually bound to a radio, no guaranteed bandwidth percentage is set for the service template.

In AP group radio view, no guaranteed bandwidth percentage is set for a service template.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

service-template service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. Make sure the specified service template has been bound to the radio.

percent percent: Specifies the percentage of the guaranteed bandwidth to the total bandwidth. The value range for the percent argument is 1 to 100. The total bandwidth represents the maximum bandwidth of the radio. The guaranteed bandwidth represents the minimum bandwidth for the BSS corresponding to the service template.

all: Specifies all service templates.

Usage guidelines

For this command to take effect, make sure the bandwidth guaranteeing feature is enabled.

For all service templates bound to the same radio, the sum of the guaranteed bandwidth percentages cannot exceed 100%.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the guaranteed bandwidth percentage to 30% for service template 1 in radio view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] service-template 1

[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee service-template 1 percent 30

[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee enable

# Set the guaranteed bandwidth percentage to 30% for service template 1 in AP group radio view.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] bandwidth-guarantee enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] service-template 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] bandwidth-guarantee service-template 1 percent 30

Related commands

·          bandwidth-guarantee enable

·          wlan max-bandwidth

cac policy

Use cac policy to configure a Connect Admission Control (CAC) policy.

Use undo cac policy to restore the default.

Syntax

cac policy { channelutilization [ channelutilization-value ] | client [ client-number ] }

undo cac policy

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, the client-based admission policy is used, and the maximum number of admitted clients is 20.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

channelutilization: Specifies the channel usage-based admission policy.

channelutilization-value: Specifies the maximum channel usage in percentage, in the range of 0 to 100. The maximum channel usage refers to the medium time of the accepted AC-VO and AC-VI traffic to the valid time within a certain time. The valid time refers to the time available for transmitting and receiving data. By default, the maximum channel usage is 65%.

client: Specifies the client-based admission policy.

client-number: Specifies the maximum number of clients allowed to be connected, in the range of 0 to 64. A client is counted as one client if it is using both the AC-VO and AC-VI queues.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

The CAC policy takes effect only on the AC-VO and the AC-VI queues.

Examples

# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70%.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] cac policy channelutilization 70

# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70% for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] cac policy channelutilization 70

client-rate-limit (radio view/AP group radio view)

Use client-rate-limit to configure radio-based client rate limiting.

Use undo client-rate-limit to restore the default.

Syntax

client-rate-limit { inbound | outbound } mode { dynamic | static } cir cir

undo client-rate-limit { inbound | outbound }

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, radio-based client rate limiting is not configured.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

inbound: Limits the rate of incoming traffic.

outbound: Limits the rate of outgoing traffic.

dynamic: Specifies the dynamic rate limit mode. In this mode, the maximum rate for each client is the total maximum rate divided by the number of clients.

static: Specifies the static rate limit mode. The maximum rate for each client is fixed.

cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000. This option sets the maximum rate for each client in static rate limit mode and sets the total maximum rate for all clients in dynamic rate limit mode.

Usage guidelines

For this command to take effect, make sure radio-based client rate limiting is enabled.

You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Configure client rate limiting for radio 1 in radio view: set the CIR to 567 Kbps for incoming traffic of each client and set the CIR to 89 Kbps for outgoing traffic of all clients.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-1] client-rate-limit enable

[Sysname-wlan-ap-ap1-1] client-rate-limit inbound mode static cir 567

[Sysname-wlan-ap-ap1-1] client-rate-limit outbound mode dynamic cir 89

# Configure client rate limiting for radio 1 in AP group radio view: set the CIR to 567 Kbps for incoming traffic of each client and set the CIR to 89 Kbps for outgoing traffic of all clients.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client-rate-limit enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client-rate-limit inbound mode static cir 567

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client-rate-limit outbound mode dynamic cir 89

Related commands

client-rate-limit { disable | enable }

client-rate-limit (service template view)

Use client-rate-limit to configure service-template-based client rate limiting.

Use undo client-rate-limit to restore the default.

Syntax

client-rate-limit { inbound | outbound } mode { dynamic | static } cir cir

undo client-rate-limit { inbound | outbound }

Default

Service-template-based client rate limiting is not configured.

Views

Service template view

Predefined user roles

network-admin

Parameters

inbound: Limits the rate of incoming traffic.

outbound: Limits the rate of outgoing traffic.

dynamic: Specifies the dynamic rate limit mode. In this mode, the maximum rate for each client is the total maximum rate divided by the number of clients.

static: Specifies the static rate limit mode. The maximum rate for each client is fixed.

cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000. This option sets the maximum rate for each client in static rate limit mode and sets the total maximum rate for all clients in dynamic rate limit mode.

Usage guidelines

For this command to take effect, make sure service-template-based client rate limiting is enabled.

You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic.

Examples

# Configure rate limiting for service template 1: set the CIR to 567 Kbps for each client's incoming traffic.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] client-rate-limit enable

[Sysname-wlan-st-1] client-rate-limit inbound mode static cir 567

Related commands

client-rate-limit enable

client-rate-limit { disable | enable }

Use client-rate-limit enable to enable radio-based client rate limiting.

Use client-rate-limit disable to disable radio-based client rate limiting.

Use undo client-rate-limit to restore the default.

Syntax

client-rate-limit { disable | enable }

undo client-rate-limit

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, radio-based client rate limiting is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command limits the traffic rate of the WLAN clients associated with the radio. To set the rate limit direction and rate limit rate, use the client-rate-limit command.

You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable client rate limiting for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] client-rate-limit enable

# Enable client rate limiting for radio 1 of AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client-rate-limit enable

Related commands

client-rate-limit (radio view/AP group radio view)

client-rate-limit enable

Use client-rate-limit enable to enable service-template-based client rate limiting.

Use undo client-rate-limit enable to restore the default.

Syntax

client-rate-limit enable

undo client-rate-limit enable

Default

Service-template-based client rate limiting is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command limits the traffic rate of the WLAN clients associated with the service template. To set the rate limit direction and rate limit rate, use the client-rate-limit command.

You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.

Examples

# Enable client rate limiting for service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] client-rate-limit enable

Related commands

client-rate-limit (service template view)

display wlan wmm

Use display wlan wmm radio to display WMM statistics for radios.

Use display wlan wmm client to display WMM statistics for clients.

Syntax

display wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all radios or all clients.

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.

Examples

# Display WMM statistics for radios of AP test.

<Sysname> display wlan wmm radio ap test

AP ID : 4    AP name : test

 

Radio : 1

Client EDCA updates : 0

QoS mode : WMM

WMM status : Enabled

Radio max AIFSN     : 15                  Radio max ECWmin : 10

Radio max TXOPLimit : 32767               Radio max ECWmax : 10

CAC information

Clients accepted                     : 0

  Voice                              : 0

  Video                              : 0

Total request mediumtime(μs)         : 0

  Voice(μs)                          : 0

  Video(μs)                          : 0

Calls rejected due to insufficient resources  : 0

Calls rejected due to invalid parameters      : 0

Calls rejected due to invalid mediumtime      : 0

Calls rejected due to invalid delaybound      : 0

 

Radio : 2

Client EDCA updates : 0

QoS mode : WMM

WMM status: Disabled

Radio max AIFSN     : 15                  Radio max ECWmin : 10

Radio max TXOPLimit : 32767               Radio max ECWmin : 10

CAC information

Client accepted                      : 0

  Voice                              : 0

  Video                              : 0

Total request mediumtime(μs)         : 0

  Voice(μs)                          : 0

  Video(μs)                          : 0

Calls rejected due to insufficient resources  : 0

Calls rejected due to invalid parameters      : 0

Calls rejected due to invalid mediumtime      : 0

Calls rejected due to invalid delaybound      : 0

Table 40 Command output

Field

Description

Client EDCA updates

Times that client EDCA parameters have been updated.

QoS mode

·         WMM.

WMM status

·         Enabled.

·         Disabled.

Radio max AIFSN

Maximum AIFSN that the radio supports.

Radio max ECWmin

Maximum ECWmin that the radio supports.

Radio max TXOPLimit

Maximum TXOPLimit that the radio supports.

Radio max ECWmax

Maximum ECWmax that the radio supports.

Total request mediumtime

Total request medium time for AC-VO and AC-VI queues, in microseconds.

 

# Display WMM statistics for all clients.

<Sysname> display wlan wmm client all

MAC address : 000f-e23c-0001             SSID : service

QoS mode : WMM

APSD information :

  Max SP length : 7

  L: Legacy     T: Trigger       D: Delivery

  AC             AC-BK    AC-BE   AC-VI     AC-VO

  Assoc State    T|D      L       T|D       T|D

Statistics information :

  Uplink packets      : 0            Downlink packets  : 0

  Uplink bytes        : 0            Downlink bytes    : 0

  Downgrade packets       : 0            Discarded packets       : 0

  Downgrade bytes         : 0            Discarded bytes         : 0

TS information:

  AC                    : AC-VO         User priority               : 7

  TID                   : 1             Direction                   : Bidirectional

  PSB                   : 0             Surplus bandwidth allowance : 1.0000

  Medium time (μs)      : 39            MSDU size (bytes)           : 1500

  Mean data rate (Kbps) : 10.000        Minimum PHY rate (Mbps)     : 11.000

  TS creation time      : 0h:0m:5s

  TS updating time      : 0h:0m:5s

  Uplink TS packets     : 0            Downlink TS packets         : 0

  Uplink TS bytes       : 0            Downlink TS bytes           : 0

Table 41 Command output

Field

Description

QoS mode

WMM represents the QoS mode.

If the QoS mode is not available, this field displays N/A.

Max SP length

Maximum service period (SP) length.

AC

·         AC-VO.

·         AC-VI.

·         AC-BE.

·         AC-BK.

Assoc state

APSD attribute for an AC queue:

·         TThe AC queue is trigger-enabled.

·         DThe AC queue is delivery-enabled.

·         T | DThe AC queue is both trigger-enabled and delivery-enabled.

·         LThe AC queue is of legacy attributes.

User priority

User priority for packets from wired networks.

TID

Traffic identifier, in the range of 0 to 15.

Direction

Traffic direction:

·         Uplink.

·         Downlink.

·         Bidirectional.

PSB

Power save behavior:

·         1—U-APSD power saving mode.

·         0—Traditional power saving mode.

Surplus bandwidth allowance

Surplus bandwidth allowance in percentage.

Medium time

Permitted medium time in microseconds.

MSDU size

Average MSDU size in bytes.

Mean data rate

Average data transmission rate in Kbps.

Minimum PHY rate

Minimum physical transmission rate in Mbps.

 

Related commands

reset wlan wmm

edca client (ac-be and ac-bk)

Use edca client to set EDCA parameters of AC-BE or AC-BK queues for clients.

Use undo edca client to restore the default.

Syntax

edca client { ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *

undo edca client { ac-be | ac-bk }

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, the default EDCA parameter values of AC-BE or AC-BK queues for clients are shown in Table 42.

Table 42 Default EDCA parameter values of AC-BE or AC-BK queues for clients

AC

AIFSN

ECWmin

ECWmax

TXOP Limit

AC-BK

7

4

10

0

AC-BE

3

4

10

0

 

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

ac-be: Specifies the AC-BE (best-effort traffic) queue.

ac-bk: Specifies the AC-BK (background traffic) queue.

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.

noack: Configures the AC queue to use the No ACK policy. By default, the No ACK policy is used.

txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value, in the range of 0 to 65535 (in units of 32 microseconds). If the value is 0, a client can send only one packet each time it holds the channel.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

If all the clients are 802.11b clients, set the TXOP Limit value to 0 for both the AC-BE and AC-BK queues as a best practice.

If both 802.11b and 802.11g clients exist in the WLAN, use the default TXOPLimit values for both the AC-BK and AC-BE queues as a best practice.

Examples

# Set the AIFSN to 5 for the AC-BE queue.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] edca client ac-be aifsn 5

# Set the AIFSN to 5 for the AC-BE queue for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] edca client ac-be aifsn 5

edca client (ac-vi and ac-vo)

Use edca client to set EDCA parameters of AC-VI or AC-VO queues for clients.

Use undo edca client to restore the default.

Syntax

edca client { ac-vi | ac-vo } { aifsn aifsn-value | cac { disable | enable } | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *

undo edca client { ac-vi | ac-vo }

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, the default EDCA parameter values of AC-VI or AC-VO queues for clients are shown in Table 43.

Table 43 Default EDCA parameter values of AC-VI or AC-VO queues for clients

AC

AIFSN

ECWmin

ECWmax

TXOP Limit

AC-VI

2

3

4

94

AC-VO

2

2

3

47

 

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

cac: Specifies CAC. The AC-VO and AC-VI queues support CAC. CAC is disabled by default.

disable: Disables CAC.

enable: Enables CAC.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.

txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value, in the range of 0 to 65535 (in units of 32 microseconds). If the value is 0, a client can send only one packet each time it holds the channel.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

When all the clients are 802.11b clients, set the TXOPLimit value to 188 and 102 for the AC-VI and AC-VO queues, respectively as a best practice.

If both 802.11b and 802.11g clients exist in the WLAN, use the default TXOPLimit values for both the AC-VI and AC-VO queues as a best practice.

Examples

# Set the AIFSN to 3 for the AC-VO queue.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] edca client ac-vo aifsn 3

# Set the AIFSN to 3 for the AC-VO queue for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] edca client ac-vo aifsn 3

edca radio

Use edca radio to set EDCA parameters.

Use undo edca radio to restore the default.

Syntax

edca radio { ac-be | ac-bk | ac-vi | ac-vo } { ack-policy { noack | normalack } | aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | noack | txoplimit txoplimit-value } *

undo edca radio { ac-be | ac-bk | ac-vi | ac-vo }

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, the default EDCA parameter values are shown in Table 44.

The default EDCA parameter values are shown in Table 44.

Table 44 Default EDCA parameter values

AC

AIFSN

ECWmin

ECWmax

TXOP Limit

AC-BK

7

4

10

0

AC-BE

3

4

6

0

AC-VI

1

3

4

94

AC-VO

1

2

3

47

 

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

ac-be: Specifies the AC-BE (best-effort traffic) queue.

ac-bk: Specifies the AC-BK (background traffic) queue.

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

ack-policy: Specifies the ACK policy for the AC queue.

noack: Specifies the No ACK policy (the default).

normalack: Specifies the Normal ACK policy.

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin). The value range for the ecwmin-value argument is 0 to 10.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax). The value range for the ecwmax-value argument is 0 to 10. The value of ECWmax cannot be smaller than the value of ECWmin.

txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value in units of 32 microseconds. The value range for the txoplimit-value argument is 0 to 32767. If the value is 0, a client can send only one packet each time it holds the channel.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

For 802.11b radios, set TXOP Limit values for AC-BK, AC-BE, AC-VI, and AC-VO queues to 0, 0, 188, and 102, respectively as a best practice.

Examples

# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] edca radio ac-vo aifsn 2

# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] edca radio ac-vo aifsn 2

qos priority

Use qos priority to set the port priority.

Use undo qos priority to restore the default.

Syntax

qos priority priority-value

undo qos priority

Default

The port priority is 0.

Views

Service template view

Predefined user roles

network-admin

Parameters

priority-value: Specifies the port priority in the range of 0 to 7. A larger value represents a higher priority.

Usage guidelines

When the port trust mode is enabled, an AP assigns the port priority to all packets for the service template.

This command does not take effect when the packet trust mode is enabled.

Examples

# Set the port priority to 2 for service template 1.

<Sysname> system

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] qos priority 2

Related commands

qos trust

qos trust

Use qos trust to configure the trusted packet priority type.

Use undo qos trust to restore the default.

Syntax

qos trust { dot11e | dscp }

undo qos trust

Default

The port priority is trusted.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot11e: Uses the 802.1e priority carried in packets for priority mapping.

dscp: Uses the DSCP priority carried in packets for priority mapping.

Usage guidelines

This feature takes effect only on uplink packets.

Examples

# Configure service template 1 to use the 802.1e priority carried in packets for priority mapping.

<Sysname> system

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] qos trust dot11e

Related commands

qos priority

reset wlan wmm

Use reset wlan wmm to clear WMM statistics.

Syntax

reset wlan wmm { client { all | ap ap-name | mac-address mac-address } | radio { all | ap ap-name } }

Views

User view

Predefined user roles

network-admin

Parameters

client: Clears WMM statistics for clients.

all: Clears WMM statistics for all radios or clients.

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.

radio: Clears WMM statistics for radios.

Examples

# Clear WMM statistics for all radios.

<Sysname> reset wlan wmm radio all

Related commands

display wlan wmm

svp map-ac

Use svp map-ac to enable SVP mapping to the specified AC queue.

Use svp map-ac disable to disable SVP mapping.

Use undo svp map-ac to restore the default.

Syntax

svp map-ac { ac-vi | ac-vo }

svp map-ac disable

undo svp map-ac

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, SVP mapping is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

Usage guidelines

SVP mapping takes effect only on non-WMM clients.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Map SVP packets to the AC-VO queue.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] svp map-ac ac-vo

# Map SVP packets to the AC-VO queue for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] svp map-ac ac-vo

wlan client-rate-limit

Use wlan client-rate-limit to configure client-type-based client rate limiting.

Use undo wlan client-rate-limit to remove the configuration.

Syntax

wlan client-rate-limit { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } { inbound | outbound } cir cir [ cbs cbs ]

undo wlan client-rate-limit [ { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } [ inbound | outbound ] ]

Default

Client-type-based client rate limiting is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

dot11a: Specifies 802.11a clients.

dot11ac: Specifies 802.11ac clients.

dot11an: Specifies 802.11an clients.

dot11b: Specifies 802.11b clients.

dot11g: Specifies 802.11g clients.

dot11gac: Specifies 802.11gac clients.

dot11gn: Specifies 802.11gn clients.

inbound: Limits the rate of incoming traffic.

outbound: Limits the rate of outgoing traffic.

cir cir: Specifies the CIR in Kbps for each client. The value range for the cir argument is 1 to 2097152.

cbs byte: Specifies the CBS in bytes for each client. The value range for the byte argument is 1 to 268435456. If you do not specify this option, the value of CBS is automatically calculated from the value of CIR.

Usage guidelines

You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.

Examples

# Set the rate limit to 20480 Kbps for incoming traffic of 802.11an clients.

<Sysname> system-view

[Sysname] wlan client-rate-limit dot11an inbound cir 20480

wlan max-bandwidth

Use wlan max-bandwidth to set the maximum bandwidth for a radio type.

Use undo wlan max-bandwidth to restore the default setting for a radio type or default settings for all radio types.

Syntax

wlan max-bandwidth { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } bandwidth

undo wlan max-bandwidth [ dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn ]

Default

The following maximum bandwidth settings apply:

·          30000 Kbps for dot11a and dot11g.

·          250000 Kbps for dot11an, dot11gn, and dot11gac.

·          500000 Kbps for dot11ac.

·          7000 Kbps for dot11b.

Views

System view

Predefined user roles

network-admin

Parameters

dot11a: Specifies the 802.11a radio mode.

dot11ac: Specifies the 802.11ac radio mode.

dot11an: Specifies the 802.11an radio mode.

dot11b: Specifies the 802.11b radio mode.

dot11g: Specifies the 802.11g radio mode.

dot11gac: Specifies the 802.11gac radio mode.

dot11gn: Specifies the 802.11gn radio mode.

bandwidth: Specifies the maximum bandwidth in Kbps. The value range varies as follows depending on radio types:

·          16 to 30000 for dot11a and dot11g.

·          16 to 250000 for dot11an, dot11gn, and dot11gac.

·          16 to 500000 for dot11ac.

·          16 to 7000 for dot11b.

Usage guidelines

The maximum bandwidth is used to calculate the guaranteed bandwidth.

Examples

# Set the maximum bandwidth to 2000 Kbps for 802.11ac.

<Sysname> system-view

[Sysname] wlan max-bandwidth dot11ac 2000

wmm

Use wmm enable to enable WMM.

Use wmm disable to disable WMM.

Use undo wmm to restore the default.

Syntax

wmm { disable | enable }

undo wmm

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, WMM is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

disable: Disables WMM.

enable: Enables WMM.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

All 802.11n clients must support WLAN QoS. For 802.11n clients to communicate with the associated AP, enable WMM when the radio operates in 802.11an or 802.11gn mode.

Examples

# Disable WMM.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] wmm disable

# Disable WMM for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] wmm disable


WLAN roaming commands

authentication-mode

Use authentication-mode to set an authentication mode for IACTP control messages.

Use undo authentication-mode to restore the default.

Syntax

authentication-mode authentication-mode [ cipher | simple ] authentication-key

undo authentication-mode

Default

No authentication mode is configured for IACTP control messages. The AC does not verify the integrity of IACTP control messages.

Views

Mobility group view

Predefined user roles

network-admin

Parameters

authentication-mode: Specifies an authentication mode. Only the 128-bit MD5 authentication mode is supported.

cipher: Sets a ciphertext key.

simple: Sets a plaintext key.

authentication-key: Specifies the key string. This argument is case sensitive. The length of a plaintext key is in the range of 1 to 16, and the length of a ciphertext key is in the range of 33 to 53.

Usage guidelines

Use this command to enable an AC to verify the integrity of control messages transmitted over IACTP tunnels.

For security purposes, all keys, including plain-text keys, are saved in cipher text.

Examples

# Set the authentication mode to MD5 and set the plaintext key to 12345.

<Sysname> system-view

[Sysname] wlan mobility group aaa

[Sysname-wlan-mg-aaa] authentication-mode md5 plain 12345

display wlan mobility

Use display wlan mobility to display information about clients that have roamed to or from the AC.

Syntax

display wlan mobility { roam-in | roam-out } [ member { ip ipv4-address | ipv6 ipv6-address } ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

roam-in: Displays information about clients that have roamed from another AC.

roam-out: Displays information about clients that have roamed to another AC.

member ip ipv4-address: Specifies the IPv4 address of a member AC.

member ipv6 ipv6-address: Specifies the IPv6 address of a member AC.

Usage guidelines

If no member AC is specified, this command displays information about all clients that have roamed to and from another AC.

Examples

# Display information about all clients that have roamed to the AC.

<Sysname> display wlan mobility roam-in

Total entries: 1

MAC address     BSSID           VLAN ID  HA IP address

5250-0012-0411  cbab-abab-abab  1        192.168.0.101

# Display information about clients that have roamed to the specified member AC.

<Sysname> display wlan mobility roam-in member ip 192.168.0.101

Total entries: 1

MAC address     BSSID           VLAN ID

5250-0012-0411  cbab-abab-abab  1

# Display information about all clients that have roamed to another AC.

<Sysname> display wlan mobility roam-out

Total entries: 1

MAC address     BSSID           VLAN ID  Online time       FA IP address

5250-0012-0411  cbab-abab-abab  1        00hr 01min 39sec  192.168.0.102

# Display information about clients that have roamed from the specified member AC to another AC.

[Sysname] display wlan mobility roam-out member ip 192.168.0.102

Total entries: 1

MAC address     BSSID           VLAN ID  Online time

5250-0012-0411  cbab-abab-abab  1        00hr 03min 02sec

Table 45 Command output

Field

Description

MAC address

MAC address of the client.

BSSID

BSSID of the AP with which the client is associated.

VLAN ID

VLAN ID of the client.

Online time

Online time of the client.

 

display wlan mobility group

Use display wlan mobility group to display mobility group information.

Syntax

display wlan mobility group

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display mobility group information.

<Sysname> display wlan mobility group

Mobility group name: office

 Tunnel type: IPv4

 Source IPv4: 172.16.220.101

 Source IPv6: Not configured

 Authentication method: Not configured

 Mobility group status: Enabled

 Member entries: 2

 IP address                              State          Online time

 172.16.220.102                          Down           00hr 00min 00sec

 172.16.220.105                          Up             00hr 36min 27sec

Table 46 Command output

Field

Description

Tunnel type

IACTP tunnel type for the mobility group:

·         IPv4.

·         IPv6.

Authentication method

Authentication method used for the mobility group.

Mobility group status

Mobility group status:

·         Enabled.

·         Disabled.

IP address

IP address of the member AC.

State

IACTP tunnel state:

·         Up.

·         Down.

Online time

Online time of the member AC.

 

display wlan mobility roam-track mac-address

Use display wlan mobility roam-track mac-address to display roaming information for a client on the home AC.

Syntax

display wlan mobility roam-track mac-address mac-address

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Display roaming information for the specified client on the home AC. The most recent roam-track information is displayed the first.

<Sysname> display wlan mobility roam-track mac-address 5250-0012-0411

Total entries: 2

BSSID           Created at           Online time       AC IP address  RID  AP name

3ce5-a68d-2280  2017-03-14 11:12:28  00hr 48min 46sec  192.168.0.2    2    ap1

0026-3e08-1150  2017-03-14 11:12:05  00hr 40min 46sec  127.0.0.1      2    ap2

Table 47 Command output

Field

Description

BSSID

BSSID of the AP with which the client is associated.

Created at

Time when a roam-track entry was created for the client.

Online time

Online time of the client.

AC IP address

IP address of the AC with which the client is associated. This field displays 127.0.0.1 if the client is associated with the home AC.

RID

ID of the radio with which the client is associated.

AP name

Name of the AP with which the client is associated.

 

group enable

Use group enable to enable a mobility group.

Use undo group enable to restore the default.

Syntax

group enable

undo group enable

Default

A mobility group is disabled.

Views

Mobility group view

Predefined user roles

network-admin

Usage guidelines

This feature enables the AC to establish IACTP tunnels and synchronize roaming entries with member ACs.

If you disable a mobility group on the AC, the AC shuts down all IACTP tunnels established with all member ACs and deletes the roaming entries.

Examples

# Enable mobility group floor1.

<Sysname> system-view

[Sysname] wlan mobility group floor1

[Sysname-wlan-mg-floor1] tunnel-type ipv4

[Sysname-wlan-mg-floor1] source ip 192.168.0.1

[Sysname-wlan-mg-floor1] member ip 192.168.0.2

[Sysname-wlan-mg-floor1] group enable

Related commands

·          member

·          source

·          tunnel-type

·          wlan mobility group

member

Use member to add a mobility group member.

Use undo member to delete a mobility group member.

Syntax

member { ip ip-address | ipv6 ipv6-address } [ vlan vlan-id-list ]

undo member [ ip ip-address | ipv6 ipv6-address ] [ vlan [ vlan-id-list ] ]

Default

No member ACs exist in a mobility group.

Views

Mobility group view

Predefined user roles

network-admin

Parameters

ip ip-address: Specifies an AC by its IPv4 address.

ipv6 ipv6-address: Specifies an AC by its IPv6 address.

vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 2 to 4094. The value for the vlan-id2 argument cannot be lower than the value for the vlan-id1 argument.

Usage guidelines

Make sure the mobility group is disabled before you use either command.

Members in a mobility group are identified by their IP addresses used to establish IACTP tunnels.

You can add both IPv4 and IPv6 members to a mobility group. Only members whose IP address type is the same as the IP address type of IACTP tunnels take effect.

An AC can belong to only one mobility group.

You can add a maximum of 31 IPv4 members and 31 IPv6 members to a mobility group.

You can specify VLANs for a member AC, so that other member ACs in the mobility group can directly forward client data of the member AC from the specified VLANs. If you do not specify VLANs for the member AC, its client data cannot be directly forwarded by another member in the mobility group unless the clients roam to that member.

