- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 1.90 MB |
display wlan ap all feature capwap
display wlan ap running-configuration
display wlan ap statistics association-failure-record
display wlan ap statistics online-record
display wlan ap statistics tunnel-down-record
display wlan ap-distribution ap-name
display wlan tunnel latency ap name
snmp-agent trap enable wlan ap
snmp-agent trap enable wlan capwap
wlan capwap discovery-policy unicast
auto-channel european-gap enable·
display wlan ap continuous-mode
display wlan ap radio-statistics
reset wlan ap radio-statistics
client forwarding-policy enable
client preferred-vlan authorized
display uplink client-rate-limit
display wlan forwarding-policy
inherit exclude service-template
snmp-agent trap enable wlan client
snmp-agent trap enable wlan client-audit
wlan client forwarding-policy-name
wlan client reauthentication-period
wlan dynamic-blacklist active-on-ap
wlan dynamic-blacklist lifetime
wlan static-blacklist mac-address
wlan web-server max-client-entry
gtk-rekey client-offline enable
snmp-agent trap enable wlan usersec·
client-security accounting-delay time
client-security accounting-start trigger
client-security accounting-update trigger
client-security authentication fail-vlan
client-security authentication-location
client-security authentication-mode·
client-security authorization-fail offline
client-security ignore-authentication
client-security ignore-authorization·
client-security intrusion-protection action
client-security intrusion-protection enable
client-security intrusion-protection timer temporary-block
client-security intrusion-protection timer temporary-service-stop
display wlan client-security block-mac
client-association fast-learn enable
countermeasure attack deauth-broadcast
countermeasure attack disassoc-broadcast
countermeasure attack honeypot-ap
countermeasure attack hotspot-attack
countermeasure attack ht-40-mhz-intolerance
countermeasure attack malformed-packet
countermeasure attack man-in-the-middle
countermeasure attack power-save
countermeasure attack unencrypted-trust-client
countermeasure attack windows-bridge
countermeasure misassociation-client
countermeasure misconfigured-ap
countermeasure potential-authorized-ap
countermeasure potential-external-ap
countermeasure potential-rogue-ap
countermeasure unauthorized-client
countermeasure uncategorized-ap
countermeasure uncategorized-client
detect dissociate-client enable
display wips virtual-security-domain countermeasure record
display wips virtual-security-domain device
malformed invalid-address-combination
malformed invalid-deauth-code·
malformed invalid-disassoc-code
reset wips virtual-security-domain
reset wips virtual-security-domain countermeasure record
ssid (AP classification rule view)
bandwidth-guarantee service-template
client-rate-limit (radio view/AP group radio view)
client-rate-limit (service template view)
client-rate-limit { disable | enable }
display wlan mobility roam-track mac-address
snmp-agent trap enable wlan mobility·
wlan mobility-group-isolation enable
display wlan load-balance group
display wlan load-balance status service-template
snmp-agent trap enable wlan load-balance
wlan load-balance access-denial
wlan load-balance mode bandwidth
wlan load-balance mode session
wlan load-balance mode traffic
wlan load-balance rssi-threshold
WLAN radio resource measurement commands·
wlan band-navigation aging-time
wlan band-navigation balance access-denial
wlan band-navigation balance session
wlan band-navigation rssi-threshold
WLAN high availability commands
display wlan ap backup multislot
WLAN uplink detection commands
display wlan rfid-tracking radio·
rfid-tracking client rate-limit
rfid-tracking client rate-limit cir
rfid-tracking fingerprint engine-address
rfid-tracking fingerprint mu-report
rfid-tracking fingerprint raw-frame-report
rfid-tracking fingerprint report-format
rfid-tracking fingerprint report-mode
rfid-tracking fingerprint tag-multicast-address
rfid-tracking fingerprint vendor-port
rfid-tracking ignore ap-frame enable
snmp-agent trap enable wlan location-aware
display wlan hotspot uploaded-osu-icon
calibrate-channel monitoring time-range
calibrate-channel self-decisive
display wlan rrm baseline apply-result
display wlan rrm-calibration-group
snmp-agent trap enable wlan rrm
wlan calibrate-channel pronto ap all
wlan calibrate-power pronto ap all
wlan rrm calibration-channel interval
wlan rrm calibration-power interval
display wlan module firmware-upgrade history
display wlan module-information
rfid-tracking ble advertisement
rfid-tracking ble advertisement enable·
rfid-tracking ble advertisement interval
wlan execute module firmware-upgrade
wlan execute module restore-factory
cloud-management server domain
display cloud-management state
client ip-snooping http-learning enable·
client ipv4-snooping arp-learning enable·
client ipv6-snooping nd-learning enable
client ipv6-snooping snmp-nd-report enable
display wlan fast-forwarding status
client-proximity-sensor ap-timer
client-proximity-sensor ap-udp-server
client-proximity-sensor client-timer
client-proximity-sensor coordinates
client-proximity-sensor filter-list
client-proximity-sensor random-mac-report enable
client-proximity-sensor report-ac enable
client-proximity-sensor report-ac-interval
client-proximity-sensor report-ap enable
client-proximity-sensor rssi-change-threshold
client-proximity-sensor rssi-threshold
client-proximity-sensor rt-report enable
client-proximity-sensor server
client-proximity-sensor udp-server
display client-proximity-sensor device
display client-proximity-sensor sensor
display client-proximity-sensor statistics receive
reset client-proximity-sensor device
reset client-proximity-sensor statistics
WLAN process maintenance commands·
display maintain cpu-usage history
display maintain memory-usage history·
maintain process inactive-time
maintain process memory-threshold
AP management commands
The WX1800H series access controllers do not support the slot keyword or the slot-number argument.
ac
Use ac to specify an AC for an AP.
Use undo ac to delete the specified AC information.
Syntax
ac { host-name hostname | ip ipv4-address | ipv6 ipv6-address }
undo ac { host-name | ip [ ipv4-address ] | ipv6 [ ipv6-address ] }
Default
In AP provision view, an AP uses the configuration in AP group provision view.
In AP group provision view, no AC is specified for an AP.
Views
AP provision view
AP group provision view
Predefined user roles
Parameters
ip ipv4-address: Specifies an AC by its IPv4 address.
ipv6 ipv6-address: Specifies an AC by its IPv6 address.
Usage guidelines
You can configure a maximum of three AC IPv4 addresses, three AC IPv6 addresses, and only one host name. If you configure multiple host names, the most recent configuration takes effect.
The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.
The configuration in AP provision view takes precedence over the configuration in AP group provision view.
When you execute the undo ac { ip [ ip-address ] | ipv6 [ ipv6-address ] } command, if you do not specify the ip-address or the ipv6-address argument, the command deletes all AC IPv4 or IPv6 addresses.
Examples
# Specify the AC whose IP address is 192.168.100.11 for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ac ip 192.168.100.11
# Specify the AC whose IP address is 192.168.100.11 for APs in AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group1-prvs] ac ip 192.168.100.11
ac discovery policy ipv6
Use ac discovery policy ipv6 to enable an AP to prefer discovering ACs by IPv6 address.
Use undo ac discovery policy ipv6 to restore the default.
Syntax
ac discovery policy ipv6
undo ac discovery policy ipv6
Default
In AP provision view, an AP uses the configuration in AP group provision view.
In AP group provision view, an AP prefers to discover ACs by IPv4 address.
Views
AP provision view
AP group provision view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to discover ACs by using static IP addresses, IPv6 multicast, DHCPv6 option, IPv6 DNS, DHCPv4 options, broadcast/IPv4 multicast, and IPv4 DNS successively. If the AP connects to an AC successfully with a discovered IP address, it stops AC discovery.
Examples
# Enable AP ap1 to prefer discovering ACs by IPv6 address.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ac discovery policy ipv6
# Enable APs in AP group group1 to prefer discovering ACs by IPv6 address.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group1-prvs] ac discovery policy ipv6
ap
Use ap to create an AP grouping rule by AP names.
Use undo ap to delete an AP grouping rule by AP names.
Syntax
Default
No AP grouping rules by AP names are configured.
Views
AP group view
Predefined user roles
Parameters
ap-name-list: Specifies a maximum of 10 space-separated AP names. An AP name is a case-insensitive string of 1 to 64 characters that can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command does not identify whether the specified AP exists.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
If an AP grouping rule already exists in an AP group, this command deletes the rule from the AP group.
You cannot execute this command in the view of the default AP group.
Examples
# Create an AP grouping rule by AP names to add APs ap1, ap2, and ap3 to AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap ap1 ap2 ap3
Related commands
control-address
Use control-address to specify the IP address to be carried in the CAPWAP Control IP Address message element.
Use undo control-address to restore the default.
Syntax
control-address { ip ipv4-address | ipv6 ipv6-address }
undo control-address { ip | ipv6 }
Default
In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, the IP address inserted in the CAPWAP Control IP Address element is the AC's IP address.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies an IPv4 address in the CAPWAP Control IPv4 Address message element.
ipv6 ipv6-address: Specifies an IPv6 address in the CAPWAP Control IPv6 Address message element.
Usage guidelines
This command takes effect only when the AC rediscovery feature is enabled.
You can specify a maximum of three IPv4 or IPv6 addresses in the CAPWAP Control IP Address message element.
The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.
Examples
# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] control-address ip 192.168.1.1
# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in AP group view.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-ap-group-10] control-address ip 192.168.1.1
# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in global configuration view.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] control-address ip 192.168.1.1
Related commands
control-address enable
control-address enable
Use control-address enable to enable the AC rediscovery feature.
Use control-address disable to disable the AC rediscovery feature.
Use undo control-address to restore the default.
Syntax
control-address { disable | enable }
undo control-address
Default
In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, the AC rediscovery feature is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
An AC enabled with AC rediscovery adds the CAPWAP Control IP Address message element to the discovery responses sent to APs. Upon receiving such a discovery response, an AP establishes a CAPWAP tunnel with the IP address representing the optimal AC in the CAPWAP Control IP Address message element.
An AC disabled with AC rediscovery does not add the CAPWAP Control IP Address message element in discovery responses sent to APs. APs that receive the discovery responses will send join requests to the source IP address of the discovery responses to establish CAPWAP tunnels with the AC.
The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.
Examples
# Enable the AC rediscovery feature in AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] control-address enable
# Enable the AC rediscovery feature in AP group view.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-ap-group-10] control-address enable
# Enable the AC rediscovery feature in global configuration view.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration]control-address enable
Related commands
control-address
delete file
Use delete file to delete a file from an AP.
Syntax
delete file filename
Views
AP view
Predefined user roles
network-admin
Parameters
filename: Specifies a file by its file name, a string of 1 to 255 characters.
Usage guidelines
This command takes effect only after an AP establishes a CAPWAP tunnel with the master AC.
Examples
# Delete file startup.cfg from AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] delete file startup.cfg
Related commands
· display wlan ap files
· download file
description (AP group view)
Use description to set a description for an AP group.
Use undo description to remove the description for an AP group.
Syntax
description text
undo description
Default
No description is set for an AP group.
Views
AP group view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 64 characters.
Examples
# Set a description for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] description L3-office
Related commands
· display wlan ap-group
· wlan ap-group
description (AP view)
Use description to set a description for an AP.
Use undo description to remove the description for an AP.
Syntax
description text
undo description
Default
No description is set for an AP.
Views
AP view
Predefined user roles
Parameters
text: Specifies a description for an AP, a case-sensitive string of 1 to 64 characters.
Examples
# Set a description for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-ap-ap1] description L3-office
Related commands
display wlan ap
display wlan ap
Use display wlan ap to display AP information.
Syntax
display wlan ap { all | name ap-name } [ verbose ]
Views
Any view
Predefined user roles
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
verbose: Displays detailed information.
Examples
# Display information about all APs.
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 1024
Remaining APs: 1023
Total AP licenses: 128
Remaining AP licenses: 127
Sync AP licenses: 0
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run M = Master, B = Backup
AP name APID State Model Serial ID
ap1 1 I WA536-WW 219801A1NQB117012935
Table 1 Command output
Field |
Description |
Total number of connected WTUs |
This field is not supported in the current software version. |
Total number of inside APs |
This field is not supported in the current software version. |
Maximum supported APs |
Maximum of number of APs supported by the AC. |
Total AP licenses |
Total number of AP licenses. |
Remaining AP licenses |
Number of remaining AP licenses. |
Sync AP licenses |
Number of synchronized AP licenses. |
APID |
ID of the AP to uniquely identify the AP on the AC. |
State |
Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The AP is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Serial ID |
Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured. |
# Display detailed information about AP ap1.
<Sysname> display wlan ap name ap1 verbose
AP name : ap1
AP ID : 1
AP group name : default-group
State : Run
Backup type : Master
Online time : 0 days 1 hours 25 minutes 12 seconds
System up time : 0 days 2 hours 22 minutes 12 seconds
Model : WA536-WW
Region code : CN
Region code lock : Disable
Serial ID : 219801A1NQB117012935
MAC address : 0AFB-423B-893C
IP address : 192.168.1.50
UDP control port number : 18313
UDP data port number : N/A
H/W version : Ver.C
S/W version : R2205P01
Boot version : 1.01
USB state : N/A
Power Level : N/A
PowerInfo : N/A
Description : wtp1
Priority : 4
Echo interval : 10 seconds
Echo count : 3 counts
Keepalive interval : 10 seconds
Statistics report interval : 50 seconds
Fragment size (data) : 1500
Fragment size (control) : 1450
MAC type : Local MAC & Split MAC
Tunnel mode : Local Bridging & 802.3 Frame & Native Frame
Discovery type : Static Configuration
Retransmission count : 3
Retransmission interval : 5 seconds
Firmware upgrade : Enabled
Sent control packets : 1
Received control packets : 1
Echo requests : 147
Lost echo responses : 0
Average echo delay : 3
Last reboot reason : User soft reboot
Latest IP address : 10.1.0.2
Tunnel down reason : Request wait timer expired
Connection count : 1
Backup Ipv4 : Not configured
Backup Ipv6 : Not configured
Tunnel encryption : Disabled
LED mode : Normal
Remote configuration : Enabled
Radio 1:
Basic BSSID : 7848-59f6-3940
Admin state : Up
Radio type : 802.11ac
Antenna type : internal
Client dot11ac-only : Disabled
Client dot11n-only : Disabled
Channel band-width : 20/40/80MHz
Active band-width : 20/40/80MHz
Secondary channel offset : SCB
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
Short GI for 80MHz : Supported
Short GI for 160MHz : Not supported
A-MSDU : Enabled
A-MPDU : Enabled
LDPC : Not Supported
STBC : Supported
Operational VHT-MCS Set:
Mandatory : Not configured
Supported : NSS1 0,1,2,3,4,5,6,7,8,9
NSS2 0,1,2,3,4,5,6,7,8,9
Multicast : Not configured
Operational HT MCS Set:
Mandatory : Not configured
Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15
Multicast : Not configured
Channel : 44(auto)
Channel usage(%) : 15
Max power : 20 dBm
Operational rate:
Mandatory : 6, 12, 24 Mbps
Multicast : Auto
Supported : 9, 18, 36, 48, 54 Mbps
Disabled : Not configured
Distance : 1 km
ANI : Enabled
Fragmentation threshold : 2346 bytes
Beacon interval : 100 TU
Protection threshold : 2346 bytes
Long retry threshold : 4
Short retry threshold : 7
Maximum rx duration : 2000 ms
Noise Floor : -102 dBm
Protection mode : cts-to-self
MU-TxBF : Enabled
SU-TxBF : Enabled
Continuous mode : N/A
HT protection mode : No protection
Radio 2:
Basic BSSID : 7848-59f6-3950
Admin state : Down
Radio type : 802.11ac
Antenna type : internal
Client dot11ac-only : Disabled
Client dot11n-only : Disabled
Channel band-width : 20/40/80MHz
Active band-width : 20/40/80MHz
Secondary channel offset : SCN
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
Short GI for 80MHz : Supported
Short GI for 160MHz : Not supported
A-MSDU : Enabled
A-MPDU : Enabled
LDPC : Not Supported
STBC : Supported
Operational HT MCS Set:
Mandatory : Not configured
Supported : NSS1 0,1,2,3,4,5,6,7,8,9
NSS2 0,1,2,3,4,5,6,7,8,9
Multicast : Not configured
Operational HT MCS Set:
Mandatory : Not configured
Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15
Multicast : Not configured
Channel : 149(auto)
Channel usage(%) : 0
Max power : 20 dBm
Operational rate:
Mandatory : 6, 12, 24 Mbps
Multicast : Auto
Supported : 9, 18, 36, 48, 54 Mbps
Disabled : Not configured
Distance : 1 km
ANI : Enabled
Fragmentation threshold : 2346 bytes
Beacon interval : 100 TU
Protection threshold : 2346 bytes
Long retry threshold : 4
Short retry threshold : 7
Maximum rx duration : 2000 ms
Noise floor : 0 dBm
Protection mode : cts-to-self
MU-TxBF : Enabled
SU-TxBF : Enabled
Continuous mode : N/A
HT protection mode : No protection
Radio 3:
Basic BSSID : N/A
Admin state : Down
Radio type : 802.11n(2.4GHz)
Antenna type : internal
Client dot11n-only : Disabled
Channel band-width : 20MHz
Active band-width : 20MHz
Secondary channel offset : SCN
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
A-MSDU : Enabled
A-MPDU : Enabled
LDPC : Not Supported
STBC : Supported
Operational HT MCS Set:
Mandatory : Not configured
Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15
Multicast : Not configured
Channel : 6(auto)
Channel usage(%) : 0
Max power : 20 dBm
Preamble type : Short
Operational rate:
Mandatory : 1, 2, 5.5, 11 Mbps
Multicast : Auto
Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps
Disabled : Not configured
Distance : 1 km
ANI : Enabled
Fragmentation threshold : 2346 bytes
Beacon interval : 100 TU
Protection threshold : 2346 bytes
Long retry threshold : 4
Short retry threshold : 7
Maximum rx duration : 2000 ms
Noise floor : 0 dBm
Protection mode : cts-to-self
Continuous mode : N/A
HT protection mode : No protection
Table 2 Command output
Field |
Description |
State |
Current state of the AP: · Idle—Idle. · Join—Join. · JoinAck—Join acknowledge. · Image—The AP is downloading the version. · Config—The AP is downloading initial configurations. · Data Check—The AP is checking data. · Run—The AP is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Backup type |
CAPWAP tunnel type: · Idle—The AP has not established a CAPWAP tunnel with the AC. · Master—The CAPWAP tunnel established between the AP and the master AC. · Backup—The CAPWAP tunnel established between the AP and the backup AC. |
Region code lock |
· Enable. · Disable. |
Serial ID |
Serial ID of the AP. If no serial ID is configured, this field displays Not configured. |
MAC address |
MAC address of the AP. If no MAC address is configured, this field displays Not configured. |
UDP control port number |
Port number used by the AP to establish the CAPWAP control tunnel. |
UDP data port number |
Port number used by the AP to establish the CAPWAP data tunnel. |
H/W version |
Hardware version of the AP. |
S/W version |
Software version of the AP. |
USB state |
USB state: · Enabled. · Disabled. This field displays N/A if no USB state information is available. |
Power Level |
Power level: · Low. · Middle. · High. This field displays N/A if the power level is unknown. |
PowerInfo |
Power supply information. |
Description |
Description for the AP. If no description is configured, this field displays Not configured. |
Priority |
AP connection priority for the AC. |
Echo interval |
Interval for an AP to send echo requests to the AC. |
Echo count |
Maximum number of echo request transmission attempts. |
Keepalive interval |
Interval for an AP to send keepalive packets through the CAPWAP data tunnel. |
Statistics report interval |
Interval for an AP to send statistics reports to the AC. |
Fragment size (data) |
Maximum fragment size for CAPWAP data packets. |
Fragment size (control) |
Maximum fragment size for CAPWAP control packets. |
MAC type |
MAC type of the AP-AC connection: · Local MAC—The AP encapsulates frames in 802.3 format before sending them to the AC. · Split MAC—The AP encapsulates frames in 802.11 format before sending them to the AC. · Local & Split MAC—The AP can encapsulate frames in either 802.3 format or 802.11 format before sending them to the AC. |
Tunnel mode |
Supported tunnel mode of the AP: · Local Bridging—The AP supports local bridging and does not forward data to the AC. · 802.3 Frame—The AP encapsulates the frames in 802.3 format to send them to the AC. · Native Frame—The AP encapsulates the frames in 802.11 format to send them to the AC. · Local Bridging & 802.3 Frame—The AP supports the Local Bridging mode and the 802.3 Frame mode. · 802.3 Frame & Native Frame—The AP supports the 802.3 Frame mode and the Native Frame mode. · Local Bridging & Native Frame—The AP supports the Local Bridging mode and the Native Frame mode. |
Discovery type |
Discovery type of the AP: · Static Configuration—The AP uses the manually configured IPv4 or IPv6 address of the AC. · DHCP—The AP gets the IP address of an AC through DHCP. · DNS—The AP gets the IP address of an AC through DNS. · Unknown. |
Retransmission count |
Number of retransmission attempts for an AC request. |
Retransmission interval |
Interval at which AC requests can be retransmitted. |
Firmware upgrade |
AP software upgrade: · Enabled. · Disabled. |
Sent control packets |
Number of sent packets, including Change State Event Response packets after the AC enters Run state. |
Received control packets |
Number of received packets, including Change State Event Response packets after the AC enters Run state. |
Echo requests |
Number of echo requests sent by the AP in Run state. |
Lost echo responses |
Number of echo responses not received by the AP in Run state. |
Average echo delay |
Average echo delay in milliseconds. |
Last reboot reason |
Last reboot reason for the AP: · Power on. · Hard reboot. · Watchdog reboot. · Unknown reboot. · User soft reboot. · Kernel exception soft reboot. · Kernel deadloop soft reboot. · Auto update soft reboot. · Unknown soft reboot. · Memory exhausted. · Other unknown soft reboot. |
Latest IP address |
IP address that was most recently used by the AP. |
Tunnel down reason |
Cause for the CAPWAP tunnel to go down: · Failed to create timer. · Neighbor dead timer expired. · Request wait timer expired. · Data check timer expired. · Failed to process data channel keep-alive message. · Failed to process request. · AP was reset. · AP was deleted. · Failed to come online. · Serial number changed. · MAC address changed. · Number of APs exceeded the limit. · Processed join request in Run state. · Failed to create AP context. · Received failure result code. · Failed to retransmit message. · Failed to download image file. · Image file downloaded successfully. · File operation timer expired. · Failed to add tunnel. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Master and backup tunnel switchover. · Failed to inherit configuration. · AP authentication failed. This field displays N/A if the CAPWAP tunnel did not go down. |
Connection count |
Number of times that the AP connects to the AC. It is cleared in either one of the following cases: · The AC reboots. · The serial ID of the AP changes. The reset wlan ap command does not clear the connection count. |
Backup Ipv4 |
IPv4 address of the backup AC. If no backup AC is specified, this field displays Not configured. |
Backup Ipv6 |
IPv6 address of the backup AC. If no backup AC is specified, this field displays Not configured. |
Tunnel encryption |
· Enabled. · Disabled. |
LED mode |
LED lighting mode: · quiet—All LEDs are off. · awake—All LEDs flash once every minute. · always-on—All LEDs are steady on. · normal—How LEDs flash in this mode varies by AP model. |
Remote configuration |
Remote configuration assignment: · Enabled. · Disabled. |
Basic BSSID |
MAC address of the radio. This field displays N/A if the AP has not established a CAPWAP tunnel with the AC. |
Admin state |
Radio state: · Up. · Down. |
Radio type |
Wireless mode: · 2.4 GHz. ? 802.11b. ? 802.11g. ? 802.11n(2.4GHz). · 5 GHz. ? 802.11a. ? 802.11n(5GHz). ? 802.11ac. |
· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11ac clients to associate with the radio. |
|
· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11n or 802.11ac clients to associate with the radio. |
|
Channel bandwidth: · 20 MHz. · 20 or 40 MHz. · 20/40/80 MHz. |
|
Active band-width |
Running radio bandwidth. |
Secondary channel information for the 802.11n and 802.11ac radio modes: · SCA (Second Channel Above)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is above the primary channel. · SCB (Second Channel Below)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is below the primary channel. · SCN—The AP does not operate in 40 MHz bandwidth mode. |
|
Whether the radio supports short GI when it operates in 20 MHz mode. |
|
Short GI for 40MHz |
Whether the radio supports short GI when it operates in 40 MHz mode. |
Whether the radio supports short GI when it operates in 80 MHz mode. |
|
Whether the radio supports short GI when it operates in 160 MHz mode. |
|
· Disabled. · Enabled. |
|
A-MPDU |
· Disabled. · Enabled. |
· Supported. · Not supported. |
|
· Supported. · Not supported. |
|
· Supported—Supported VHT MCS set. · Mandatory—Mandatory VHT MCS set. · Multicast—Multicast VHT MCS set. |
|
Operational HT MCS Set |
· Supported—Supported MCS set. · Mandatory—Mandatory MCS set. · Multicast—Multicast MCS set. |
Channel |
· This field displays Number<auto> if the current channel is the optimal channel automatically selected by the AP. · This field displays Number if the current channel is manually configured. · This field displays Number<avoid radar> if the current channel is automatically selected by the AP to avoid radar signals. |
Max power |
Maximum transmission power of the radio. |
Preamble type |
Preamble type: · Short. · Long. |
Operational rate |
|
Distance |
Maximum distance that the radio signal can reach. |
ANI |
· Enabled. · Disabled. |
Protection threshold |
Frame length threshold required for triggering the protection mechanism. |
Long retry threshold |
Maximum number of retransmission attempts for frames whose length exceed the RTS threshold. |
Short retry threshold |
Maximum number of retransmission attempts for frames whose length is no more than the RTS threshold. |
Maximum rx duration |
Maximum buffer duration for frames. |
Protection mode |
Conflict avoidance mode: · cts-to-self. · rts-cts. |
Continuous mode configuration: · Transmission rate. · MCS index. · NSS index. · VHT-MCS index. This field displays N/A if the continuous mode is not configured. |
|
HT protection mode |
802.11n protection mode: · No protection. ? AP-associated clients and nearby wireless devices are operating in 802.11n mode and AP-associated clients are 802.11n clients with a bandwidth of 40 MHz. ? AP-associated clients are 802.11n clients with a bandwidth of 20 MHz. ·
Non-member protection. ·
20 MHz protection. ·
Non-HT mixed. |
MU-TxBF |
· Enabled. · Disabled. Support for this field depends on the AP model. |
SU-TxBF |
· Enabled. · Disabled. Support for this field depends on the AP model. |
display wlan ap address
Use display wlan ap address to display AP address information.
Syntax
display wlan ap { all | name ap-name } address
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display address information for all APs.
<Sysname> display wlan ap all address
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of inside APs: 0
AP name IP address MAC address
ap1 1.1.1.5 000b-6b8f-fc6a
Table 3 Command output
Field |
Description |
AP name |
Name of an AP. |
IP address |
IP address of an AP. This field displays N/A for an offline AP. |
MAC address |
MAC address of an AP. This field displays N/A for an offline AP. |
display wlan ap all feature capwap
Use display wlan ap all feature capwap to display configuration status of CAPWAP features.
Syntax
display wlan ap all feature capwap
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display configuration status of CAPWAP tunnel features.
<Sysname> display wlan ap all feature capwap
AP name Upgrade Encryption Control-address Switch-back
ap1 Disabled Both Enabled Horizontal
Table 4 Command output
Field |
Description |
Upgrade |
AP software upgrade: · Enabled. · Disabled. |
Encryption |
CAPWAP tunnel encryption: · Control—Control tunnel encryption is enabled. · Data—Data tunnel encryption is enabled. · Both—Encryption is enabled for both control and data tunnels. · Disabled—Encryption is disabled for both control and data tunnels. |
Control-address |
AC rediscovery: · Enabled. · Disabled. |
Switch-back |
This field is not supported in the current software version. The CAPWAP tunnel switch-back feature for AC hierarchy: · Horizontal. · Vertical. · Disabled. · Both. |
display wlan ap connection
Use display wlan ap connection to display AP connection records on the AC.
Syntax
display wlan ap connection record { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display all AP connection records on the AC.
<Sysname> display wlan ap connection record all
AP name IP address State Time
ap1 2001::3 Run 05-06 09:47:44
ap2 2001::5 Run 05-06 09:50:38
Table 5 Command output
Field |
Description |
State |
Current state of the AP: · Idle—Idle. · Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. |
Time |
Most recent time when the AP established a CAPWAP tunnel with the AC. |
display wlan ap files
Use display wlan ap files to display information about files and file folders on an AP.
Syntax
display wlan ap files name ap-name
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display information about files and file folders on AP ap1.
<Sysname> display wlan ap files name ap1
Directory of flash:
0 13638656 wa5300-system.bin
1 2573312 wa5300-boot.bin
131072 KB total (114208 KB free)
Table 6 Command output
Field |
Description |
0 13638656 xx.xx |
File or file folder information: · 0—Serial number, which is automatically assigned by the system. · 13638656— File size in bytes. A hyphen (-) is displayed if it is a file folder. · xx.xx—Name of the file or file folder. |
Related commands
· delete file
· download file
display wlan ap online-time
Use display wlan ap online-time to display the online duration for APs.
Syntax
display wlan ap online-time { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display online duration for all APs.
<Sysname> display wlan ap online-time all
AP name IP address Time
ap1 1.1.1.2 0 days 0 hours 2 minutes 6 seconds
ap2 1.1.1.1 0 days 0 hours 5 minutes 6 seconds
ap3 1.1.1.6 0 days 0 hours 2 minutes 1 seconds
Table 7 Command output
Field |
Description |
IP address |
IP address of an AP. |
Time |
Realtime association duration of an AP since the AP came online. |
display wlan ap running-configuration
Use display wlan ap running-configuration to display running configuration for the specified AP or all APs.
Syntax
display wlan ap running-configuration { all | ap-name ap-name } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
ap-name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
verbose: Displays detailed running configuration.
Examples
# Display detailed running configuration for all APs.
<Sysname> display wlan ap running-configuration all verbose
(i) -- Inherited from AP group
(g) -- Inherited from AP global-configuration
#
wlan ap ap1 model WA536-WW id 5
ap group name 1
serial-id 219801A1NQB117012935
region code CN (g)
echo interval 10 (i)
echo count 3 (i)
retransmission count 3 (i)
retransmission interval 5 (i)
statistics interval 50 (i)
fragment-size data 1500 (i)
fragment-size control 1450 (i)
preempt disable (g)
firmware-upgrade enable (g)
priority 4 (i)
keepalive interval 10 (i)
…
radio 1
radio type 802.11ac (i)
radio disable (i)
channel auto<64> (i)
channel unlock (i)
fragment-threshold 2346 (i)
max-power 20 (i)
power unlock (i)
distance 1 kilometer (i)
ANI Enabled (i)
…
radio 2
radio type 802.11ac (i)
radio disable (i)
channel auto<11> (i)
channel unlock (i)
fragment-threshold 2346 (i)
max-power 20 (i)
power unlock (i)
distance 1 kilometer (i)
ANI Enabled (i)
…
radio 3
radio type 802.11n(2.4GHz) (i)
radio disable (i)
channel auto<6> (i)
channel unlock (i)
fragment-threshold 2346 (i)
max-power 20 (i)
power unlock (i)
distance 1 kilometer (i)
ANI Enabled (i)
…
display wlan ap reboot-log
Use display wlan ap reboot-log to display the reboot logs of an AP.
Syntax
display wlan ap reboot-log name ap-name
Views
Any view
Predefined user roles
Parameters
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
If the AP has suffered a system crash, you can use this command to view detailed information about the crash.
To use this command, make sure the specified AP is in Run state.
Examples
# Display reboot logs for AP ap1.
<Sysname> display wlan ap reboot-log name ap1
Debugging information is not available on the AC.
Downloading debugging data from AP. Continue? [Y/N]:y
Downloading debugging data. Please wait...
Please enter the same command again to view the log messages.
Related commands
reset wlan ap reboot-log
display wlan ap statistics association-failure-record
Use display wlan ap statistics association-failure-record to display association failure records for APs.
Syntax
display wlan ap statistics association-failure-record
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display association failure records for APs.
<Sysname> display wlan ap statistics association-failure-record
MAC address AP ID Last failed at Reason
9a48-45ed-0300 12312 07-07/15:56:25 AP authentication failed
Table 8 Command output
Field |
Description |
MAC address |
MAC address of an AP. |
AP ID |
ID of an AP, which uniquely identifies the AP on the AC. |
Last failed at |
Last time an AP associated with the AC. The format is date/hh:mm:ss. |
Reason |
Association failure reason: · Failed to create data check timer. · Memory is not enough. · The AP model doesn't exist. · Lack of AP license. · MAC address conflict. · Failed to add APLB. · AP chose another AC. · Reached AC max capability. · APLB check failed. · Rejected AP access in HA smooth. · AP authentication failed. · Failed to create auto AP. · The AP information has already existed. · Failed to download AP image file. · Timer for waiting change state event request expired. · Time for waiting image data request or configuration request expired. · Received failure result code in change state event request. · Failed to add tunnel. · AP configuration was not found. · Inconsistent AP IDs. · Failed to send query message. · Open image file timer expired. |
display wlan ap statistics online-record
Use display wlan ap statistics online-record to display online AP quantity records.
Syntax
display wlan ap statistics online-record [ datetime date time [ count count ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
datetime date time: Specifies the start time to display online AP quantity records. The date argument represents the date in the YYYY/MM/DD or MM/DD/YYYY format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month. The time argument represents the time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. If you do not specify this option, the command displays all statistics about online AP quantity over the past 7 days in descending order of time.
count count: Specifies the number of online AP quantity records to be displayed, in the range of 1 to 256. If you do not specify this option, 10 online AP quantity records are displayed.
Usage guidelines
The online AP quantity records are displayed one by one at intervals of 1 minute. This command supports displaying records generated only over the past 7 days. If a time is specified, this command displays the specified number of online AP quantity records generated after the specified time point.
Examples
# Display 11 online AP quantity records generated after 2017/10/11 10:25.
<Sysname> display wlan ap statistics online-record datetime 2017/10/11 10:16:11 count 11
Time Manual APs Auto APs Total Total delta
2017-10-11 10:16:00 20 10 30 -2
2017-10-11 10:17:00 22 10 32 +6
2017-10-11 10:18:00 16 10 26 0
2017-10-11 10:19:00 16 10 26 0
2017-10-11 10:20:00 16 10 26 0
2017-10-11 10:21:00 16 10 26 0
2017-10-11 10:22:00 16 10 26 0
2017-10-11 10:23:00 16 10 26 0
2017-10-11 10:24:00 16 10 26 0
2017-10-11 10:25:00 16 10 26 0
2017-10-11 10:26:00 16 10 26 0
Table 9 Command output
Field |
Description |
Time |
Date and time when the record was generated. |
Manual APs |
Number of online manual APs. |
Auto APs |
Number of online auto APs. |
Total |
Total number of online APs. |
Total delta |
Quantity change in comparison with the last minute. |
display wlan ap statistics tunnel-down-record
Use display wlan ap statistics tunnel-down-record to display CAPWAP tunnel down records.