If a mobility group has multiple ACs, make sure no loops exist among IACTP tunnels between members within the mobility group.

The undo form of this command deletes all member ACs in a mobility group if you do not specify any parameters.

Examples

# Add a mobility group member.

<Sysname> system-view

[Sysname] wlan mobility group abc

[Sysname-wlan-mg-abc] member ip 192.168.1.55 vlan 3 10 19 22 to 30

snmp-agent trap enable wlan mobility

Use snmp-agent trap enable wlan mobility to enable SNMP notifications for WLAN roaming.

Use undo snmp-agent trap enable wlan mobility to disable SNMP notifications for WLAN roaming.

Syntax

snmp-agent trap enable wlan mobility

undo snmp-agent trap enable wlan mobility

Default

SNMP notifications are disabled for WLAN roaming.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN roaming events to an NMS, enable SNMP notifications for WLAN roaming. For WLAN roaming event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for WLAN roaming.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan mobility

source

Use source to specify the source IP address for establishing IACTP tunnels.

Use undo source to delete the source IP address for establishing IACTP tunnels.

Syntax

source { ip ip-address | ipv6 ipv6-address }

undo source [ ip | ipv6 ]

Default

No source IP address is configured for establishing IACTP tunnels.

Views

Mobility group view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies a source IPv4 address.

ipv6 ipv6-address: Specifies a source IPv6 address.

Usage guidelines

An AC uses its source IP address to establish IACTP tunnels with member ACs.

When you specify the source IP address for establishing IACTP tunnels, follow these restrictions and guidelines:

·          Make sure the mobility group is disabled before you specify the source IP address for establishing IACTP tunnels.

·          You can specify one IPv4 address, one IPv6 address, or both, but only the IP address type that is the same as the IP address type for IACTP tunnels takes effect.

·          If you do not specify an IP address when you use the undo command, this command deletes all source IP addresses.

Examples

# Specify a source IPv4 address for establishing IACTP tunnels.

<Sysname> system-view

[Sysname] wlan mobility group abc

[Sysname-wlan-mg-abc] source ip 192.168.1.55

Related commands

·          group enable

·          member

tunnel-type

Use tunnel-type to specify the IP address type for IACTP tunnels.

Use undo tunnel-type to restore the default.

Syntax

tunnel-type { ipv4 | ipv6 }

undo tunnel-type

Default

The IP address type for IACTP tunnels is IPv4.

Views

Mobility group view

Predefined user roles

network-admin

Parameters

ipv4: Specifies the IPv4 address type.

ipv6: Specifies the IPv6 address type.

Usage guidelines

You cannot specify both the IPv4 and IPv6 address types for IACTP tunnels in a mobility group.

Disable the mobility group before you execute either command.

Examples

# Specify the IP address type as IPv6 for IACTP tunnels in mobility group aaa.

<Sysname> system-view

[Sysname] wlan mobility group aaa

[Sysname-wlan-mg-aaa] tunnel-type ipv6

wlan mobility group

Use wlan mobility group to create a mobility group and enter mobility group view.

Use undo wlan mobility group to delete a mobility group.

Syntax

wlan mobility group group-name

undo wlan mobility group group-name

Default

No mobility group exists.

Views

System view

Predefined user roles

network-admin

Parameters

group-name: Specifies a mobility group by its name, a case-sensitive string of 1 to 15 characters that do not contain spaces.

Usage guidelines

Mobility groups configured on member ACs must have the same name.

You can create only one mobility group on an AC.

Examples

# Create a mobility group named office and enter mobility group view.

<Sysname> system-view

[Sysname] wlan mobility group office

[Sysname-wlan-mg-office]

wlan mobility-group-isolation enable

Use wlan mobility-group-isolation enable to enable tunnel isolation for mobility groups.

Use undo wlan mobility-group-isolation enable to disable tunnel isolation for mobility groups.

Syntax

wlan mobility-group-isolation enable

undo wlan mobility-group-isolation enable

Default

Tunnel isolation is enabled for mobility groups.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is required when loops exist among ACs in a mobility group. It prevents ACs from forwarding packets between tunnels in the mobility group and avoids broadcast storm.

Examples

# Enable tunnel isolation for mobility groups.

<Sysname> system-view

[Sysname] wlan mobility-group-isolation enable

 


WLAN load balancing commands

ap radio

Use ap radio to add a radio to a load balancing group.

Use undo ap to remove one or all radios from a load balancing group.

Syntax

ap name ap-name radio radio-id

undo ap { name ap-name [ radio radio-id ] | all }

Default

No radio exists in a load balancing group.

Views

Load balancing group view

Predefined user roles

network-admin

Parameters

ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), left brackets ([), right brackets (]), slashes (/), and minus signs (-). The AP must already exist.

radio-id: Specifies a radio by its name. The value range for this argument varies by AP model.

all: Specifies all radios.

Usage guidelines

You can add a radio to only one load balancing group.

If you do not specify a radio in the undo ap command, the command removes all radios on the specified AP from the load balancing group.

Examples

# Add radio 2 of AP 1 to load balancing group 10.

<Sysname> system-view

[Sysname] wlan load-balance group 10

[Sysname-wlan-lb-group-10] ap name ap1 radio 2

description

Use description to set a description for a load balancing group.

Use undo description to remove the description for a load balancing group.

Syntax

description text

undo description

Default

No description is set for a load balancing group.

Views

Load balancing group view

Predefined user roles

network-admin

Parameters

text: Specifies a description for a load balancing group, a case-sensitive string of 1 to 64 characters.

Examples

# Set the description for load balancing group 10 to marketing.

<Sysname> system-view

[Sysname] wlan load-balance group 10

[Sysname-wlan-lb-group10] description marketing

display wlan load-balance group

Use display wlan load-balance group to display load balancing group information.

Syntax

display wlan load-balance group { group-id | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a load balancing group by its ID in the range of 1 to 65535.

all: Specifies all load balancing groups.

Examples

# Display information about load balancing group 1.

<Sysname> display wlan load-balance group 1

                  WLAN load balance group information

--------------------------------------------------------------------------------

Group ID                : 1

Description             :

Group members           : ap3-radio2,

                          ap2-radio1,

                          ap1-radio1,

--------------------------------------------------------------------------------

# Display information about all load balancing groups.

<Sysname> display wlan load-balance group all

                  WLAN load balance group information

--------------------------------------------------------------------------------

Group ID                : 1

Description             :

Group members           : ap3-radio2,

                          ap2-radio1,

                          ap1-radio1,

--------------------------------------------------------------------------------

Group ID                : 2

Description             : marketing

Group members           : ap3-radio1,

--------------------------------------------------------------------------------

Table 48 Command output

Field

Description

Group members

List of radios in the load balancing group.

 

display wlan load-balance status service-template

Use display wlan load-balance status service-template to display load balancing information for radios that are bound to a service template.

Syntax

display wlan load-balance status service-template template-name { client mac-address | group group-id }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

group-id: Displays information about radios in a load balancing group. The group-id argument specifies the ID of the load balancing group, in the range of 1 to 65535.

mac-address: Displays information about radios that have detected a client. The mac-address argument represents the MAC address of the client and is in H-H-H format.

Examples

# Display load balancing information for radios that are bound to service template st1 and are in load balancing group 1.

<Sysname> display wlan load-balance status service-template st1 group 1

Current load balancing mode (threshold/gap): session (2/1)

Total radios: 4

 

APID/RID  Group ID  Session  Bandwidth(Mbps)  Traffic(%)  Balance(Y/N)

----------------------------------------------------------------------------------------

1/1       1         2        100              5           Y

1/2       1         10       50               10          N

2/1       1         2        10               1           Y

2/2       1         2        0                0           Y

# Display load balancing information for radios that are bound to service template st1 and that detect the client with MAC address 702d-2249-33bf.

<Sysname> display wlan load-balance status service-template st1 client 702d-2249-33bf

Current load balancing mode (threshold/gap): session (2/1)

Load balancing group exist: Yes

Total radios: 4

 

APID/RID  Group ID  Session  Bandwidth(Mbps)  Traffic(%)  Balance(Y/N)

----------------------------------------------------------------------------------------

3/1       0         2        100              5           Y

1/2       1         10       50               10          N

4/1       1         2        10               1           Y

4/2       0         2        0                0           Y

Table 49 Command output

Field

Description

Load-balance group exist

Whether load balancing groups exist: Yes or No.

Group ID

Load balancing group ID. The value of 0 indicates that the radio is not in a load balancing group.

Session

Number of clients associated with the radio.

Bandwidth(Mbps)

Bandwidth of the radio in Mbps.

Traffic(%)

Percentage of the traffic on the radio to the maximum bandwidth supported by the radio.

Balance(Y/N)

Load balancing status:

·         Y—The radio has been load balanced.

·         N—The radio has not been load balanced.

 

snmp-agent trap enable wlan load-balance

Use snmp-agent trap enable wlan load-balance to enable SNMP notifications for WLAN load balancing.

Use undo snmp-agent trap enable wlan load-balance to restore the default.

Syntax

snmp-agent trap enable wlan load-balance

undo snmp-agent trap enable wlan load-balance

Default

SNMP notifications for WLAN load balancing are disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN load balancing events to an NMS, enable SNMP notifications for WLAN load balancing. For WLAN load balancing event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for WLAN load balancing.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan load-balance

wlan load-balance access-denial

Use wlan load-balance access-denial to set the maximum number of denials for association requests.

Use undo wlan load-balance access-denial to restore the default.

Syntax

wlan load-balance access-denial access-denial

undo wlan load-balance access-denial

Default

The maximum number of denials is 10 for association requests.

Views

System view

Predefined user roles

network-admin

Parameters

access-denial: Specifies the maximum number of denials for association requests, in the range of 2 to 10.

Usage guidelines

If the number of times that an AP rejects a client reaches the maximum number of denials for association requests, the AP accepts the association request from the client.

Examples

# Set the maximum number of denials to 4 for association requests.

<Sysname> system-view

[Sysname] wlan load-balance access-denial 4

wlan load-balance enable

Use wlan load-balance enable to enable WLAN load balancing.

Use undo wlan load-balance enable to disable WLAN load balancing.

Syntax

wlan load-balance enable

undo wlan load-balance enable

Default

WLAN load balancing is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable WLAN load balancing.

<Sysname> system-view

[Sysname] wlan load-balance enable

wlan load-balance group

Use wlan load-balance group to create a load balancing group and enter its view.

Use undo wlan load-balance group to remove one or all load balancing groups.

Syntax

wlan load-balance group group-id

undo wlan load-balance group { group-id | all }

Default

No load balancing group exists.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a load balancing group by its ID. The value range for this argument is 1 to 65535.

all: Specifies all load balancing groups.

Usage guidelines

To perform load balancing among specific APs, you can add the radios of these APs to a load balancing group. The AC does not perform load balancing on radios that do not belong to the load balancing group.

Examples

# Create load balancing group 10 and enter its view.

<Sysname> system-view

[Sysname] wlan load-balance group 10

[Sysname-wlan-lb-group-10]

Related commands

ap radio

wlan load-balance mode bandwidth

Use wlan load-balance mode bandwidth to configure bandwidth-mode load balancing.

Use undo wlan load-balance mode to restore the default.

Syntax

wlan load-balance mode bandwidth value [ gap gap-value ]

undo wlan load-balance mode

Views

System view

Default

Session-mode load balancing is used.

Predefined user roles

network-admin

Parameters

value: Specifies the bandwidth threshold in the range of 1 to 500 Mbps.

gap-value: Specifies the bandwidth gap threshold in the range of 1 to 200 Mbps. The default bandwidth gap threshold is 20 Mbps.

Usage guidelines

The AC performs bandwidth-mode load balancing when the following conditions are met:

·          The bandwidth of an AP reaches the bandwidth threshold.

·          The bandwidth gap between the AP and the AP that has the smallest bandwidth reaches the bandwidth gap threshold.

Examples

# Set the load balancing mode to bandwidth mode, and set the bandwidth threshold and bandwidth gap threshold to 100 Mbps and 20 Mbps, respectively.

<Sysname> system-view

[Sysname] wlan load-balance mode bandwidth 100 gap 20

wlan load-balance mode session

Use wlan load-balance mode session to configure session-mode load balancing.

Use undo wlan load-balance mode to restore the default.

Syntax

wlan load-balance mode session value [ gap gap-value ]

undo wlan load-balance mode

Default

Session-mode load balancing is used, and the session threshold is 20.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the session threshold in the range of 1 to 120.

gap-value: Specifies the session gap threshold in the range of 1 to 12. The default session gap threshold is 4.

Usage guidelines

The AC performs session-mode load balancing when the following conditions are met:

·          The number of clients associated with an AP reaches the session threshold.

·          The session gap between the AP and the AP that has the fewest clients reaches the session gap threshold.

Examples

# Set the load balancing mode to session mode, and set the session threshold and session gap threshold to 7 and 5, respectively.

<Sysname> system-view

[Sysname] wlan load-balance mode session 7 gap 5

wlan load-balance mode traffic

Use wlan load-balance mode traffic to configure traffic-mode load balancing.

Use undo wlan load-balance mode to restore the default.

Syntax

wlan load-balance mode traffic value [ gap gap-value ]

undo wlan load-balance mode

Default

Session-mode load balancing is used.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the traffic threshold in the ratio between the traffic and the maximum bandwidth of an AP. The value range for this argument is 1% to 80%.

gap-value: Specifies the traffic gap threshold in the ratio between the traffic gap and the maximum bandwidth of an AP. The value range for this argument is 10% and 40%. The default traffic gap threshold is 20%.

Usage guidelines

The AC performs traffic-mode load balancing when the following conditions are met:

·          The traffic of an AP reaches the traffic threshold.

·          The traffic gap between the AP and the AP that has the least traffic reaches the traffic gap threshold.

Examples

# Set the load balancing mode to traffic mode, and set the traffic threshold and traffic gap threshold to 25% and 20%, respectively.

<Sysname> system-view

[Sysname] wlan load-balance mode traffic 25 gap 20

wlan load-balance rssi-threshold

Use wlan load-balance rssi-threshold to set the received signal strength indicator (RSSI) threshold.

Use undo wlan load-balance rssi-threshold to restore the default.

Syntax

wlan load-balance rssi-threshold rssi-threshold

undo wlan load-balance rssi-threshold

Default

The RSSI threshold is 25.

Views

System view

Predefined user roles

network-admin

Parameters

rssi-threshold: Specifies the RSSI threshold in the range of 5 to 100.

Usage guidelines

A client might be detected by multiple APs. An AP considers a client not detected if the client's RSSI is lower than the load balancing RSSI threshold. If only one AP can detect the client, the AP increases the access probability for the client even if it is overloaded.

Examples

# Set the RSSI threshold to 40.

<Sysname> system-view

[Sysname] wlan load-balance rssi-threshold 40


WLAN radio resource measurement commands

display wlan measure-report

Use display wlan measure-report to display measurement reports for clients.

Syntax

display wlan measure-report ap ap-name radio radio-id [ client mac-address mac-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

radio radio-id: Specifies a radio by its number. The value range varies by device model.

client mac-address mac-address: Specifies a client by its MAC address. If you do not specify a client, this command displays measurement reports for all clients.

Examples

# Display measurement reports for clients associated with radio 2 of the AP ap1.

<Sysname> display wlan measure-report ap ap1 radio 2

Total number of clients: 1

 

Client MAC address                               : 0aef-e760-3587

Link measurement:

  Link margin                                    : 2 dBm

  RCPI                                           : -85 dBm

  RSNI                                           : 53 dBm

Noise histogram:

  Antenna ID                                     : 3

  ANPI                                           : -56 dBm

  IPI0 to IPI10 density                          : 5 12 16 13 8 5 5 15 17 1 3

Spectrum measurement:

  Transmit power                                 : 20 dBm

  BSS                                            : Detected

  OFDM preamble                                  : Detected

  Radar                                          : Detected

  Unidentified signal                            : Undetected

  CCA busy fraction                              : 60

  RPI0 to RPI7 density                           : 3 7 11 19 15 23 15 7

Frame report entry:

  BSSID                                          : a072-2351-e253

  PHY type                                       : fhss

  Average RCPI                                   : -10 dBm

  Last RSNI                                      : 2 dBm

  Last RCPI                                      : -20 dBm

  Frames                                         : 1

Dot11BSSAverageAccessDelay group:

  Average access delay                           : 32 ms

  BestEffort average access delay                : 1 ms

  Background average access delay                : 1 ms

  Video average access delay                     : 1 ms

  Voice average access delay                     : 1 ms

  Clients                                        : 32

  Channel utilization rate                       : 11

Transmit stream:

  Traffic ID                                     : 0

  Sent MSDUs                                     : 60

  Discarded MSDUs                                : 5

  Failed MSDUs                                   : 3

  MSDUs resent multiple times                    : 3

  Lost QoS CF-Polls                              : 2

  Average queue delay                            : 2 ms

  Average transmit delay                         : 1 ms

  Bin0 range                                     : 0 to 10 ms

  Bin0 to Bin5                                   : 5 10 10 5 10 10

Table 50 Command output

Field

Description

Link margin

Gap between the received RSSI and the lowest available RSSI.

RCPI

Received Channel Power Indicator.

RSNI

Received Signal to Noise Indicator.

ANPI

Average Noise Power Indicator during the measurement.

IPI0 to IPI10 density

Percentage of time for different IPI ranges to the total measurement period.

IPIn represents an IPI range. The value for n is in the range of 1 to 10:

·         0: IPI <= –92 dBm.

·         1: –92 dBm < IPI <=–89 dBm.

·         2: –89 dBm < IPI <= –86 dBm.

·         3: –86 dBm < IPI <= –83 dBm.

·         4: –83 dBm < IPI <= –80 dBm.

·         5: –80 dBm < IPI <= –75 dBm

·         6: –75 dBm < IPI <= –70 dBm.

·         7: –70 dBm < IPI <= –65 dBm.

·         8: –65 dBm < IPI <= –60 dBm.

·         9: –60 dBm < IPI <= –55 dBm.

·         10: –55 dBm < IPI.

Transmit power

Transmission power of the client.

BSS

Whether the client has detected wireless packets from other BSSs.

OFDM preamble

Whether the client has detected OFDM preambles.

Radar

Whether the client has detected radar signals.

Unidentified signal

Whether the client has detected unknown signals.

CCA busy fraction

Percentage of busy time for a channel to the total measurement period.

RPI0 to RPI7 density

Percentage of time for different RPI ranges to the total measurement period.

RPIn represents a RPI range. The value for n is in the range of 1 to 7:

·         0: RPI <= –87 dBm.

·         1: –87 dBm < RPI <= –82 dBm.

·         2: –82 dBm < RPI <= –77 dBm.

·         3: –77 dBm < RPI <= –72 dBm.

·         4: –72 dBm < RPI <= –67 dBm.

·         5: –67 dBm < RPI <= –62 dBm.

·         6: –62 dBm < RPI <= –57 dBm.

·         7: –57 dBm < RPI.

PHY type

Physical media type:

·         fhss.

·         dsss.

·         irbaseband.

·         ofdm.

·         hrdsss.

·         erp.

Frames

Number of frames from the same MAC address and BSSID during the measurement.

Bin0 range

Value range for Bin0.

Bin0 to Bin5

Number of successfully sent MSDUs for each average delay range.

Binx represents an average delay range. The value for x is in the range of 0 to 5:

·         Bin0: Delay< 10 ms.

·         Bin1: 10 ms <= Delay < 20 ms.

·         Bin2: 20 ms <= Delay < 40 ms.

·         Bin3: 40 ms <= Delay < 80 ms.

·         Bin4: 80 ms <= Delay < 160 ms.

·         Bin5: 160 ms <= Delay.

 

measure

Use measure enable to enable the specified measurement feature or all measurement features.

Use measure disable to disable the specified measurement feature or all measurement features.

Use undo measure to restore the default.

Syntax

measure { all | link | neighbor | radio | spectrum | tpc } { disable | enable }

undo measure

Default

In radio view, the AP uses the configuration in AP group view.

In AP group radio view, measurement is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

all: Specifies all measurement features.

link: Specifies link measurement. Link measurement measures RCPI, RSNI, and link redundancy for the requested link.

neighbor: Specifies neighbor measurement. Neighbor measurement measures the channel and BSSID of neighbor APs.

radio: Specifies radio measurement. Radio measurement measures channel load, noise histogram, beacons, frames, station statistics, locations, and transmit streams.

spectrum: Specifies spectrum measurement, which includes basic measurement, Clear Channel Assessment (CCA) measurement, and Receive Power Indication (RPI) measurement.

tpc: Specifies TPC measurement. TPC measurement measures link redundancy and transmission power for clients.

Usage guidelines

You must enable radio resource measurement if you enable link, neighbor, or radio measurement.

You must enable spectrum management if you enable spectrum or TPC measurement. For more information about spectrum management, see WLAN Configuration Guide.

The spectrum and tpc keywords are available only on 5 GHz radios.

Examples

# Enable spectrum measurement for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] measure spectrum enable

# Enable spectrum measurement for the AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] measure spectrum enable

Related commands

·          measure-duration

·          measure-interval

·          resource-measure

·          spectrum-management

measure-duration

Use measure-duration to set the measurement duration.

Use undo measure-duration to restore the default.

Syntax

measure-duration time

undo measure-duration

Default

In radio view, the AP uses the configuration in AP group view.

In AP group radio view, the measurement duration is 500 TUs.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

time: Specifies the measurement duration in the range of 1 to 10000 TUs. One TU is equal to 1024 microseconds.

Usage guidelines

When measurement is enabled on an AP, measurement requests from the AP to clients carry the measurement duration.

Examples

# Set the measurement duration to 512 TUs for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] measure-duration 512

# Set the measurement duration to 512 TUs for the AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] measure-duration 512

Related commands

·          measure

·          measure-interval

measure-interval

Use measure-interval to set the measurement interval for an AP to send measurement requests to clients.

Use undo measure-interval to restore the default.

Syntax

measure-interval value

undo measure-interval

Default

In radio view, the AP uses the configuration in AP group view.

In AP group radio view, the measurement interval is 30 seconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

value: Specifies the measurement interval in the range of 10 to 60 seconds.

Examples

# Set the measurement interval to 35 seconds for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] measure-interval 35

# Set the measurement interval to 35 seconds for the AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] measure-interval 35

Related commands

·          measure

·          measure-duration

resource-measure

Use resource-measure enable to enable radio resource measurement.

Use resource-measure disable to disable radio resource measurement.

Use undo resource-measure to restore the default.

Syntax

resource-measure { disable | enable }

undo resource-measure

Default

In radio view, the AP uses the configuration in AP group view.

In AP group radio view, radio resource measurement is disabled.

Views

Radio view

AP group view

Predefined user roles

network-admin

Usage guidelines

When radio measurement is enabled on an AP, the AP sets the Radio Measurement field to 1 in beacons, probe responses, association responses, or reassociation responses. It notifies the clients that they can send measurement requests. These frames also carry measurement capabilities of the AP to inform clients of measurement types that the AP supports.

The AP periodically sends Measurement Pilot frames to help clients fast discover the AP. Measurement Pilot frames are sent more frequently than beacons and carry less information.

Examples

# Enable radio resource measurement for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] resource-measure enable

# Enable radio resource measurement for the AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] resource-measure enable

rm-capability mode

Use rm-capability mode to set the match mode for client radio resource measurement capabilities.

Use undo rm-capability mode to restore the default.

Syntax

rm-capability mode { all | none | partial }

undo rm-capability mode

Default

In radio view, the AP uses the configuration in AP group view.

In AP group radio view, the match mode is none for client radio resource measurement capabilities.

Views

Radio view

AP group view

Predefined user roles

network-admin

Parameters

all: Specifies the all mode. A client is allowed to associate with an AP only when all its radio resource measurement capabilities match the AP's radio resource measurement capabilities.

none: Specifies the none mode. The AP does not check client radio resource measurement capabilities.

partial: Specifies the partial mode. A client is allowed to associate with an AP as long as one of its radio resource measurement capabilities matches any of the AP's radio resource measurement capabilities.

Usage guidelines

The configuration takes effect only when radio resource measurement is enabled.

Examples

# Set the match mode to partial for client radio resource measurement capabilities for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] resource-measure enable

[Sysname-wlan-ap-ap1-radio-2] rm-capability mode partial

# Set the match mode to partial for client radio resource measurement capabilities for the AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] rm-capability mode partial

Related commands

resource-measure


Channel scanning commands

scan channel blacklist

Use scan channel blacklist to configure the channel scanning blacklist.

Use undo scan channel blacklist to remove the specified channels from the channel scanning blacklist.

Syntax

scan channel blacklist channel-list

undo scan channel blacklist { channel-list | all }

Default

In radio view, a radio uses the configuration in AP group radio view

In AP group radio view, no channel scanning blacklist exists.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

channel-list: Specifies channels by their channel numbers in the range of 1 to 165.

all: Specifies all channels in the channel scanning blacklist.

Usage guidelines

After you configure the channel scanning blacklist for an AP, the AP will not scan channels in the blacklist. You cannot configure both the channel scanning blacklist and whitelist for the same AP. Before configuring the channel scanning blacklist, remove all channels in the channel scanning whitelist.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Add channels 1 and 6 to the channel scanning blacklist for AP 1.

<Sysname> system-view

[Sysname] wlan ap 1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] scan channel blacklist 1 6

# Add channels 1 and 6 to the channel scanning blacklist for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA536-WW

[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 2

[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-2] scan channel blacklist 1 6

scan channel whitelist

Use scan channel whitelist to configure the channel scanning whitelist.

Use undo scan channel whitelist to remove the specified channels from the channel scanning whitelist.

Syntax

scan channel whitelist channel-list

undo scan channel whitelist { channel-list | all }

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, no channel scanning whitelist exists.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

channel-list: Specifies channels by their channel numbers in the range of 1 to 165.

all: Specifies all channels in the channel scanning whitelist.

Usage guidelines

After you configure the channel scanning whitelist for an AP, the AP will scan only channels in the whitelist. You cannot configure both the channel scanning blacklist and whitelist for the same AP. Before configuring the channel scanning whitelist, remove all channels in the channel scanning blacklist.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Add channels 1 and 6 to the channel scanning whitelist for AP 1.

<Sysname> system-view

[Sysname] wlan ap 1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] scan channel whitelist 1 6

# Add channels 1 and 6 to the channel scanning whitelist for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA536-WW

[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 2

[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-2] scan channel whitelist 1 6

scan idle-time

Use scan idle-time to set the service idle timeout.

Use undo scan idle-time to restore the default.

Syntax

scan idle-time idle-time

undo scan idle-time

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the service idle timeout is 100 milliseconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

idle-time: Specifies the service idle timeout in the range of 60 to 5000 milliseconds. The service idle timeout cannot be greater than the maximum service period.

Usage guidelines

During a service period, an AP does not begin a new scanning period until the current service period exceeds the scanning period even if the specified service idle timeout expires.

The service idle timeout must be a multiple of the beacon interval. If you set a service idle timeout that is smaller than the beacon interval, the value of the beacon interval is used as the service idle timeout.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the service idle timeout to 500 milliseconds for AP 1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] scan idle-time 500

# Set the service idle timeout timer to 500 milliseconds for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA536-WW

[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] scan idle-time 500

Related commands

beacon interval

scan max-service-time

Use scan max-service-time to set the maximum service period.

Use undo scan max-service-time to restore the default.

Syntax

scan max-service-time { max-service-time | no-limit }

undo scan max-service-time

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the maximum service period is 5000 milliseconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

max-service-time: Specifies the maximum service period in the range of 100 to 5000 milliseconds. When the maximum service period for an AP is reached, the AP begins a scanning period regardless of whether it has traffic to forward.

no-limit: Configures the radio to not limit the service period. Specify this keyword to ensure wireless service quality. The AP does not start a scanning period unless the service idle timeout expires.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum service period to 3000 milliseconds for AP 1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] scan max-service-time 3000

# Set the maximum service period to 3000 milliseconds for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA536-WW

[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] scan max-service-time 3000

scan mode all

Use scan mode all to enable an AP to scan all channels.

Use undo scan mode to disable an AP from scanning all channels.

Syntax

scan mode all [ interval interval-value ]

undo scan mode

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, an AP does not scan all channels.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the interval at which an AP alternatively scans 2.4 GHz channels and 5 GHz channels. The value range for the interval-value argument is 2000 to 10000 milliseconds and the default value is 3000 milliseconds.

Usage guidelines

This command is applicable only to dual-band radios.

After you configure this command for an AP, the AP alternatively scans 2.4 GHz channels and 5 GHz channels at the specified interval.

The configuration in radio view takes precedence over the configuration in AP group radio view.

This command is restricted to Hong Kong and Macao.

Examples

# Enable AP ap1 to scan all channels and set the interval-value argument to 5000 milliseconds.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4330-ACN

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-1] scan mode all interval 5000

This operation will affect WLAN access and RRM. Are you sure you want to perform

 this operation?[Y/N]:Y

# Enable APs with model WA4330-ACN in AP group 10 to scan all channels and set the interval-value argument to 5000 milliseconds.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA4330-ACN

[Sysname-wlan-ap-group-10-ap-model-WA4330-ACN] radio 2

[Sysname-wlan-ap-group-10-ap-model-WA4330-ACN-radio-2] scan mode all interval 5000

This operation will affect WLAN access and RRM. Are you sure you want to perform

 this operation?[Y/N]:Y

scan scan-time

Use scan scan-time to set the scanning period.

Use undo scan scan-time to restore the default.

Syntax

scan scan-time scan-time

undo scan scan-time

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the scanning period is 100 milliseconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

scan-time: Specifies the scanning period in the range of 100 to 5000 milliseconds. The scanning period cannot be greater than the maximum service period.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the scanning period to 500 milliseconds for AP 1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] scan scan-time 500

# Set the scanning period to 500 milliseconds for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA536-WW

[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] scan scan-time 500


Band navigation commands

band-navigation

Use band-navigation enable to enable band navigation for an AP or AP group.

Use band-navigation disable to disable band navigation for an AP or AP group.

Use undo band-navigation to restore the default.

Syntax

band-navigation { disable | enable }

undo band-navigation

Default

In AP view, the AP uses the configuration in AP group view.

In AP group view, band navigation is enabled for an AP group.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

Band navigation takes effect on an AP only after you enable band navigation both globally and for the AP.

Examples

# Enable band navigation for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] band-navigation enable

# Enable band navigation for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] band-navigation enable

Related commands

wlan band-navigation enable

wlan band-navigation aging-time

Use wlan band-navigation aging-time to set the client information aging time.

Use undo wlan band-navigation aging-time to restore the default.

Syntax

wlan band-navigation aging-time aging-time

undo wlan band-navigation aging-time

Default

The client information aging time is 180 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the client information aging time in the range of 10 to 600 seconds.

Usage guidelines

When an AP receives an association request from a client, the AP records the client's information and starts the client information aging timer. If the AP does not receive any probe requests or association requests from the client before the aging timer expires, the AP deletes the client's information.

Configure an appropriate client information aging time to ensure both client association and system resource efficiency.

Examples

# Set the client information aging time to 50 seconds.

<Sysname> system-view

[Sysname] wlan band-navigation aging-time 50

wlan band-navigation balance access-denial

Use wlan band-navigation balance access-denial to set the maximum number of denials for 5 GHz association requests.

Use undo wlan band-navigation balance access-denial to restore the default.

Syntax

wlan band-navigation balance access-denial access-denial

undo wlan band-navigation balance access-denial

Default

The AP does not reject 5 GHz association requests.

Views

System view

Predefined user roles

network-admin

Parameters

access-denial: Specifies the maximum number of denials for 5 GHz association requests, in the range of 1 to 10.

Usage guidelines

If the number of times that a 5 GHz radio rejects a client reaches the specified maximum number, the radio accepts the association request of the client.

Examples

# Set the maximum number of denials to 5 for 5 GHz association requests.

<Sysname> system-view

[Sysname] wlan band-navigation balance access-denial 5

wlan band-navigation balance session

Use wlan band-navigation balance session to configure load balancing for band navigation.

Use undo wlan band-navigation balance session to restore the default.

Syntax

wlan band-navigation balance session session [ gap gap ]

undo wlan band-navigation balance session

Default

Load balancing is disabled for band navigation.

Views

System view

Predefined user roles

network-admin

Parameters

session: Specifies the client number threshold for the 5 GHz radio, in the range of 2 to 120.

gap: Specifies the threshold for the client number gap between the 5 GHz radio and the radio that has the fewest clients. The value range for this argument is 1 to 8 and the default value is 4.

Usage guidelines

If you enable band navigation but do not enable load balancing, the AC prefers directing dual-band clients to the 5 GHz radio.

The AP rejects the 5 GHz association request of a client when the following conditions are met:

·          The number of clients on the 5 GHz radio reaches the specified threshold.

·          The client number gap between the 5 GHz radio and the radio that has the fewest clients reaches the specified threshold.

Examples

# Enable load balancing for band navigation, and set the client number threshold and session gap threshold to 10 and 5, respectively.

<Sysname> system-view

[Sysname] wlan band-navigation balance session 10 gap 5

wlan band-navigation enable

Use wlan band-navigation enable to enable band navigation globally.

Use undo wlan band-navigation enable to restore the default.

Syntax

wlan band-navigation enable

undo wlan band-navigation enable

Default

Band navigation is disabled globally.

Views

System view

Predefined user roles

network-admin

Usage guidelines

For band navigation to take effect, make sure fast association is disabled for the wireless service template.

Band navigation takes effect on an AP only when you enable band navigation both globally and for the AP.

Examples

# Enable band navigation globally.

<Sysname> system-view

[Sysname] wlan band-navigation enable

Related commands

·          band-navigation

·          quick-association enable

wlan band-navigation rssi-threshold

Use wlan band-navigation rssi-threshold to set the received signal strength indicator (RSSI) threshold for band navigation.

Use undo wlan band-navigation rssi-threshold to restore the default.

Syntax

wlan band-navigation rssi-threshold rssi-threshold

undo wlan band-navigation rssi-threshold

Default

The RSSI threshold for band navigation is 15.

Views

System view

Predefined user roles

network-admin

Parameters

rssi-threshold: Specifies the RSSI threshold for band navigation, in the range of 5 to 100.

Usage guidelines

A client might be detected by multiple radios. A 5 GHz radio rejects the association request of a client if the client's RSSI is lower than the band navigation RSSI threshold.

Examples

# Set the RSSI threshold for band navigation to 40.

<Sysname> system-view

[Sysname] wlan band-navigation rssi-threshold 40


WLAN high availability commands

Dual-link backup commands

backup-ac

Use backup-ac to specify a backup AC.

Use undo backup-ac to restore the default.

Syntax

backup-ac { ip ipv4-address | ipv6 ipv6-address }

undo backup-ac { ip | ipv6 }

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, no backup AC is specified.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

ip ip-address: Specifies a backup AC by its IPv4 address.

ipv6 ipv6-address: Specifies a backup AC by its IPv6 address.

Usage guidelines

You can specify only one IPv4 address or one IPv6 address in either AP view or AP group view.

The configuration in AP view takes precedence over the configuration in AP group view. If you execute the undo command in AP view, the backup AC specified in AP group view will be used.

Executing the undo command also terminates the backup CAPWAP tunnel.

Examples

# Specify a backup AC for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] backup-ac ip 192.168.1.1

# Specify a backup AC for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] backup-ac ip 192.168.1.1

wlan tunnel-preempt

Use wlan tunnel-preempt enable to enable master CAPWAP tunnel preemption.

Use wlan tunnel-preempt disable to disable master CAPWAP tunnel preemption.

Use undo wlan tunnel-preempt to restore the default.

Syntax

wlan tunnel-preempt { disable | enable }

undo wlan tunnel-preempt

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, master CAPWAP tunnel preemption is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the backup CAPWAP tunnel will become the master tunnel if the backup AC has higher AP connection priority than the master AC.

When this feature is disabled, the backup CAPWAP tunnel becomes the master tunnel only when the master AC fails.

Examples

# Enable master CAPWAP tunnel preemption for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-ap-ap1] wlan tunnel-preempt enable

# Enable master CAPWAP tunnel preemption for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] wlan tunnel-preempt enable

# Enable master CAPWAP tunnel preemption globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] wlan tunnel-preempt enable

AP load balancing commands

The following matrix shows the feature and hardware compatibility:

 

Hardware series

Model

AP load balancing compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

No

WX3800H series

WX3820H

WX3840H

Yes

WX5800H series

WX5860H

Yes

 

display wlan ap backup multislot

Use display wlan ap-backup multislot to display AP load balancing status for all IRF member ACs.

Syntax

display wlan ap backup multislot

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display AP load balancing status for all IRF member ACs.

<Sysname> display wlan ap backup multislot

Borad Status

 

Total number of slots: 2

 Slot ID              State

 1                      active-backup

 2                      active-only

Table 51 Command output

Field

Description

Total number of slots

Number of IRF member ACs.

Slot ID

IRF member ID of an AC.

State

AP load balancing and backup status:

·         active-backup—The AC is an active AC and backs up AP information.

·         active-only—The AC is an active AC only.

·         backup-only—The AC only backs up AP information.

·         inactive—The AC is not active AC and does not back up AP information.

 

wlan ap-backup active count

Use wlan ap-backup active count to set the number of active ACs in an IRF fabric.

Use undo wlan ap-backup active count to restore the default.

Syntax

wlan ap-backup active count number

undo wlan ap-backup active count

Default

The number of active ACs is 1. Only the master AC can act as an active AC to establish CAPWAP tunnels with APs.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies the number of active ACs. The value range varies by device model.

Usage guidelines

After you set the number of active ACs, the master AC will select an active AC among the non-active ACs according to the order in which they are saved to the AC information table. An AC has higher priority if its information is saved earlier.

When an active AC fails, the master AC randomly selects a new active AC from non-active ACs.

Examples

# Set the number of active ACs to 2.

<Sysname> system-view

[Sysname] wlan ap-backup active count 2

wlan ap-backup load-balance

Use wlan ap-backup load-balance to set the threshold and gap threshold for AP load balancing.

Use undo wlan ap-backup load-balance to restore the default.

Syntax

wlan ap-backup load-balance threshold threshold-value gap gap-value

undo wlan ap-backup load-balance threshold

Default

The AP load-balancing threshold is the maximum number of APs supported by the current AC. The gap threshold is a quarter of APs associated with the directly connected AC.

Views

System view

Predefined user roles

network-admin

Parameters

threshold threshold-value: Specifies the threshold in the range of 0 to 65534 for AP load balancing. The threshold-value argument represents the number of APs associated with the directly connected AC.

gap gap-value: Specifies the gap threshold for AP load balancing in percentage. The value range for the gap-value argument is 0 to 100. The gap-value argument represents the percentage of the AP number difference between the directly connected AC and any other active AC to the AP number on the directly connected AC.

Usage guidelines

This command specifies the threshold and gap threshold used in the load balancing algorithm. In an IRF fabric, the master AC uses the LB algorithm to select an AC from active ACs to establish a CAPWAP tunnel with a requesting AP. For information about the LB algorithm, see WLAN high availability in WLAN Configuration Guide.

Examples

# Set the threshold to 3 and the gap threshold to 20% for AP load balancing.

<Sysname> system-view

[Sysname] wlan ap-backup load-balance threshold 3 gap 20

WLAN uplink detection commands

wlan uplink track

Use wlan uplink track to associate a track entry with WLAN uplink detection.

Use undo wlan uplink track to restore the default.

Syntax

wlan uplink track track-entry-number

undo wlan uplink track

Default

WLAN uplink detection is not associated with any track entry.

Views

System view

Predefined user roles

network-admin

Parameters

track-entry-number: Specifies a track entry ID in the range of 1 to 1024.

Usage guidelines

This command enables the AC to adjust radio state based on the uplink state associated with a track entry. When the track entry is in Negative state, the AC disables radios of all connected APs. When the track entry is in Positive state, the AC enables radios of all connected APs.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Associate track entry 1 with WLAN uplink detection.

<Sysname> system-view

[Sysname] wlan uplink track 1

 

 


WLAN 802.11r commands

ft enable

Use ft enable to enable fast BSS transition (FT).

Use undo ft enable to disable FT.

Syntax

ft enable

undo ft enable

Default

FT is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

FT minimizes the delay when a client roams from a BSS to another BSS within the same ESS. During 802.11r FT, a client needs to exchange messages with the target AP. FT provides two message exchanging methods.

Enable FT only when the service template is disabled.

If FT is enabled, you must disable WPA IE and local authentication.

Examples

# Enable FT.

<Sysname> system-view

[Sysname] wlan service-template st

[Sysname-wlan-st-st] ft enable

ft method

Use ft method to set the FT method.

Use undo ft method to restore the default.

Syntax

ft method { over-the-air | over-the-ds }

undo ft method

Default

The FT method is over-the-air.

Views

Service template view

Predefined user roles

network-admin

Parameters

over-the-air: Specifies over-the-air FT. This method enables clients to communicate directly with the target AP for pre-roaming authentication.

over-the-ds: Specifies over-the-DS FT. This method enables clients to communicate with the target AP through the current AP for pre-roaming authentication.

Usage guidelines

Set the FT method only when the service template is disabled.

This command takes effect only when FT is enabled.

Examples

# Set the FT method to over-the-DS.

<Sysname> system-view

[Sysname] wlan service-template st

[Sysname-wlan-st-st] ft method over-the-ds

Related commands

ft enable

ft reassociation-timeout

Use ft reassociation-timeout to set the reassociation timeout timer.

Use undo ft reassociation-timeout to restore the default.

Syntax

ft reassociation-timeout timeout

undo ft reassociation-timeout

Default

The reassociation timeout timer is 20 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

timeout: Specifies the reassociation timeout timer in the range of 1 to 100 seconds.

Usage guidelines

Set the reassociation timeout timer only when the service template is disabled.

This command takes effect only when FT is enabled.

The roaming process is terminated if a client does not send any reassociation requests before the timeout timer expires.

Examples

# Set the reassociation timeout timer to 30 seconds.

<Sysname> system-view

[Sysname] wlan service-template st

[Sysname-wlan-st-st] ft reassociation-timeout 30

Related commands

ft enable

 


Wireless location commands

display wlan rfid-tracking radio

Use display wlan rfid-tracking radio to display radio information for wireless location.

Syntax

display wlan rfid-tracking radio [ ap ap-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), dots (.), left brackets ([), right brackets (]), slashes (/), and minus signs (-). If you do not specify this option, the command displays radio information for all APs.

Examples

# Display radio information for wireless location.

<Sysname> display wlan rfid-tracking radio

                            Wireless Locating

--------------------------------------------------------------------------------

 AP name                            Radio ID   Type

--------------------------------------------------------------------------------

 ap1                                1          MU/Tag

 ap2                                1          MU

 ap3                                2          Tag

 ap4                                1          N/A

--------------------------------------------------------------------------------

Table 52 Command output

Field

Description

Type

Type of devices to locate:

·         MU/TagBoth MU and Tag devices.

·         MU.

·         Tag.

·         N/AType of devices to locate is not specified.

 

rfid-tracking client rate-limit

Use rfid-tracking client rate-limit enable to enable rate limiting on incoming wireless packets for an AP.

Use rfid-tracking client rate-limit disable to disable rate limiting on incoming wireless packets for an AP.

Use undo rfid-tracking client rate-limit to restore the default.

Syntax

rfid-tracking client rate-limit { disable | enable }

undo rfid-tracking client rate-limit

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, rate limiting on wireless packets is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AP to not report location information from excessive client packets when both the CIR and CBS are exceeded. This feature ensures that the location information for each client can be sent to the location server and prevents client packets from flooding the AP.

If packet dilution is enabled, this feature limits the rate for diluted packets.

Examples

# Enable rate limiting on incoming wireless packets for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking client rate-limit enable

# Enable rate limiting on incoming wireless packets for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking client rate-limit enable

# Enable rate limiting on incoming wireless packets globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking client rate-limit enable

Related commands

rfid-tracking client rate-limit cir

rfid-tracking fingerprint enable

rfid-tracking client rate-limit cir

Use rfid-tracking client rate-limit cir to set the rate limits for incoming wireless packets.

Use undo rfid-tracking client rate-limit cir to restore the default.

Syntax

rfid-tracking client rate-limit cir cir [ cbs cbs ]

undo rfid-tracking client rate-limit cir

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, both the CBS and CIR are 0.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

cir cir: Specifies the CIR for incoming wireless packets, in the range of 1 to 1300000 kbps.

cbs cbs: Specifies the CBS for incoming wireless packets, in the range of 80 to 130000000 bytes. The default CBS is the CIR × 700 bytes.

Usage guidelines

The CIR and CBS configuration takes effect only when you enable rate limiting on incoming wireless packets.

Examples

# Set the CIR and CBS to 200000 kbps and 50000 bytes, respectively for incoming wireless packets for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking client rate-limit cir 200000 cbs 50000

# Set the CIR and CBS to 200000 kbps and 50000 bytes, respectively for incoming wireless packets for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking client rate-limit cir 200000 cbs 50000

# Set the CIR to 200000 kbps and the CBS to 50000 bytes globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking client rate-limit cir 200000 cbs 50000

Related commands

rfid-tracking client rate-limit enable

rfid-tracking dilution

Use rfid-tracking dilution enable to enable packet dilution.

Use rfid-tracking dilution disable to disable packet dilution.

Use undo rfid-tracking dilution to restore the default.

Syntax

rfid-tracking dilution { disable | enable }

undo rfid-tracking dilution

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, packet dilution is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

This feature takes effect only on MU clients. It controls the number of location packets from an AP to the location server.

Examples

# Enable packet dilution for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking dilution enable

# Enable packet dilution for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking dilution enable

# Enable packet dilution globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking dilution enable

Related commands

rfid-tracking dilution factor

rfid-tracking fingerprint enable

rfid-tracking mode mu

rfid-tracking dilution factor

Use rfid-tracking dilution factor to set packet dilution parameters.

Use undo rfid-tracking dilution factor to restore the default.

Syntax

rfid-tracking dilution factor factor timeout timeout

undo rfid-tracking dilution factor

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, no packet dilution parameter is configured.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

factor factor: Specifies the dilution factor in the range of 1 to 10000.

timeout timeout: Specifies the dilution timeout timer in the range of 1 to 60 seconds.

Usage guidelines

Packet dilution takes effect only on MU clients.

If the dilution factor is 10 and the timeout timer is 5 seconds, the AP sends a location packet every time it receives 10 wireless packets, excluding management and broadcast packets, from an MU. If the AP fails to receive 10 packets from an MU client within the timeout timer, it sends the most recent wireless packet to the location server.

The dilution factor and dilution timeout timer take effect only when you enable packet dilution.

Examples

# Set the dilution factor to 10 and the dilution timeout timer to 10 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking dilution factor 10 timeout 10

# Set the dilution factor to 10 and the dilution timeout timer to 10 seconds for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking dilution factor 10 timeout 10

# Set the dilution factor to 10 and the dilution timeout timer to 10 seconds globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking dilution factor 10 timeout 10

Related commands

rfid-tracking dilution enable

rfid-tracking fingerprint

Use rfid-tracking fingerprint enable to enable RF fingerprinting.

Use rfid-tracking fingerprint disable to disable RF fingerprinting.

Use undo rfid-tracking fingerprint to restore the default.

Syntax

rfid-tracking fingerprint { disable | enable }

undo rfid-tracking fingerprint

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, RF fingerprinting is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

For an AP to send location packets to the location server, you must enable both RF fingerprinting and radio-based location.

Examples

# Enable RF fingerprinting for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking fingerprint enable

# Enable RF fingerprinting for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking fingerprint enable

# Enable RF fingerprinting globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking fingerprint enable

Related commands

rfid-tracking radio enable

rfid-tracking fingerprint engine-address

Use rfid-tracking fingerprint engine-address to specify an IPv4 address and a port number for the RF fingerprinting server.

Use undo rfid-tracking fingerprint engine-address to restore the default.

Syntax

rfid-tracking fingerprint engine-address engine-address engine-port engine-port

undo rfid-tracking fingerprint engine-address

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, the IPv4 address and port number for the RF fingerprinting server are not configured.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

engine-address engine-address: Specifies an IPv4 address for the RF fingerprinting server.

engine-port engine-port: Specifies a port number for the RF fingerprinting server, in the range of 1 to 65535.

Usage guidelines

APs send location packets to the specified IPv4 address and port number for communicating with the RF fingerprinting server.

Examples

# Set the IPv4 address and port number for the RF fingerprinting server to 192.168.10.10 and 1145 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking fingerprint engine-address 192.168.10.10 engine-port 1145

# Set the IPv4 address and port number for the RF fingerprinting server to 192.168.10.10 and 1145 for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group10] rfid-tracking fingerprint engine-address 192.168.10.10 engine-port 1145

# Set the IPv4 address and port number for the RF fingerprinting server to 192.168.10.10 and 1145 globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking fingerprint engine-address 192.168.10.10 engine-port 1145

rfid-tracking fingerprint mu-report

Use rfid-tracking fingerprint mu-report enable to enable MU information reporting.

Use rfid-tracking fingerprint mu-report disable to disable MU information reporting.

Use undo rfid-tracking fingerprint mu-report to restore the default.

Syntax

rfid-tracking fingerprint mu-report { disable | enable }

undo rfid-tracking fingerprint mu-report

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, MU information reporting is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AP to encapsulate MU information in location packets. MU information includes the IP address and the transmission rate of an MU.

Examples

# Enable MU information reporting for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking fingerprint mu-report enable

# Enable MU information reporting for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group10] rfid-tracking fingerprint mu-report enable

# Enable MU information reporting globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking fingerprint mu-report enable

rfid-tracking fingerprint raw-frame-report

Use rfid-tracking fingerprint raw-frame-report enable to enable raw frame reporting.

Use rfid-tracking fingerprint raw-frame-report disable to disable raw frame reporting.

Use undo rfid-tracking fingerprint raw-frame-report to restore the default.

Syntax

rfid-tracking fingerprint raw-frame-report { disable | enable }

undo rfid-tracking fingerprint raw-frame-report

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, raw frame reporting is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AP to encapsulate both the raw frames and the location information obtained from the frames in location packets.

Examples

# Enable raw frame reporting for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking fingerprint raw-frame-report enable

#Enable raw frame reporting for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group10] rfid-tracking fingerprint raw-frame-report enable

# Enable raw frame reporting globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking fingerprint raw-frame-report enable

rfid-tracking fingerprint report-format

Use rfid-tracking fingerprint report-format to specify the location packet format for RF fingerprinting.

Use undo rfid-tracking fingerprint report-format to restore the default.

Syntax

rfid-tracking fingerprint report-format { cupid-hybrid | general | light-weight }

undo rfid-tracking fingerprint report-format

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, location packets for RF fingerprinting are in general format.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

cupid-hybrid: Specifies the CUPID-hybrid packet format.

general: Specifies the general packet format.

light-weight: Specifies the lightweight packet format.

Usage guidelines

RF fingerprinting supports the following location packet formats:

·          CUPID-hybrid—An AP encapsulates only clients' MAC addresses and RSSIs in location packets.

·          General—This format is applicable to most scenarios. Most third-party location servers support only the general format.

·          Lightweight—An AP encapsulates location information for several clients in one lightweight location packet to save bandwidth. This format is applicable to traffic-sensitive scenarios.

Examples

# Configure AP ap1 to use the lightweight format to send RF fingerprinting location packets to the location server.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking fingerprint report-format light-weight

# Configure APs in AP group 10 to use the lightweight format to send RF fingerprinting location packets to the location server.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group10] rfid-tracking fingerprint report-format light-weight

# Configure APs to use the lightweight format to send RF fingerprinting packets to the location server globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking fingerprint report-format light-weight

rfid-tracking fingerprint report-mode

Use rfid-tracking fingerprint report-mode to specify the report mode for RF fingerprinting location packets.

Use undo rfid-tracking fingerprint report-mode to restore the default.

Syntax

rfid-tracking fingerprint report-mode { central | local }

undo rfid-tracking fingerprint report-mode

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, the local report mode is used.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

central: Specifies the central report mode.

local: Specifies the local report mode.

Usage guidelines

Both the AC (centralized report) and APs (local report) can report location packets to the location server. In the centralized report mode, APs need to send location packets to the AC first.

Examples

# Set the report mode for RF fingerprinting location packets to central for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking fingerprint report-mode central

# Set the report mode for RF fingerprinting location packets to central for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group10] rfid-tracking fingerprint report-mode central

# Set the report mode for RF fingerprinting location packets to central globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking fingerprint report-mode central

rfid-tracking fingerprint tag-multicast-address

Use rfid-tracking fingerprint tag-multicast-address to specify a multicast MAC address for Tags.

Use undo rfid-tracking fingerprint tag-multicast-address to restore the default.

Syntax

rfid-tracking fingerprint tag-multicast-address mac-address

undo rfid-tracking fingerprint tag-multicast-address

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, no multicast MAC address is specified for Tags.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in the format of H-H-H.

Usage guidelines

An AP identifies a Tag by the destination MAC address in the received wireless packet. If you do not specify a multicast MAC address for Tags, an AP determines that all received 802.11 packets are from MUs.

Examples

# Set the multicast MAC address for Tags to 0134-ed66-8923 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking fingerprint tag-multicast-address 0134-ed66-8923

# Set the multicast MAC address for Tags to 0134-ed66-8923 for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-ap-group-10] rfid-tracking fingerprint tag-multicast-address 0134-ed66-8923

# Set the multicast MAC address for Tags to 0134-ed66-8923 globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking fingerprint tag-multicast-address 0134-ed66-8923

rfid-tracking fingerprint vendor-port

Use rfid-tracking fingerprint vendor-port to specify a port to listen for messages from the RF fingerprinting server.

Use undo rfid-tracking fingerprint vendor-port to restore the default.

Syntax

rfid-tracking fingerprint vendor-port vendor-port-number

undo rfid-tracking fingerprint vendor-port

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, the port to listen is port 1144.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

vendor-port-number: Specifies a port number in the range of 1 to 65535.

Usage guidelines

Perform this task for an AP to communicate with the RF fingerprinting server.

Examples

# Configure AP ap1 to listen to port 3000 for messages from the RF fingerprinting server.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking fingerprint vendor-port 3000

# Configure APs in AP group 10 to listen to port 3000 for messages from the RF fingerprinting server.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking fingerprint vendor-port 3000

# Configure APs to listen to port 3000 for messages from the RF fingerprinting server globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking fingerprint vendor-port 3000

Related commands

rfid-tracking fingerprint enable

rfid-tracking ignore ap-frame enable

Use rfid-tracking ignore ap-frame enable to enable ignoring AP frames.