Syntax
display wlan ap statistics tunnel-down-record
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display CAPWAP tunnel down records.
<Sysname> display wlan ap statistics tunnel-down-record
AP name AP ID Tunnel down at Tunnel down reason
9a48-45ed-0300 123 2017-07-07/15:56:25 Processed join request
in Run state
Table 10 Command output
Field |
Description |
AP name |
Name of an AP. |
AP ID |
ID of an AP, which uniquely identifies the AP on the AC. |
Tunnel down at |
Time when the CAPWAP tunnel between an AP and the AC went down. The format is date/hh:mm:ss. |
Tunnel down reason |
CAPWAP tunnel down reason: · Failed to create data check timer. · Neighbor dead timer expired. · Request wait timer expired. · Failed to process data channel keepalive message. · Failed to process request. · AP was reset by admin. · AP was reset by Web. · AP was reset from OASIS. · WTU went offline because the WT was down—This reason is not supported in the current software version. · Manual AP was deleted. · Failed to come online. · Serial ID changed. · MAC address changed. · Exceeded AC max capability. · Processed join request in Run state. · Unauthenticated AP tunnel down. · Failed to create AP context. · Received failure result code in change state event request. · Failed to retransmit message. · Failed to download image file. · Image file downloaded successfully. · File operation timer expired. · Failed to add tunnel. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Master and backup tunnel switchover. · Failed to inherit configuration. · AP authentication failed. · Backup AP upgrade failed. · Board is inactive. · Lack of AP license. |
display wlan ap-distribution
Use display wlan ap-distribution to display distribution information of attached APs for ACs.
Syntax
display wlan ap-distribution { all | slot slot-number }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all ACs.
slot slot-number: Specifies an IRF member device by its member ID.
Examples
# Display distribution information for APs attached to the specified slot.
<Sysname> display wlan ap-distribution slot 0
Total number of APs: 1
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
AP name APID State Model Serial ID
722a-d561-0300 4 R/M WA536-WW 219801A1NQB117012935
Table 11 Command output
Field |
Description |
APID |
ID of the AP to uniquely identify the AP on the AC. |
State |
Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the software image version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Model |
AP model information. |
Serial ID |
Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured. |
display wlan ap-distribution ap-name
Use display wlan ap-distribution ap-name to display the attachment location of an AP.
Syntax
display wlan ap-distribution ap-name ap-name
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display the attachment location of AP ap1.
<Sysname> display wlan ap-distribution ap-name ap1
The AP is attached to slot 0.
display wlan ap-group
Use display wlan ap-group to display information about all AP groups or the specified AP group.
Syntax
display wlan ap-group [ brief | name group-name ]
Views
Any view
Predefined user roles
Parameters
brief: Displays brief information about all AP groups.
name group-name: Displays detailed information about the specified AP group. The group-name argument represents the name of an AP group, a case-insensitive string of 1 to 31 characters.
Usage guidelines
If you do not specify any parameter, this command displays detailed information about all AP groups.
Examples
# Display detailed information about all AP groups.
[Sysname] display wlan ap-group
Total number of AP groups: 2
AP group name : default-group
Description : Not configured
AP model : Not configured
APs : Not configured
AP group name : group1
Description : abcd
AP model : WA536-WW
AP grouping rules:
AP name : ap1, ap2
Serial ID : 219801A1NQB117012935
MAC address : 0AFB-423B-893C
IPv4 address : Not configured
IPv6 address : Not configured
APs : ap1 (AP name)
# Display detailed information about AP group group1.
[Sysname] display wlan ap-group group1
AP group name : group1
Description : Not configured
AP model : WA536-WW
AP grouping rules:
AP name : ap1, ap2
Serial ID : 219801A1NQB117012935
MAC address : 0AFB-423B-893C
IPv4 address : Not configured
IPv6 address : Not configured
APs : ap1 (AP name)
# Display brief information about all AP groups.
<Sysname> display wlan ap-group brief
Total number of AP groups: 4
AP group name Group ID Member APs Online APs
default-group 1 1 0
group1 2 2006 1986
group2 3 10 10
group3 4 4 4
Related commands
display wlan ap-model
Use display wlan ap-model to display AP model information.
display wlan ap-model { all | name model-name }
name model-name: Specifies an AP model by its name.
# Display information about AP model WA536-WW.
<Sysname> display wlan ap-model name WA536-WW
AP model : WA536-WW
Alias : WA536-WW
Vendor name : H3C
Vendor ID : 25506
License weight : 100
Radio count : 3
Radio 1:
Mode : 802.11a, 802.11an, 802.11ac
Default mode : 802.11ac
BSS count : 16
Radio 2:
Mode : 802.11a, 802.11an, 802.11ac
Default mode : 802.11ac
BSS count : 16
Radio 3:
Mode : 802.11b, 802.11g, 802.11gn, 802.11gac
Default mode : 802.11gn
BSS count : 16
Version Support List :
Hardware Version Ver.A:
Software Version : R2220
Default Software Version : R2220
Image Name : wa5300.ipe
Hardware Version Ver.B:
Software Version : R2220
Default Software Version : R2220
Image Name : wa5300.ipe
Hardware Version Ver.C:
Software Version : R2220
Default Software Version : R2220
Image Name : wa5300.ipe
Hardware Version Ver.D:
Software Version : R2220
Default Software Version : R2220
Image Name : wa5300.ipe
Hardware Version Ver.E:
Software Version : R2220
Default Software Version : R2220
Image Name : wa5300.ipe
Hardware Version Ver.F:
Software Version : R2220
Default Software Version : R2220
Image Name : wa5300.ipe
display wlan tunnel latency ap name
Use display wlan tunnel latency ap name to display tunnel latency information for an AP.
Syntax
display wlan tunnel latency ap name ap-name
Views
Any view
Predefined user roles
Parameters
ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
Make sure CAPWAP tunnel latency detection is started before you execute this command.
Examples
# Display tunnel latency information for AP ap1.
<Sysname> display wlan tunnel latency ap name ap1
AP name : ap1
Tunnel latency : Enabled
Control link delay:
Current delay : 1ms
Maximum delay : 1ms
Minimum delay : 1ms
Data link delay:
Current delay : 1ms
Maximum delay : 1ms
Minimum delay : 1ms
Table 13 Command output
Description |
|
· Disabled. · Enabled. |
|
Related commands
· reset wlan tunnel latency ap
· tunnel latency-detect
dns domain
Use dns domain to specify a domain name for an AP.
Use undo dns domain to restore the default.
Syntax
Default
In AP provision view, an AP uses the configuration in AP group provision view.
In AP group provision view, no domain name is specified for an AP.
Views
AP provision view
AP group provision view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters separated by dots. The string can contain letters, digits, hyphens (-), and underscores (_).
Usage guidelines
The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.
The configuration in AP provision view takes precedence over the configuration in AP group provision view.
Examples
# Set the domain name for AP ap1 to com.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] dns domain com
# Set the domain name for APs in AP group group1 to com.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group-prvs] dns domain com
Related commands
dns server
Use dns server to specify a DNS server for an AP.
Use undo dns server to restore the default.
Syntax
dns server { ip ipv4-address | ipv6 ipv6-address }
Default
In AP provision view, an AP uses the configuration in AP group provision view.
In AP group provision view, no DNS server is specified for an AP.
Views
AP provision view
AP group provision view
Predefined user roles
Parameters
ip ipv4-address: Specifies a DNS server by its IPv4 address. Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.
ipv6 ipv6-address: Specifies a DNS server by its IPv6 address.
Usage guidelines
You can specify only one IPv4 address and one IPv6 address in each view.
The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.
The configuration in AP provision view takes precedence over the configuration in AP group provision view.
Examples
# Set the DNS server IP address to 192.168.100.123 for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] dns server ip 192.168.100.123
# Set the DNS server IP address to 192.168.100.123 for APs in AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group-prvs] dns server ip 192.168.100.123
Related commands
download file
Use download file to download an image file to an AP.
Syntax
Views
AP view
Predefined user roles
Parameters
filename: Specifies an image file by its name, a string of 1 to 255 characters.
Usage guidelines
This feature takes effect only on the master AC after a CAPWAP tunnel is established in WLAN high availability networking. For more information about WLAN high availability, see "Configuring WLAN high availability."
Examples
# Download image file main.ipe to AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan–ap-ap1] download file main.ipe
echo-count
Use echo-count to set the maximum number of echo request transmission attempts.
Use undo echo-interval to restore the default.
Syntax
echo-count count
undo echo-count
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the maximum number of echo request transmission attempts is 3.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum number of echo request transmission attempts in the range of 3 to 60.
Usage guidelines
An AP sends echo requests to the AC at the specified echo interval to identify whether the CAPWAP control tunnel is operating correctly. The AC responds by sending echo responses. If the AP does not receive any echo responses within the keepalive time, the AP terminates the connection. If the AC does not receive any echo requests within the keepalive time, the AC terminates the connection. The keepalive time is the echo interval multiplied by the maximum number of echo request transmission attempts.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the maximum number of echo request transmission attempts to 5 for AP ap3.
<Sysname> system-view
[Sysname] wlan ap ap3 model WA536-WW
[Sysname-wlan-ap-ap3] echo-count 5
# Set the maximum number of echo request transmission attempts to 5 for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] echo-count 5
echo-interval
Use echo-interval to set the interval for an AP to send echo requests to the AC.
Use undo echo-interval to restore the default.
Syntax
echo-interval interval
undo echo-interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the interval for sending echo requests is 10 seconds.
Views
AP view
AP group view
Predefined user roles
Parameters
interval: Specifies the interval for sending echo requests, in the range of 5 to 80 seconds.
Usage guidelines
An AP sends echo requests to the AC at the specified echo interval to identify whether the CAPWAP control tunnel is operating correctly. The AC responds by sending echo responses. The AC terminates the connection if it does not receive any echo requests within the keepalive time. If the AP does not receive any echo responses within the keepalive time, the AP terminates the connection. The keepalive time is the echo interval multiplied by the maximum number of echo request transmission attempts set by using the echo-count count command.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the echo interval for AP ap3 to 15 seconds.
[Sysname] wlan ap ap3 model WA536-WW
[Sysname-wlan-ap-ap3] echo-interval 15
# Set the echo interval for APs in AP group group1 to 15 seconds.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] echo-interval 15
firmware-upgrade
Use firmware-upgrade enable to enable the software upgrade feature.
Use firmware-upgrade disable to disable the software upgrade feature.
Use undo firmware-upgrade to restore the default.
Syntax
firmware-upgrade { disable | enable }
undo firmware-upgrade
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, the software upgrade feature is enabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
Parameters
disable: Disables the software upgrade feature.
enable: Enables the software upgrade feature.
Usage guidelines
This feature enables the AC to examine whether an AP's software version matches the hardware version and software version mappings stored on the AC during CAPWAP tunnel establishment.
· If a match is found, the AC establishes a CAPWAP tunnel with the AP.
· If no match is found, the CAPWAP tunnel establishment proceeds as follows:
a. The AC notifies the AP of software version inconsistency.
b. After receiving the notification, the AP requests the software version from the AC, and then upgrades the software to establish a CAPWAP tunnel with the AC.
When this feature is disabled, the AC does not examine the software version of an AP and directly establishes a CAPWAP tunnel with the AP.
The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.
Examples
# Enable the software upgrade feature for AP ap3.
[Sysname] wlan ap ap3 model WA536-WW
[Sysname-wlan-ap-ap3] firmware-upgrade enable
# Enable the software upgrade feature for APs in AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] firmware-upgrade enable
# Enable the software upgrade feature globally.
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] firmware-upgrade enable
Related commands
wlan apdb
fragment-size
Use fragment-size to set the maximum fragment size for CAPWAP control or data packets.
Use undo fragment-size to remove the configuration.
Syntax
fragment-size { control control-size | data data-size }
undo fragment-size { control | data }
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the maximum fragment size for CAPWAP control packets and data packets is 1450 bytes and 1500 bytes, respectively.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
control control-size: Specifies the maximum fragment size for CAPWAP control packets in bytes. The value range for the control-size argument is 1000 to 1450.
data data-size: Specifies the maximum fragment size for CAPWAP data packets in bytes. The value range for the control-size argument is 1000 to 1748.
Usage guidelines
This command prevents intermediate devices from dropping packets between AC and AP if the AP connects to the AC across the Internet.
Any maximum fragment size modification takes effect immediately on online APs.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the maximum fragment size for CAPWAP data packets to 1500 bytes for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-ap-ap1] fragment-size data 1500
# Set the maximum fragment size for CAPWAP data packets to 1500 bytes for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] fragment-size data 1500
gateway
Use gateway to specify a gateway for an AP.
Use undo gateway to restore the default.
Syntax
gateway { ip ipv4-address | ipv6 ipv6-address }
Default
No gateway is specified for an AP.
Views
AP provision view
Predefined user roles
Parameters
ip ipv4-address: Specifies a gateway by its IPv4 address. Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.
ipv6 ipv6-address: Specifies a gateway by its IPv6 address.
Usage guidelines
You can set only one IPv4 address and one IPv6 address.
Examples
# Set the gateway IP address to 192.168.100.1 for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] gateway ip 192.168.100.1
hybrid-remote-ap
Use hybrid-remote-ap enable to enable the remote AP feature.
Use hybrid-remote-ap disable to disable the remote AP feature.
Use undo hybrid-remote-ap to restore the default.
Syntax
hybrid-remote-ap { disable | enable }
undo hybrid-remote-ap
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, remote AP is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
By default, an AP stops providing services after the tunnel between the AP and the associated AC is disconnected. This command enables the AP to act as a remote AP to still provide services.
This command takes effect only on an AP that operates in local forwarding mode.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable remote AP for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] hybrid-remote-ap enable
# Enable remote AP for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] hybrid-remote-ap enable
if-match ip
Use if-match ip to create an AP grouping rule by IPv4 addresses.
Use undo if-match ip to delete AP grouping rules by IPv4 addresses.
Syntax
if-match ip ip-address { mask-length | mask }
undo if-match ip [ ip-address { mask-length | mask } ]
Default
No AP grouping rules by IP addresses are configured.
Views
AP group view
Predefined user roles
Parameters
ip-address: Specifies an IPv4 address in dotted decimal notation.
mask-length: Specifies the mask length in the range of 1 to 31.
mask: Specifies the mask in dotted decimal notation.
Usage guidelines
You cannot execute this command in the view of the default AP group.
AP grouping rules by IPv4 addresses for an AP group or for different AP groups cannot overlap with each other.
An AP group supports a maximum of 32 AP grouping rules by IPv4 addresses.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
You can create AP grouping rules by both IPv4 addresses and IPv6 addresses for an AP group.
If you do not specify any argument in the undo form of the command, the command deletes all AP grouping rules by IPv4 addresses.
Examples
# Add APs whose IP address belongs to 192.168.0.0/16 to AP group group1.
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] if-match ip 192.168.0.0 16
if-match ipv6
Use if-match ipv6 to create an AP grouping rule by IPv6 addresses.
Use undo if-match ipv6 to delete AP grouping rules by IPv6 addresses.
Syntax
if-match ipv6 { ipv6-address prefix-length | ipv6-address/prefix-length }
undo if-match ip [ ipv6-address prefix-length | ipv6-address/prefix-length ]
Default
No AP grouping rules by IPv6 addresses are configured.
Views
AP group view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 address.
prefix-length: Specifies the IPv6 address prefix length in the range of 1 to 128.
Usage guidelines
You cannot execute this command in the view of the default AP group.
AP grouping rules by IPv6 addresses for an AP group or for different AP groups cannot overlap with each other.
An AP group supports a maximum of 32 AP grouping rules by IPv6 addresses.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
You can create AP grouping rules by both IPv4 addresses and IPv6 addresses for an AP group.
If you do not specify any argument in the undo form of the command, the command deletes all AP grouping rules by IPv6 addresses.
Examples
# Add APs whose IPv6 address belongs to 2001:DB0::/28 to AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] if-match ipv6 2001:DB8:: 28
ip address
Use ip address to specify an IPv4 address for the management VLAN interface for an AP.
Use undo ip address to restore the default.
Syntax
ip address ip-address { mask | mask-length }
Default
No IP address is specified for the management VLAN interface of an AP.
Views
AP provision view
Predefined user roles
Parameters
ip-address: Specifies an IPv4 address in dotted decimal notation.
mask: Specifies the mask in dotted decimal notation.
mask-length: Specifies the mask length in the range of 1 to 31.
Usage guidelines
Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.
The IP address of the management VLAN interface for an AP must be different from the following IP addresses:
· IP address of the management VLAN interface of another AP.
· AC IP address specified in provision view of any APs.
Examples
# Set the IP address of the management VLAN interface to 10.1.1.1/24 for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ip address 10.1.1.1 24
ipv6 address
Use ipv6 address to specify an IPv6 address for the management VLAN interface for an AP.
Use undo ipv6 address to restore the default.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
Default
No IPv6 address is specified for the management VLAN interface of an AP.
Views
AP provision view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 address.
prefix-length: Specifies the prefix length in the range of 1 to 128.