Use rfid-tracking ignore ap-frame disable to disable ignoring AP frames.

Use undo rfid-tracking ignore ap-frame to restore the default.

Syntax

rfid-tracking ignore ap-frame { disable | enable }

undo rfid-tracking ignore ap-frame

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, ignoring AP frames is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

Ignoring AP frames disables an AP from sending information in the received AP frames to the location server. AP frames are frames that an AP received from other APs. Configure this feature if you do not need to locate or monitor APs.

Examples

# Enable ignoring AP frames for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking ignore ap-frame enable

# Enable ignoring AP frames for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking ignore ap-frame enable

# Enable ignoring AP frames for APs globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking ignore ap-frame enable

rfid-tracking ignore beacon

Use rfid-tracking ignore beacon enable to configure an AP to not send beacon frames to the location server.

Use rfid-tracking ignore beacon disable to remove the configuration.

Use undo rfid-tracking ignore beacon to restore the default.

Syntax

rfid-tracking ignore beacon { disable | enable }

undo rfid-tracking ignore beacon

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, an AP sends beacon frames to the location server.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

The rfid-tracking ignore beacon enable command disables an AP from sending the received beacon frames to the location server to ensure performance of the location server.

Examples

# Configure AP ap1 to not send beacon frames to the location server.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking ignore beacon enable

# Configure APs in AP group 10 to not send beacon frames to the location server.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking ignore beacon enable

# Configure APs to not send beacon frames to the location server globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking ignore beacon enable

rfid-tracking keepalive

Use rfid-tracking keepalive enable to enable wireless location keepalive.

Use rfid-tracking keepalive disable to disable wireless location keepalive.

Use undo rfid-tracking keepalive to restore the default.

Syntax

rfid-tracking keepalive { disable | enable }

undo rfid-tracking keepalive

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, wireless location keepalive is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AP to send Hello packets to the location server at an interval of 15 seconds. If the location server does not receive any packets from an AP within 30 seconds, the location server determines that the AP is offline.

Disable this feature to avoid bandwidth waste if the location server cannot process Hello packets.

Examples

# Enable wireless location keepalive for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking keepalive enable

# Enable wireless location keepalive APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-ap-group10] rfid-tracking keepalive enable

# Enable wireless location keepalive globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking keepalive enable

rfid-tracking mode

Use rfid-tracking mode to specify the type of devices to locate.

Use undo rfid-tracking mode to delete the specified device type.

Syntax

rfid-tracking mode { mu | tag } *

undo rfid-tracking mode { mu | tag } *

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, the type of wireless devices to locate is not specified.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

mu: Specifies MUs.

tag: Specifies Tags.

Usage guidelines

An AP sends location packets from the specified devices to the location server when you execute the rfid-tracking mode command.

Examples

# Specify the type of wireless devices to locate as MU for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rfid-tracking mode mu

# Specify the type of wireless devices to locate as MU for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA536-WW

[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] rfid-tracking mode mu

rfid-tracking radio

Use rfid-tracking radio enable to enable radio-based location.

Use rfid-tracking radio disable to disable radio-based location.

Use undo rfid-tracking radio to restore the default.

Syntax

rfid-tracking radio { disable | enable }

undo rfid-tracking radio

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, radio-based location is disabled.

Views

Radio view

AP group view

Predefined user roles

network-admin

Examples

# Enable radio-based location for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rfid-tracking radio enable

# Enable radio-based location for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA536-WW

[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] rfid-tracking radio enable

rfid-tracking rate-limit

Use rfid-tracking rate-limit enable to enable rate limiting on outgoing location packets for an AP.

Use rfid-tracking rate-limit disable to disable rate limiting on outgoing location packets for an AP.

Use undo rfid-tracking rate-limit to restore the default.

Syntax

rfid-tracking rate-limit { disable | enable }

undo rfid-tracking rate-limit

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, rate limiting on outgoing location packets is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

This command enables an AP to discard excessive location packets when both the CIR and CBS are exceeded. This prevents location packets from flooding the location server.

Examples

# Enable rate limiting on outgoing location packets for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking rate-limit enable

# Enable rate limiting on outgoing location packets for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking rate-limit enable

# Enable rate limiting on outgoing location packets globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking rate-limit enable

Related commands

rfid-tracking rate-limit cir

rfid-tracking rate-limit cir

Use rfid-tracking rate-limit cir to set the rate limits for outgoing location packets.

Use undo rfid-tracking rate-limit cir to restore the default.

Syntax

rfid-tracking rate-limit cir cir [ cbs cbs ]

undo rfid-tracking rate-limit cir

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, both the CBS and CIR are 0.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

cir cir: Specifies the CIR for outgoing location packets, in the range of 8 to 1300000 kbps.

cbs cbs: Specifies the CBS for outgoing location packets, in the range of 500 to 130000000 bytes. The default CBS is the CIR × 700 bytes.

Usage guidelines

The CIR and CBS configuration take effect only when you enable rate limiting on outgoing location packets.

Examples

# Set the CIR and CBS to 800000 kbps and 50000 bytes, respectively for outgoing location packets for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking rate-limit cir 800000 cbs 50000

# Set the CIR and CBS to 800000 kbps and 50000 bytes, respectively for outgoing location packets for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking rate-limit cir 800000 cbs 50000

# Set the CIR to 800000 kbps and the CBS to 50000 bytes globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking rate-limit cir 800000 cbs 50000

Related commands

rfid-tracking rate-limit enable

rfid-tracking rssi

Use rfid-tracking rssi enable to enable RSSI-based packet filtering.

Use rfid-tracking rssi disable to disable RSSI-based packet filtering.

Use undo rfid-tracking rssi to restore the default.

Syntax

rfid-tracking rssi { disable | enable }

undo rfid-tracking rssi

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, RSSI-based packet filtering is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

After you enable RSSI filtering, an AP does not report location information in packets with an RSSI lower than the specified RSSI threshold.

Examples

# Enable RSSI-based packet filtering for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking rssi enable

# Enable RSSI-based packet filtering for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking rssi enable

# Enable RSSI-based packet filtering globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking rssi enable

Related commands

rfid-tracking rssi threshold

rfid-tracking rssi threshold

Use rfid-tracking rssi threshold to set the RSSI threshold for packet filtering.

Use undo rfid-tracking rssi threshold to restore the default.

Syntax

rfid-tracking rssi threshold rssi-threshold

undo rfid-tracking rssi threshold

Default

In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.

In AP group view, the configuration in global configuration view is used.

In global configuration view, the RSSI threshold for packet filtering is 5 (–123 dBm).

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

threshold rssi-threshold: Specifies the RSSI threshold for packet filtering, in the range of 5 to 100 (–123 dBm to –28 dBm). The AP does not report location information in packets with an RSSI lower than the specified RSSI threshold.

Usage guidelines

This command takes effect only when RSSI-based packet filtering is enabled.

Examples

# Set the RSSI threshold for packet filtering to 50 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] rfid-tracking rssi threshold 50

# Set the RSSI threshold for packet filtering to 50 for APs in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] rfid-tracking rssi threshold 50

# Set the RSSI threshold for packet filtering to 50 globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] rfid-tracking rssi threshold 50

Related commands

rfid-tracking rssi enable

snmp-agent trap enable wlan location-aware

Use snmp-agent trap enable wlan location-aware to enable SNMP notifications for wireless location.

Use undo snmp-agent trap enable wlan location-aware to disable SNMP notifications for wireless location.

Syntax

snmp-agent trap enable wlan location-aware

undo snmp-agent trap enable wlan location-aware

Default

SNMP notifications for wireless location is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical wireless location events to an NMS, enable SNMP notifications for wireless location. For wireless location notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Set the RSSI threshold for wireless location.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan location-aware


Hotspot 2.0 commands

3gpp-info

Use 3gpp-info to configure 3GPP information.

Use undo 3gpp-info to remove 3GPP information.

Syntax

3gpp-info country-code mobile-country-code network-code mobile-network-code

undo 3gpp-info country-code mobile-country-code network-code mobile-network-code

Default

No 3GPP information is configured.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

mobile-country-code: Specifies a mobile country code (MCC). An MCC is a three-digit numeric code that uniquely identifies the country to which clients belong.

mobile-network-cod: Specifies a mobile network code (MNC). A mobile network code is a two-digit or three-digit numeric code that uniquely identifies the mobile network to which clients belong.

Usage guidelines

You can specify a maximum of 32 country code and mobile network code combinations in a Hotspot 2.0 policy.

One country code can be combined with multiple mobile network codes.

Examples

# Configure 3GPP information: set the country code to 310 and network code to 01.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] 3gpp-info country-code 310 network-code 01

authentication-type

Use authentication-type to specify a network authentication type.

Use undo authentication-type to delete a network authentication type.

Syntax

authentication-type { 0 [ redirect-url url ] | 1 | 2 redirect-url url | 3 }

undo authentication-type { 0 | 1 | 2 | 3 }

Default

No network authentication type is specified.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

0: Specifies acceptance of terms and conditions.

1: Specifies on-line enrollment.

2: Specifies HTTP/HTTPS redirection.

3: Specifies DNS redirection.

redirect-url url: Specifies a redirected URL address.

Usage guidelines

You can specify a maximum of four network authentication types in a Hotspot 2.0 policy.

Examples

# Specify a network authentication type.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] authentication-type 1

comeback-delay

Use comeback-delay to set the comeback delay for clients to send GAS comeback requests.

Use undo comeback-delay to restore the default.

Syntax

comeback-delay value

undo comeback-delay

Default

The comeback delay is 1 TU.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

value: Specifies the comeback delay in the range of 1 to 1024 TUs. One TU is equal to 1024 μs.

Usage guidelines

This command can prevent clients from sending too many GAS comeback requests.

Examples

# Set the comeback delay to 10 TUs.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] comeback-delay 10d

description

Use description to configure a description for an OSU server.

Use undo description to delete an OSU server description.

Syntax

description description lang-code lang-code

undo description description lang-code lang-code

Default

No description is configured for an OSU server.

Views

OSU server view

Predefined user roles

network-admin

Parameters

description: Specifies a description, a case-sensitive string of 1 to 252 characters.

lang-code: Specifies a language code. The device supports the general international standards.

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

You can configure a maximum of 32 descriptions for an OSU server. A client displays one description that is in the same language as the client system.

Examples

# Configure a description for OSU server 1.

<Sysname> system-view

[Sysname] wlan osu-provider 1

[Sysname-wlan-osu-1] description "Free service for test purpose" lang-code eng

dgaf enable

Use dgaf enable to enable Downstream Group-Addressed Forwarding (DGAF).

Use undo dgaf enable to disable DGAF.

Syntax

dgaf enable

undo dgaf enable

Default

DGAF is enabled.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Usage guidelines

Before disabling DGAF, make sure all service templates bound to the Hotspot 2.0 policy are disabled.

DGAF enables an AP to forward all downstream wireless broadcast ARP packets and wireless multicast packets. To prevent spoofing attacks by using downstream multicasts, you can disable DGAF for the AP.

To avoid packet loss, enable proxy ARP and multicast optimization before disabling DGAF. For more information about proxy ARP, see Layer 3—IP Services Configuration Guide.

Examples

# Disable DGAF.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] undo dgaf enable

display wlan hotspot uploaded-osu-icon

Use display wlan hotspot uploaded-osu-icon to display the list of uploaded OSU server icons.

Syntax

display wlan hotspot uploaded-osu-icon

Views

Any view

Predefined user roles

network-admin

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

Examples

# Display the list of uploaded OSU server icons.

<Sysname> display wlan hotspot uploaded-osu-icon

Total uploaded osu icon count: 1

Icon name                                 Icon type

---------------------------------------------------------

college.png                                  png

Related commands

icon-file

wlan hotspot osu-icon upload

domain-name

Use domain-name to set an ISP domain name.

Use undo domain-name to delete an ISP domain name.

Syntax

domain-name domain-name

undo domain-name domain-name

Default

No domain name is set.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a domain by its name, a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can configure a maximum of 32 domain names in one Hotspot 2.0 policy.

Examples

# Set the domain name to college in Hotspot 2.0 policy 1.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] domain-name college

gas-limit

Use gas-limit to set the maximum number of GAS initial requests that the AC can receive within the specified interval.

Use undo gas-limit to restore the default.

Syntax

gas-limit number number interval interval

undo gas-limit

Default

The number of GAS initial requests that the AC can receive is not limited.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

number number: Specifies the maximum number of GAS initial requests that the AC can receive, in the range of 10 to 60.

interval interval: Specifies the interval at which the AC receive GAS initial requests, in the range of 10 to 60 seconds.

Usage guidelines

This feature enables you to limit the number of GAS initial requests that the AC can receive within the specified interval to release the burden of the AC.

If the number of GAS initial requests received by the AC exceeds the limit, the exceeded frames will be discarded.

Examples

# Set the maximum number of GAS initial requests that the AC can receive within 15 seconds to 50.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] gas-limit number 50 interval 15

hessid

Use hessid to set a homogenous ESS identifier (HESSID).

Use undo hessid to restore the default.

Syntax

hessid hessid

undo hessid

Default

No HESSID is set.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

hessid: Specifies an HESSID that uniquely identifies a homogeneous ESS, in the H-H-H format. The value cannot be all zeros.

Usage guidelines

Make sure all service templates bound to the Hotspot 2.0 policy are disabled before you set an HESSID.

Examples

# Set the HESSID to 0021-1bea-3660 in Hotspot 2.0 policy 1.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] hessid 0021-1bea-3660

hotspot-policy

Use hotspot-policy to bind a Hotspot 2.0 policy to a service template.

Use undo hotspot-policy to restore the default.

Syntax

hotspot-policy policy-number

undo hotspot-policy

Default

No Hotspot 2.0 policy is bound to a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

policy-number: Specifies the number of a Hotspot 2.0 policy, in the range of 1 to 32.

Usage guidelines

Before you bind a Hotspot 2.0 policy to a service template, perform the following tasks:

·          Make sure the Hotspot 2.0 policy exists and the service template is disabled.

·          Make sure the following settings are configured for the service template:

?  802.1X authentication and key management mode.

?  RSN IE.

?  AES-CCMP cipher suite.

Examples

# Bind Hotspot 2.0 policy 1 to service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] hotspot-policy 1

icon-file

Use icon-file to specify an icon for an OSU server.

Use undo icon-file to delete the specified icon for an OSU server.

Syntax

icon-file filename lang-code lang-code icon-type icon-type

undo icon-file filename

Default

No icon is specified for an OSU server.

Views

OSU server view

Predefined user roles

network-admin

Parameters

filename: Specifies an icon file by its name, a case-sensitive string of 1 to 63 characters.

lang-code lang-code: Specifies a language code. The device supports the general international standards.

icon-type icon-type: Specifies the type of the icon file, a case-sensitive string of 1 to 15 characters.

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

The device loads the specified icon when the command is executed. You can specify a maximum of six icons for an OSU server. A client displays an icon that is in the same language as the client system.

When you specify an icon for an OSU server, follow these restrictions and guidelines:

·          Create a directory named icon in the root directory where the version files are saved, and use FTP or TFTP to download icon files to the folder before executing the command.

·          If the specified icon file does not exist in the icon directory, the command cannot load the icon file. To load the icon file, save the icon file in the icon directory, and then execute the wlan hotspot osu-icon upload command.

·          The file size cannot exceed 64 KB.

·          Make sure the file type specified in the command is the same as the actual file type.

·          If  an OSU server is already bound to a Hotspot 2.0 policy, you cannot delete the most recently specified OSU server icon.

Examples

# Specify an icon for OSU server 1.

<Sysname> system-view

[Sysname] wlan osu-provider 1

[Sysname-wlan-osu-1] icon-file wifi_icon lang-code eng icon-type png

ip-protocol

Use ip-protocol to set the port status for an IP protocol.

Use undo ip-protocol to remove the configuration.

Syntax

ip-protocol { esp | icmp | tcp | udp } port-number port-number { closed | open | unknown }

undo ip-protocol { esp | icmp | tcp | udp } port-number port-number

Default

The port status is not configured for an IP protocol.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

esp: Specifies the ESP protocol.

icmp: Specifies the ICMP protocol.

tcp: Specifies the TCP protocol.

udp: Specifies the UDP protocol.

port-number: Specifies a port by its number.

Table 53 Port number and protocol type

Protocol type

Port number

Description

ICMP

0

ICMP, used for diagnostics

TCP

20

FTP

TCP

22

SSH

TCP

80

HTTP

TCP

443

Used by TLS VPNs

TCP

1723

Used by Point to Point

Tunneling Protocol VPNs

TCP

5060

VoIP

UDP

500

Used by IKEv2 (IPSec VPN)

UDP

5060

VoIP

UDP

4500

May be used by IKEv2 (IPSec VPN)

ESP

0

ESP, used by IPSec VPNs

 

closed: Specifies the port status as closed.

open: Specifies the port status as open.

unknown: Specifies the port status as unknown.

Examples

# Set the port number to 20 and the port status to open for TCP.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] ip-protocol tcp port-number 20 open

ip-type

Use ip-type to configure IP address availability.

Use undo ip-type to restore the default.

Syntax

ip-type ipv4 ipv4-type ipv6 ipv6-type

undo ip-type

Default

The availability is 1 for IPv4 addresses and 2 for IPv6 addresses.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

ipv4-type: Specifies the availability for an IPv4 address, in the range of 0 to 7.

Table 54 IPv4 address availability

Address value

Description

0

Address type not available

1

Public IPv4 address available

2

Port-restricted IPv4 address available

3

Single NATed private IPv4 address available

4

Double NATed private IPv4 address available

5

Port-restricted IPv4 address and single NATed IPv4 address available

6

Port-restricted IPv4 address and double NATed IPv4 address available

7

Availability of the address type is not known

 

ipv6-type: Specifies the availability for an IPv6 address, in the range of 0 to 2.

Table 55 IPv6 address availability

Address value

Description

0

Address type not available

1

Address type available

2

Availability of the address type not known

 

Examples

# Set the availability to 2 for IPv4 addresses and 1 for IPv6 addresses.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] ip-type ipv4 2 ipv6 1

method

Use method to specify a protocol for clients to communicate with the OSU server.

Use undo method to delete the specified protocol for clients to communicate with the OSU server.

Syntax

method method-id

undo method method-id

Default

No protocol is specified for clients to communicate with an OSU server.

Views

OSU server view

Predefined user roles

network-admin

Parameters

method-id: Specifies the protocol ID:

·          0—Specifies OMA-DM.

·          1—Specifies SOAP-XML SPP.

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

You can specify both protocols. Clients will choose one protocol to communicate with the OSU server.

If an OSU server is already bound to a Hotspot 2.0 policy, you cannot delete the most recent specified protocol for clients to communicate with the OSU server.

Examples

# Specify a protocol for clients to communicate with the OSU server.

<Sysname> system-view

[Sysname] wlan osu-provider 1

[Sysname-wlan-osu-1] method 0

nai

Use nai to configure a Network Access Identifier (NAI) for an OSU server.

Use undo nai to delete the configured NAI for an OSU server.

Syntax

nai nai

undo nai

Default

No NAI is configured for an OSU server.

Views

OSU server view

Predefined user roles

network-admin

Parameters

nai: Specifies an NAI, a case-sensitive string of 1 to 252 characters.

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

If an NAI is configured for an OSU server, clients connect to the OSU AP through OSEN OSU. If no NAI is configured for an OSU server, clients connects to the OSU AP through Open OSU.

Examples

# Configure an NAI for OSU server 1.

<Sysname> system-view

[Sysname] wlan osu-provider 1

[Sysname-wlan-osu-1] nai joe@example.com

nai-realm

Use nai-realm to create a Network Access Identifier (NAI) realm and specify an authentication type for the NAI realm.

Use undo nai-realm to delete an NAI realm.

Syntax

nai-realm realm-name eap-method eap-method-id auth-method auth-method-id authentication authentication

undo nai-realm realm-name [ eap-method eap-method [ auth-method auth-method [ authentication authentication ] ] ]

Default

No NAI realm is created.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

name: Specifies an NAI realm by its name, a case-sensitive string of 1 to 255 characters.

eap-method eap-method-id: Specifies an EAP authentication method by its ID.

Table 56 EAP authentication method

eap-method-id

Description

1

EAP-Transport Layer Security (EAP-TLS)

2

Lightweight Extensible Authentication Protocol (LEAP)

3

EAP for GSM Subscriber Identity Module (EAP-SIM)

4

EAP-Tunneled Transport Layer Security (EAP-TTLS)

5

EAP-Authentication and Key Agreement(EAP-AKA)

6

Protected EAP (PEAP)

 

auth-method auth-method-id: Specifies an authentication method by its ID.

authentication authentication: Specifies an authentication parameter by its ID.

Table 57 Authentication method and authentication parameter

auth-method-id

auth-method-type

authentication

2

Non-EAP Inner Authentication Type

·         1PAP.

·         2CHAP.

·         3MSCHAP.

·         4MSCHAPV2.

5

Credential Type

·         1—SIM.

·         2—USIM.

·         3—NFC Secure Element.

·         4—Hardware Token.

·         5—Softoken.

·         6—Certificate.

·         7—username/password.

·         8—none*.

6

Tunneled EAP Method Credential Type

·         1SIM.

·         2USIM.

·         3NFC Secure Element.

·         4Hardware Token.

·         5Softoken.

·         6Certificate.

·         7username/password.

·         8Reserved.

·         9Anonymous.

 

Usage guidelines

When you use the undo nai-realm command, follow these guidelines:

·          The undo nai-realm realm-name command deletes all NAI realms that use the same name.

·          The undo nai-realm realm-name eap-method eap-method-id command to delete all NAI realms that use the same name and EAP authentication method.

·          The undo nai-realm realm-name eap-method eap-method-id auth-method auth-method-id command deletes all NAI realms that use the same name, EAP authentication method, and authentication method.

·          The undo nai-realm realm-name eap-method eap-method-id auth-method auth-method-id authentication authentication command deletes all NAI realms that use the same name, EAP authentication method, authentication method, and authentication parameter.

You can configure a maximum of 32 NAI realm names in a Hotspot 2.0 policy.

Examples

# Specify the authentication type for the NAI realm wifi in Hotspot 2.0 policy 1.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] nai-realm wifi eap-method 2 auth-method 5 authentication 1

network-type

Use network-type to set the access network type.

Use undo network-type to restore the default.

Syntax

network-type network-type [ access-internet ]

undo network-type

Default

The access network type is not set.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

network-type: Specifies a network type in the range of 0 to 5, 14, and 15.

Table 58 Access network type

Value

Description

0

Private network

1

Private network with guest access

2

Chargeable public network

3

Free public network

4

Personal device network

5

Emergency services only network

14

Test or experimental

15

Wildcard

 

access-internet: Enables access to the Internet. If you do not specify this keyword, the Internet cannot be accessed.

Usage guidelines

Make sure all service templates bound to the Hotspot 2.0 policy are disabled before you set the access network type.

Examples

# Set the access network type to 1 and enable access to the Internet.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] network-type 1 access-internet

operator-name

Use operator-name to set service provider information.

Use undo operator-name to remove the configuration.

Syntax

operator-name operator-name lang-code lang-code

undo operator-name operator-name lang-code lang-code

Default

No service provider name is set.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

operator-name: Specifies a service provider by its name, a case-sensitive string of 1 to 252 characters.

lang-code: Specifies a language code. The device supports both the ISO-639-1 and ISO-639-2 standards.

Usage guidelines

You can configure a maximum of 32 service provider and language code combinations in a Hotspot 2.0 policy.

Examples

# Set the language code to en for the service provider cmcc.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] operator-name cmcc lang-code en

osu-provider

Use osu-provider to bind an OSU server to a Hotspot 2.0 policy.

Use undo osu-provider to unbind an OSU server from a Hotspot 2.0 policy.

Syntax

osu-provider osu-provider-number

undo osu-provider osu-provider-number

Default

No OSU server is bound to a Hotspot 2.0 policy.

Views

Hotspot policy view

Predefined user roles

network-admin

Parameters

osu-provider-number: Specifies an OSU server by its number, in the range of 1 to 32. The specified OSU server must exist.

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

You can bind a maximum of 32 OSU servers to a Hotspot 2.0 policy.

Before binding an OSU server to a Hotspot 2.0 policy, make sure you have finished the following configuration:

·          Set a name for the OSU server.

·          Specify a URI for the OSU server.

·          Specify a protocol for clients to communicate with the OSU server.

·          Specify an icon for the OSU server.

Examples

# Bind OSU server 1 to Hotspot 2.0 policy 1.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] osu-provider 1

Related commands

friendly-name

icon-file

method

uri

wlan osu-provider

osu-ssid

Use osu-ssid to set an SSID for online signup services.

Use undo osu-ssid to delete the configured SSID for online signup services.

Syntax

osu-ssid ssid-name

undo osu-ssid

Default

No SSID is set for online signup services.

Views

Hotspot policy view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

Make sure the configured SSID for online signup services is the same as the SSID for the online signup service template.

Examples

# Set the SSID for online signup services to osu.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] osu-ssid osu

policy-name

Use policy-name to set a name for a Hotspot 2.0 policy.

Use undo policy-name to restore the default.

Syntax

policy-name name

undo policy-name

Default

A Hotspot 2.0 policy does not have a name.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

name: Specifies a Hotspot 2.0 policy by its name, a case-insensitive string of 1 to 32 characters.

Examples

# Set the name of Hotspot 2.0 policy 1 to market.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] policy-name market

roam-oi

Use roam-oi to set an organization identifier (OI).

Use undo roam-oi to delete an OI.

Syntax

roam-oi oi [ in-beacon ]

undo roam-oi oi

Default

No OI is set.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

oi: Specifies an OI that can uniquely identify a roaming consortium, a six-digit or ten-digit hexadecimal code.

in-beacon: Adds an OI to beacons. As a best practice, specify this keyword for clients to get OIs.

Usage guidelines

Make sure all service templates bound to the Hotspot 2.0 policy are disabled before you set an OI.

You can configure a maximum of 32 OIs in a Hotspot 2.0 policy, and can add a maximum of three OIs to beacons.

Examples

# Set the OI to 004096 and add the OI to beacons.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] roam-oi 004096 in-beacon

uri

Use uri to specify the URI of an OSU server.

Use undo uri to delete the configured URI of an OSU server.

Syntax

uri uri

undo uri

Default

No URI is specified for an OSU server.

Views

OSU server view

Predefined user roles

network-admin

Parameters

uri: Specifies the URI of an OSU server, a case-sensitive string of 1 to 255 characters.

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

Clients use the configured URI to visit the OSU server and perform online signup.

If an OSU server is already bound to a Hotspot 2.0 policy, you cannot delete the configured URI of the server.

Examples

# Specify the URI of OSU server 1.

<Sysname> system-view

[Sysname] wlan osu-provider 1

[Sysname-wlan-osu-1] uri https://osu-server.r2-testbed.wi-fi.org/

venue group

Use venue group to set venue group information for an AP.

Use undo venue group to restore the default.

Syntax

venue group venue-group-number type venue-type-number

undo venue group

Default

No venue group information is set for an AP.

Views

AP view

Predefined user roles

network-admin

Parameters

venue-group-number: Specifies a venue group by its number, in the range of 1 to 11.

Table 59 Venue group number and description

Number

Description

1

Assembly

2

Business

3

Educational

4

Factory

5

Institutional

6

Mercantile

7

Residential

8

Storage

9

Utility

10

Vehicular

11

Outdoor

 

venue-type-number: Specifies a venue type by its number. The value depends on the venue group number. For more information, see Table 60.

Table 60 Venue type number and description

Venue group number

Venue type number

Venue description

1

0

Unspecified

1

1

Arena

1

2

Stadium

1

3

Passenger Terminal

1

4

Amphitheater

1

5

Amusement Park

1

6

Place of Worship

1

7

Convention Center

1

8

Library

1

9

Museum

1

10

Restaurant

1

11

Theater

1

12

Bar

1

13

Coffee Shop

1

14

Zoo or Aquarium

1

15

Emergency Coordination Center

2

0

Unspecified

2

1

Doctor or Dentist office

2

2

Bank

2

3

Fire Station

2

4

Police Station

2

6

Post Office

2

7

Professional Office

2

8

Research and Development Facility

2

9

Attorney Office

3

0

Unspecified

3

1

School Primary

3

2

School Secondary

3

3

University or College

4

0

Unspecified

4

1

Factory

5

0

Unspecified

5

1

Hospital

5

2

Long-Term Care Facility

5

3

Alcohol and Drug Rehabilitation Center

5

4

Group Home

5

5

Prison or Jail

6

0

Unspecified

6

1

Retail Store

6

2

Grocery Market

6

3

Automotive Service Station

6

4

Shopping Mall

6

5

Gas Station

7

0

Unspecified

7

1

Private Residence

7

2

Hotel or Motel

7

3

Dormitory

7

4

Boarding House

8

0

Unspecified

9

0

Unspecified

10

0

Unspecified

10

1

Automobile or Truck

10

2

Airplane

10

3

Bus

10

4

Ferry

10

5

Ship or Boat

10

6

Train

10

7

Motor Bike

11

0

Unspecified

11

1

Muni-mesh Network

11

2

City Park

11

3

Rest Area

11

4

Traffic Control

11

5

Bus Stop

11

6

Kiosk

 

Examples

# Specify venue group 1 and venue type 2 for AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA536-WW

[Sysname-wlan-ap-ap3] venue group 1 type 2

venue name

Use venue name to set a venue name for an AP.

Use undo venue name to remove the configuration.

Syntax

venue name venue-name lang-code lang-code

undo venue name venue-name lang-code lang-code

Default

No venue name is set for an AP.

Views

AP view

Predefined user roles

network-admin

Parameters

venue-name: Specifies a venue by its name, a case-sensitive string of 1 to 252 characters.

lang-code: Specifies the language code for a venue. The device supports both the ISO-639-1 and ISO-639-2 standards.

Usage guidelines

One venue can have multiple language codes.

You can configure a maximum of 32 venue name and language code combinations for an AP.

Examples

# Set the venue name to office and language codes to en for the AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA536-WW

[Sysname-wlan-ap-ap3] venue name office lang-code en

wan-metrics

Use wan-metrics to set WAN link status parameters.

Use undo wan-metrics to restore the default.

Syntax

wan-metrics { link-down | link-test | link-up } [ asymmetric downlink-speed downlink-speed uplink-speed uplink-speed | symmetric link-speed link-speed ]

undo wan-metrics

Default

No WAN link status parameters are set.

Views

Hotspot 2.0 policy view

Predefined user roles

network-admin

Parameters

link-down: Sets the link status for the WAN to down.

link-test: Sets the link status for the WAN to testing.

link-up: Sets the link status for the WAN to up.

asymmetric: Specifies the asymmetric link.

downlink-speed downlink-speed: Specifies the downlink speed in the range of 1 to 4194304 Kbps.

uplink-speed uplink-speed: Specifies the uplink speed in the range of 1 to 4194304 Kbps.

symmetric: Specifies the symmetric link.

link-speed link-speed: Specifies the symmetric link speed in the range of 1 to 4194304 Kbps.

Examples

# Set the link status to up and the symmetric link rate to 67 Kbps for the WAN.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1] wan-metrics link-up symmetric link-speed 67

wlan hotspot-policy

Use wlan hotspot-policy to create a Hotspot 2.0 policy and enter its view, or enter the view of an existing Hotspot 2.0 policy.

Use undo wlan hotspot-policy to delete a Hotspot 2.0 policy.

Syntax

wlan hotspot-policy policy-number

undo wlan hotspot-policy policy-number

Default

No Hotspot 2.0 policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-number: Specifies the number of a Hotspot 2.0 policy, in the range of 1 to 32.

Usage guidelines

You cannot delete a Hotspot 2.0 policy that has been bound to a service template.

Examples

# Create Hotspot 2.0 policy 1 and enter its view.

<Sysname> system-view

[Sysname] wlan hotspot-policy 1

[Sysname-wlan-hs-1]

wlan hotspot osu-icon unload

Use wlan hotspot osu-icon unload to unload all OSU server icon files.

Syntax

wlan hotspot osu-icon unload

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

This command only unloads OSU server icon files, and does not delete icon files.

Examples

# Unload all OSU server icon files.

<Sysname> system-view

[Sysname] wlan hotspot osu-icon unload

Related commands

icon-file

wlan hotspot osu-icon upload

wlan hotspot osu-icon upload

Use wlan hotspot osu-icon upload to load all the specified OSU server icon files.

Syntax

wlan hotspot osu-icon upload

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

Use this command to load all icon files specified for an OSU server to validate the changes when icon file changes occur.

Examples

# Load all the specified OSU server icon files.

<Sysname> system-view

[Sysname] wlan hotspot osu-icon upload

Related commands

icon-file

wlan hotspot osu-icon unload

wlan osu-provider

Use wlan osu-provider to create an OSU server and enter its view, or enter the view of an existing OSU server.

Use undo wlan osu-provider to delete the specified OSU server.

Syntax

wlan osu-provider osu-provider-number

undo wlan osu-provider osu-provider-number

Default

No OSU server exists.

Views

System view

Predefined user roles

network-admin

Parameters

osu-provider-number: Specifies an OSU server by its number, in the range of 1 to 32.

Usage guidelines

This command is available only for version 2 of Hotspot 2.0.

You cannot delete an OSU server that has been bound to a Hotspot 2.0 policy.

Examples

# Create OSU server 1 and enter its view.

<Sysname> system-view

[Sysname] wlan osu-provider 1

[Sysname-wlan-osu-1]

 


WLAN RRM commands

adjacency-factor

Use adjacency-factor to set the adjacency factor.

Use undo adjacency-factor to restore the default.

Syntax

adjacency-factor neighbor

undo adjacency-factor

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the adjacency factor is 3.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

neighbor: Specifies the adjacency factor in the range of 1 to 16.

Usage guidelines

The adjacency factor defines the quantity of manageable detected radios that trigger TPC and the ranking of the RSSI used for comparison with the power adjustment threshold. An AC can manage only radios associated with it.

For example, if the adjacency factor is 3, the AC performs TPC for a radio when the radio detects 3 other manageable radios. After ranking the radio's RSSIs detected by other manageable radios in descending order, the AC selects the third largest RSSI to compare with the power adjustment threshold.

Examples

# Set the adjacency factor to 7 for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] adjacency-factor 7

# Set the adjacency factor to 7 for radio 1 of APs with model in WA536-WW AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] adjacency-factor 7

ap name

Use ap name to add a radio to an RRM holddown group.

Use undo ap name to remove one or all radios from an RRM holddown group.

Syntax

ap name ap-name radio radio-id

undo ap { name ap-name [ radio radio-id ] | all }

Default

No radio exists in an RRM holddown group.

Views

RRM holddown group view

Predefined user roles

network-admin

Parameters

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can contain letters, digits, underlines (_), dots (.), left brackets ([), right brackets (]), slashes (/), and hyphens (-). The specified AP must already exist.

radio-id: Specifies a radio by its ID. The value of this argument can be 1 or 2. A radio can belong to only one RRM holddown group. Adding a radio to a new RRM holddown group removes the radio from the old RRM holddown group.

all: Specifies all radios.

Examples

# Add radio 2 of the AP ap1 to RRM holddown group 10.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10] ap name ap1 radio 2

calibrate-channel mode

Use calibrate-channel mode to set the auto-DFS mode.

Use undo calibrate-channel mode to restore the default.

Syntax

calibrate-channel mode { periodic | scheduled }

undo calibrate-channel mode

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the auto-DFS mode is periodic.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

periodic: Specifies periodic auto-DFS.

scheduled: Specifies scheduled auto-DFS.

Usage guidelines

In periodic auto-DFS mode, the AC automatically performs DFS for a radio at the channel calibration interval.

In scheduled auto-DFS mode, the AC performs DFS at the specified time in a time range. Use this mode when interference is severe to avoid affecting ongoing wireless services.

Examples

# Set the auto-DFS mode to scheduled for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel mode scheduled

# Set the auto-DFS mode to scheduled for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-channel self-decisive enable

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-channel mode scheduled

Related commands

calibrate-channel monitoring time-range

calibrate-channel pronto

wlan rrm calibration-channel interval

calibrate-channel monitoring time-range

Use calibrate-channel monitoring time-range to specify a time range for channel monitoring.

Use undo calibrate-channel monitoring time-range to delete the specified time range for channel monitoring.

Syntax

calibrate-channel monitoring time-range time-range-name

undo calibrate-channel monitoring time-range

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, no time range is specified for channel monitoring.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

time-range-name: Specifies the name of a time range, a case-insensitive string of 1 to 32 characters. The string must start with a letter and cannot be all.

Usage guidelines

In scheduled auto-DFS, the AC collects statistics in the specified time range to generate channel reports and neighbor reports.

Examples

# Specify a time range for channel monitoring for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel monitoring time-range time1

# Specify a time range for channel monitoring for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-channel monitoring time-range time1

Related commands

time-range

calibrate-channel pronto

Use calibrate-channel pronto to execute scheduled auto-DFS.

Syntax

calibrate-channel pronto

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Examples

# Create a job and assign commands to the job for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] scheduler job calibration1

[Sysname-job-calibration1] command 1 system-view

[Sysname-job-calibration1] command 2 wlan ap ap1

[Sysname-job-calibration1] command 3 radio 1

[Sysname-job-calibration1] command 4 rrm

[Sysname-job-calibration1] command 5 calibrate-channel pronto

# Create a job and assign commands to the job for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] scheduler job calibration2

[Sysname-job-calibration2] command 1 system-view

[Sysname-job-calibration2] command 2 wlan ap-group g1

[Sysname-job-calibration2] command 3 ap-model WA536-WW

[Sysname-job-calibration2] command 4 radio 1

[Sysname-job-calibration2] command 5 rrm

[Sysname-job-calibration2] command 6 calibrate-channel pronto

calibrate-channel self-decisive

Use calibrate-channel self-decisive enable to enable auto-DFS.

Use calibrate-channel self-decisive disable to disable auto-DFS.

Use undo calibrate-channel self-decisive to restore the default.

Syntax

calibrate-channel self-decisive { disable | enable }

undo calibrate-channel self-decisive

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, auto-DFS is disabled.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Examples

# Enable auto-DFS for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable

# Enable auto-DFS for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-channel self-decisive enable

Related commands

calibrate-channel mode

calibrate-power min

Use calibrate-power min to set the minimum transmit power for a radio after TPC is performed.

Use undo calibrate-power min to restore the default.

Syntax

calibrate-power min tx-power

undo calibrate-power min

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the minimum transmit power of a radio is 1 dBm after TPC is performed.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

tx-power: Specifies the minimum transmit power for a radio, in the range of 1 to 20 dBm.

Usage guidelines

This command ensures that the transmit power of a radio can still meet network requirements after TPC is performed.

Examples

# Set the minimum transmit power to 10 dBm for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power min 10

# Set the minimum transmit power to 10 dBm for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-power min 10

calibrate-power mode

Use calibrate-power mode to set the TPC mode.

Use undo calibrate-power mode to restore the default.

Syntax

calibrate-power mode { coverage | custom | density }

undo calibrate-power mode

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the TPC mode is custom.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

coverage: Specifies the coverage mode.

custom: Specifies the custom mode.

density: Specifies the density mode.

Usage guidelines

To avoid interference among APs, use the density mode. To increase signal coverage performance, use the coverage mode. If these two modes cannot meet your network requirements, use the custom mode to customize power adjustment settings.

In either density or coverage mode, power adjustment settings are defined by the system and cannot be changed.

Examples

# Set the TPC mode to coverage for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power mode coverage

# Set the TPC mode to density for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-power mode density

calibrate-power self-decisive

Use calibrate-power self-decisive enable to enable periodic auto-TPC for the AC to perform TPC at the power calibration interval.

Use calibrate-power self-decisive disable to disable periodic auto-TPC.

Use undo calibrate-power self-decisive to restore the default.

Syntax

calibrate-power self-decisive { disable | enable }

undo calibrate-power self-decisive

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, periodic auto-TPC is disabled.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Examples

# Enable periodic auto-TPC for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power self-decisive enable

# Enable periodic auto-TPC for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-power self-decisive enable

Related commands

wlan rrm calibration-power interval

calibrate-power threshold

Use calibrate-power threshold to set the power adjustment threshold.

Use undo calibrate-power threshold to restore the default.

Syntax

calibrate-power threshold value

undo calibrate-power threshold

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the power adjustment threshold is 65.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

value: Specifies the power adjustment threshold in the range of 50 to 90. The value range indicates that the power of the radio is in the range of –90 dBm to –50 dBm.

Usage guidelines

As a best practice to avoid interference among radios, set the power adjustment threshold to –80 dBm for high-density WLANs.

Examples

# Set the power adjustment threshold to 70 for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power threshold 70

# Set the power adjustment threshold to 70 for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-power threshold 70

channel holddown-time

Use channel holddown-time to set the channel holddown time.

Use undo channel holddown-time to restore the default.

Syntax

channel holddown-time minutes

undo channel holddown-time

Default

The channel holddown time is 720 minutes.

Views

RRM holddown group view

Predefined user roles

network-admin

Parameters

minutes: Specifies the channel holddown time in the range of 10 to 1440 minutes.

Usage guidelines

Each time the channel of a radio in the RRM holddown group changes, the system starts the channel holddown timer for the radio. The channel for every radio in the RRM holddown group remains unchanged during the specified channel holddown time.

Examples

# Set the channel holddown time to 600 minutes for RRM holddown group 10.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10] channel holddown-time 600

channel-capability mode

Use channel-capability mode to set the client channel capability match mode.

Use undo channel-capability mode to restore the default.

Syntax

channel-capability mode { all | none | partial }

undo channel-capability mode

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, client channel capabilities are not checked.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

all: Specifies the all mode. A client is allowed to associate with a radio only when all its supported channels match the radio's supported channels.

none: Specifies the none mode. Client channel capabilities are not checked.

partial: Specifies the partial mode. A client is allowed to associate with a radio as long as one of its supported channels matches any one of the radio's supported channels.

Usage guidelines

This command is available only on 5 GHz radios.

This command takes effect on a radio only when the radio operates in 5 GHz mode and is enabled with spectrum management.

Examples

# Set the client channel capability match mode to all for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

[Sysname-wlan-ap-ap1-radio-1] channel-capability mode all

# Set the client channel capability match mode to all for radio 1 of APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel-capability mode all

Related commands

spectrum-management

channel-switch mode

Use channel-switch mode to set the channel switch mode.

Use undo channel-switch mode to restore the default.

Syntax

channel-switch mode { continuous | suspend }

undo channel-switch mode

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, all online clients stop sending frames during channel switch.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

continuous: Configures the online clients to continue sending frames during channel switch.

suspend: Configures the online clients to stop sending frames during channel switch until channel switch is complete.

Examples

# Set the channel switch mode to continuous for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

[Sysname-wlan-ap-ap1-radio-1] channel-switch mode continuous

# Set the channel switch mode to continuous for radio 1 of APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel-switch mode continuous

Related commands

spectrum-management

crc-error-threshold

Use crc-error-threshold to set the CRC error threshold.

Use undo crc-error-threshold to restore the default.

Syntax

crc-error-threshold percent

undo crc-error-threshold

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the CRC error threshold is 20%.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

percent: Specifies the CRC error threshold in the range of 1% to 100%.

Usage guidelines

When the AC detects that the proportion of CRC-error packets in all 802.11 packets reaches the CRC error threshold on a radio, it performs DFS for the radio.

Examples

# Set the CRC error threshold to 50% for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] crc-error-threshold 50

# Set the CRC error threshold to 50% for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] crc-error-threshold 50

description

Use description to set a description for an RRM holddown group.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is set for an RRM holddown group.

Views

RRM holddown group view

Predefined user roles

network-admin

Parameters

text: Specifies the RRM holddown group description, a case-sensitive string of 1 to 64 characters.

Examples

# Set the description for RRM holddown group 10 to office.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10] description office

display wlan rrm baseline

Use display wlan rrm baseline to display radio baseline information.

Syntax

display wlan rrm baseline { all | name baseline-name } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all radio baselines.

name baseline-name: Specifies a radio baseline by its name, a case-insensitive string of 1 to 32 characters.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief radio baseline information.

Usage guidelines

You cannot display information about a radio baseline if you do not have the right to manage radios with the location identifier in the radio baseline.

Examples

# Display brief radio baseline information.

<Sysname> display wlan rrm baseline all

 Baseline name  : apbaseline

 Radio range    : AP

 Created at     : 2015-06-22 19:56:31

 

 Baseline name  : groupbaseline

 Radio range    : AP group

 Created at     : 2015-06-22 19:56:12

 

 Baseline name  : globalbaseline

 Radio range    : Global

 Created at     : 2015-06-22 19:55:12

Table 61 Command output

Field

Description

Radio range

Range of radios saved in the baseline:

·         AP—Radios on an AP.

·         AP group—Radios on APs in an AP group.

·         Global—Radios on all APs associated with the AC.

Created at

Time and date when the baseline was created.

 

# Display detailed radio baseline information.

<Sysname> display wlan rrm baseline all verbose

--------------------------------------------------------------------------------

 Baseline name : apbaseline

 Radio range   : AP

 Created at    : 2015-06-22 19:56:31

--------------------------------------------------------------------------------

 APName             RadioID RadioType Bandwidth Channel Power RegionCode

--------------------------------------------------------------------------------

 ap1                2       dot11gn   20        13      20    CN

--------------------------------------------------------------------------------

 

--------------------------------------------------------------------------------

 Baseline name : groupbaseline

 Radio range   : AP group

 Created at    : 2015-06-22 19:56:12

--------------------------------------------------------------------------------

 APName             RadioID RadioType Bandwidth Channel Power RegionCode

--------------------------------------------------------------------------------

 ap1                1       dot11an   40        157     20    CN

 ap2                1       dot11an   40        149     20    CN

--------------------------------------------------------------------------------

 

--------------------------------------------------------------------------------

 Baseline name : globalbaseline

 Radio range   : Global

 Created at    : 2015-06-22 19:55:12

--------------------------------------------------------------------------------

 APName             RadioID RadioType Bandwidth Channel Power RegionCode

--------------------------------------------------------------------------------

 ap1                1       dot11an   40        149     20    CN

 ap1                2       dot11gn   20        13      20    CN

 ap2                1       dot11an   40        149     20    CN

 ap2                2       dot11gn   20        1       20    CN

--------------------------------------------------------------------------------

Table 62 Command output

Field

Description

Radio range

Range of radios saved in the baseline:

·         AP—Radios on an AP.

·         AP group—Radios on all APs in an AP group.

·         Global—Radios on all APs associated with the AC.

Created at

Time and date when the baseline was created.

Power

Transmit power of the radio in dBm.

RegionCode

Region code of the AP.

 

display wlan rrm baseline apply-result

Use display wlan rrm baseline apply-result to display the most recent application result of a radio baseline.

Syntax

display wlan rrm baseline apply-result

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the most recent application result of a radio baseline.

<Sysname> display wlan rrm baseline apply-result

Radio count : 6

Success     : 4

Failure     : 2

Failure reason

  Radio doesn't exist           : 0

  Radio is down                 : 0

  Mismatching radio type        : 0

  Mismatching region code       : 1

  No service template           : 0

  Illegal channel               : 0

  Mismatching bandwidth         : 1

  Channel locked                : 0

  Channel fixed                 : 0

  Within channel holddown time  : 0

  Mismatching channel gap policy: 0

  Power locked                  : 0

  Within power holddown time    : 0

  Power lower than min. power   : 0

  Power greater than max. power : 0

Table 63 Command output

Field

Description

Radio count

Number of radios in the radio baseline.

Success

Number of successful applications.

Failure

Number of failed applications.

Mismatching radio type

The radio mode saved in the baseline does not match the actual radio mode.

Mismatching region code

The region code saved in the baseline does not match the actual region code of the AP.

Wireless service not effective

No service template is bound to a radio in the baseline or the bound service template is disabled.

Mismatching channel gap policy

The channel in the baseline does not match the specified channel gap.

Power lower than min. power

The transmit power in the baseline is lower than the specified minimum transmit power for the radio.

Power greater than max. power

The transmit power in the baseline is higher than the specified maximum transmit power for the radio.

 

display wlan rrm-calibration-group

Use display wlan rrm-calibration-group to display RRM holddown group information.

Syntax

display wlan rrm-calibration-group { all | group-id }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all RRM holddown groups.

group-id: Specifies an RRM holddown group by its ID. The value range for this argument is 1 to 128.

Examples

# Display information about RRM holddown group 10.

<Sysname> display wlan rrm-calibration-group 10

          RRM Calibration Group Information

--------------------------------------------------------------------------------

Group ID                : 10

Description             : office

Channel holddown time   : 720 minutes

Power holddown time     : 60 minutes

Group members           : ap4-radio2, ap3-radio2

--------------------------------------------------------------------------------

Table 64 Command output

Field

Description

Group ID

ID of the RRM holddown group.

Description

Description for the RRM holddown group.

Channel holddown time

Channel holddown time.

Power holddown time

Power holddown time.

Group members

Radios in the RRM holddown group.

 

display wlan rrm-history ap

Use display wlan rrm-history ap to display historical channel and power adjustment information.

Syntax

display wlan rrm-history ap { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), slashes (/), and minus signs (-).

Usage guidelines

You can use this command to display detailed information about the most recent three channel and power adjustments. The detailed information includes adjustment time, cause, power, and interference.

Examples

# Display historical channel and power adjustment information for radios of the AP ap1.

<Sysname> display wlan rrm-history ap name ap1

                         AP RRM History

--------------------------------------------------------------------------

 Flags : I - Interference,   P - Packets discarded,    F - Retransmission,

         R - Radar,          C - Coverage,             O - Others

--------------------------------------------------------------------------

 

                         AP RRM History : ap1

--------------------------------------------------------------------------

 Radio : 1                                Basic BSSID : 000f-e2ff-7700

--------------------------------------------------------------------------

        Ch  Power Load Util Intf PER Retry Reason  Date         Time

            (dBm) (%)  (%)  (%)  (%) (%)           (yyyy-mm-dd) (hh:mm:ss)

--------------------------------------------------------------------------

 Before 6   20    24   2    21   11  18    -P----  2014-07-07   17:31:50

 After  1   20    9    0    8    0   27    -       -            -

--------------------------------------------------------------------------

 Before 1   20    54   1    53   11  15    IP----  2014-07-08   12:19:50

 After  6   20    10   0    10   3   29    -       -            -

--------------------------------------------------------------------------

 Before 6   20    29   1    28   21  20    -P----  2014-07-08   12:59:50

 After  1   20    30   0    29   2   24    -       -            -

--------------------------------------------------------------------------

Table 65 Command output

Field

Description

Radio

Radio ID.

Basic BSSID

Basic service set identifier.

Ch

Working channel of the radio.

Power

Transmit power of the radio.

Load

Channel load in percentage.

Util

Channel usage in percentage.

Intf

Interference detected on the channel, in percentage.

PER

Bit error rate detected on the channel, in percentage.

Retry

Retransmission rate detected on the channel, in percentage.

Reason

Channel or power adjustment reason.

Date

Channel or power adjustment date.

Time

Channel or power adjustment time.

 

display wlan rrm-status ap

Use display wlan rrm-status ap to display detailed RRM information.

Syntax

display wlan rrm-status ap { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), slashes (/), and minus signs (-).

Usage guidelines

If both channel adjustment and power adjustment are disabled, this command displays only the working channel and power level for radios on the AP.

Examples

# Display detailed information about channel and power adjustments for radios of the AP ap1.

<Sysname> display wlan rrm-status ap name ap1

                          AP RRM Profile : ap1

--------------------------------------------------------------------------------

 Radio   : 1                              Basic BSSID    : 70f9-6d31-2fe0

 Channel : 157                            Tx Power (dBm) : 18

--------------------------------------------------------------------------------

    Ch    Nbrs    Load    Util    Intf    PER    Retry    Radar

                  (%)     (%)     (%)     (%)     (%)

--------------------------------------------------------------------------------

    36    0       0       -       0       0      -        -

    40    0       0       -       0       0      -        -

    44    0       0       -       0       0      -        -

    48    0       0       -       0       0      -        -

    52    0       0       -       0       0      -        -

    56    0       0       -       0       0      -        -

    60    0       0       -       0       0      -        -

    64    0       0       -       0       0      -        -

    100   0       0       -       0       0      -        -

    104   0       0       -       0       0      -        -

    108   0       0       -       0       0      -        -

    112   0       0       -       0       0      -        -

    116   0       0       -       0       0      -        -

    132   0       0       -       0       0      -        -

    136   0       0       -       0       0      -        -

    140   0       0       -       0       0      -        -

    149   1       0       -       0       0      -        -

    153   4       0       -       0       0      -        -

    157   0       0       0       0       0      0        -

    161   2       0       -       0       0      -        -

    165   0       0       -       0       0      -        -

--------------------------------------------------------------------------------

   Nbr-MACAddress   Ch    Intf   SignalStrength   Type

                           (%)    (dBm)

--------------------------------------------------------------------------------

   000f-e212-ff01   161   0      -60              Unmanaged

   5866-ba74-e461   153   0      -72              Unmanaged

   70f9-6d30-9020   153   0      -40              Managed

   70f9-6d31-3080   149   0      -54              Managed

   70f9-6d31-34e0   161   0      -59              Managed

   7425-8a86-bbe0   153   0      -48              Unmanaged

   7425-8a86-c720   153   0      -63              Unmanaged

--------------------------------------------------------------------------------

 Radio   : 2                              Basic BSSID    : 70f9-6d31-2ff0

 Channel : 1                              Tx Power (dBm) : 19

--------------------------------------------------------------------------------

    Ch    Nbrs    Load    Util    Intf    PER    Retry    Radar

                  (%)     (%)     (%)     (%)     (%)

--------------------------------------------------------------------------------

    1     6       4       0       4       0      0        -

    6     4       2       -       2       0      -        -

    11    6       2       -       2       0      -        -

--------------------------------------------------------------------------------

   Nbr-MACAddress   Ch    Intf   SignalStrength   Type

                           (%)    (dBm)

--------------------------------------------------------------------------------

   000f-e212-ff11   1     49     -77              Unmanaged

   0023-89e1-ed00   11    0      -87              Unmanaged

   006a-55f6-ae10   1     57     -88              Unmanaged

   5866-ba64-aa31   1     10     -60              Unmanaged

   5866-ba74-e471   6     0      -76              Unmanaged

   5866-baa9-a610   11    0      -62              Unmanaged

   70f9-6d30-9030   6     0      -63              Managed

   70f9-6d31-3090   1     51     -86              Managed

   70f9-6d31-34f0   6     0      -85              Managed

   7425-8a86-bbf0   6     0      -73              Unmanaged

   7425-8a86-c731   11    0      -93              Unmanaged

   80f6-2ec0-3330   11    0      -76              Unmanaged

   80f6-2ec0-3331   11    0      -73              Unmanaged

   80f6-2edd-d2d0   1     40     -60              Unmanaged

   80f6-2edd-d2d1   1     44     -68              Unmanaged

   80f6-2ede-0b30   11    0      -74              Unmanaged

Table 66 Command output

Field

Description

Radio

Radio ID.