Usage guidelines
The IP address of the management VLAN interface for an AP must be different from the following IP addresses:
· IP address of the management VLAN interface of another AP.
· AC IP address specified in provision view of any APs.
Examples
# Set the IPv6 address of the management VLAN interface to 2001::1/64 for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ipv6 address 2001::1/64
keepalive-interval
Use keepalive-interval to set the data tunnel keepalive interval.
Use undo keepalive-interval to restore the default.
Syntax
keepalive-interval interval
undo keepalive-interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the data tunnel keepalive interval is 10 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval for an AP to send keepalive packets through the CAPWAP data tunnel. The value range is 1 to 255 seconds.
Examples
# Set the data tunnel keepalive interval for AP ap1 to 15 seconds.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] keepalive-interval 15
# Set the data tunnel keepalive interval for APs in AP group 1 to 15 seconds.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-ap-group-1] keepalive-interval 15
led-mode
Use led-mode to set a LED lighting mode.
Use undo led-mode to restore the default.
Syntax
led-mode { always-on | awake | normal | quiet }
undo led-mode
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the LED lighting mode is normal.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
always-on: Specifies the always-on mode. Support for this keyword depends on the AP model.
awake: Specifies the awake mode. Support for this keyword depends on the AP model.
normal: Specifies the normal mode. How LEDs flash in this mode varies by AP model.
quiet: Specifies the quiet mode.
Usage guidelines
If you set the LED lighting mode to awake or always-on in AP group view, the setting takes effect only on member APs that support the specified LED lighting mode.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the LED lighting mode to normal for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] led-mode normal
# Set the LED lighting mode to awake for APs in AP group ap1.
<Sysname> system-view
[Sysname] wlan ap-group g1
[Sysname-wlan-ap-group-g1] led-mode awake
mac-address (AP group view)
Use mac-address to create an AP grouping rule by MAC addresses.
Use undo mac-address to delete an AP grouping rule by MAC addresses.
Syntax
mac-address mac-address
undo mac-address mac-address
Default
No AP grouping rules by MAC addresses are configured.
Views
AP group view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the MAC address of an AP.
Usage guidelines
This command does not identify whether the specified AP exists.
You can configure multiple AP grouping rules by MAC addresses.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
If an AP grouping rule already exists in an AP group, this command deletes the rule from the AP group.
You cannot execute this command in the view of the default AP group.
Examples
# Create an AP grouping rule by MAC addresses for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] mac-address 0AC1-F9B2-B1C2
Related commands
wlan ap-group
mac-address (AP view)
Use mac-address to specify the MAC address for an AP.
Use undo mac-address to restore the default.
Syntax
Default
No MAC address is specified for an AP.
Views
AP view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the MAC address for an AP, in H-H-H format.
Usage guidelines
Changing or deleting the MAC address of an AP terminates the CAPWAP tunnel if the AP has established a CAPWAP tunnel with the AC. Then the AP will reestablish a CAPWAP tunnel with the AC.
Examples
# Set the MAC address of AP ap1 to 0001-0000-0000.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] mac-address 0001-0000-0000
power-level default
|
NOTE: Support for this command depends on the AP model. |
Use power-level default to set the default input power level for an AP in case the AP cannot obtain its input power level.
Use undo power-level default to restore the default.
Syntax
power-level default { high | low | middle }
undo power-level default
Default
In AP view, an AP uses the configuration in AP group's AP model view.
In AP group's AP model view, the default input power level of an AP is middle.
Views
AP view
AP group's AP model view
Predefined user roles
network-admin
Parameters
high: Specifies the high default input power level.
low: Specifies the low default input power level.
middle: Specifies the middle default input power level.
Usage guidelines
Configure this command for an AP in case the AP cannot obtain its input power level at startup.
The power level of an AP can be high, middle, or low. An AP automatically performs power supply mode detection to obtain its input power level at startup. If the AP fails to obtain the input power level, it operates at the low input power level before associating with an AC. After the association, it operates at the configured default input power level.
The following table shows the relationship between the AP's power supply mode and input power level:
Power supply mode |
Input power level |
· Power adapter. · Multiple PoE+ ports. · Combination of PoE and PoE+ ports. |
High |
· Single PoE+ port · Multiple PoE ports |
Middle |
Single PoE port |
Low |
An AP's support for MIMO modes and USB interfaces varies by power level, as shown in Table 14.
Table 14 AP's support for MIMO modes and USB interfaces
Input power level |
MIMO modes |
Whether USB interfaces can be enabled |
High |
1×1, 2×2, 3×3, and 4×4. |
Yes. |
Middle |
1×1, 2×2, 3×3, and 4×4. |
Yes when the MIMO mode is 1×1 or 2×2. |
Low |
1×1. |
No. |
The configuration in AP view takes precedence over the configuration in AP group's AP model view.
Examples
# Set the default input power level to high for AP ap1 in AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA510H-WW
[Sysname-wlan-ap-ap1] power-level default high
# Set the default input power level to high in AP model view of AP group g1.
<Sysname> system-view
[Sysname] wlan ap-group g1
[Sysname-wlan-ap-group-g1] ap-model WA510H-WW
[Sysname-wlan-ap-group-g1-ap-model-WA510H-WW] power-level default high
priority
Use priority to set the AP connection priority for the AC.
Use undo priority to restore the default.
Syntax
priority priority
undo priority
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the AP connection priority for the AC is 4.
Views
AP view
AP group view
Predefined user roles
Parameters
priority: Specifies the AP connection priority for the AC, in the range of 0 to 7. A larger value represents a higher connection priority.
Usage guidelines
The AP prefers to establish a CAPWAP tunnel with an AC that has higher connection priority.
The AP connection priority only takes effect during AC discovery.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the AP connection priority for the AC to 7 for AP ap3.
[Sysname] wlan ap ap3 model WA536-WW
[Sysname-wlan-ap-ap3] priority 7
# Set the AP connection priority for the AC to 7 for AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] priority 7
provision
Use provision to enable AP preprovisioning and enter AP provision view, or enter AP provision view. if AP preprovisioning is already enabled.
Use undo provision to disable AP preprovisioning.
Syntax
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, AP preprovisioning is disabled.
Views
AP view
AP group view
Predefined user roles
Usage guidelines
AP preprovisioning allows you to configure network settings for APs on the AC. The AC automatically assigns these settings to the APs.
If you disable AP preprovisioning, network settings configured on the AC will be deleted. However, the operation does not affect the network settings already assigned to the APs.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable AP preprovisioning and enter AP provision view of AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs]
# Enable AP preprovisioning and enter AP group provision view of AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group1-prvs]
provision auto-recovery
Use provision auto-recovery enable to enable auto loading of preprovisioned settings.
Use provision auto-recovery disable to disable auto loading of preprovisioned settings.
Use undo provision auto-recovery to restore the default.
Syntax
provision auto-recovery { disable | enable }
undo provision auto-recovery
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, auto loading of preprovisioned settings is enabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
Auto loading of preprovisioned settings ensures successful CAPWAP tunnel establishment between AP and AC. An AP uses the following procedure to discover an AC when you enable this feature:
1. Uses the preprovisioned settings to discover an AC that has the AP's manual or auto AP configuration.
2. Reboots and uses other methods to discover ACs if AC discovery fails.
3. Reboots and uses the preprovisioned settings again to discover ACs if the AP still fails to discover the target AC.
This AC discovery process will be repeated until the AP discovers the target AC to establish a CAPWAP tunnel.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Disable auto loading of preprovisioned settings for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-ap-ap1] provision auto-recovery disable
# Disable auto loading of preprovisioned settings for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision auto-recovery disable
provision auto-update
Use provision auto-update enable to enable auto assignment of preprovisioned settings.
Use provision auto-update disable to disable auto assignment of preprovisioned settings.
Use undo provision auto-update to restore the default.
Syntax
provision auto-update { disable | enable }
undo provision auto-update
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, auto assignment of preprovisioned settings is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
This command enables the AC to automatically assign preprovisioned settings to an AP so that the AP can use the preprovisioned settings to come online.
This command applies only to offline APs. To deploy preprovisioned settings to online APs, use the save wlan ap provision command.
The preprovisioned settings in AP provision view has higher priority than the preprovisioned settings in AP group provision view.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable auto assignment of preprovisioned settings for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-ap-ap1] provision auto-update enable
# Enable auto assignment of preprovisioned settings for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision auto-update enable
reset wlan ap
Use reset wlan ap to reset all APs or the specified AP.
Syntax
reset wlan ap { all | ap-group group-name | model model-name | name ap-name }
Views
User view
Predefined user roles
Parameters
all: Specifies all APs connected to the AC.
ap-group group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.
model model-name: Specifies an AP model by model name.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command terminates the CAPWAP tunnel between the AP and the AC and deletes all connection information about the AP.
Examples
# Reset AP ap1.
<Sysname> reset wlan ap name ap1
Reset the AP that has established or is to establish a primary tunnel with the AC. Continue? [Y/N]:
reset wlan ap provision
Use reset wlan ap provision to delete configuration file wlan_ap_prvs.xml from all APs or the specified AP.
Syntax
reset wlan ap provision { all | name ap-name }
Views
Any view
Predefined user roles
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command takes effect only on APs that have established CAPWAP tunnels with the master AC and are in Run state.
For this command to take effect on an AP, restart the AP after execution.
Examples
# Delete the configuration file wlan_ap_prvs.xml of AP ap1.
<Sysname> reset wlan ap provision name ap1
reset wlan ap reboot-log
Use reset wlan ap reboot-log to clear the reboot logs of all APs or the specified AP.
Syntax
reset wlan ap reboot-log { all | name ap-name }
Views
User view
Predefined user roles
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Clear the reboot logs of AP ap1.
<Sysname> reset wlan ap reboot-log name ap1
Related commands
display wlan ap reboot-log
reset wlan tunnel latency ap
Use reset wlan tunnel latency ap to clear tunnel latency information for all APs or the specified AP.
Syntax
reset wlan tunnel latency ap { all | name ap-name }
Views
User view
Predefined user roles
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command takes effect only on APs that have established tunnels with the master AC and are in Run state.
Examples
# Clear tunnel latency information for AP ap1.
<Sysname> reset wlan tunnel latency ap name ap1
Related commands
· display wlan tunnel latency ap name
· tunnel latency-detect
retransmit-count
Use retransmit-count to set the maximum number of AC request retransmission attempts.
Use undo retransmit-count to restore the default.
Syntax
retransmit-count value
undo retransmit-count
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the maximum number of AC request retransmission attempts is 3.
Views
AP view
AP group view
Predefined user roles
Parameters
value: Specifies the maximum number of AC request retransmission attempts, in the range of 2 to 5.
Usage guidelines
The AC transmits a request sent to an AP at the retransmission interval until the maximum number of request retransmission attempts is reached or a response is received.
Requests sent by the AC to an AP include the following types:
· Image Data Request.
· Configuration Update Request.
· Reset Request.
· Data Transfer Request.
· IEEE 802.11 WLAN Configuration Request.
· Station Configuration Request.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the maximum number of AC request retransmission attempts to 4 for AP ap3.
[Sysname] wlan ap ap3 model WA536-WW
[Sysname-wlan-ap-ap3] retransmit-count 4
# Set the maximum number of AC request retransmission attempts to 4 for APs in AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] retransmit-count 4
Related commands
retransmit-interval
retransmit-interval
Use retransmit-interval to set the request retransmission interval for the AC to retransmit requests to an AP.
Use undo retransmit-interval to restore the default.
Syntax
retransmit-interval interval
undo retransmit-interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the request retransmission interval is 5 seconds.
Views
AP view
AP group view
Predefined user roles
Parameters
interval: Specifies the request retransmission interval in the range of 3 to 8 seconds.
Usage guidelines
Requests sent by the AC to an AP include the following types:
· Image Data Request.
· Configuration Update Request.
· Reset Request.
· Data Transfer Request.
· IEEE 802.11 WLAN Configuration Request.
· Station Configuration Request.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the request retransmission interval to 6 seconds for the AC to send requests to AP ap3.
[Sysname] wlan ap ap3 model WA536-WW
[Sysname-wlan-ap-ap3] retransmit-interval 6
# Set the request retransmission interval to 6 seconds for the AC to send requests to APs in AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] retransmit-interval 6
Related commands
retransmit-count
save wlan ap provision
Use save wlan ap provision to deploy the provision configuration to all APs or the specified AP.
Syntax
save wlan ap provision { all | name ap-name }
Views
Any view
Predefined user roles
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command saves the added or modified preprovisioned settings to the configuration file wlan_ap_prvs.xml.
This command takes effect only on online APs that have established tunnels with the master AC.
This command has the same effect as the reset wlan ap provision command if no AP preprovisioned settings exist.
Preprovisioned settings configured in provision view take effect immediately when you execute the save wlan ap provision command.
Cancellations of preprovisioned settings in provision view do not take effect when you execute the save wlan ap provision command. For the cancellations to take effect on an AP, restart the AP.
Examples
# Save the configuration in AP provision view to configuration file wlan_ap_prvs.xml on AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ac ip 192.168.0.1
[Sysname-wlan-ap-ap1-prvs] save wlan ap provision name ap1
serial-id (AP group view)
Use serial-id to create an AP grouping rule by serial IDs.
Use undo serial-id to delete an AP grouping rule by serial IDs.
Syntax
serial-id serial-id
undo serial-id serial-id
Default
No AP grouping rules by serial IDs are configured.
Views
AP group view
Predefined user roles
network-admin
Parameters
serial-id: Specifies an AP serial ID, a case-insensitive string of 1 to 63 characters.
Usage guidelines
This command does not identify whether the specified AP exists.
You can configure multiple AP grouping rules by serial IDs.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
If an AP grouping rule already exists in an AP group, this command deletes the rule from the AP group.
You cannot execute this command in the view of the default AP group.
Examples
# Create an AP grouping rule by serial IDs for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] serial-id 219801A1NQB117012935
Related commands
wlan ap-group
serial-id (AP view)
Use serial-id to specify the serial ID for an AP.
Use undo serial-id to restore the default.
Syntax
serial-id serial-id
undo serial-id
Default
No serial ID is specified for an AP.
Views
AP view
Predefined user roles
Parameters
serial-id: Specifies the serial ID for an AP, a case-insensitive string of 1 to 63 characters.
Usage guidelines
Changing or deleting the serial ID of an AP terminates the CAPWAP tunnel if the AP has established a CAPWAP tunnel with an AC. Then the AP will reestablish a CAPWAP tunnel with an AC.
Examples
# Set the serial ID of AP ap1 to 219801A1NQB117012935.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-ap-ap1] serial-id 219801A1NQB117012935
snmp-agent trap enable wlan ap
Use snmp-agent trap enable wlan ap to enable SNMP notifications for AP management.
Use undo snmp-agent trap enable wlan ap to restore the default.
Syntax
snmp-agent trap enable wlan ap
undo snmp-agent trap enable wlan ap
Default
SNMP notifications are disabled for AP management.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical AP management events to an NMS, enable SNMP notifications for AP management. For AP management event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notifications for AP management.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan ap
snmp-agent trap enable wlan capwap
Use snmp-agent trap enable wlan capwap to enable SNMP notifications for CAPWAP.
Use undo snmp-agent trap enable wlan capwap to restore the default.
Syntax
snmp-agent trap enable wlan capwap
undo snmp-agent trap enable wlan capwap
Default
SNMP notifications are disabled for CAPWAP.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical CAPWAP events to an NMS, enable SNMP notifications for CAPWAP For CAPWAP event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notifications for CAPWAP.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan capwap
statistics-interval
Use statistics-interval to set the statistics report interval for an AP to send statistics reports to the AC.
Use undo statistics-interval to restore the default.
Syntax
statistics-interval interval
undo statistics-interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the statistics report interval is 50 seconds.
Views
AP view
AP group view
Predefined user roles
Parameters
interval: Specifies the statistics report interval in the range of 0 to 240 seconds. To disable statistics report for an AP, set the statistics report interval to 0.
Usage guidelines
Execute this command to change the interval for an AP to report its statistics. You can use these statistics to monitor the operating status of radios on the AP.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the statistics reports interval to 10 seconds for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] statistics-interval 10
# Set the statistics reports interval to 10 seconds for APs in AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] statistics-interval 10
tunnel latency-detect
Use tunnel latency-detect to configure CAPWAP tunnel latency detection.
Syntax
tunnel latency-detect { start | stop }
Default
CAPWAP tunnel latency detection is not started.
Views
AP view
Predefined user roles
Parameters
start: Starts CAPWAP tunnel latency detection.
stop: Stops CAPWAP tunnel latency detection.
Usage guidelines
CAPWAP tunnel latency detection enables an AC to detect the transmission latency of CAPWAP control frames or data frames from an AP to the AC and back.
When an AP goes offline, CAPWAP tunnel latency detection automatically stops. When the AP comes online again, you need to execute the tunnel latency-detect start command to start CAPWAP tunnel latency detection.
The tunnel latency-detect start command takes effect only on APs that have established CAPWAP tunnels with the master AC and are in Run state.
Examples
# Start CAPWAP tunnel latency detection for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] tunnel latency-detect start
Related commands
· display wlan tunnel latency ap name
· reset wlan tunnel latency ap
usb
|
NOTE: Support for this command depends on the AP model. |
Use usb enable to enable USB interfaces on APs.
Use usb disable to disable USB interfaces on APs.
Use undo usb to restore the default.
Syntax
usb { disable | enable }
undo usb
Default
In AP view, an AP uses the configuration in AP group's AP model view.
In AP group's AP model view, USB interfaces are disabled.
Views
AP view
AP group's AP model view
Predefined user roles
network-admin
Usage guidelines
This command takes effect on an AP only when either of the following requirements is met:
· The power level of the AP is high.
· The power level of the AP is middle and the MIMO mode is 1×1 or 2×2.
For information about power levels, see "power-level default." For information about MIMO modes, see radio management in WLAN Configuration Guide.
The configuration in AP view takes precedence over the configuration in AP group's AP model view.
Examples
# Enable USB interfaces in AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA510H-WW
[Sysname-wlan-ap-ap1] usb enable
# Enable USB interfaces in AP model view of AP group g1.
<Sysname> system-view
[Sysname] wlan ap-group g1
[Sysname-wlan-ap-group-g1] ap-model WA510H-WW
[Sysname-wlan-ap-group-g1-ap-model-WA510H-WW] usb enable
Related commands
power-level default
wlan ap
Use wlan ap to create an AP and enter AP view.
Use undo wlan ap to delete an AP.
Syntax
wlan ap ap-name [ model model-name ]
undo wlan ap ap-name
Default
No manual AP exists.
Views
System view
Predefined user roles
Parameters
ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
model model-name: Specifies the model name of the AP. You must specify the model name when you create an AP.
Usage guidelines
If the specified AP already exists, the wlan ap command enters AP view.
If the specified AP has established a CAPWAP tunnel, the undo wlan ap command also terminates the tunnel.
Examples
# Create AP ap1 with model WA536-WW.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1]
wlan apdb
Use wlan apdb to configure the mapping between a software version and a hardware version of an AP model.
Use undo wlan apdb to restore the default.
Syntax
wlan apdb model-name hardware-version software-version
undo wlan apdb model-name hardware-version
Default
The software version for a hardware version of an AP model is the software version that is stored in APDB user scripts.
Views
System view
Predefined user roles
network-admin
Parameters
model-name: Specifies an AP model name in the APDB.
hardware-version: Specifies a hardware version in the APDB.
software-version: Specifies an AP software version, a case-insensitive string of 1 to 31 characters.
Usage guidelines
|
CAUTION: To avoid CAPWAP tunnel establishment failure, use this command under the guidance of H3C Support. |
This command is used together with the software upgrade feature for software version consistency check during software upgrade.
Use this command only when the software version you expect for an AP is inconsistent with the software version specified for the AP model stored in the APDB.
Examples
# Configure the mapping between software version E2108 and hardware version Ver.C of AP model WA536-WW.
<Sysname> system-view
[Sysname] wlan apdb WA536-WW Ver.C E2108
Related commands
firmware-upgrade
wlan apdb file
Use wlan apdb file to load an APDB user script.
Use undo wlan apdb file to delete an APDB user script.
Syntax
Default
No APDB user script is loaded.
Views
System view
Predefined user roles
Parameters
user.apdb: Specifies an APDB user profile by its name, a case-sensitive string of 1 to 63 characters. apdb is the filename extension.
Usage guidelines
When you load an APDB user script, follow these restrictions and guidelines:
· Make sure the user script is valid. Invalid scripts can cause loading failure.
· The AP models in the user script must be different from the AP models in the system script.
· If you load multiple user scripts on the AC, the most recently loaded user script overwrites the old user scripts.
· If you rename the user script in the file system, reload the user script to prevent AP model configuration in the user script from being lost after an AC reboot.
· If you replace the user script with a new user script in the file system, reload the new user script. If the new user script does not include AP model information saved in the replaced user script, the AP model information will be lost after an AC reboot.
· If you delete a user script in the file system, the AP model configuration in the user script will be lost after an AC reboot.
If an old user script already exists, follow these restrictions and guidelines when you load an APDB user script:
· If a manual AP or an online auto AP whose model is listed in the old user script exists ,you can load a new user script only when you delete the corresponding AP model information on the AC.
· If APs of an AP model listed in the old user script have been added to an AP group, you can load a new user script only when you remove the APs from the AP group.
· If the old user script includes an AP model whose software version was already configured, you can load a new user script only when you use the wlan apdb command to restore the original software version.
Examples
# Load user script user.apdb.
[Sysname] wlan apdb file user.apdb
wlan apdb
wlan ap-group
Use wlan ap-group to create an AP group.
Use undo wlan ap-group to delete an AP group.
Syntax
Default
The default AP group default-group exists.
Views
System view
Predefined user roles
Parameters
group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
If the specified AP group exists, this command enters the AP group view.
The default AP group cannot be deleted.
Examples
# Create an AP group with name group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1]
Related commands
wlan auto-ap enable
Use wlan auto-ap enable to enable the auto AP feature.
Use undo wlan auto-ap enable to disable the auto AP feature.
Syntax
wlan auto-ap enable
undo wlan auto-ap enable
Default
The auto AP feature is disabled.
Views
System view
Predefined user roles
Usage guidelines
This command enables an AP to connect to an AC without manual AP configuration. It simplifies configuration when you deploy a large number of APs in a WLAN.
To configure an auto AP, you must use auto-AP persistence to convert the auto AP to a manual AP or configure it through an AP group.
Examples
# Enable the auto AP feature.
[Sysname] wlan auto-ap enable
wlan auto-ap persistent
Use wlan auto-ap persistent to convert online auto APs to manual APs.
Syntax
wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ] }
Views
System view
Predefined user roles
Parameters
all: Specifies all online auto APs. If you specify this keyword, the command converts all online auto APs to manual APs with their names unchanged.
auto-ap-name: Specifies an online auto AP.
new-ap-name: Specifies a new name for the AP, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-). If you do not specify this argument, the converted manual AP uses the name of the auto AP.
Examples
# Convert the auto AP whose MAC address is 0001-ab12-cd36 to manual AP ap2.
[Sysname] wlan auto-ap persistent name 0001-ab12-cd36 ap2
wlan auto-persistent enable
Use wlan auto-persistent enable to enable auto AP conversion to convert auto APs automatically to manual APs after they come online.
Use undo wlan auto-persistent enable to restore the default.
Syntax
undo wlan auto-persistent enable
Default
Auto AP conversion is disabled.
Views
System view
Predefined user roles
Usage guidelines
This command takes effect only on auto APs that come online after you execute this command. For auto APs that are already online, use the wlan auto-ap persistent command to convert them to manual APs.
Examples
# Enable auto AP conversion.
[Sysname] wlan auto-persistent enable
wlan capwap discovery-policy unicast
Use wlan capwap discovery-policy unicast to enable an AC to respond only to unicast discovery requests.
Use undo wlan capwap discovery-policy to restore the default.
Syntax
wlan capwap discovery-policy unicast
undo wlan capwap discovery-policy
Default
An AC can respond to unicast, multicast, and broadcast discovery requests.
Views
System view
Predefined user roles
Examples
# Enable the AC to respond only to unicast discovery requests.
[Sysname] wlan capwap discovery-policy unicast
wlan detect-anomaly enable
Use wlan detect-anomaly enable to enable service anomaly detection.
Use undo wlan detect-anomaly enable to disable service anomaly detection.
Syntax
wlan detect-anomaly enable
undo wlan detect-anomaly enable
Default
Service anomaly detection is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Perform this task on the master AC in an IRF fabric.
This feature enables an AC to check service status and start a 10-minute timer upon detecting that no APs are associated with the AC.
When the timer expires, the AC performs either of the following operations:
· Restarts if no AP is online.
· Deletes the timer if a minimum of one AP is online.
If APs come online and then all go offline before the timer expires, the AC restarts the 10-minute timer upon detecting that the last online AP goes offline.
As a best practice, enable this feature for an AC to recover automatically in case of service anomaly.
Examples
# Enable service anomaly detection.
<Sysname> system-view
[Sysname] wlan detect-anomaly enable
wlan global-configuration
Use wlan global-configuration to enter global configuration view.
Syntax
Views
System view
Predefined user roles
Usage guidelines
The configuration priorities for an AP in AP view, AP group view, and global configuration view are in descending order. If no settings are configured in one view, the settings in the view with a lower priority are used. If no settings are configured in any one of the three views, the AP uses the default configuration in the view that has the lowest priority.
Examples
# Enter global configuration view.
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration]
wlan image-load filepath
Use wlan image-load filepath to specify the preferred location for the AC to obtain an AP image file for software version assignment.
Use undo wlan image-load filepath to restore the default.
Syntax
wlan image-load filepath { local | ram }
undo wlan image-load filepath
Default
The AC prefers the AP image file stored in the RAM when assigning a software version to APs.
Views
System view
Predefined user roles
network-admin
Parameters
local: Specifies the local folder as the preferred location to obtain an AP image file. If no AP image file exists on the local folder, the AC obtains the AP image file from the RAM. If no AP image file exists on the RAM, the AC fails to obtain an AP image file.
ram: Specifies the RAM as the preferred location to obtain an AP image file. If no AP image file exists on the RAM, the AC obtains the AP image file from the local folder. If no AP image file exists on the local folder, the AC fails to obtain an AP image file.
Usage guidelines
The AC image file contains AP image files. The AC reads the AP image files into the RAM when it starts.
Specify the local keyword only when the following conditions are met:
· The required AP image file is not contained in the AC's image file.
· The software version an AP uses when it comes online has been specified using the wlan apdb command.
When you specify the local keyword, make sure the AC uses a CF card as the default file system and the AP image file is stored in the root directory of the file system on the AC.
The AC can assign only .ipe AP image files to APs.
Examples
# Specify the local folder as the preferred location to obtain an AP image file for AP software version assignment.
<Sysname> system-view
[Sysname] wlan image-load filepath local
wlan re-group
Use wlan re-group to move an AP grouping rule or a list of AP grouping rules to the specified AP group.
Syntax
Views
System view
Predefined user roles
Parameters
ap ap-name: Specifies an AP grouping rule by AP names.
ap-group old-group-name: Specifies the source AP group. The source AP group cannot be the default AP group.
mac-address mac-address: Specifies an AP grouping rule by MAC addresses.
serial-id serial-id: Specifies an AP grouping rule by serial IDs.
group-name: Specifies the target AP group. The target AP group cannot be the default AP group.
Examples
# Create AP group group1, and create AP grouping rules by AP names to add APs ap1, ap2, and ap3 to AP group group1.
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap ap1 ap2 ap3
[Sysname-wlan-ap-group-group1] quit
# Create an AP group named group2, and move an AP grouping rule by AP names to AP group group2.
[Sysname] wlan ap-group group2
[Sysname-wlan-ap-group-group2] quit
[Sysname] wlan re-group ap ap1 group2
wlan rename-ap
Use wlan rename-ap to rename a manual AP.
Syntax
wlan rename-ap ap-name new-ap-name
Views
System view
Predefined user roles
Parameters
ap-name: Specifies a manual AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
new-ap-name: Specifies a new AP name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Change the name of AP ap1 to ap1-office.
[Sysname] wlan rename-ap ap1 ap1-office
wlan tcp mss
Use wlan tcp mss to set the maximum TCP segment size (MSS) for CAPWAP tunnels.
Use undo wlan tcp mss to restore the default.
Syntax
wlan tcp mss value
undo wlan tcp mss
Default
The TCP MSS is 1460 bytes for CAPWAP tunnels.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the TCP MSS in bytes in the range of 128 to 2048.
Usage guidelines
This command sets the value of the MSS option in SYN packets transmitted over a CAPWAP tunnel.
The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the size of a TCP segment is smaller than or equal to the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, TCP fragments the segment based on the receiver's MSS.
Examples
# Set the TCP MSS to 2000 bytes for CAPWAP tunnels.
<Sysname> system-view
[Sysname] wlan tcp mss 2000
Radio management commands
a-mpdu
Use a-mpdu enable to enable the A-MPDU aggregation method.
Use a-mpdu disable to disable the A-MPDU aggregation method.
Use undo a-mpdu to restore the default.
Syntax
a-mpdu { disable | enable }
undo a-mpdu
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the A-MPDU aggregation method is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Disable the A-MPDU aggregation method for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] a-mpdu disable
# Disable the A-MPDU aggregation method for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] a-mpdu disable
a-msdu
Use a-msdu enable to enable the A-MSDU aggregation method.
Use a-msdu disable to disable the A-MSDU aggregation method.
Use undo a-msdu to restore the default.
Syntax
a-msdu { disable | enable }
undo a-msdu
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the A-MSDU aggregation method is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The device can receive but cannot send A-MSDUs.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Disable the A-MSDU aggregation method for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] a-msdu disable
# Disable the A-MSDU aggregation method for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] a-msdu disable
ani
Use ani enable to enable Adaptive Noise Immunity (ANI).
Use ani disable to disable ANI.
Use undo ani to restore the default.
Syntax
ani { disable | enable }
undo ani
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, ANI is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
ANI enables the device to adjust the anti-noise level based on the environment to reduce interference from the surrounding environment.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] ani enable
# Enable ANI for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] ani enable
antenna type
Use antenna type to set the antenna type for an AP.
Use undo antenna type to restore the default.
Syntax
antenna type antenna-type
undo antenna type
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the default antenna type for an AP varies by device model.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
antenna-type: Specifies an antenna type, a string of 1 to 10 characters. Antenna types supported by an AP vary by device model.
Usage guidelines
If an AP uses a third-party antenna, you must set the antenna type to the type of antenna that the AP uses.
The antenna gain automatically changes after you set the antenna type to ensure that the transmit power is within the correct range.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the antenna type to internal for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] antenna type internal
# Set the antenna type to internal for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] antenna type internal
ap-model
Use ap-model to create an AP model and enter its view.
Use undo ap-model to remove an AP model and all its configuration.
Syntax
ap-model ap-model
undo ap-model ap-model
Default
No AP model exists.
Views
AP group view
Predefined user roles
network-admin
Parameters
ap-model: Specifies an AP model by its name.
Examples
# Create the AP model WA536-WW.
<System> system-view
[System] wlan ap-group group1
[System-wlan-ap-group-group1] ap-model WA536-WW
[System-wlan-ap-group-group1-ap-model-WA536-WW]
auto-channel european-gap enable
Use auto-channel european-gap enable to configure 2.4 GHz radios to use the European gap for auto channel selection.
Use undo auto-channel european-gap enable to restore the default.
Syntax
auto-channel european-gap enable
undo auto-channel european-gap enable
Default
2.4 GHz radios use non-European channel gap 5 to automatically select channels 1, 6, and 11.
Views
Global configuration view
Predefined user roles
network-admin
Usage guidelines
Configure this command for 2.4 GHz radios to use European channel gap 6 to automatically select channels 1, 7, and 13.
Examples
# Configure 2.4 GHz radios to use the European channel gap for auto channel selection.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] auto-channel european-gap enable
Examples
channel
beacon-interval
Use beacon-interval to set the beacon interval.
Use undo beacon-interval to restore the default.
Syntax
beacon-interval interval
undo beacon-interval
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the beacon interval is 100 Time Units (TUs).
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
interval: Specifies the beacon interval in the range of 32 to 8191 TUs.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the beacon interval to 1000 TUs for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] beacon-interval 1000
# Set the beacon interval to 1000 TUs for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] beacon-interval 1000
channel
Use channel to specify a working channel for a radio.
Use undo channel to restore the default.
Syntax
channel { channel-number | auto { lock | unlock } }
undo channel [ auto ]
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, an AP automatically selects a channel for the radio and the channel is unlocked.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
channel-number: Specifies a channel by its number. The value range for this argument varies by country code and radio mode.
auto lock: Configures the AP to automatically select a channel for a radio and lock the channel.
auto unlock: Configures the AP to automatically select a channel for a radio and not lock the channel.
Usage guidelines
When radar signals are detected on the working channel of a radio, either of the following cases occurs:
· If the channel is a manually specified channel, the radio changes its channel, and switches back to the specified channel after 30 minutes and then starts the quiet timer. If no radar signals are detected within the quiet time, the radio starts to use the channel. If radar signals are detected within the quiet time, the radio changes its channel.
· If the channel is an automatically assigned channel, the radio changes its channel.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Specify the working channel 149 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] channel 149
# Specify the working channel 149 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel 149
channel auto-select
Use channel auto-select to configure the channel selection blacklist or whitelist.
Use undo channel auto-select to remove the specified channels from the channel selection blacklist or whitelist.
Syntax
channel auto-select { blacklist | whitelist } channel-number
undo channel auto-select { blacklist | whitelist } { all | channel-number }
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, no channel selection blacklist or whitelist exists.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
blacklist: Adds channels to the channel selection blacklist. An AP will not select channels in the blacklist.
whitelist: Adds channels to the channel selection whitelist. An AP will only select channels in the whitelist.
channel-number: Specifies channels by their channel numbers. The value range for this argument varies by country code and radio mode.
all: Specifies all channels in the channel selection blacklist or whitelist.
Usage guidelines
You cannot configure both the channel selection blacklist and whitelist for the same AP.
This command takes effect only on APs operating in auto channel selection mode.
Examples
# Add channels 149, 153, and 157 to the channel selection whitelist for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] channel auto-select whitelist 149 153 157
# Add channels 149, 153, and 157 to the channel selection whitelist for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel auto-select whitelist 149 153 157
Related commands
channel
channel band-width
Use channel band-width to set the bandwidth mode.
Use undo channel band-width to restore the default.
Syntax
channel band-width { 20 | 40 [ auto-switch ] | 80 }
undo channel band-width
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the bandwidth mode is 80 MHz for 802.11ac radios, 20 MHz for 802.11gac radios, 40 MHz for 802.11an radios, and 20 MHz for 802.11gn radios.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
20: Sets the bandwidth mode to 20 MHz.