Basic BSSID

Basic service set identifier.

Channel

Working channel of the radio.

Tx Power

Transmit power of the radio.

Ch

Channels supported by the radio.

Nbrs

Number of detected radios.

Load

Load detected on the channel, in percentage. Channel load refers to the ratio between the outbound packets and the inbound packets as well as the interferences. Interferences refer to the error packets that are received by the radio.

Util

Channel usage in percentage. Channel usage refers to the ratio between the outbound packets and the inbound packets.

Intf

Interference detected on the channel, in percentage.

PER

Bit error rate detected on the channel, in percentage.

Retry

Retransmission rate detected on the channel, in percentage.

Radar

Radar detection status:

·         —No radar signals are detected on the channel.

·         Detected—Radar signals have been detected on the channel.

Nbr-MACAddress

MAC address of the detected radio.

SignalStrength

Signal strength of the radio, in dBm.

Type

Type of the radio:

·         Unmanaged—Radios that can be detected by the radio but are not managed by the same AC.

·         Managed—Radios that can be detected by the radio and are managed by the same AC.

 

interference-threshold

Use interference-threshold to set the channel interference threshold.

Use undo interference-threshold to restore the default.

Syntax

interference-threshold percent

undo interference-threshold

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the channel interference threshold is 50%.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

percent: Specifies the channel interference threshold in the range of 1% to 100%.

Usage guidelines

When the AC detects that the proportion of interference packets in all data packets reaches the interference threshold on a radio, it performs DFS for the radio. Interference packets are packets sent to other radios.

Examples

# Set the channel interference threshold to 60% for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] interference-threshold 60

# Set the channel interference threshold to 60% for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] interference-threshold 60

power holddown-time

Use power holddown-time to set the power holddown time.

Use undo power holddown-time to restore the default.

Syntax

power holddown-time minutes

undo power holddown-time

Default

The power holddown time is 60 minutes.

Views

RRM holddown group view

Predefined user roles

network-admin

Parameters

minutes: Specifies the power holddown time in the range of 10 to 1440 minutes.

Usage guidelines

Each time the power of a radio in the RRM holddown group changes, the system starts the power holddown timer for the radio. The power for every radio in the RRM holddown group remains unchanged during the specified power holddown time.

Examples

# Set the power holddown time to 600 minutes for RRM holddown group 10.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10] power holddown-time 600

power-capability mode

Use power-capability mode to set the transmit power capability match mode.

Use undo power-capability mode to restore the default.

Syntax

power-capability mode { all | none | partial }

undo power-capability mode

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, client transmit power capabilities are not checked.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

all: Specifies the all mode. A client is allowed to associate with a radio only when all its transmit power capabilities match the radio's transmit power capabilities.

none: Specifies the none mode. Client transmit power capabilities are not checked.

partial: Specifies the partial mode. A client is allowed to associate with a radio as long as one of its transmit power capabilities matches the radio's transmit power capabilities.

Usage guidelines

This command takes effect only when you enable spectrum management or radio resource measurement. For more information about radio resource measurement, see WLAN Configuration Guide.

Examples

# Set the client power capability match mode to all for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

[Sysname-wlan-ap-ap1-radio-1] power-capability mode all

# Set the client power capability match mode to all for radio 1 of APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] power-capability mode all

Related commands

·          resource-measure

·          spectrum-management

power-constraint mode

Use power-constraint mode to set the power constraint mode.

Use undo power-constraint mode to restore the default.

Syntax

power-constraint mode { auto [ anpi-interval anpi-interval-value ] | manual power-constraint }

undo power-constraint mode

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, the power constraint mode is auto.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

auto: Specifies the auto mode.

anpi-interval anpi-interval-value: Adds a value to the average noise power indicator (ANPI) for the device to calculate the power constraint value, in the range of 0 to 30 in dBm. The default value is 10 dBm.

manual power-constraint: Specifies the power constraint value in the range of 0 to 30 dBm.

Usage guidelines

This command is available only on 5 GHz radios.

If you specify the auto mode, the device calculates the power constraint value by using this formula: power-constraint = Received Channel Power Indicator (RCPI) minus (ANPI + anpi-interval-value).

This command takes effect only when you enable spectrum management or radio resource measurement. For more information about radio resource measurement, see WLAN Configuration Guide.

Examples

# Set the power constraint mode to manual and set the power constraint value to 5 dBm for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

[Sysname-wlan-ap-ap1-radio-1] power-constraint mode manual 5

# Set the power constraint mode to manual and set the power constraint value to 5 dBm for radio 1 of APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] power-constraint mode manual 5

Related commands

·          resource-measure

·          spectrum-management

rrm

Use rrm to enter Radio Resource Management (RRM) view.

Syntax

rrm

Views

Radio view

Predefined user roles

network-admin

Examples

# Enter RRM view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

scan-only

Use scan-only enable to enable radio scanning.

Use scan-only disable to disable radio scanning.

Use undo scan-only to restore the default.

Syntax

scan-only { disable | enable }

undo scan-only

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, radio scanning is disabled.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Usage guidelines

This feature enables APs to scan the WLAN environment and report collected statistics to the AC at the specified interval. The AC uses the statistics to generate channel reports and neighbor reports.

To view the channel reports and neighbor reports, use the display wlan rrm-status ap command.

If you have configured periodic auto-DFS, scheduled auto-DFS, or periodic auto-TPC, you do not need to enable this feature.

Examples

# Enable radio scanning for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] scan-only enable

# Enable radio scanning for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] scan-only enable

Related commands

display wlan rrm-status ap

snmp-agent trap enable wlan rrm

Use snmp-agent trap enable wlan rrm to enable SNMP notifications for WLAN RRM.

Use undo snmp-agent trap enable wlan rrm to restore the default.

Syntax

snmp-agent trap enable wlan rrm

undo snmp-agent trap enable wlan rrm

Default

SNMP notifications are disabled for WLAN RRM.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN RRM events to an NMS, enable SNMP notifications for WLAN RRM. For WLAN RRM event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for WLAN RRM.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan rrm

spectrum-management

Use spectrum-management enable to enable spectrum management.

Use spectrum-management disable to disable spectrum management.

Use undo spectrum-management to restore the default.

Syntax

spectrum-management { disable | enable }

undo spectrum-management

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, spectrum management is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is available only on 5 GHz radios.

Examples

# Enable spectrum management for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

# Enable spectrum management for radio 1 of APs with model WA536-WW in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable

tolerance-level

Use tolerance-level to set the tolerance level.

Use undo tolerance-level to restore the default.

Syntax

tolerance-level percent

undo tolerance-level

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the tolerance level is 20%.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

percent: Specifies the tolerance level in the range of 1% to 45%.

Usage guidelines

The AC selects an optimal channel for a radio when the CRC error threshold, interference threshold, or retransmission threshold is reached on the current channel. The AC does not apply the optimal channel to the radio until the quality gap between the optimal channel and the current channel exceeds the tolerance level.

Examples

# Set the tolerance level to 25% for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] tolerance-level 25

# Set the tolerance level to 25% for radio 1 of APs with model WA536-WW in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA536-WW

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] tolerance-level 25

wlan calibrate-channel pronto ap all

IMPORTANT

IMPORTANT:

This command consumes system resources. Use it with caution.

 

Use wlan calibrate-channel pronto ap all to execute on-demand DFS for radios of all APs.

Syntax

wlan calibrate-channel pronto ap all

Views

System view

Predefined user roles

network-admin

Examples

# Execute on-demand DFS for radios of all APs.

<Sysname> system-view

[Sysname] wlan calibrate-channel pronto ap all

wlan calibrate-power pronto ap all

IMPORTANT

IMPORTANT:

This command consumes system resources. Use it with caution.

 

Use wlan calibrate-power pronto ap all to execute on-demand TPC for radios of all APs.

Syntax

wlan calibrate-power pronto ap all

Views

System view

Predefined user roles

network-admin

Examples

# Execute on-demand TPC for radios of all APs.

<Sysname> system-view

[Sysname] wlan calibrate-power pronto ap all

wlan rrm baseline apply

Use wlan rrm baseline apply to apply a radio baseline.

Syntax

wlan rrm baseline apply name baseline-name

Views

System view

Predefined user roles

network-admin

Parameters

name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

You cannot apply a radio baseline when one of the following conditions is met:

·          You do not have the right to manage radios with the location identifier in the radio baseline.

·          The name of the radio baseline is start_config_baseline.csv.

Examples

# Apply radio baseline bl.

<Sysname> system-view

[Sysname] wlan rrm baseline apply name bl

Related commands

display wlan rrm baseline apply-result

wlan rrm baseline save

wlan rrm baseline remove

Use wlan rrm baseline remove to delete a radio baseline.

Syntax

wlan rrm baseline remove name baseline-name

Views

System view

Predefined user roles

network-admin

Parameters

name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

You cannot apply a radio baseline if you do not have the right to manage radios with the location identifier in the radio baseline.

Examples

# Delete radio baseline bl.

<Sysname> system-view

[Sysname] wlan rrm baseline remove name bl

Related commands

wlan rrm baseline save

wlan rrm baseline save

Use wlan rrm baseline save to create a radio baseline by saving the current radio settings.

Syntax

wlan rrm baseline save name baseline-name { ap ap-name radio radio-id | ap-group group-name ap-model ap-model radio radio-id | global }

Views

System view

Predefined user roles

network-admin

Parameters

name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.

ap ap-name: Specifies an AP name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-). Make sure the AP is online.

radio radio-id: Specifies a radio ID.

ap-group group-name: Specifies an AP group name, a case-insensitive string of 1 to 31 characters. Make sure the AP group already exists.

ap-model ap-model: Specifies an AP model.

global: Specifies all radios.

Usage guidelines

A radio baseline saves the working channel, transmit rate, and other radio attributes for a radio or several radios. You can create a radio baseline by saving the current radio settings and apply the baseline to use these settings.

A radio baseline is saved in a .csv file in the file system on the AC.

Examples

# Save the settings of radio 1 on AP ap1 and create radio baseline ap1-1.

<Sysname> system-view

[Sysname] wlan rrm baseline save name ap1-1 ap ap1 radio 1

# Save the settings of radio 1 of APs with model WA536-WW in AP group group1 and create radio baseline ap1g1-1.

<Sysname> system-view

[Sysname] wlan rrm baseline save name ap1g1-1 ap-group group1 ap-model WA536-WW radio 1

# Save the settings of all radios and create radio baseline global.

<Sysname> system-view

[Sysname] wlan rrm baseline save name global global

wlan rrm calibration-channel interval

Use wlan rrm calibration-channel interval to set the channel calibration interval.

Use undo wlan rrm calibration-channel interval to restore the default.

Syntax

wlan rrm calibration-channel interval minutes

undo wlan rrm calibration-channel interval

Default

The channel calibration interval is 8 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Specifies the channel calibration interval, in the range of 3 to 1440 minutes.

Examples

# Set the channel calibration interval to 10 minutes.

<Sysname> system-view

[Sysname] wlan rrm calibration-channel interval 10

Related commands

calibrate-channel self-decisive

wlan rrm-calibration-group

Use wlan rrm-calibration-group to create an RRM holddown group and enter its view, or enter the view of an existing RRM holddown group.

Use undo wlan rrm-calibration-group to remove an RRM holddown group.

Syntax

wlan rrm-calibration-group group-id

undo wlan rrm-calibration-group { all | group-id }

Default

No RRM holddown group exists.

Views

System view

Predefined user roles

network-admin

Parameters

all: Specifies all RRM holddown groups.

group-id: Specifies an RRM holddown group ID in the range of 1 to 128.

Examples

# Create RRM holddown group 10.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10]

wlan rrm calibration-power interval

Use wlan rrm calibration-power interval to set the power calibration interval.

Use undo wlan rrm calibration-power interval to restore the default.

Syntax

wlan rrm calibration-power interval minutes

undo wlan rrm calibration-power interval

Default

The power calibration interval is 8 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Specifies the power calibration interval, in the range of 3 to 180 minutes.

Examples

# Set the power calibration interval to 10 minutes.

<Sysname> system-view

[Sysname] wlan rrm calibration-power interval 10

Related commands

calibrate-power self-decisive

 


IoT AP commands

This feature is restricted to Hong Kong and Macao.

Support for IoT capability depends on the AP model.

display wlan module firmware-upgrade history

Use display wlan module firmware-upgrade history to display firmware upgrade information for modules.

Syntax

display wlan module firmware-upgrade history { all | ap ap-name module module-id }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all modules.

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

module-id: Specifies a module by its ID. The value range varies by AP model.

Usage guidelines

This command displays firmware upgrade information for a module on an AP from the time that the AP starts.

Examples

# Display firmware upgrade information for all modules.

<Sysname> display wlan module firmware-upgrade history all

Total number of APs: 3

--------------------------------------------------------------------------------

AP name  Module ID  Last upgrade time         Upgrade status  SW Version

--------------------------------------------------------------------------------

ap1      1          Mon Nov  2 13:54:23 2015  Success         12-09-02-22

ap1      2          Mon Nov  2 13:54:23 2015  Upgrading       12-09-02-22

ap2      1          N/A                         N/A             12-09-02-22

ap3      1          Mon Nov  2 13:54:23 2015  Failed             12-09-02-22

Table 67 Command output

Field

Description

Upgrade status

Upgrade status:

·         Succeeded..

·         Failed.

·         Upgrading.

This field displays N/A if the module has not been upgraded.

SW version

Module software version.

 

display wlan module-information

Use display wlan module-information to display module information for an AP.

Syntax

display wlan module-information ap ap-name module module-id

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

module module-id: Specifies a module by its ID. The value range varies by AP model.

Examples

# Display information about module 1 on AP ap1.

<Sysname> display wlan module-information ap ap1 module 1

Module administrate type       : BLE

Module physical type           : H3C

Model                          : T300-B

HW version                     : 12090031

SW version                     : 12090202

Sequence ID                    : 0000051700000002

Node physical status           : Normal

Module physical status         : Normal

Module administrate status     : Enabled

RF1                            : Enabled

RF2                            : Enabled

RF3                            : Enabled

ZIGBEE                         : Enabled

Table 68 Command output

Field

Description

Module administrate type

Configured module type:

·         NotConfig.

·         BLE.

·         IOT.

Module physical type

Physical type of the module:

·         H3C.

·         IOT.

This field displays N/A if no physical type information is available.

Model

Module model information.

This field displays N/A if no module model information is available.

HW version

Module hardware version.

SW version

Module software version.

Sequence ID

Module sequence ID.

Node physical status

Physical status of the node where the module is installed:

·         Unavailable.

·         Normal.

·         Absent.

Module physical status

Physical status of the module:

·         Unavailable.

·         Normal.

·         Absent.

Module administrate status

Configured module status:

·         Enabled.

·         Disabled.

RF1

RF1 status:

·         Enabled.

·         Disabled.

RF2

RF2 status:

·         Enabled.

·         Disabled.

RF3

RF3 status:

·         Enabled.

·         Disabled.

ZIGBEE

Zigbee status:

·         Enabled.

·         Disabled.

 

module

Use module to enter module view.

Syntax

module module-id

Views

AP view

AP group AP model view

Predefined user roles

network-admin

Parameters

module-id: Specifies a module by its ID. The value range varies by AP model.

Usage guidelines

To configure and manage a module on an AP, you must first enter module view of the AP.

Examples

# Enter the view of module 1 on AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP380

[Sysname-wlan-ap-ap1] module 1

[Sysname-wlan-ap-ap1-module-1]

# Enter the view of module 1 on all APs with AP model UAP380 in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-apgroup1] ap-model UAP380

[Sysname-wlan-ap-apgroup1-ap-model-UAP380] module 1

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1]

module enable

Use module enable to enable a module.

Use module disable to disable a module.

Use undo module to restore the default.

Syntax

module { disable | enable }

undo module

Default

In module view, an AP uses the configuration in AP group's module view.

In AP group's module view, a module is disabled.

Views

Module view

AP group's module view

Predefined user roles

network-admin

Examples

# Enable module 1 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP380

[Sysname-wlan-ap-ap1] module 1

[Sysname-wlan-ap-ap1-module-1] module enable

# Enable module 1 for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model UAP380

[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] module enable

module firmware-upgrade

Use module firmware-upgrade enable to enable automatic firmware upgrade for a module.

Use module firmware-upgrade disable to disable automatic firmware upgrade for a module.

Use undo firmware-upgrade to restore the default.

Syntax

module firmware-upgrade { disable | enable }

undo module firmware-upgrade

Default

In module view, a module uses the configuration in AP group's module view.

In AP group's module view, automatic firmware upgrade is disabled for a module.

Views

Module view

AP group's module view

Predefined user roles

network-admin

Usage guidelines

This feature enables a module to immediately upgrade its firmware if its firmware version is different from the version stored in the AP's image file.

After you enable this feature for a module, this feature takes effect every time the connected IoT AP reboots.

Examples

# Enable automatic firmware upgrade in module view.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP380

[Sysname-wlan-ap-ap1] module 1

[Sysname-wlan-ap-ap1-module-1] module firmware-upgrade enable

# Enable automatic firmware upgrade in AP group's module view.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model UAP380

[Sysname-wlan-ap-group-10-ap-model-UAP380] module 1

[Sysname-wlan-ap-group-10-ap-model-UAP380-module-1] module firmware-upgrade enable

Related commands

·          display wlan module firmware-upgrade history

·          display wlan module-information

rfid-tracking ble advertisement

Use rfid-tracking ble advertisement to configure the advertisement information for a BLE module.

Use undo rfid-tracking ble advertisement to restore the default.

Syntax

rfid-tracking ble advertisement { major-id major-id | measured-power measured-power | minor-id minor-id | uuid uuid }

undo rfid-tracking ble advertisement { major-id | measured-power | minor-id | uuid }

Default

In module view, a module uses the configuration in AP group's module view.

In AP group's module view, the Major ID is 1, Minor ID is 1, measured power is -58 dBm, and UUID is 0 in the advertisement information for a BLE module.

Views

Module view

AP group's module view

Predefined user roles

network-admin

Parameters

major-id major-id: Specifies the Major ID in the advertisement information for a BLE module. The value range for the major-id argument is 0 to 65535.

measured-power measured-power: Specifies the measured power in the advertisement information for a BLE module. The value range for the measured-power argument is 0 to 127, representing that the value range for the signal intensity is -127 to 0 dBm. A larger value represents weaker signal intensity. The measured power is the signal intensity detected by the advertisement receiving device when the device is at a 1-meter distance from the iBeacon device. The measured power can be used to calculate the distance between the advertisement receiving device and the iBeacon device.

minor-id minor-id: Specifies the Minor ID in the advertisement information for a BLE module. The value range for the minor-id argument is 0 to 65535.

uuid uuid: Specifies the UUID in the advertisement information for a BLE module. The value range for the uuid argument is a case-insensitive string of 32 hexadecimal digits from 0 to f.

Usage guidelines

A BLE module broadcasts iBeacon advertisements containing Major ID, Minor ID, measured power, and UUID to nearby application software. Application software that receives the advertisement information will take specific actions according to the advertisement information to fulfill their software functions.

Examples

# Configure the advertisement information for BLE module 1 in module view.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP380

[Sysname-ap-ap1] module 1

[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement major-id 4

[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement minor-id 4

[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement uuid 34ae56115098ca67321a11256bca3007

[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement measured-power 30

# Configure the advertisement information for BLE module 1 in AP group's module view.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model UAP380

[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement major-id 4

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement minor-id 4

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement uuid 34ae56115098ca67321a11256bca3007

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement measured-power 30

Related commands

·          rfid-tracking ble advertisement enable

·          rfid-tracking ble advertisement interval

rfid-tracking ble advertisement enable

Use rfid-tracking ble advertisement enable to enable the iBeacon transmission feature for a BLE module.

Use rfid-tracking ble advertisement disable to disable the iBeacon transmission feature for a BLE module.

Use undo rfid-tracking ble advertisement to restore the default.

Syntax

rfid-tracking ble advertisement { disable | enable }

undo rfid-tracking ble advertisement

Default

In module view, a module uses the configuration in AP group's module view.

In AP group's module view, the iBeacon transmission feature is disabled for a BLE module.

Views

Module view

AP group's module view

Predefined user roles

network-admin

Usage guidelines

This command enables a BLE module to periodically broadcast iBeacon advertisements. An iBeacon advertisement contains a UUID, Major ID, measured power, and Minor ID.

This command takes effect only for BLE modules.

Examples

# Enable the iBeacon transmission feature for BLE module 1 in module view.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP380

[Sysname-ap-ap1] module 1

[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement enable

# Enable the iBeacon transmission feature for BLE module 1 in AP group's module view.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model UAP380

[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement enable

Related commands

·          rfid-tracking ble advertisement

·          rfid-tracking ble advertisement interval

rfid-tracking ble advertisement interval

Use rfid-tracking ble advertisement interval to set the interval at which a BLE module broadcasts iBeacon advertisements.

Use undo rfid-tracking ble advertisement interval to restore the default.

Syntax

rfid-tracking ble advertisement interval interval

undo rfid-tracking ble advertisement interval

Default

In module view, a module uses the configuration in AP group's module view.

In AP group's module view, a BLE module broadcasts iBeacon advertisements every 100 centiseconds (1 second).

Views

Module view

AP group's module view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which a BLE module broadcasts iBeacon advertisements with a step size of 10. The value range is 50 to 1000 centiseconds.

Examples

# Configure BLE module 1 to broadcast iBeacon advertisements every 200 centiseconds in module view.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP380

[Sysname-ap-ap1] module 1

[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement interval 200

# Configure BLE module 1 to broadcast iBeacon advertisements every 200 centiseconds in AP group's module view.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model UAP380

[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement interval 200

Related commands

·          rfid-tracking ble advertisement

·          rfid-tracking ble advertisement enable

serial-number

Use serial-number to specify a serial number for a module.

Use undo serial-number to restore the default.

Syntax

serial-number serial-number

undo serial-number

Default

No serial number is specified for a module.

Views

Module view

Predefined user roles

network-admin

Parameters

serial-number : Specifies a serial number that can uniquely identify a module, a case-insensitive string of 1 to 31 characters.

Usage guidelines

CAUTION

CAUTION:

Deleting the serial number or specifying a different serial number than the actual serial number of an online module logs off the module if the module connects to an IoT AP through network cables.

 

This command is required for a module when the module connects to an AP through network cables. The module can come online on the AP only when the specified serial number is the same as the actual serial number of the module.

For a module that is installed on an AP, this command does not take effect. The module can come online directly no matter whether the specified serial number is the same as the module's serial number or not.

Examples

# Set the serial number of module 1 to 210235A1BSC123000050.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP300

[Sysname-wlan-ap-ap1] module 1

[Sysname-wlan-ap-ap1-module-1] serial-number 210235A1BSC123000050

tx-power

Use tx-power to set the transmit power level for a module.

Use undo tx-power to restore the default.

Syntax

tx-power power

undo tx-power

Default

In module view, a module uses the configuration in AP group's module view.

In AP group's module view, the transmit power level for a module is 1, which indicates a transmit power of 4 dBm.

Views

Module view

AP group's module view

Predefined user roles

network-admin

Parameters

power: Specifies the transmit power level. The value can be 1, 2, 3, or 4, which indicates a transmit power of 4 dBm, –1 dBm, –5 dBm, and –9 dBm, respectively.

Examples

# Set the transmit power level to 4 for module 1 in module view.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP380

[Sysname-ap-ap1] module 1

[Sysname-ap-ap1-module-1] tx-power 4

# Set the transmit power level to 4 for module 1 in AP group's module view.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model UAP380

[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] tx-power 4

Related commands

rfid-tracking ble advertisement enable

type

Use type to specify the supported module type.

Use undo type to restore the default.

Syntax

type { ble | iot }

undo type

Default

In module view, an AP uses the configuration in AP group's module view.

In AP group's module view, no supported module type is specified.

Views

Module view

AP group's module view

Predefined user roles

network-admin

Parameters

ble: Specifies the Bluetooth low energy type.

iot: Specifies the IoT type.

Usage guidelines

For a module to operate correctly, make sure the specified module type is the same as the actual module type.

Examples

# Specify the supported module type IoT for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model UAP380

[Sysname-wlan-ap-ap1] module 1

[Sysname-wlan-ap-ap1-module-1] type iot

# Specify the supported module type IoT for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model UAP380

[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1

[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] type iot

wlan execute module firmware-upgrade

Use wlan execute module firmware-upgrade to manually upgrade the firmware of a module.

Syntax

wlan execute module firmware-upgrade { ap ap-name | ap-group group-name ap-model ap-model } module module-id firmware-path filepath

Views

System view

Predefined user roles

network-admin

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

ap-group group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.

ap-model ap-model: Specifies an AP model.

module module-id: Specifies a module by its ID. The value range varies by AP model.

firmware-path filepath: Specifies the path of the image file for module upgrade.

Usage guidelines

When you use this command to manually upgrade the firmware of an IoT module, make sure the automatic firmware upgrade feature is disabled for the module. Automatic firmware upgrade performs version consistency check every time the connected IoT AP restarts and upgrades the module's firmware to the version stored in the AP' image file as necessary.

Examples

# Obtain an upgrade file to manually upgrade module 1 on AP ap1.

<Sysname> system-view

[Sysname] wlan execute module firmware-upgrade ap ap1 module 1 firmware-path flash:/a.ipe

wlan execute module reset

Use wlan execute module reset to restart a module on an AP.

Syntax

wlan execute module reset ap ap-name module module-id

Views

System view

Predefined user roles

network-admin

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

module module-id: Specifies a module by its ID. The value range varies by AP model.

Examples

# Restart module 1 on AP ap1.

<Sysname> system-view

[Sysname] wlan execute module reset ap ap1 module 1

wlan execute module restore-factory

Use restore factory-default wlan ap to restore the factory settings for a module on an AP.

Syntax

wlan execute module restore-factory ap ap-name module module-id

Views

System view

Predefined user roles

network-admin

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

module module-id: Specifies a module by its ID. The value range varies by AP model.

Usage guidelines

This command restarts a module and restores the factory settings of the module immediately.

Examples

# Restore the factory settings for module 1 on AP ap1.

<Sysname> system-view

[Sysname] wlan execute module restore-factory ap ap1 module 1

 


CM tunnel commands

This feature is restricted to Hong Kong and Macao.

cmtunnel server domain

Use cmtunnel server domain to configure the domain name of the H3C Oasis server.

Use undo cmtunnel server domain to restore the default.

Syntax

cmtunnel server domain domain-name

undo cmtunnel server domain

Default

The domain name of the H3C Oasis server is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the domain name of the H3C Oasis server, a case-sensitive string of 1 to 253 characters.

Usage guidelines

If you execute the command multiple times, the most recent configuration takes effect.

Examples

# Configure the domain name of the H3C Oasis server as lvzhou.h3c.com.

<Sysname> system-view

[Sysname] cmtunnel server domain-name lvzhou.h3c.com

display cmtunnel state

Use display cmtunnel state to display CM tunnel state information.

Syntax

display cmtunnel state

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display CM tunnel state information.

<Sysname> display cmtunnel state

Cloud management tunnel

Server address     : 20.0.0.1

Server name        : lvzhou.h3c.com

Local port         : 80

Connection state   : Established

Device state       : Request_success

Table 69 Command output

Field

Description

Server address

IP address of the H3C Oasis server.

Server name

Domain name of the H3C Oasis server.

Local port

TCP port number used to establish CM tunnels.

Connection state

CM tunnel state:

·         Unconnected.

·         Request.

·         Established.

·         Close_recv—Received a CM tunnel closing packet.

·         Close_send—Sent a CM tunnel closing packet.

Device state

Local device state:

·         Idle—In idle state.

·         Connecting—Connecting to the H3C Oasis server.

·         Register—Sent a registration request.

·         Register_success—Registration succeeded.

·         Request—Sent a handshake request.

·         Request_success—Handshake succeeded.

 


Cloud connection commands

This feature is restricted to Hong Kong and Macao.

cloud-management keepalive

Use cloud-management keepalive to set the keepalive interval for the local device to send keepalive packets to the H3C Oasis server.

Use undo cloud-management keepalive to restore the default.

Syntax

cloud-management keepalive interval

undo cloud-management keepalive

Default

The keepalive interval is 180 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the keepalive interval in the range of 10 to 600 seconds.

Usage guidelines

If the device does not receive a response from the H3C Oasis server within three keepalive intervals, the device sends a registration request to re-establish the cloud connection.

Examples

# Set the keepalive interval to 360 seconds.

<Sysname> system-view

[Sysname] cloud-management keepalive 360

cloud-management server domain

Use cloud-management server domain to configure the domain name of the H3C Oasis server.

Use undo cloud-management server domain to restore the default.

Syntax

cloud-management server domain domain-name

undo cloud-management server domain

Default

The domain name of the H3C Oasis server is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the domain name of the H3C Oasis server, a case-sensitive string of 1 to 253 characters.

Usage guidelines

Before you configure the domain name of the H3C Oasis server, make sure a DNS server is configured to translate the domain name.

If you execute the command multiple times, the most recent configuration takes effect.

Examples

# Configure the domain name of the H3C Oasis server as lvzhouv3.h3c.com.

<Sysname> system-view

[Sysname] cloud-management server domain lvzhouv3.h3c.com

cloud-management server port

Use cloud-management server port to specify the TCP port number used to establish cloud connections.

Use undo cloud-management server port to restore the default.

Syntax

cloud-management server port port-number

undo cloud-management server port

Default

The TCP port number used to establish cloud connections is 443.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies the TCP port number used to establish cloud connections, in the range of 1 to 65535.

Usage guidelines

After you change the TCP port number used to establish cloud connections, the device tears down the cloud connection and establishes a cloud connection again to the Oasis platform.

Examples

# Set the TCP port number used to establish cloud connections to 80.

<Sysname> system-view

[Sysname] cloud-management server port 80

display cloud-management state

Use display cloud-management state to display cloud connection state information.

Syntax

display cloud-management state

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display cloud connection state information.

<Sysname> display cloud-management state

Cloud connection state                          : Established

Device state                                    : Request_success

Cloud server address                            : 10.1.1.1

Cloud server domain name                        : lvzhouv3.h3c.com

Local port                                      : 443

Connected at                                    : Wed Jan 27 14:18:40 2016

Duration                                        : 00d 00h 02m 01s

Process state                                   : DNS not parsed

Failure reason                                  : DNS parse failed

Last down reason                                : socket connection error (Details:N/A)

Last down at                                    : Wed Jan 27 13:18:40 2016

Last report failure reason                       : SSL sending failure (Details: ssl msg = ssl error read ,system msg = No such file or directory)

Last report failure at                          : Wed Jan 27 13:18:40 2016

Dropped packets after reaching buffer limit     : 0

Total dropped packets                           : 1

Last report incomplete reason                   : N/A

Last report incomplete at                       : N/A

Buffer full count                               : 0

Table 70 Command output

Field

Description

Cloud connection state

Cloud connection state: Unconnected, Request, and Established.

Device state

Local device state:

·         Idle—In idle state.

·         Connecting—Connecting to the H3C Oasis server.

·         Request_CAS_url—Sent a central authentication service (CAS) URL request.

·         Request_CAS_url_success—Requesting CAS URL succeeded.

·         Request_CAS_TGT—Sent a ticket granting ticket (TGT) request.

·         Request_CAS_TGT_success—Requesting TGT succeeded.

·         Request_CAS_ST—Sent a service ticket (ST) request.

·         Request_CAS_ST_success—Requesting ST succeeded.

·         Request_cloud_auth—Sent an authentication request.

·         Request_cloud_auth_success—Authentication succeeded.

·         Register—Sent a registration request.

·         Register_success—Registration succeeded.

·         Request—Sent a handshake request.

·         Request_success—Handshake succeeded.

Cloud server address

IP address of the H3C Oasis server.

Cloud server domain name

Domain name of the H3C Oasis server.

Local port

TCP port number used to establish cloud connections.

Connected at

Time when the cloud connection was established.

Duration

Duration since the establishment of the cloud connection.

Process state

Cloud connection processing state:

·         DNS not parsed.

·         DNS parsed.

·         Message not sent.

·         Message sent.

·         Message not received.

·         Message received.

Failure reason

Cloud connection failure reason:

·         DNS parse failed.

·         Socket connection failed.

·         SSL creation failed.

·         Sending CAS url request failed.

·         Sending CAS TGT failed.

·         Sending CAS ST failed.

·         Sending cloud auth failed.

·         Sending register failed.

·         Processing CAS url response failed.

·         Processing CAS TGT response failed.

·         Processing CAS ST response failed.

·         Processing cloud auth response failed.

·         Processing register response failed.

·         Sending handshake request failed.

·         Processing handshake failed.

·         Sending websocket request failed.

·         Processing websocket packet failed.

Last down reason

Reason for the most recent cloud connection interruption:

·         Device or process rebooted.

·         Socket connection error.

·         Configuration changed.

·         Received websocket close packet from cloud.

·         Keepalive expired.

·         Packet processing failed.

·         Main connection went down.

·         Cloud reset connection.

·         Memory reached threshold.

Last down at

Time when the cloud connection went down most recently.

Last report failure reason

Reason for the most recent cloud connection packet sending failure:

·         Tunnel is being deleted.

·         Tunnel socket is invalid.

·         Failed to convert string to json.

·         Failed to convert json to string.

·         Failed to create message node.

·         Tunnel is not ready.

·         Failed to create packet buffer.

·         SSL sending failure.

If the reason is SSL sending failure, one of the following detailed reason will be displayed:

·         ssl error none.

·         ssl error ssl.

·         ssl error read.

·         ssl error write.

·         ssl error x509 lookup.

·         ssl error syscall.

·         ssl error zero return.

·         ssl error connect.

·         ssl error accept.

Last report failure at

Time when the most recent cloud connection packet sending failure occurred.

Dropped packets after reaching buffer limit

Number of packets that are dropped because the CMTNL buffer limit is reached.

Total dropped packets

Total number of dropped packets.

Last report incomplete reason

Reason for the most recent unfinished packet sending:

·         Interrupted system call.

·         Socket buffer is full.

Last report incomplete at

Time when the most recent unfinished packet sending occurred.

Buffer full count

Number of times that the buffer becomes full.

 


WLAN IP snooping commands

client ip-snooping http-learning enable

Use client ip-snooping http-learning enable to enable snooping HTTP requests redirected to the portal server.

Use undo client ip-snooping http-learning enable to disable snooping HTTP requests redirected to the portal server.

Syntax

client ip-snooping http-learning enable

undo client ip-snooping http-learning enable

Default

Snooping HTTP requests is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

The AC can use this method to learn IP addresses of clients performing portal authentication. For more information about portal authentication, see Security Configuration Guides.

The priorities for learning IP addresses through snooping DHCP packets, ARP or ND packets, and HTTP requests are in descending order.

Make sure the service template is disabled before you execute this command.

Examples

# Enable snooping HTTP requests redirected to the portal server.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client ip-snooping http-learning enable

client ipv4-snooping arp-learning enable

Use client ipv4-snooping arp-learning enable to enable snooping ARP packets.

Use undo client ipv4-snooping arp-learning enable to disable snooping ARP packets.

Syntax

client ipv4-snooping arp-learning enable

undo client ipv4-snooping arp-learning enable

Default

Snooping ARP packets is enabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

The priorities for learning IP addresses through snooping DHCP packets, ARP or ND packets, and HTTP requests are in descending order.

Make sure the service template is disabled before you execute this command.

Examples

# Disable snooping ARP packets.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client ipv4-snooping arp-learning enable

client ipv6-snooping nd-learning enable

Use client ipv6-snooping nd-learning enable to enable snooping ND packets.

Use undo client ipv6-snooping nd-learning enable to disable snooping ND packets.

Syntax

client ipv6-snooping nd-learning enable

undo client ipv6-snooping nd-learning enable

Default

Snooping ND packets is enabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Make sure the service template is disabled when you execute this command.

By default, an AP learns clients' IPv6 addresses through snooping both ND and DHCPv6 packets. Disable this feature to configure an AP to learn clients' IPv6 addresses only from DHCPv6 packets.

Examples

# Disable snooping ND packets.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client ipv6-snooping nd-learning enable

client ipv6-snooping snmp-nd-report enable

Use client ipv6-snooping snmp-nd-report enable to enable SNMP to obtain client IPv6 addresses learned from ND packets.

Use undo client ipv6-snooping snmp-nd-report enable to disable SNMP from obtaining client IPv6 addresses learned from ND packets.

Syntax

client ipv6-snooping snmp-nd-report enable

undo client ipv6-snooping snmp-nd-report enable

Default

SNMP obtains client IPv6 addresses learned from both DHCPv6 and ND packets.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Make sure the service template is disabled when you execute this command.

Examples

# Disable SNMP from obtaining client IPv6 addresses learned from ND packets.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client ipv6-snooping snmp-nd-report enable

 


WLAN fast forwarding

The following matrix shows the feature and hardware compatibility:

 

Hardware series

Model

WLAN fast forwarding compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

No

WX3800H series

WX3820H

WX3840H

Yes

WX5800H series

WX5860H

Yes

 

display wlan fast-forwarding status

Use display wlan fast-forwarding status to display WLAN fast forwarding status.

Syntax

display wlan fast-forwarding status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display WLAN fast forwarding status.

<Sysname> display wlan fast-forwarding status

Slot 1 WLAN fast forwarding information:

      Status   : Enabled

      Mode     : Software fast forwarding

Table 71 Command output

Field

Description

Status

WLAN fast forwarding status:

·         Enabled.

·         Disabled.

Mode

WLAN fast forwarding mode:

·         Software fast forwarding.

 

wlan fast-forwarding enable

Use wlan fast-forwarding enable to enable WLAN fast forwarding.

Use undo wlan fast-forwarding enable to disable WLAN fast forwarding.

Syntax

wlan fast-forwarding enable

undo wlan fast-forwarding enable

Views

System view

Predefined user roles

network-admin

network-operator

Usage guidelines

When this feature is enabled, ACL and QoS only support matching 5-tuple in fast forwarded packets.

Examples

# Enable WLAN fast forwarding.

<Sysname> system-view

[Sysname] wlan fast-forwarding enable

 


WLAN probe commands

client-proximity-sensor

Use client-proximity-sensor enable to enable WLAN probe.

Use client-proximity-sensor disable to disable WLAN probe.

Use undo client-proximity-sensor to restore the default.

Syntax

client-proximity-sensor { disable | enable }

undo client-proximity-sensor

Default

·          In radio view, a radio uses the configuration in AP group radio view.

·          In AP group radio view, WLAN probe is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Examples

# Enable WLAN probe for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] client-proximity-sensor enable

# Enable WLAN probe for radio 1 of APs with model WA536-WW in AP group aaa.

<Sysname> system-view

[Sysname] wlan ap-group aaa

[Sysname-wlan-ap-group-aaa] ap-model WA536-WW

[Sysname -wlan-ap-group-aaa-ap-model-WA536-WW] radio 1

[Sysname -wlan-ap-group-aaa-ap-model-WA536-WW-radio-1] client-proximity-sensor enable

client-proximity-sensor ap-timer

Use client-proximity-sensor ap-timer to set the AP entry timers.

Use undo client-proximity-sensor ap-timer to restore the default.

Syntax

client-proximity-sensor ap-timer inactive inactive-value aging aging-value

undo client-proximity-sensor ap-timer

Default

The inactivity timer and aging timer for AP entries are 300 seconds and 600 seconds, respectively.

Views

System view

Predefined user roles

network-admin

Parameters

inactive inactive-value: Specifies the inactivity timer for AP entries, in the range of 60 to 1200 seconds.

aging aging-value: Specifies the aging timer for AP entries, in the range of 120 to 86400 seconds.

Examples

# Set the inactivity timer and aging timer for AP entries to 120 seconds and 360 seconds, respectively.

<Sysname> system-view

[Sysname] client-proximity-sensor ap-timer inactive 120 aging 360

client-proximity-sensor ap-udp-server

Use client-proximity-sensor ap-udp-server to specify a UDP server to receive wireless device information.

Use undo client-proximity-sensor udp-server to restore the default.

Syntax

client-proximity-sensor ap-udp-server ip-address port port-number [ interval interval | preshared-key [ cipher | simple ] key-string ] *

undo client-proximity-sensor ap-udp-server

Default

No UDP server is specified.

Views

AP view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IPv4 address of the UDP server.

port port-number: Specifies the port number of the UDP server, in the range of 1 to 65534.

interval interval: Specifies the interval at which the sensor sends device information to the UDP server, in the range of 1 to 600 seconds. The default interval is 30 seconds.

preshared-key: Specifies a preshared key.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form.

key-string: Specifies the key. Its plaintext form is a case-sensitive string of 8 to 63 characters. Its encrypted form is a case-sensitive string of 41 to 117 characters.

Examples

# Specify the UDP server with IP address 10.152.3.209 and port number 443 to receive wireless device information.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-ap-ap1] client-proximity-sensor ap-udp-server 10.152.3.209 port 443

client-proximity-sensor client-timer

Use client-proximity-sensor client-timer to set the client entry timers.

Use undo client-proximity-sensor client-timer to restore the default.

Syntax

client-proximity-sensor client-timer inactive inactive-value aging aging-value

undo client-proximity-sensor client-timer

Default

The inactivity timer and aging timer for client entries are 300 seconds and 600 seconds, respectively.

Views

System view

Predefined user roles

network-admin

Parameters

inactive inactive-value: Specifies the inactivity timer for client entries, in the range of 60 to 1200 seconds.

aging aging-value: Specifies the aging timer for client entries, in the range of 120 to 86400 seconds.

Examples

# Set the inactivity timer and aging timer for client entries to 120 seconds and 360 seconds, respectively.

<Sysname> system-view

[Sysname] client-proximity-sensor client-timer inactive 120 aging 360

client-proximity-sensor coordinates

Use client-proximity-sensor coordinates to set the longitude and latitude of a sensor.

Use undo client-proximity-sensor coordinates to remove the configuration.

Syntax

client-proximity-sensor coordinates longitude longitude-value latitude latitude-value

undo client-proximity-sensor coordinates

Default

The longitude and latitude are not set for a sensor.

Views

AP view

Predefined user roles

network-admin

Parameters

longitude longitude-value: Specifies the longitude of the sensor, in XXX-XX-XX.X format. The value ranges for XXX and XX are 0 to 180 and 0 to 60, respectively. The value of X can be e or w and is case insensitive.

latitude latitude-value: Specifies the latitude of the sensor, in XXX-XX-XX.X format. The value ranges for XXX and XX are 0 to 90 and 0 to 60, respectively. The value of X can be s or n and is case insensitive.

Usage guidelines

After you configure this command for a sensor, the longitude and latitude information for the sensor is reported together with the information about wireless devices detected by the sensor.

Examples

# Set the longitude and latitude for sensor ap1 to 123-40-40.e and 80-30-30.n, respectively.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA536-WW

[Sysname-ap-ap1] client-proximity-sensor coordinates longitude 123-40-40.e latitude 80-30-30.n

client-proximity-sensor filter-list

Use client-proximity-sensor filter-list to configure the MAC address filtering list. The AC does not report information about devices with MAC addresses in the list.

Use undo client-proximity-sensor filter-list to remove the configuration.

Syntax

client-proximity-sensor filter-list list

undo client-proximity-sensor filter-list { list | all }

Default

No MAC address filtering list is configured.

Views

System view

Predefined user roles

network-admin

Parameters

list: Specifies a MAC address or a class of MAC addresses in H-H-H format. For example, if you specify 0400-0000-0000, you specify MAC addresses whose third bit in the first byte is 1.

all: Specifies all MAC addresses.

Examples

# Add MAC addresses whose third bit in the first byte is 1 to the MAC address filtering list.

<Sysname> system-view

[Sysname] client-proximity-sensor filter-list 0400-0000-0000

client-proximity-sensor random-mac-report enable

Use client-proximity-sensor random-mac-report enable to enable reporting of information about Apple terminals that use a random MAC address.

Use undo client-proximity-sensor random-mac-report enable to disable reporting of information about Apple terminals that use a random MAC address

Syntax

client-proximity-sensor random-mac-report enable

undo client-proximity-sensor random-mac-report enable

Default

Information about Apple terminals that use a random MAC address is not reported.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Apple terminals send probe requests by using a random MAC address whose second bit in the first byte is 1 and cause sensors to detect non-existent wireless devices. Enable or disable this command as appropriate.

Examples

# Enable reporting of information about Apple terminals that use a random MAC address.

<Sysname> system-view

[Sysname] client-proximity-sensor random-mac-report enable

client-proximity-sensor report-ac enable

Use client-proximity-sensor report-ac enable to enable sensors to report information about detected devices to the AC.

Use undo client-proximity-sensor report-ac enable to disable sensors from reporting information about detected devices to the AC.

Syntax

client-proximity-sensor report-ac enable

undo client-proximity-sensor report-ac enable

Default

Sensors do not report information about detected devices to the AC.

Views

System view

Predefined user roles

network-admin

Examples

# Enable sensors to report information about detected devices to the AC.

<Sysname> system-view

[Sysname] client-proximity-sensor report-ac enable

client-proximity-sensor report-ac-interval

Use client-proximity-sensor report-ac-interval to set the interval at which sensors report information about detected devices to the AC.

Use undo client-proximity-sensor report-ac interval to restore the default.

Syntax

client-proximity-sensor report-ac interval interval

undo client-proximity-sensor report-ac interval

Default

Sensors report information about detected devices to the AC every 3000 milliseconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which sensors report information about detected devices to the AC, in the range of 100 to 60000 milliseconds.

Examples

# Configure sensors to report information about detected devices to the AC every 2000 milliseconds.

<Sysname> system-view

[Sysname] client-proximity-sensor report-ac interval 2000

client-proximity-sensor report-ap enable

Use client-proximity-sensor report-ap enable to enable reporting of AP information to the UDP server.

Use undo client-proximity-sensor report-ap enable to disable reporting of AP information to the UDP server.

Syntax

client-proximity-sensor report-ap enable

undo client-proximity-sensor report-ap enable

Default

AP information is not reported to the UDP server.

Views

System view

Predefined user roles

network-admin

Examples

# Enable reporting of AP information to the UDP server.

<Sysname> system-view

[Sysname] client-proximity-sensor report-ap enable

client-proximity-sensor rssi-change-threshold

Use client-proximity-sensor rssi-change-threshold to set the RSSI difference threshold for reporting client information to the AC.

Use undo client-proximity-sensor rssi-change-threshold to restore the default.

Syntax

client-proximity-sensor rssi-change-threshold threshold-value

undo client-proximity-sensor rssi-change-threshold

Default

The RSSI difference threshold is 100.

Views

System view

Predefined user roles

network-admin

Parameters

threshold-value: Specifies the RSSI difference threshold for reporting client information to the AC, in the range of 1 to 100.

Parameters

An AP does not report the client information to the AC when the following conditions are met:

·          The client has been detected before.

·          The RSSI difference of the client between the most recent two detections does not reach the specified threshold.

Examples

# Set the RSSI difference threshold to 50 for reporting client information to the AC.

<Sysname> system-view

[Sysname] client-proximity-sensor rssi-change-threshold 50

client-proximity-sensor rssi-threshold

Use client-proximity-sensor rssi-threshold to set the RSSI threshold for clients or APs.

Use undo client-proximity-sensor rssi-threshold to restore the default.

Syntax

client-proximity-sensor rssi-threshold { ap ap-rssi-value | client client-rssi-value }

undo client-proximity-sensor rssi-threshold { ap | client }

Default

The RSSI thresholds for clients and APs are not set.

Views

System view

Predefined user roles

network-admin

Parameters

ap ap-rssi-value: Specifies the RSSI threshold for APs, in the range of 1 to 100.

client client-rssi-value: Specifies the RSSI threshold for clients, in the range of 1 to 100.

Usage guidelines

Sensors do not ignore any wireless devices by default. After you configure this command, sensors will ignore wireless devices with an RSSI lower than the specified RSSI threshold.

Examples

# Configure sensors to ignore APs with an RSSI lower than 30.

<Sysname> system-view

[Sysname] client-proximity-sensor rssi-threshold ap 30

client-proximity-sensor rt-report enable

Use client-proximity-sensor rt-report enable to enable real-time reporting of wireless device information to the UDP server.

Use undo client-proximity-sensor rt-report enable to disable real-time reporting of wireless device information to the UDP server.

Syntax

client-proximity-sensor rt-report enable

undo client-proximity-sensor rt-report enable

Default

Information about wireless devices is reported to the UDP server at the specified interval.

Views

System view

Predefined user roles

network-admin

Examples

# Enable real-time reporting of wireless device information to the UDP server.

<Sysname> system-view

[Sysname] client-proximity-sensor rt-report enable

client-proximity-sensor server

Use client-proximity-sensor server to specify an HTTPS server to receive wireless device information.

Use undo client-proximity-sensor server to restore the default.

Syntax

client-proximity-sensor server string [ window-time window-time-value | partner partner-value ] *

undo client-proximity-sensor server

Default

No HTTPS server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

string: Specifies an HTTPS server by its address, a case-sensitive string of 8 to 127 characters. The address must start with https://.

window-time window-time-value: Specifies the window time in the range of 10 to 60 seconds. The default window time is 30 seconds.

partner partner-value: Specifies the partner flag value. The default partner flag value is 11.

Examples

# Specify the HTTPS server with address https://10.152.3.209:443/xxx/yy to receive wireless device information.

[Sysname] client-proximity-sensor server https://10.152.3.209:443/xxx/yy

client-proximity-sensor udp-server

Use client-proximity-sensor udp-server to specify a UDP server to receive wireless device information.

Use undo client-proximity-sensor udp-server to restore the default.

Syntax

client-proximity-sensor udp-server ip-address port port-number [ interval interval | preshared-key [ cipher | simple ] key-string ] *

undo client-proximity-sensor udp-server

Default

No UDP server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IPv4 address of the UDP server.

port port-number: Specifies the port number of the UDP server, in the range of 1 to 65534.

interval interval: Specifies the interval at which the AC sends device information to the UDP server, in the range of 1 to 600 seconds. The default interval is 30 seconds.

preshared-key: Specifies a preshared key.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form.

key-string: Specifies the key. Its plaintext form is a case-sensitive string of 8 to 63 characters. Its encrypted form is a case-sensitive string of 41 to 117 characters.

Examples

# Specify the UDP server with IP address 10.152.3.209 and port number 443 to receive wireless device information.

<Sysname> system-view

[Sysname] client-proximity-sensor udp-server 10.152.3.209 port 443

display client-proximity-sensor device

Use display client-proximity-sensor device to display information about wireless devices detected by sensors.

Syntax

display client-proximity-sensor device [ ap | client | mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap: Displays information about detected APs.

client: Displays information about detected clients.

mac-address mac-address: Displays information about the wireless device with the specified MAC address. The mac-address argument is in H-H-H format.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

Examples

# Display brief information about wireless devices detected by sensors.

<Sysname> display client-proximity-sensor device

Total 3 detected devices

 

MAC address    Type      Duration    Sensors Channel Status

0AFB-423B-893C AP        00h 10m 46s 1       11      Active

0AFB-423B-893D AP        00h 10m 46s 1       6       Active

0AFB-423B-893E AP        00h 10m 46s 1       1       Active

Table 72 Command output

Field

Description

MAC address

MAC address of the wireless device.

Type

Wireless device type:

·         AP.

·         Client.

Duration

Time elapsed since the wireless device entered the current status.

Sensors

Number of sensors that detected the wireless device.

Channel

Channel on which the wireless device was most recently detected.

Status

Wireless device status:

·         Active.

·         Inactive.

 

# Display detailed information about wireless devices detected by sensors.

<Sysname> display client-proximity-sensor device verbose

Total 2 detected devices

 

 AP: 0AFB-423B-893C

   Status: Active

   Status duration: 00h 27m 57s

   Vendor: Not found

   SSID: service

   Radio type: 802.11ac

   Security: None

   Encryption method: None

   Authentication method: None

   Broadcast SSID: Yes

   QoS supported: No

   Beacon interval: 100 TU

   Up duration: 00h 27m 57s

Channel bandwidth supported: 20/40/80MHz

   Total number of reported APs: 1

     AP 1:

       AP ID: 3

       AP name: 1

       Radio ID: 1

       RSSI: 15

       Channel: 419

       First reported time: 2016-04-03/09:05:51

       Last reported time: 2016-04-03/09:05:51

   Total number of associated clients: 1

     01: 80EA-9656-AAAB

Client: 80EA-9656-AAAB

  Last detected associated AP: 0AFB-423B-893C

  Last associated AP (not detected): None

  Status: Active

  Status duration: 00h 00m 02s

  Vendor: Not found

  Radio type: 802.11a

  Total number of reported APs: 1

     AP 1:

       AP ID: 2

       AP name: 1

       Radio ID: 1

       RSSI: 50

       Channel: 116

       First reported time: 2016-04-03/14:52:56

       Last reported time: 2016-04-03/14:52:56

       Reported associated AP: 0AFB-423B-893C

Table 73 Command output

Field

Description

Total number detected devices

Number of detected wireless devices.

AP

MAC address of the detected AP.

Client

MAC address of the detected client.

Last detected associated AP

MAC address of the AP with which the client most recently associated. The MAC address is the BSSID of the AP.

Last associated AP (not detected)

MAC address of the AP with which the client most recently communicated. This AP has not been detected, and the MAC address of the AP is obtained from packets exchanged between the client and the AP.

Status

Wireless device status:

·         Active.

·         Inactive.

Status duration

Time elapsed since the wireless device entered the current status.

Vendor

OUI of the wireless device. This field displays Not found if no OUIs are imported or the OUI of the device does not match any of the imported OUIs.