40: Sets the bandwidth mode to 40 MHz.
80: Sets the bandwidth mode to 80 MHz.
auto-switch: Allows a radio to switch its bandwidth mode between 20 MHz and 40 MHz. This keyword is applicable only to 802.11gn and 802.11gac radios.
Usage guidelines
This command is applicable only to 802.11n, 802.11ac and 802.11gac radios. When you change the mode of a radio, the default setting of this command for the new radio mode is restored.
If the bandwidth mode is set to 40 MHz, the radio uses the 40 MHz bandwidth if two adjacent channels that can be bound together exist. If there are no adjacent channels that can be bound together, the radio uses the 20 MHz bandwidth.
If the bandwidth mode is set to 80 MHz, the radio uses the 80 MHz bandwidth if adjacent channels that can be bound together exist. If adjacent channels can be bound to an 80 MHz channel do not exist, but two adjacent channels that can be bound to a 40 MHz channel exist, the 40 MHz bandwidth is used. If no adjacent channels can be bound together, the radio uses the 20 MHz bandwidth.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the bandwidth mode to 40 MHz for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] channel band-width 40
# Set the bandwidth mode to 40 MHz for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel band-width 40
channel-usage measure
Use channel-usage measure to perform on-demand channel usage measurement.
Syntax
channel-usage measure
Views
Radio view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to scan supported channels and display the channel usage after scanning. It takes about one second to scan a channel.
Examples
# Perform on-demand channel usage measurement on radio 2 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] channel-usage measure
Please wait......Done.
Channel Usage
1 63%
2 61%
3 55%
4 45%
5 64%
6 74%
7 66%
8 48%
9 35%
10 38%
11 54%
12 30%
13 72%
client dot11ac-only
Use client dot11ac-only enable to allow access for only 802.11ac clients.
Use client dot11ac-only disable to disable the feature.
Use undo client dot11ac-only to restore the default.
Syntax
client dot11ac-only { disable | enable }
undo client dot11ac-only
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, 802.11ac radios accept 802.11a, 802.11an, and 802.11ac clients, and 802.11gac radios accept 802.11b, 802.11gn, and 802.11gac clients.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.
To enable a radio to accept 802.11a/b/g/n and 802.11ac clients, you must disable this feature on the radio.
Configuring this command on a radio will cause non-802.11ac clients that are associated with the radio to go offline.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Allow access for only 802.11ac clients for AP ap1.
<System> system-view
[System] wlan ap ap1 model WA536-WW
[System-wlan-ap-ap1] radio 1
[System-wlan-ap-ap1-radio-1] type dot11ac
[System-wlan-ap-ap1-radio-1] client dot11ac-only enable
# Allow access for only 802.11ac clients for APs with model WA536-WW in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA536-WW
[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] client dot11ac-only enable
Related commands
dot11ac mandatory maximum-nss
client dot11b-forbidden
Use client dot11b-forbidden enable to configure a radio to reject 802.11b clients.
Use client dot11b-forbidden disable to configure a radio to accept 802.11b clients.
Use undo client dot11b-forbidden to restore the default.
Syntax
client dot11b-forbidden { disable | enable }
undo client dot11b-forbidden
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, a radio accepts 802.11b clients.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
Enabling an 802.11g or 802.11gn radio to reject 802.11b clients reduces the impact of low-speed 802.11b clients and speeds up wireless data transmission.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Configure AP ap1 to reject 802.11b clients.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] client dot11b-forbidden enable
# Configure APs with model WA536-WW in AP group apgroup1 to reject 802.11b clients.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-model-WA536-WW-radio-1] client dot11b-forbidden enable
client dot11n-only
Use client dot11n-only enable to allow access for only 802.11n and 802.11ac clients.
Use client dot11n-only disable to disable the feature.
Use undo client dot11n-only to restore the default.
Syntax
client dot11n-only { disable | enable }
undo client dot11n-only
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, 802.11an radios accept 802.11a, 802.11an, and 802.11ac clients. 802.11gn radios accept 802.11b/g and 802.11gn clients. 802.11ac radios accept 802.11a, 802.11an, and 802.11ac clients. 802.11gac radios accept 802.11b/g, 802.11gn, and 802.11gac clients.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
To enable a radio to accept 802.11a/b/g, 802.11n, and 802.11ac clients, you must disable this feature on the radio.
Configuring this command on a radio will cause 802.11a/b/g clients that are associated with the radio to go offline.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Allow access for only 802.11n and 802.11ac clients for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] client dot11n-only enable
# Allow access for only 802.11n and 802.11ac clients for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client dot11n-only enable
client max-count
Use client max-count to set the maximum number of clients that can associate with an AP.
Use undo client max-count to restore the default.
Syntax
client max-count max-number
undo client max-count
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, no limit is set for the number of clients that can associate with an AP.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of clients that can associate with an AP. The value range for this argument varies by AP model.
Usage guidelines
When the maximum number of clients is reached on an AP, the AP stops accepting new clients.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum number of clients that can associate with an AP to 38 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] client max-count 38
# Set the maximum number of clients that can associate with an AP to 38 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client max-count 38
continuous-mode
Use continuous-mode to enable the continuous mode for a radio.
Use undo continuous-mode to restore the default.
Syntax
continuous-mode { mcs mcs-index | nss nss-index vht-mcs vhtmcs-index | rate rate-value }
undo continuous-mode
Default
The continuous mode is disabled.
Views
Radio view
Predefined user roles
network-admin
Parameters
mcs mcs-index: Specifies the MCS index in the range of 0 to 76. This option applies only to 802.11n, 802.11ac, and 802.11gac radios.
nss nss-index vht-mcs vhtmcs-index: Specifies the VHT-MCS index. The value ranges for the nss-index and vhtmcs-index arguments are 1 to 8 and 0 to 9, respectively. This option applies only to 802.11ac and 802.11gac radios.
rate rate-value: Specifies the transmit rate in Mbps. This option applies to all radio types.
Usage guidelines
This feature is used for network testing only. Do not use it under any other circumstances.
It enables continuous data packet sending at the specified rate. When the feature is enabled, do not perform any other operations except changing the transmit rate.
Examples
# Enable the continuous mode and set the transmit rate to 6 Mbps.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] continuous-mode rate 6
Related commands
display wlan ap continuous-mode
custom-antenna gain
|
IMPORTANT: This command is applicable only when an AP uses a third-party antenna. |
Use custom-antenna gain to set the antenna gain.
Use undo custom-antenna gain to restore the default.
Syntax
custom-antenna gain antenna-gain
undo custom-antenna gain
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the antenna gain is 0 dBi.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
antenna-gain: Specifies the antenna gain in the range of 0 to 20 dBi.
Usage guidelines
If an AP uses a third-party antenna, you must set the antenna gain to the gain of the antenna that the AP uses.
Effective Isotropic Radiated Power (EIRP) is the actual transmit power of an antenna, and it is the sum of the antenna gain and the maximum transmit power of the radio. If the configured antenna gain causes the EIRP to exceed the threshold, the antenna gain configuration fails.
Changing the radio mode automatically changes the antenna gain.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the antenna gain to 2 dBi for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] custom-antenna gain 2
# Set the antenna gain to 2 dBi for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] custom-antenna gain 2
display wlan ap continuous-mode
Use display wlan ap continuous-mode to display information about the continuous mode.
Syntax
display wlan ap continuous-mode { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display information about the continuous mode for radios on AP ap1.
<Sysname> display wlan ap continuous-mode name ap1
AP name Radio ID Radio type Rate Mcs-Index Nss Vht-mcs
ap1 1 802.11a 6 N/A N/A N/A
Table 15 Command output
Field |
Description |
Mcs-Index |
MCS index. |
Nss |
NSS index. |
Vht-mcs |
VHT-MCS index. |
Related commands
continuous-mode
display wlan ap radio
Use display wlan ap radio to display AP radio information.
Syntax
display wlan ap { all | name ap-name } radio [ frequency-band { 5 | 2.4 } ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
frequency-band: Specifies a frequency band.
5: Specifies the 5 GHz frequency band.
2.4: Specifies the 2.4 GHz frequency band.
Examples
# Display radio information for all APs.
<Sysname> display wlan ap all radio
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 256
Remaining APs: 255
Total AP licenses: 128
Remaining AP licenses: 127
AP name RID State Channel Usage TxPower Clients
(%) (dBm)
ap1 1 Up 149(auto) 10 20 5
ap1 2 Up 11(auto) 15 20 10
# Display 2.4 GHz radio information for AP ap1.
<Sysname> display wlan ap name ap1 radio frequency-band 2.4
AP name RID State Channel Usage TxPower Clients
(%) (dBm)
ap1 2 Up 11(auto) 15 20 15
Table 16 Command output
Field |
Description |
Total number of connected WTUs |
Total number of connected WTUs. This field is not supported in the current software version. |
Total number of inside APs |
Total number of inside APs. This field is not supported in the current software version. |
Maximum supported APs |
Maximum number of supported APs. |
Remaining APs |
Remaining number of supported APs. The value equals the number of maximum supported APs minus the number of connected common APs. |
Total AP licenses |
Total number of AP licenses. |
Remaining AP licenses |
Number of remaining AP licenses. Each WA536-WW AP occupies one AP license. |
State |
Radio state: · Up. · Down. |
Usage |
Channel usage. |
TxPower (dBm) |
Transmission power. By default, the maximum supported power is used to transmit packets. |
Clients |
Number of online clients. |
display wlan ap radio channel
Use display wlan ap radio channel to display radio channel information.
Syntax
display wlan ap { all | name ap-name } radio channel
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display radio channel information for AP ap3.
<Sysname> display wlan ap name ap3 radio channel
AP name RID Channel Band-width CenterFreq
(MHz)
ap3 1 36(auto) 20/40/80/160/(80+80) 42/58
ap3 2 149 20/40/80 155
ap3 3 11(auto) 20 0
Table 17 Command output
Field |
Description |
Band-width (MHz) |
Supported channel bandwidth. |
CenterFreq |
Central frequencies. This field is available only when the supported channel bandwidth reaches 80 MHz. This field displays the central frequencies for both the main and the secondary channels when 160 MHz or 80+80 MHz bandwidth is supported. |
display wlan ap radio type
Use display wlan ap radio type to display radio type information.
Syntax
display wlan ap { all | name ap-name } radio type
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display radio type information for AP ap1.
<Sysname> display wlan ap name ap1 radio type
AP name RID AP state Radio state Radio type
ap1 1 Up Up 802.11n(5GHz)
ap1 2 Up Down 802.11n(2.4GHz)
Table 18 Command output
Field |
Description |
AP state |
AP state: · Up—The AP has established a CAPWAP tunnel with the AC. · Down—The AP has not established a CAPWAP tunnel with the AC. |
Radio state |
Radio state: · Up. · Down. |
display wlan ap radio-statistics
Use display wlan ap radio-statistics to display radio statistics.
Syntax
display wlan ap { all | name ap-name } radio-statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters.
Examples
# Display radio statistics for AP ap1.
<Sysname> display wlan ap name ap1 radio-statistics
Radio Statistics
--------------------------------------------------------------------------------
AP name: ap1 Radio ID: 1
--------------------------------------------------------------------------------
Transmitted frame statistics:
Total frames : 836532
Total frame bytes : 214040681
Unicast frames : 4
Unicast frame bytes : 900
Broadcast/Multicast frames : 836528
Broadcast/Multicast frame bytes : 214039781
Other frames : 0
Other frame bytes : 0
Discarded frames : 0
Failed RTS frames : 0
Retransmissions : 6
Successful RTS frames : 0
Retransmitted frames : 3
No-ACK frames : 1555
Authentication frames : 1
Association frames : 1
Packet statistics by size:
Smaller than or equal to 128 : 747
Between 128 and 512 (inclusive) : 85983
Between 512 and 1024 (inclusive) : 0
Larger than 1024 : 0
Packet statistics by rate:
1 Mbps : 0 2 Mbps : 0
5.5 Mbps : 0 6 Mbps : 0
9 Mbps : 0 11 Mbps : 0
12 Mbps : 0 18 Mbps : 0
24 Mbps : 880 36 Mbps : 0
48 Mbps : 0 54 Mbps : 0
Packet statistics by 802.11n rate:
6.5 Mbps : 0 7.2 Mbps : 0
13 Mbps : 0 13.5 Mbps : 0
14.4 Mbps : 0 15 Mbps : 0
19.5 Mbps : 0 21.7 Mbps : 0
26 Mbps : 0 27 Mbps : 0
28.9 Mbps : 0 29.3 Mbps : 0
30 Mbps : 0 32.5 Mbps : 0
39 Mbps : 0 40.5 Mbps : 0
43.3 Mbps : 0 45 Mbps : 0
52 Mbps : 0 54 Mbps : 0
57.8 Mbps : 0 58.5 Mbps : 0
60 Mbps : 0 65 Mbps : 0
72.2 Mbps : 0 78 Mbps : 1
81 Mbps : 0 86.7 Mbps : 0
87.8 Mbps : 0 90 Mbps : 0
97.5 Mbps : 0 104 Mbps : 3
108 Mbps : 0 115.6 Mbps : 0
117 Mbps : 0 120 Mbps : 0
121.5 Mbps : 0 130 Mbps : 0
135 Mbps : 0 144.4 Mbps : 0
150 Mbps : 0 156 Mbps : 0
162 Mbps : 0 173.3 Mbps : 0
175.5 Mbps : 0 180 Mbps : 0
195 Mbps : 0 200 Mbps : 0
216 Mbps : 0 216.7 Mbps : 0
234 Mbps : 0 240 Mbps : 0
243 Mbps : 0 260 Mbps : 0
263.3 Mbps : 0 270 Mbps : 0
288.9 Mbps : 0 292.5 Mbps : 0
300 Mbps : 0 324 Mbps : 0
325 Mbps : 0 351 Mbps : 0
360 Mbps : 0 364.5 Mbps : 0
390 Mbps : 0 400 Mbps : 0
405 Mbps : 0 433.3 Mbps : 0
450 Mbps : 0 468 Mbps : 0
486 Mbps : 0 520 Mbps : 0
526.5 Mbps : 0 540 Mbps : 0
585 Mbps : 0 600 Mbps : 0
650 Mbps : 0 702 Mbps : 0
780 Mbps : 0 866.7 Mbps : 0
877.5 Mbps : 0 975 Mbps : 0
1053 Mbps : 0 1170 Mbps : 0
1300 Mbps : 0
--------------------------------------------------------------------------------
Received frame statistics:
Total frames : 420815
Total frame bytes : 24112652
Unicast frames : 585
Unicast frame bytes : 15357
Broadcast/Multicast frames : 420230
Broadcast/Multicast frame bytes : 24097295
Fragmented frames : 0
Duplicate frames : 0
FCS failures : 474471639
Decryption errors : 0
Authentication frames : 1
Association frames : 1
Packet statistics by size:
Smaller than or equal to 128 : 420759
Between 128 and 512 (inclusive) : 54
Between 512 and 1024 (inclusive) : 0
Larger than 1024 : 0
Packet statistics by rate:
6 Mbps : 420115 9 Mbps : 0
12 Mbps : 0 18 Mbps : 0
24 Mbps : 0 36 Mbps : 1
48 Mbps : 0 54 Mbps : 2
Packet statistics by 802.11n rate:
6.5 Mbps : 0 7.2 Mbps : 0
13 Mbps : 0 13.5 Mbps : 0
14.4 Mbps : 0 15 Mbps : 0
19.5 Mbps : 0 21.7 Mbps : 0
26 Mbps : 0 27 Mbps : 0
28.9 Mbps : 0 29.3 Mbps : 0
30 Mbps : 0 32.5 Mbps : 0
39 Mbps : 0 40.5 Mbps : 0
43.3 Mbps : 0 45 Mbps : 0
52 Mbps : 1 54 Mbps : 2
57.8 Mbps : 0 58.5 Mbps : 17
60 Mbps : 0 65 Mbps : 10
72.2 Mbps : 0 78 Mbps : 48
81 Mbps : 0 86.7 Mbps : 70
87.8 Mbps : 0 90 Mbps : 0
97.5 Mbps : 0 104 Mbps : 87
108 Mbps : 0 115.6 Mbps : 170
117 Mbps : 130 120 Mbps : 0
121.5 Mbps : 0 130 Mbps : 140
135 Mbps : 0 144.4 Mbps : 22
150 Mbps : 0 156 Mbps : 0
162 Mbps : 0 173.3 Mbps : 0
175.5 Mbps : 0 180 Mbps : 0
195 Mbps : 0 200 Mbps : 0
216 Mbps : 0 216.7 Mbps : 0
234 Mbps : 0 240 Mbps : 0
243 Mbps : 0 260 Mbps : 0
263.3 Mbps : 0 270 Mbps : 0
288.9 Mbps : 0 292.5 Mbps : 0
300 Mbps : 0 324 Mbps : 0
325 Mbps : 0 351 Mbps : 0
360 Mbps : 0 364.5 Mbps : 0
390 Mbps : 0 400 Mbps : 0
405 Mbps : 0 433.3 Mbps : 0
450 Mbps : 0 468 Mbps : 0
486 Mbps : 0 520 Mbps : 0
526.5 Mbps : 0 540 Mbps : 0
585 Mbps : 0 600 Mbps : 0
650 Mbps : 0 702 Mbps : 0
780 Mbps : 0 866.7 Mbps : 0
877.5 Mbps : 0 975 Mbps : 0
1053 Mbps : 0 1170 Mbps : 0
1300 Mbps : 0
--------------------------------------------------------------------------------
Radio Statistics
--------------------------------------------------------------------------------
AP name: ap1 Radio ID: 2
--------------------------------------------------------------------------------
Transmitted frame statistics:
Total frames : 13134
Total frame bytes : 3259997
Unicast frames : 11
Unicast frame bytes : 3518
Broadcast/Multicast frames : 13123
Broadcast/Multicast frame bytes : 3256479
Other frames : 0
Other frame bytes : 0
Discarded frames : 0
Failed RTS frames : 0
Retransmissions : 58
Successful RTS frames : 0
Retransmitted frames : 11
No-ACK frames : 7541
Authentication frames : 14
Association frames : 8
Packet statistics by size:
Smaller than or equal to 128 : 1020
Between 128 and 512 (inclusive) : 11386
Between 512 and 1024 (inclusive) : 0
Larger than 1024 : 0
Packet statistics by rate:
1 Mbps : 0 2 Mbps : 0
5.5 Mbps : 0 6 Mbps : 0
9 Mbps : 0 11 Mbps : 1121
12 Mbps : 0 18 Mbps : 0
24 Mbps : 0 36 Mbps : 0
48 Mbps : 0 54 Mbps : 0
Packet statistics by 802.11n rate:
6.5 Mbps : 3 7.2 Mbps : 0
13 Mbps : 1 13.5 Mbps : 0
14.4 Mbps : 0 15 Mbps : 0
19.5 Mbps : 4 21.7 Mbps : 0
26 Mbps : 0 27 Mbps : 0
28.9 Mbps : 0 29.3 Mbps : 0
30 Mbps : 0 32.5 Mbps : 0
39 Mbps : 1 40.5 Mbps : 0
43.3 Mbps : 0 45 Mbps : 0
52 Mbps : 0 54 Mbps : 0
57.8 Mbps : 0 58.5 Mbps : 0
60 Mbps : 0 65 Mbps : 0
72.2 Mbps : 0 78 Mbps : 0
81 Mbps : 0 86.7 Mbps : 0
87.8 Mbps : 0 90 Mbps : 0
97.5 Mbps : 0 104 Mbps : 1
108 Mbps : 0 115.6 Mbps : 0
117 Mbps : 1 120 Mbps : 0
121.5 Mbps : 0 130 Mbps : 0
135 Mbps : 0 144.4 Mbps : 0
150 Mbps : 0 156 Mbps : 0
162 Mbps : 0 173.3 Mbps : 0
175.5 Mbps : 0 180 Mbps : 0
195 Mbps : 0 200 Mbps : 0
216 Mbps : 0 216.7 Mbps : 0
234 Mbps : 0 240 Mbps : 0
243 Mbps : 0 260 Mbps : 0
263.3 Mbps : 0 270 Mbps : 0
288.9 Mbps : 0 292.5 Mbps : 0
300 Mbps : 0 324 Mbps : 0
325 Mbps : 0 351 Mbps : 0
360 Mbps : 0 364.5 Mbps : 0
390 Mbps : 0 400 Mbps : 0
405 Mbps : 0 433.3 Mbps : 0
450 Mbps : 0 468 Mbps : 0
486 Mbps : 0 520 Mbps : 0
526.5 Mbps : 0 540 Mbps : 0
585 Mbps : 0 600 Mbps : 0
650 Mbps : 0 702 Mbps : 0
780 Mbps : 0 866.7 Mbps : 0
877.5 Mbps : 0 975 Mbps : 0
1053 Mbps : 0 1170 Mbps : 0
1300 Mbps : 0
--------------------------------------------------------------------------------
Received frame statistics:
Total frames : 32156
Total frame bytes : 3076192
Unicast frames : 1613
Unicast frame bytes : 102957
Broadcast/Multicast frames : 30543
Broadcast/Multicast frame bytes : 2973235
Fragmented frames : 0
Duplicate frames : 2
FCS failures : 9978084
Decryption errors : 0
Authentication frames : 14
Association frames : 8
Packet statistics by size:
Smaller than or equal to 128 : 25327
Between 128 and 512 (inclusive) : 6097
Between 512 and 1024 (inclusive) : 0
Larger than 1024 : 0
Packet statistics by rate:
1 Mbps : 28718 2 Mbps : 1895
5.5 Mbps : 284 6 Mbps : 29
9 Mbps : 12 11 Mbps : 0
12 Mbps : 10 18 Mbps : 24
24 Mbps : 11 36 Mbps : 5
48 Mbps : 4 54 Mbps : 0
Packet statistics by 802.11n rate:
6.5 Mbps : 45 7.2 Mbps : 0
13 Mbps : 53 13.5 Mbps : 0
14.4 Mbps : 0 15 Mbps : 0
19.5 Mbps : 120 21.7 Mbps : 0
26 Mbps : 136 27 Mbps : 0
28.9 Mbps : 0 29.3 Mbps : 0
30 Mbps : 0 32.5 Mbps : 0
39 Mbps : 59 40.5 Mbps : 0
43.3 Mbps : 0 45 Mbps : 0
52 Mbps : 17 54 Mbps : 0
57.8 Mbps : 0 58.5 Mbps : 20
60 Mbps : 0 65 Mbps : 4
72.2 Mbps : 0 78 Mbps : 0
81 Mbps : 0 86.7 Mbps : 0
87.8 Mbps : 0 90 Mbps : 0
97.5 Mbps : 0 104 Mbps : 0
108 Mbps : 0 115.6 Mbps : 0
117 Mbps : 0 120 Mbps : 0
121.5 Mbps : 0 130 Mbps : 0
135 Mbps : 0 144.4 Mbps : 0
150 Mbps : 0 156 Mbps : 0
162 Mbps : 0 173.3 Mbps : 0
175.5 Mbps : 0 180 Mbps : 0
195 Mbps : 0 200 Mbps : 0
216 Mbps : 0 216.7 Mbps : 0
234 Mbps : 0 240 Mbps : 0
243 Mbps : 0 260 Mbps : 0
263.3 Mbps : 0 270 Mbps : 0
288.9 Mbps : 0 292.5 Mbps : 0
300 Mbps : 0 324 Mbps : 0
325 Mbps : 0 351 Mbps : 0
360 Mbps : 0 364.5 Mbps : 0
390 Mbps : 0 400 Mbps : 0
405 Mbps : 0 433.3 Mbps : 0
450 Mbps : 0 468 Mbps : 0
486 Mbps : 0 520 Mbps : 0
526.5 Mbps : 0 540 Mbps : 0
585 Mbps : 0 600 Mbps : 0
650 Mbps : 0 702 Mbps : 0
780 Mbps : 0 866.7 Mbps : 0
877.5 Mbps : 0 975 Mbps : 0
1053 Mbps : 0 1170 Mbps : 0
1300 Mbps : 0
---------------------------------------------------------------------------------
Table 19 Command output
Field |
Description |
Transmitted frame statistics |
|
Total frames |
Total number of transmitted frames, including probe responses and beacon frames. |
Total frame bytes |
Total bytes of transmitted frames, including probe responses and beacon frames. |
Unicast frames |
Total number of transmitted unicast frames, excluding probe responses. |
Unicast frame bytes |
Total bytes of transmitted unicast frames, excluding probe responses. |
Broadcast/Multicast frames |
Total number of transmitted broadcast and multicast frames, excluding beacon frames. |
Broadcast/Multicast frame bytes |
Total bytes of transmitted broadcast and multicast frames, excluding beacon frames. |
Others frames |
Total number of other transmitted frames. |
Others frame bytes |
Total bytes of other transmitted frames. |
Packet statistics by rate |
Total number of packets classified by 802.11a/b/g rates. |
Packet statistics by 802.11n rate |
Total number of packets classified by 802.11n rates. This field is not available if the device does not support 802.11n. |
Received frame statistics |
|
Total frames |
Total number of received frames. |
Total frame bytes |
Total bytes of received frames. |
Unicast frames |
Total number of received unicast frames. |
Unicast frame bytes |
Total bytes of received unicast frames. |
Broadcast/Multicast frames |
Total number of received broadcast and multicast frames. |
Broadcast/Multicast frame bytes |
Total bytes of received broadcast and multicast frames. |
Total number of received fragmented frames. |
|
FCS failures |
Total number of received packets with FCS failures. |
Decryption errors |
Total number of received packets with decryption errors. |
distance
Use distance to set the maximum transmission distance.
Use undo distance to restore the default.
Syntax
distance distance
undo distance
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the maximum transmission distance is 1 km (0.62 miles).
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
distance: Specifies the maximum transmission distance in the range of 1 to 40 km (0.62 to 24.86 miles).
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum transmission distance to 5 km (3.11 miles) for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] distance 5
# Set the maximum transmission distance to 5 km (3.11 miles) for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] distance 5
dot11ac mandatory maximum-nss
Use dot11ac mandatory maximum-nss to set the maximum mandatory NSS.
Use undo dot11ac mandatory maximum-nss to restore the default.
Syntax
dot11ac mandatory maximum-nss nss-number
undo dot11ac mandatory maximum-nss
Default
In radio view, the default settings are as follows:
· If the maximum supported NSS is set, no maximum mandatory NSS is set.
· If the maximum supported NSS is not set, the radio uses the configuration in AP group view.
In AP group radio view, no maximum mandatory NSS is set.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
nss-number: Specifies the maximum mandatory NSS in the range of 1 to 8.
Usage guidelines
This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.
The maximum mandatory NSS cannot be greater than the maximum supported NSS.
After you modify the maximum mandatory NSS, clients that are associated with the radio and that do not support the modified NSS will go offline.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum mandatory NSS to 7 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11ac
[Sysname-wlan-ap-ap1-radio-1] dot11ac mandatory maximum-nss 7
# Set the maximum mandatory NSS to 7 for APs with model WA536-WW in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA536-WW
[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11ac
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] dot11ac mandatory maximum-nss 7
Related commands
dot11ac support maximum-nss
dot11ac multicast-nss
Use dot11ac multicast-nss to set the multicast NSS and specify a VHT-MCS index.
Use undo dot11ac multicast-nss to restore the default.
Syntax
dot11ac multicast-nss nss-number vht-mcs index
undo dot11ac multicast-nss
Default
In radio view, the default settings are as follows:
· If the maximum supported NSS or the maximum mandatory NSS is set, no multicast NSS is set.
· If neither the maximum supported NSS nor the maximum mandatory NSS is set, the radio uses the configuration in AP group view.
In AP group radio view, no multicast NSS is set.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
nss-number: Specifies the multicast NSS in the range of 1 to 8.
Index: Specifies a VHT-MCS index in the range of 0 to 9.
Usage guidelines
This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.
Before configuring this command, you must configure the dot11ac mandatory maximum-nss command.
The multicast NSS cannot be greater than the maximum mandatory NSS.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum mandatory NSS, multicast NSS, and VHT-MCS index for AP 1 to 2, 2, and 2, respectively.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11ac
[Sysname-wlan-ap-ap1-radio-1] dot11ac mandatory maximum-nss 2
[Sysname-wlan-ap-ap1-radio-1] dot11ac multicast-nss 2 vht-mcs 2
# Set the maximum mandatory NSS, multicast NSS, and VHT-MCS index for APs with model WA536-WW in AP group 1 to 2, 2, and 2, respectively.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA536-WW
[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] dot11ac mandatory maximum-nss 2
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] dot11ac multicast-nss 2 vht-mcs 2
Related commands
dot11ac mandatory maximum-nss
dot11ac support maximum-nss
Use dot11ac support maximum-nss to set the maximum supported NSS.
Use undo dot11ac support maximum-nss to restore the default.
Syntax
dot11ac support maximum-nss nss-number
undo dot11ac support maximum-nss
Default
In radio view, the default settings are as follows:
· If the maximum mandatory NSS is set, the maximum supported NSS is 8.
· If the maximum mandatory NSS is not set, the radio uses the configuration in AP group view.
In AP group radio view, the maximum supported NSS is 8.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
nss-number: Specifies the maximum supported NSS in the range of 1 to 8.
Usage guidelines
This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.
The maximum supported NSS cannot be smaller than the maximum mandatory NSS.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum supported NSS to 7 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11ac
[Sysname-wlan-ap-ap1-radio-1] dot11ac support maximum-nss 7
# Set the maximum supported NSS to 7 for APs with model WA536-WW in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA536-WW
[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11ac
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] dot11ac support maximum-nss 7
Related commands
dot11ac mandatory maximum-nss
dot11g protection
Use dot11g protection enable to enable 802.11g protection.
Use dot11g protection disable to disable 802.11g protection.
Use undo dot11g protection to restore the default.
Syntax
dot11g protection { disable | enable }
undo dot11g protection
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, 802.11g protection is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11g, 802.11n (2.4 GHz), and 802.11gac radios. If you change the mode of a radio to a mode other than 802.11g, 802.11n (2.4 GHz), or 802.11gac, 802.11g protection configuration is removed.
802.11g or 802.11n devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11b signals are detected on the channel.
802.11g protection automatically takes effect when 802.11b clients associate with an 802.11g, 802.11n (2.4 GHz), or 802.11gac AP.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable 802.11g protection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] type dot11gn
[Sysname-wlan-ap-ap1-radio-2] dot11g protection enable
# Enable 802.11g protection for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 2
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-2] type dot11gn
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-2] dot11g protection enable
Related commands
protection-mode
dot11n mandatory maximum-mcs
Use dot11n mandatory maximum-mcs to set the maximum mandatory MCS index.
Use undo dot11n mandatory maximum-mcs to restore the default.
Syntax
dot11n mandatory maximum-mcs index
undo dot11n mandatory maximum-mcs
Default
In radio view, the default settings are as follows:
· If the maximum supported MCS index is set, no maximum mandatory MCS index is set.
· If the maximum supported MCS index is not set, the radio uses the configuration in AP group view.
In AP group radio view, no maximum mandatory MCS index is set.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
index: Specifies the maximum mandatory MCS index in the range of 0 to 76.
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
Before configuring the dot11n multicast-mcs command, you must set the maximum mandatory MCS index.
After you modify the maximum mandatory MCS index, clients that are associated with the radio and that do not support the modified MCS index will go offline.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum mandatory MCS index to 14 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] dot11n mandatory maximum-mcs 14
# Set the maximum mandatory MCS index to 14 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n mandatory maximum-mcs 14
dot11n multicast-mcs
Use dot11n multicast-mcs to set the multicast MCS index.
Use undo dot11n multicast-mcs to restore the default.
Syntax
dot11n multicast-mcs index
undo dot11n multicast-mcs
Default
In radio view, the default settings are as follows:
· If the maximum mandatory MCS index or the maximum supported MCS index is set, no multicast MCS index is set.
· If neither the maximum mandatory MCS index nor the maximum supported MCS index is set, the radio uses the configuration in AP group view.
In AP group radio view, no multicast MCS index is set.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
index: Specifies the multicast MCS index in the range of 0 to 76.
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The multicast MCS index takes effect only when 802.11n clients exist.
If 802.11a/b/g clients exist, the AP and clients use the 802.11a/b/g multicast rate to multicast packets.
The multicast MCS index maps to a rate in 20 MHz bandwidth mode regardless of whether the bandwidth mode is 20 MHz or 40 MHz.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the multicast MCS index to 14 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] dot11n mandatory maximum-mcs 14
[Sysname-wlan-ap-ap1-radio-1] dot11n multicast-mcs 14
# Set the multicast MCS index to 14 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n mandatory maximum-mcs 14
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n multicast-mcs 14
dot11n protection
Use dot11n protection enable to enable 802.11n protection.
Use dot11n protection disable to disable 802.11n protection.
Use undo dot11n protection to restore the default.
Syntax
dot11n protection { disable | enable }
undo dot11n protection
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, 802.11n protection is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. If you change the mode of a radio to a mode other than 802.11n, 802.11ac, and 802.11gac, the 802.11n protection configuration is removed.
802.11n devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11a/b/g signals are detected on the channel.
802.11n protection automatically takes effect when 802.11a/b/g clients associate with an 802.11n, 802.11ac, or 802.11gac AP.
The configuration in radio view takes precedence over the configuration in AP group radio view.
|
NOTE: 802.11n devices refer to 802.11n and 802.11ac devices. |
Examples
# Enable 802.11n protection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] dot11n protection enable
# Enable 802.11n protection for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n protection enable
Related commands
protection-mode
dot11n support maximum-mcs
Use dot11n support maximum-mcs to set the maximum supported MCS index.
Use undo dot11n support maximum-mcs to restore the default.
Syntax
dot11n support maximum-mcs index
undo dot11n support maximum-mcs
Default
In radio view, the default settings are as follows:
· If the maximum mandatory MCS index is set, the maximum supported MCS index is 76.
· If the maximum mandatory MCS index is not set, the radio uses the configuration in AP group view.
In AP group radio view, the maximum supported MCS index is 76.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
index: Specifies the maximum supported MCS index in the range of 0 to 76.
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The maximum supported MCS index cannot be smaller than the maximum mandatory MCS index.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum supported MCS index to 14 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] dot11n support maximum-mcs 14
# Set the maximum supported MCS index to 14 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dot11n support maximum-mcs 14
dtim
Use dtim to set the DTIM (Delivery Traffic Indication Map) interval.
Use undo dtim to restore the default.
Syntax
dtim counter
undo dtim
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the DTIM interval is 1, and the AP sends buffered broadcast and multicast frames after every beacon frame.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
counter: Specifies the DTIM interval in the range of 1 to 31.