Security

Security method:

·         WEP.

·         WPA.

·         WPA2.

·         None.

Encryption method

Encryption method:

·         TKIP.

·         CCMP.

·         WEP.

·         None.

Authentication method

Authentication method:

·         PSK.

·         802.1X.

·         Others—Authentication methods except for PSK authentication and 802.1X authentication.

·         None.

Broadcast SSID

Whether the AP broadcasts SSIDs. If the AP does not broadcast SSIDs, the SSID field in the output is null.

Beacon interval

Beacon interval in TU. One TU is equal to 1024 microseconds.

Up duration

Time elapsed since the AP started.

Total number of reported APs

Number of sensors that detected the client.

AP n

Sensor that detected the wireless device. n represents the number of the sensor and is automatically assigned by the system.

AP ID

AP ID of the sensor.

AP name

Name of the sensor that detected the wireless device.

Radio ID

ID of the radio that detected the wireless device.

RSSI

RSSI of the sensor.

Channel

Channel on which the sensor most recently detected the wireless device.

First reported time

Time when the sensor detected the wireless device for the first time.

Last reported time

Time when the sensor most recently detected the wireless device.

Total number of associated clients

Number of clients that are associated with the AP.

n:H-H-H

MAC address of the wireless client associated with the AP. n is the number of the wireless client and is automatically assigned by the system.

Reported associated AP

AP with which the wireless client is associated.

 

display client-proximity-sensor sensor

Use display client-proximity-sensor sensor to display information about sensors.

Syntax

display client-proximity-sensor sensor

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about sensors.

<Sysname> display client-proximity-sensor sensor

Total number of sensors: 1

Sensor ID    Sensor name                Radio ID

3            ap1                        1        

display client-proximity-sensor statistics receive

Use display client-proximity-sensor statistics receive to display statistics received from sensors.

Syntax

display client-proximity-sensor statistics receive

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display statistics received from sensors

<Sysname> display client-proximity-sensor statistics receive

Information from sensor 1

 Statistics information for received messages:

   Detected AP updated messages: 7

   Detected client updated messages: 5

   Detected AP deleted messages: 3

   Detected client deleted messages: 0

   Detected all device deleted messages: 0

Information from sensor 2

 Statistics information for received messages:

   Detected AP updated messages: 6

   Detected client updated messages: 5

   Detected AP deleted messages: 3

   Detected client deleted messages: 2

   Detected all device deleted messages: 0

Table 74 Command output

Field

Description

Information from sensor n

Information collected from sensor n, where n represents the ID of the sensor.

Detected AP updated messages

Number of AP update messages.

Detected client updated messages

Number of client update messages.

Detected AP deleted messages

Number of AP delete messages.

Detected client deleted messages

Number of client delete messages.

Detected all device deleted messages

Number of device delete messages

 

Related commands

reset client-proximity-sensor statistics

reset client-proximity-sensor device

Use reset client-proximity-sensor device to clear wireless device information.

Syntax

reset client-proximity-sensor device { ap | client | mac-address mac-address | all }

Views

User view

Predefined user roles

network-admin

Parameters

ap: Specifies detected APs.

client: Specifies detected clients.

mac-address mac-address: Specifies a wireless device by its MAC address, in H-H-H format.

all: Specifies all detected devices.

Examples

# Clear information about detected clients.

<Sysname> reset client-proximity-sensor device client

# Clear information about the wireless device with MAC address 0023-1212-2323.

<Sysname> reset client-proximity-sensor device mac-address 0023-1212-2323

Related commands

display client-proximity-sensor entry

reset client-proximity-sensor statistics

Use reset client-proximity-sensor statistics to clear statistics received from sensors.

Syntax

reset client-proximity-sensor statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear statistics received from sensors.

<Sysname> reset client-proximity-sensor statistics

Related commands

display client-proximity-sensor statistics receive


WLAN process maintenance commands

 

display maintain cpu-usage history

Use display maintain cpu-usage history to display CPU usage history of a WLAN process.

Syntax

display maintain cpu-usage history process process-name [ days-ago days ] [ start-time value ] [ interval interval ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters.

days-ago days: Specifies the number of past days, in the range of 1 to 7. If you do not specify this option, the command displays CPU history information for the current day.

start-time value: Specifies the start hour, in the range of 0 to 23. The default value is 0. If you specify 3, the command displays the CPU history after 3 o'clock.

interval interval: Specifies the statistics collection interval. The value can be 1, 5, or 20 minutes. The default value is 5.

Examples

# Display the CPU usage of process stamgr every five minutes from 9:00 yesterday.

<Sysname> display maintain cpu-usage history process stamgr days-ago 1 start-time 9

CPU utilization rate

Process: stamgr  Time: 2017-07-20 09:00  Interval: 5min

(%)

100|

 90|

 80|

 70|

 60|                                    **    *

 50|                                 ***  **** **

 40|                     ************            *********

 30|   ******************                                 *********

 20|***                                                            *********

 10|

  0+-----------+-----------+-----------+-----------+-----------+-----------+

 09:00       10:00       11:00       12:00       13:00       14:00       15:00

Table 75 Command output

Field

Description

Process

Process name.

Time

Start time.

Interval

Statistics collection interval.

 

display maintain memory-usage history

Use display maintain memory-usage history to display memory usage history of a WLAN process.

Syntax

display maintain memory-usage history process process-name [ days-ago days ] [ start-time value ] [ interval interval ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters.

days-ago days: Specifies the number of past days, in the range of 1 to 7. If you do not specify this option, the command displays history information in the current day.

start-time value: Specifies the start hour, in the range of 0 to 23. The default value is 0. If you specify 3, the command displays the memory usage history after 3 o'clock.

interval interval: Specifies the statistics collection interval. The value can be 5, 20, or 60 minutes. The default value is 20.

Examples

# Display the memory usage of process apmgr every 20 minutes from yesterday.

<Sysname> display maintain memory-usage history process apmgr days-ago 1

Memory utilization

Process: apmgr  Time: 2017-07-20 00:00  Interval: 20min

(MB)

2048|

1792|                                     ***

1536|                                       

1280|                                 ****   *****

1024|                     ************            *********

 768|   ******************                                 *********

 512|***                                                            *********

 256|

   0+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

    0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23  0

Table 76 Command output

Field

Description

Process

Process name.

Time

Start time.

Interval

Statistics collection interval.

 

maintain enable

Use maintain enable to enable WLAN process maintenance.

Use undo maintain enable to disable WLAN process maintenance.

Syntax

maintain enable

undo maintain enable

Default

WLAN process maintenance is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the system to monitor the CPU usage, memory usage, and thread state of the apmgr, stamgr, and portal processes.

Examples

# Enable WLAN process maintenance.

<Sysname> system-view

[Sysname] maintain enable

maintain process inactive-time

Use maintain process inactive-time to set the inactive timeout for a process.

Use undo maintain process inactive-time to restore the default.

Syntax

maintain process process-name inactive-time value

undo maintain process process-name inactive-time

Default

The inactive timeout is 10 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

process-name: Specifies the name of a process.

value: Specifies the inactive timeout in the range of 5 to 30 seconds.

Usage guidelines

When WLAN process maintenance is enabled, the system periodically sends a message to each monitored process to examine the process state. If the system fails to receive any response from a process when the inactive timeout expires, the system determines that the process is in defunct state.

You can set the inactive timeout only for the apmgr, stamgr, and portal processes.

The configuration starts to take effect the first time the system sends a message upon execution of the command.

Examples

# Set the inactive timeout for process apmgr.

<Sysname> system-view

[Sysname] maintain process apmgr inactive-time 20

maintain process memory-threshold

Use maintain process memory-threshold to set the memory usage threshold.

Use undo maintain process memory-threshold to restore the default.

Syntax

maintain process process-name memory-threshold value

undo maintain process process-name memory-threshold

Default

The memory usage threshold is 300 MB.

Views

System view

Predefined user roles

network-admin

Parameters

process-name: Specifies the name of a process.

value: Specifies the memory usage threshold in the range of 50 to 1000 MB.

Usage guidelines

The system outputs a log entry when the memory usage of the specified process exceeds the threshold.

You can set the threshold only for the apmgr, stamgr, and portal processes.

Examples

# Set the memory usage threshold to 100 MB for process apmgr.

<Sysname> system-view

[Sysname] maintain process apmgr memory-threshold 100


WLAN forwarding commands

display wlan forward statistics

Use display wlan forward statistics to display WLAN forwarding statistics.

Syntax

display wlan forward statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display WLAN forwarding statistics.

<Sysname> display wlan forward statistics

Discarded frames:

  Forwarding type error           : 5

  Packet validity check fail      : 7

  Service module discard          : 0

  Packets only for listening      : 0

  BSS/station info get fail       : 13

  Radio info get fail             : 0

  Tunnel info get fail            : 3

  Memory/MBUF fail                : 3

  Roaming discard                 : 0

  Adjacency list get fail         : 0

  CAPWAP validity check fail      : 0

  Format conversion fail          : 0

  Inside packet decode fail       : 0

  Encrypt/decrypt fail            : 0

  Radio fragment/reassemble fail  : 6

  CAPWAP fragment/reassemble fail : 5

  Priority process fail           : 0

  QoS/IP forward fail             : 0

  MAC forward fail                : 0

  Radio forward fail              : 0

Table 77 Command output

Field

Description

Forwarding type error

Number of packets discarded because neither local forwarding nor centralized forwarding is used.

Packet validity check fail

Number of packets discarded because of validity check failure.

Service module discard

Number of packets discarded by the service module.

Packets only for listening

Number of packets only for packet listening.

BSS/station info get fail

Number of packets from which the system fails to get BSS or client information.

Radio info get fail

Number of packets from which the system fails to get radio information.

Tunnel info get fail

Number of packets from which the system fails to get tunnel information.

Memory/MBUF fail

Number of packets discarded because of memory or MBUF operation failure.

Roaming discard

Number of packets discarded because of roaming.

Adjacency list get fail

Number of packets from which the system fails to get the adjacency list.

CAPWAP validity check fail

Number of packets discarded because of CAPWAP validity check failure.

Format conversion fail

Number of packets discarded because of format conversion failure.

Inside packet decode fail

Number of packets discarded because of decoding failure.

Encrypt/decrypt fail

Number of packets discarded because of encryption or decryption failure.

Radio fragment/reassemble fail

Number of packets discarded because of radio fragmentation or reassembling failure.

CAPWAP fragment/reassemble fail

Number of packets discarded because of tunnel fragmentation or reassembling failure.

Priority process fail

Number of packets discarded because of priority processing failure.

QoS/IP forward fail

Number of packets discarded because of QoS or IP forwarding failure.

MAC forward fail

Number of packets discarded because of MAC forwarding failure.

Radio forward fail

Number of packets discarded because of radio forwarding failure.

 

reset wlan forward statistics

Use reset wlan forward statistics to clear WLAN forwarding statistics.

Syntax

reset wlan forward statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear WLAN forwarding statistics.

<Sysname> reset wlan forward statistics

 


Index

A B C D E F G H I K L M N O P Q R S T U V W


A

ac,1

ac discovery policy ipv6,2

adjacency-factor,422

akm mode,184

a-mpdu,70

a-msdu,70

ani,71

antenna type,72

ap,2

ap name,423

ap radio,341

ap-channel-change,217

ap-classification rule,217

ap-flood,218

ap-impersonation,218

ap-model,73

apply ap-classification rule,219

apply classification policy,220

apply countermeasure policy,220

apply detect policy,221

apply signature policy,221

apply signature rule,222

ap-rate-limit,223

ap-spoofing,223

ap-timer,224

association-table-overflow,224

authentication,225

authentication-mode,332

authentication-type,398

auto-channel european-gap enable,74

B

backup-ac,368

band-navigation,364

bandwidth-guarantee,312

bandwidth-guarantee service-template,313

beacon ssid-hide,127

beacon-interval,74

block mac-address,226

broadcast-probe reply,127

C

cac policy,314

calibrate-channel mode,423

calibrate-channel monitoring time-range,424

calibrate-channel pronto,425

calibrate-channel self-decisive,426

calibrate-power min,427

calibrate-power mode,428

calibrate-power self-decisive,429

calibrate-power threshold,429

channel,75

channel auto-select,76

channel band-width,77

channel holddown-time,430

channel-capability mode,431

channel-switch mode,432

channel-usage measure,78

cipher-suite,185

classification policy,226

classifier acl,128

client association-location,129

client cache aging-time,129

client dot11ac-only,79

client dot11b-forbidden,80

client dot11n-only,81

client forwarding-location,130

client forwarding-policy enable,131

client forwarding-policy-name,131

client frame-format,132

client idle-timeout,133

client ip-snooping http-learning enable,474

client ipv4-snooping arp-learning enable,474

client ipv6-snooping nd-learning enable,475

client ipv6-snooping snmp-nd-report enable,475

client keep-alive,133

client keep-alive interval,134

client max-count,135

client max-count,82

client preferred-vlan authorized,136

client vlan-alloc,136

client-association fast-learn enable,227

client-online,228

client-proximity-sensor,479

client-proximity-sensor ap-timer,479

client-proximity-sensor ap-udp-server,480

client-proximity-sensor client-timer,481

client-proximity-sensor coordinates,481

client-proximity-sensor filter-list,482

client-proximity-sensor random-mac-report enable,482

client-proximity-sensor report-ac enable,483

client-proximity-sensor report-ac-interval,484

client-proximity-sensor report-ap enable,484

client-proximity-sensor rssi-change-threshold,485

client-proximity-sensor rssi-threshold,485

client-proximity-sensor rt-report enable,486

client-proximity-sensor server,486

client-proximity-sensor udp-server,487

client-rate-limit,228

client-rate-limit (radio view/AP group radio view),315

client-rate-limit (service template view),316

client-rate-limit { disable | enable },317

client-rate-limit enable,318

client-security accounting-delay time,198

client-security accounting-start trigger,199

client-security accounting-update trigger,200

client-security authentication fail-vlan,201

client-security authentication-location,201

client-security authentication-mode,202

client-security authorization-fail offline,203

client-security ignore-authentication,203

client-security ignore-authorization,204

client-security intrusion-protection action,205

client-security intrusion-protection enable,206

client-security intrusion-protection timer temporary-block,207

client-security intrusion-protection timer temporary-service-stop,207

client-spoofing,229

client-timer,229

cloud-management keepalive,469

cloud-management server domain,469

cloud-management server port,470

cmtunnel server domain,467

comeback-delay,399

continuous-mode,82

control-address,3

control-address enable,4

countermeasure adhoc,230

countermeasure attack all,231

countermeasure attack deauth-broadcast,231

countermeasure attack disassoc-broadcast,232

countermeasure attack honeypot-ap,232

countermeasure attack hotspot-attack,233

countermeasure attack ht-40-mhz-intolerance,233

countermeasure attack malformed-packet,234

countermeasure attack man-in-the-middle,234

countermeasure attack omerta,235

countermeasure attack power-save,235

countermeasure attack soft-ap,236

countermeasure attack unencrypted-trust-client,236

countermeasure attack weak-iv,237

countermeasure attack windows-bridge,237

countermeasure external-ap,238

countermeasure mac-address,238

countermeasure misassociation-client,239

countermeasure misconfigured-ap,239

countermeasure policy,240

countermeasure potential-authorized-ap,240

countermeasure potential-external-ap,241

countermeasure potential-rogue-ap,241

countermeasure rogue-ap,242

countermeasure unauthorized-client,242

countermeasure uncategorized-ap,243

countermeasure uncategorized-client,243

crc-error-threshold,433

custom-antenna gain,83

customlog format wlan,137

D

deauthentication-broadcast,244

delete file,5

description,138

description,341

description,400

description,434

description (AP group view),6

description (AP view),6

detect dissociate-client enable,244

detect policy,245

detect signature,246

dgaf enable,400

disassociation-broadcast,246

discovered-ap,247

display client-proximity-sensor device,488

display client-proximity-sensor sensor,491

display client-proximity-sensor statistics receive,491

display cloud-management state,470

display cmtunnel state,467

display maintain cpu-usage history,494

display maintain memory-usage history,495

display uplink client-rate-limit,138

display wips sensor,248

display wips statistics,248

display wips virtual-security-domain countermeasure record,252

display wips virtual-security-domain device,254

display wlan ap,7

display wlan ap address,18

display wlan ap all feature capwap,19

display wlan ap backup multislot,370

display wlan ap connection,20

display wlan ap continuous-mode,84

display wlan ap files,20

display wlan ap online-time,21

display wlan ap radio,85

display wlan ap radio channel,86

display wlan ap radio type,87

display wlan ap radio-statistics,88

display wlan ap reboot-log,23

display wlan ap running-configuration,22

display wlan ap statistics association-failure-record,24

display wlan ap statistics online-record,25

display wlan ap statistics tunnel-down-record,26

display wlan ap-distribution,27

display wlan ap-distribution ap-name,28

display wlan ap-group,29

display wlan ap-model,30

display wlan blacklist,139

display wlan client,140

display wlan client status,146

display wlan client-security block-mac,208

display wlan fast-forwarding status,477

display wlan forward statistics,498

display wlan forwarding-policy,148

display wlan hotspot uploaded-osu-icon,401

display wlan load-balance group,342

display wlan load-balance status service-template,343

display wlan measure-report,350

display wlan mobility,332

display wlan mobility group,333

display wlan mobility roam-track mac-address,334

display wlan module firmware-upgrade history,454

display wlan module-information,455

display wlan nat-detect,258

display wlan region-code,149

display wlan rfid-tracking radio,376

display wlan rrm baseline,434

display wlan rrm baseline apply-result,436

display wlan rrm-calibration-group,437

display wlan rrm-history ap,438

display wlan rrm-status ap,439

display wlan service-template,149

display wlan statistics,154

display wlan tunnel latency ap name,32

display wlan whitelist,156

display wlan wmm,318

distance,95

dns domain,33

dns server,34

domain-name,401

dot11ac mandatory maximum-nss,96

dot11ac multicast-nss,97

dot11ac support maximum-nss,98

dot11g protection,99

dot11n mandatory maximum-mcs,100

dot11n multicast-mcs,101

dot11n protection,102

dot11n support maximum-mcs,103

dot1x domain,209

dot1x eap,210

dot1x handshake enable,211

dot1x handshake secure enable,211

dot1x max-user,212

dot1x re-authenticate enable,213

download file,35

dtim,104

E

echo-count,35

echo-interval,36

edca client (ac-be and ac-bk),321

edca client (ac-vi and ac-vo),323

edca radio,324

F

firmware-upgrade,37

flood association-request,259

flood authentication,260

flood beacon,261

flood block-ack,261

flood cts,262

flood deauthentication,263

flood disassociation,263

flood eap-failure,264

flood eapol-logoff,265

flood eapol-start,266

flood eap-success,266

flood null-data,267

flood probe-request,268

flood reassociation-request,269

flood rts,269

fragment-size,38

fragment-threshold,105

frame-type,270

ft enable,373

ft method,373

ft reassociation-timeout,374

G

gas-limit,402

gateway,39

green-energy-management,106

group enable,335

gtk-rekey client-offline enable,185

gtk-rekey enable,186

gtk-rekey method,186

H

hessid,403

honeypot-ap,271

hotspot-attack,272

hotspot-policy,403

ht-40mhz-intolerance,272

ht-greenfield,273

hybrid-remote-ap,39

I

icon-file,404

if-match ip,40

if-match ipv6,41

ignorelist,273

import hotspot,274

import oui,275

inherit exclude service-template,157

interference-threshold,442

invalid-oui-classify illegal,275

ip address,42

ip-protocol,405

ip-type,406

ipv6 address,43

K

keepalive-interval,43

key-derivation,188

L

ldpc,107

led-mode,44

long-retry threshold,108

M

mac-address,276

mac-address (AP group view),45

mac-address (AP view),45

mac-authentication domain,214

mac-authentication max-user,214

maintain enable,496

maintain process inactive-time,496

maintain process memory-threshold,497

malformed duplicated-ie,276

malformed fata-jack,277

malformed illegal-ibss-ess,278

malformed invalid-address-combination,278

malformed invalid-assoc-req,279

malformed invalid-auth,280

malformed invalid-deauth-code,281

malformed invalid-disassoc-code,281

malformed invalid-ht-ie,282

malformed invalid-ie-length,283

malformed invalid-pkt-length,283

malformed large-duration,284

malformed null-probe-resp,285

malformed overflow-eapol-key,286

malformed overflow-ssid,286

malformed redundant-ie,287

man-in-the-middle,288

manual-classify mac-address,288

map-configuration,157

max-power,109

measure,352

measure-duration,354

measure-interval,355

member,336

method,407

mimo,110

module,456

module enable,457

module firmware-upgrade,458

mu-txbf,111

N

nai,408

nai-realm,408

nas-id,158

nas-port-id,159

nas-vlan,160

network-type,410

O

omerta,289

operator-name,411

osu-provider,412

osu-ssid,413

oui,290

P

pattern,290

permit-channel,291

pmf,188

pmf association-comeback,189

pmf saquery retrycount,190

pmf saquery retrytimeout,190

policy-name,413

port-security oui,215

power holddown-time,443

power-capability mode,443

power-constraint mode,445

power-level default,46

power-lock,112

power-save,292

preamble,113

preshared-key,191

priority,47

prohibited-channel,292

protection-mode,113

protection-threshold,115

provision,48

provision auto-recovery,49

provision auto-update,50

ptk-lifetime,192

ptk-rekey enable,192

Q

qos priority,325

qos trust,326

quick-association enable,161

R

radio,115

radio,116

rate,117

region-code,161

region-code-lock,164

report-interval,293

reset client-proximity-sensor device,492

reset client-proximity-sensor statistics,493

reset wips statistics,294

reset wips virtual-security-domain,294

reset wips virtual-security-domain countermeasure record,295

reset wlan ap,51

reset wlan ap provision,51

reset wlan ap radio-statistics,118

reset wlan ap reboot-log,52

reset wlan client,165

reset wlan dynamic-blacklist,165

reset wlan forward statistics,499

reset wlan nat-detect,295

reset wlan statistics client,166

reset wlan tunnel latency ap,52

reset wlan wmm,327

resource-measure,355

retransmit-count,53

retransmit-interval,54

rfid-tracking ble advertisement,458

rfid-tracking ble advertisement enable,460

rfid-tracking ble advertisement interval,461

rfid-tracking client rate-limit,376

rfid-tracking client rate-limit cir,377

rfid-tracking dilution,378

rfid-tracking dilution factor,379

rfid-tracking fingerprint,380

rfid-tracking fingerprint engine-address,381

rfid-tracking fingerprint mu-report,382

rfid-tracking fingerprint raw-frame-report,383

rfid-tracking fingerprint report-format,384

rfid-tracking fingerprint report-mode,385

rfid-tracking fingerprint tag-multicast-address,386

rfid-tracking fingerprint vendor-port,387

rfid-tracking ignore ap-frame enable,388

rfid-tracking ignore beacon,389

rfid-tracking keepalive,390

rfid-tracking mode,391

rfid-tracking radio,392

rfid-tracking rate-limit,392

rfid-tracking rate-limit cir,393

rfid-tracking rssi,394

rfid-tracking rssi threshold,395

rm-capability mode,356

roam-oi,414

rrm,446

rssi,296

rssi-change-threshold,296

rssi-threshold,297

S

save wlan ap provision,55

scan channel blacklist,358

scan channel whitelist,359

scan idle-time,359

scan max-service-time,360

scan mode all,361

scan scan-time,362

scan-only,446

security,297

security-ie,193

select sensor all,298

seq-number,298

serial-id (AP group view),56

serial-id (AP view),56

serial-number,462

service-template,166

service-template enable,168

short-gi,119

short-retry threshold,119

signature policy,299

signature rule,300

smart-antenna,120

smart-antenna policy,121

snmp-agent trap enable wlan ap,57

snmp-agent trap enable wlan capwap,57

snmp-agent trap enable wlan client,168

snmp-agent trap enable wlan client-audit,169

snmp-agent trap enable wlan load-balance,344

snmp-agent trap enable wlan location-aware,396

snmp-agent trap enable wlan mobility,337

snmp-agent trap enable wlan rrm,447

snmp-agent trap enable wlan usersec,194

soft-ap,300

source,337

spectrum-management,447

ssid,169

ssid (AP classification rule view),301

ssid (signature view),301

ssid-length,302

statistics-interval,58

stbc,122

su-txbf,123

svp map-ac,327

T

tkip-cm-time,194

tolerance-level,448

trust mac-address,302

trust oui,303

trust ssid,304

tunnel latency-detect,59

tunnel-type,338

tx-power,462

type,124

type,463

U

unencrypted-authorized-ap,304

unencrypted-trust-client,305

unknown-client,170

up-duration,305

uplink client-rate-limit,170

uri,414

usb,60

V

venue group,415

venue name,418

virtual-security-domain,306

vlan,171

W

wan-metrics,419

weak-iv,306

wep key,195

wep key-id,196

wep mode dynamic,197

windows-bridge,307

wips,308

wips enable,308

wips virtual-security-domain,309

wireless-bridge,309

wlan ap,60

wlan ap-backup active count,370

wlan ap-backup load-balance,371

wlan apdb,61

wlan apdb file,62

wlan ap-group,63

wlan auto-ap enable,64

wlan auto-ap persistent,64

wlan auto-persistent enable,65

wlan band-navigation aging-time,364

wlan band-navigation balance access-denial,365

wlan band-navigation balance session,366

wlan band-navigation enable,366

wlan band-navigation rssi-threshold,367

wlan calibrate-channel pronto ap all,449

wlan calibrate-power pronto ap all,449

wlan capwap discovery-policy unicast,65

wlan client forwarding enable,172

wlan client forwarding-policy-name,173

wlan client reauthentication-period,173

wlan client-rate-limit,328

wlan detect-anomaly enable,66

wlan dynamic-blacklist active-on-ap,174

wlan dynamic-blacklist lifetime,175

wlan execute module firmware-upgrade,464

wlan execute module reset,465

wlan execute module restore-factory,465

wlan fast-forwarding enable,477

wlan forwarding-policy,175

wlan global-configuration,66

wlan hotspot osu-icon unload,420

wlan hotspot osu-icon upload,420

wlan hotspot-policy,419

wlan image-load filepath,67

wlan link-test,176

wlan load-balance access-denial,345

wlan load-balance enable,345

wlan load-balance group,346

wlan load-balance mode bandwidth,346

wlan load-balance mode session,347

wlan load-balance mode traffic,348

wlan load-balance rssi-threshold,349

wlan max-bandwidth,329

wlan mobility group,339

wlan mobility-group-isolation enable,339

wlan nas-port-id format,177

wlan nat-detect,310

wlan osu-provider,421

wlan permit-ap-group,178

wlan permit-ssid,179

wlan radio,125

wlan re-group,68

wlan rename-ap,68

wlan rrm baseline apply,450

wlan rrm baseline remove,450

wlan rrm baseline save,451

wlan rrm calibration-channel interval,452

wlan rrm calibration-power interval,453

wlan rrm-calibration-group,452

wlan service-template,179

wlan static-blacklist mac-address,180

wlan tcp mss,69

wlan tunnel-preempt,368

wlan uplink track,372

wlan web-server api-path,181

wlan web-server host,181

wlan web-server max-client-entry,182

wlan whitelist mac-address,183

wmm,330


 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网