Usage guidelines
An AP periodically broadcasts a beacon compliant with the Delivery Traffic Indication Map (DTIM). After the AP broadcasts the beacon, it sends buffered broadcast and multicast frames based on the value of the DTIM interval. For example, if you set the DTIM interval to 5, the AP sends buffered broadcast and multicast frames every five beacon frames.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the DTIM interval to 5 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] dtim 5
# Set the DTIM interval to 5 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] dtim 5
fragment-threshold
Use fragment-threshold to set the frame fragmentation threshold.
Use undo fragment-threshold to restore the default.
Syntax
fragment-threshold size
undo fragment-threshold
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the fragmentation threshold is 2346 bytes.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
size: Specifies the fragmentation threshold in the range of 256 to 2346 bytes. The value for this argument must be an even number.
Usage guidelines
Frames larger than the fragmentation threshold are fragmented before transmission. Frames smaller than the fragmentation threshold are transmitted without fragmentation.
In a WLAN with great interference, decrease the fragmentation threshold to improve the network throughput and efficiency
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the fragmentation threshold to 2048 bytes for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] fragment-threshold 2048
# Set the fragmentation threshold to 2048 bytes for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] fragment-threshold 2048
green-energy-management
Use green-energy-management enable to enable the energy saving feature.
Use green-energy-management disable to disable the energy saving feature.
Use undo green-energy-management to restore the default.
Syntax
green-energy-management { disable | enable }
undo green-energy-management
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the energy saving feature is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
After you enable the energy saving feature, the multiple-input and multiple-output (MIMO) mode of a radio automatically changes to 1x1 if no clients associate with the radio. This reduces power consumption.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable the energy saving feature for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] green-energy-management enable
# Enable the energy saving feature for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] green-energy-management enable
ldpc
Use ldpc enable to enable LDPC.
Use ldpc disable to disable LDPC.
Use undo ldpc to restore the default.
Syntax
ldpc { disable | enable }
undo ldpc
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, LDPC is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The device can receive but cannot send LDPC packets.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Disable LDPC for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] ldpc disable
# Disable LDPC for APs with model WA536-WW in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA536-WW
[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] ldpc disable
long-retry threshold
Use long-retry threshold to set the maximum number of hardware retransmissions for large frames.
Use undo long-retry threshold to restore the default.
Syntax
long-retry threshold count
undo long-retry threshold
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the maximum number of hardware retransmissions is 4 for large frames.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum number of hardware retransmissions for large frames, in the range of 1 to 15.
Usage guidelines
Perform this task to set the maximum number of hardware retransmissions for frames larger than the RTS threshold.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum number of hardware retransmissions for large frames to 5 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] long-retry threshold 5
# Set the maximum number of hardware retransmissions for large frames to 5 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] long-retry threshold 5
Related commands
protection-threshold
short-retry threshold
max-power
Use max-power to set the maximum transmit power.
Use undo max-power to restore the default.
Syntax
max-power radio-power
undo max-power
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, an AP uses the maximum supported transmit power.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
radio-power: Specifies the maximum transmit power. The value range for this argument varies by AP model.
Usage guidelines
The transmit power range supported by a radio varies by country code, channel, AP model, radio mode, antenna type, and bandwidth mode. If you change these attributes for a radio after you set the maximum transmit power, the configured maximum transmit power might be out of the supported transmit power range. If this happens, the system automatically adjusts the maximum transmit power to a valid value.
If you enable power lock, the locked power becomes the maximum transmit power.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum transmit power to 15 dBm for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] max-power 15
# Set the maximum transmit power to 15 dBm for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] max-power 15
mimo
Use mimo to specify a MIMO mode for a radio.
Use undo mimo to restore the default.
Syntax
mimo { 1x1 | 2x2 | 3x3 | 4x4 }
undo mimo
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the default setting varies by AP model.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
1x1: Sends and receives signals through one spatial stream.
2x2: Sends and receives signals through two spatial streams.
3x3: Sends and receives signals through three spatial streams.
4x4: Sends and receives signals through four spatial streams.
Usage guidelines
MIMO enables a radio to send and receive wireless signals through multiple spatial streams to improve system capacity and spectrum usage without requiring higher bandwidth.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the MIMO mode to 2x2 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] mimo 2x2
# Set the MIMO mode to 2x2 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] mimo 2x2
mu-txbf
|
NOTE: Support for this command depends on the AP model. |
Use mu-txbf enable to enable multi-user transmit beamforming (TxBF).
Use mu-txbf disable to disable multi-user TxBF.
Use undo mu-txbf to restore the default.
Syntax
mu-txbf { disable | enable }
undo mu-txbf
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, multi-user TxBF is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.
TxBF enables an AP to adjust transmitting parameters based on the channel information to focus RF signals on intended clients. This feature improves the RF signal quality.
Multi-user TxBF is part of 802.11ac Wave2. Multi-user TxBF enables an AP to focus different RF signals on their intended clients to reduce interference and transmission delay. This improves traffic throughput and bandwidth usage. Multi-user TxBF is applicable to WLANs that have a large number of clients and require high bandwidth usage and low transmission delay.
Multi-user TxBF takes effect only when single-user TxBF is enabled.
As a best practice, do not modify the default MIMO settings for an AP enabled with multi-user TxBF.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable multi-user TxBF for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] su-txbf enable
[Sysname-wlan-ap-ap1-radio-1] mu-txbf enable
# Enable multi-user TxBF for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] su-txbf enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] mu-txbf enable
Related commands
mimo
su-txbf
power-lock
Use power-lock enable to enable power lock.
Use power-lock disable to disable power lock.
Use undo power-lock to restore the default.
Syntax
power-lock { disable | enable }
undo power-lock
Default
· In radio view, a radio uses the configuration in AP group view.
· In AP group radio view, power lock is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
If you enable power lock, the current power is locked and becomes the maximum transmit power. The locked power still takes effect after the AC restarts.
If a radio enabled with power lock switches to a new channel that provides lower power than the locked power, the maximum power supported by the new channel takes effect.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable power lock for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] power-lock enable
# Enable power lock for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] power-lock enable
preamble
Use preamble to set the preamble type.
Use undo preamble to restore the default.
Syntax
preamble { long | short }
undo preamble
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the short preamble is used.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
long: Specifies a long preamble. A long preamble ensures compatibility with all wireless devices of early models.
short: Specifies a short preamble. A short preamble can improve network performance.
Usage guidelines
This command is applicable only to 802.11b, 802.11g, and 802.11gn radios.
A preamble is a set of bits in a packet header to synchronize transmission signals between sender and receiver.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the preamble type to long for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] preamble long
# Set the preamble type to long for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 2
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-2] preamble long
protection-mode
Use protection-mode to specify a collision avoidance mode.
Use undo protection-mode to restore the default.
Syntax
protection-mode { cts-to-self | rts-cts }
undo protection-mode
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the CTS-to-self mode is used.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
cts-to-self: Specifies the CTS-to-self mode.
rts-cts: Specifies the RTS/CTS mode.
Usage guidelines
You can specify either of the following collision avoidance modes for an AP:
· RTS/CTS—An AP sends an RTS packet to a client before sending data to the client. After receiving the RTS packet, the client sends a CTS packet to the AP. The AP begins to send data after receiving the CTS packet, and other devices that detect the RTS or CTS packet do not send data within a specific time period.
· CTS-to-self—An AP sends a CTS packet with its own MAC address as the destination MAC address before sending data to a client. After receiving the CTS-to-self packet, the AP begins to send data, and other devices that detect the CTS-to-self packet do not send data within a specific time period.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Specify the RTS/CTS mode for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] protection-mode rts-cts
# Specify the RTS/CTS mode for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 2
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-2] protection-mode rts-cts
Related commands
· dot11g protection
· dot11n protection
· protection-threshold
protection-threshold
Use protection-threshold to set the RTS threshold.
Use undo protection-threshold to restore the default.
Syntax
protection-threshold size
undo protection-threshold
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the RTS threshold is 2346 bytes.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
size: Specifies the RTS threshold in the range of 0 to 2346 bytes.
Usage guidelines
The system performs collision avoidance only for packets larger than the RTS threshold.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the RTS threshold to 2048 bytes for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] protection-threshold 2048
# Set the RTS threshold to 2048 bytes for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] protection-threshold 2048
Related commands
protection-mode
radio
Use radio to enter radio view.
Syntax
radio radio-id
Views
AP view
AP group AP model view
Predefined user roles
network-admin
Parameters
radio-id: Specifies a radio by its ID. The value range for this argument varies by device model.
Examples
# Enter radio view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1]
# Enter AP group radio view.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-apgroup1-ap-model-WA536-WW] radio 1
radio
Use radio enable to enable a radio.
Use radio disable to disable a radio.
Use undo radio to restore the default.
Syntax
radio { disable | enable }
undo radio
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, a radio is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable radio 1 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] radio enable
# Enable radio 1 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] radio enable
rate
Use rate to set the transmission rates for a radio.
Use undo rate to restore the default.
Syntax
rate { multicast { auto | rate-value } | { disabled | mandatory | supported } rate-value }
undo rate
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view:
· 802.11a/802.11an/802.11ac:
? Prohibited rates—None.
? Mandatory rates—6, 12, and 24.
? Multicast rate—Selected from the mandatory rates.
? Supported rates—9, 18, 36, 48, and 54.
· 802.11b:
? Prohibited rates—None.
? Mandatory rates—1 and 2.
? Multicast rate—The maximum mandatory rate.
? Supported rates—5.5 and 11.
· 802.11g/802.11gn/802.11gac:
? Prohibited rates—None.
? Mandatory rates—1, 2, 5.5, and 11.
? Multicast rate—Selected from the mandatory rates.
? Supported rates—6, 9, 12, 18, 24, 36, 48, and 54.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
disabled: Specifies rates that cannot be used by an AP.
mandatory: Specifies rates that the clients must support to associate with an AP.
multicast: Specifies the rate at which an AP multicasts packets. The multicast rate must be selected from the mandatory rates.
supported: Specifies rates that an AP supports. After a client associates with an AP, the client can select a higher or lower rate from the supported rates to communicate with the AP.
auto: Automatically selects a mandatory rate as the multicast rate.
rate-value: Specifies the rate value in Mbps. You can set multiple rates and separate them by spaces. The available values for this argument are as follows:
· 802.11a/802.11an/802.11ac—6, 9, 12, 18, 24, 36, 48, and 54.
· 802.11b—1, 2, 5.5, and 11.
· 802.11g/802.11gn/802.11gac—1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54.
Usage guidelines
The mandatory rates and multicast rate cannot be null. When there is only one mandatory rate, you cannot specify the mandatory rate as a supported rate or prohibited rate.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rate mandatory 6 12 24
# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] rate mandatory 6 12 24
reset wlan ap radio-statistics
Use reset wlan ap radio-statistics to clear radio statistics.
Syntax
reset wlan ap { all | name ap-name } radio-statistics
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Clear radio statistics for AP ap1.
<Sysname> reset wlan ap name ap1 radio-statistics
short-gi
Use short-gi enable to enable short Guard Interval (GI).
Use short-gi disable to disable short GI.
Use undo short-gi to restore the default.
Syntax
short-gi { disable | enable }
undo short-gi
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, short GI is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Disable short GI for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] short-gi disable
# Disable short GI for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] short-gi disable
short-retry threshold
Use short-retry threshold to set the maximum number of hardware retransmissions for small frames.
Use undo short-retry threshold to restore the default.
Syntax
short-retry threshold count
undo short-retry threshold
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the maximum number of hardware retransmissions is 7 for small frames.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum number of hardware retransmissions for small frames, in the range of 1 to 15.
Usage guidelines
Perform this task to set the maximum number of hardware retransmissions for frames smaller than or equal to the RTS threshold.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum number of hardware retransmissions for small frames to 10 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] short-retry threshold 10
# Set the maximum number of hardware retransmissions for small frames to 10 for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] short-retry threshold 10
Related commands
long-retry threshold
protection-threshold
smart-antenna
Use smart-antenna enable to enable the smart antenna feature.
Use smart-antenna disable to disable the smart antenna feature.
Use undo smart-antenna to restore the default.
Syntax
smart-antenna { disable | enable }
undo smart-antenna
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the smart antenna feature is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable smart antenna for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] smart-antenna enable
# Enable smart antenna for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] smart-antenna enable
smart-antenna policy
Use smart-antenna policy to specify a smart antenna mode.
Use undo smart-antenna policy to restore the default.
Syntax
smart-antenna policy { auto | high-availability | high-throughput }
undo smart-antenna policy
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, the auto mode is used.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
auto: Specifies the auto mode. When this mode is enabled, high availability mode is used for audio and video packets, and high throughput mode is used for other packets.
high-availability: Specifies the high availability mode. This mode ensures stable bandwidth for clients and is applicable to WLANs that require stable bandwidth.
high-throughput: Specifies the high throughput mode. This mode ensures as more associations as possible and is applicable to WLANs that require high performance.
Usage guidelines
The smart antenna mode configuration takes effect only after you enable the smart antenna feature.
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the smart antenna mode to high-availability for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] smart-antenna policy high-availability
# Set the smart antenna mode to high-availability for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] smart-antenna policy high-availability
stbc
Use stbc enable to enable STBC.
Use stbc disable to disable STBC.
Use undo stbc to restore the default.
Syntax
stbc { disable | enable }
undo stbc
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, STBC is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n, 802.11ac, and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable STBC for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] stbc enable
# Enable STBC for APs with model WA536-WW in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA536-WW
[Sysname-wlan-ap-group-1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] type dot11an
[Sysname-wlan-ap-group-1-ap-model-WA536-WW-radio-1] stbc enable
su-txbf
|
NOTE: Support for this command depends on the AP model. |
Use su-txbf enable to enable single-user TxBF.
Use su-txbf disable to disable single-user TxBF.
Use undo su-txbf to restore the default.
Syntax
su-txbf { disable | enable }
undo su-txbf
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, single-user TxBF is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11ac and 802.11gac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.
Single-user TxBF enables an AP to improve the signal to one intended client. Single-user TxBF is applicable to WLANs that have widely spread clients, poor network quality, and serious signal attenuation.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable single-user TxBF for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] su-txbf enable
# Enable single-user TxBF for APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] su-txbf enable
Related commands
mimo
mu-txbf
type
Use type to specify a radio mode.
Use undo type to restore the default.
Syntax
type { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn }
undo type
Default
The default setting varies by AP model.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
dot11a: Specifies the 802.11a radio mode.
dot11ac: Specifies the 802.11ac radio mode.
dot11an: Specifies the 802.11n (5 GHz) radio mode.
dot11b: Specifies the 802.11b radio mode.
dot11g: Specifies the 802.11g radio mode.
dot11gac: Specifies the 802.11gac radio mode.
dot11gn: Specifies the 802.11n (2.4 GHz) radio mode.
Usage guidelines
|
CAUTION: Modifying the mode of an enabled radio logs off all associated clients. |
When you change the radio mode in AP group radio view, the default settings for the radio mode related commands are restored.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the radio mode to 802.11n (5 GHz) for radio 1 on AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
# Set the radio mode to 802.11n (5 GHz) for radio 1 on APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] type dot11an
wlan radio
Use wlan radio enable to enable all radios.
Use wlan radio disable to disable all radios.
Use undo wlan radio to restore the default.
Syntax
wlan radio { disable | enable }
undo wlan radio
Default
Radios are disabled unless they are already enabled in radio view or AP group radio view.
Views
System view
Predefined user roles
network-admin
Usage guidelines
|
CAUTION: This feature takes effect on all manual APs and online auto APs. |
If you execute both the wlan radio { disable | enable } command and the radio { disable | enable } command, the most recent configuration takes effect.
Examples
# Enable all radios.
<Sysname> system-view
[Sysname] wlan radio enable
Related commands
radio { disable | enable }
WLAN access commands
beacon ssid-hide
Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames.
Use undo beacon ssid-hide to restore the default.
Syntax
beacon ssid-hide
undo beacon ssid-hide
Default
The SSID is advertised in beacon frames.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command enables a radio to not carry SSIDs in the beacon frames and to not respond to probe requests after the specified service template is bound to the radio.
Examples
# Disable advertising the SSID in beacon frames.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] beacon ssid-hide
broadcast-probe reply
Use broadcast-probe reply enable to enable an AP to respond to broadcast probe requests.
Use broadcast-probe reply disable to disable an AP from responding to broadcast probe requests.
Use undo broadcast-probe reply to restore the default.
Syntax
broadcast-probe reply { disable | enable }
undo broadcast-probe reply
Default
In AP view, the AP uses the configuration in AP group view.
In AP group view, an AP responds to broadcast probe requests.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
Broadcast probe requests do not carry an SSID. Upon receiving a broadcast probe request, an AP responds with a probe response that carries service information for the AP. To ensure that clients that send unicast probe requests can associate with the AP, disable the AP from responding to broadcast probe requests.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Disable the AP ap1 from responding to broadcast probe requests.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] broadcast-probe reply disable
# Disable APs in the AP group group1 from responding to broadcast probe requests.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] broadcast-probe reply disable
classifier acl
Use classifier acl to configure a forwarding rule for a forwarding policy.
Use undo classifier acl to remove a forwarding rule.
Syntax
classifier acl { acl-number | ipv6 ipv6-acl-number } behavior { local | remote }
undo classifier acl { acl-number | ipv6 ipv6-acl-number }
Default
No forwarding rules are configured.
Views
Forwarding policy view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an IPv4 or Layer 2 ACL number in the range of 2000 to 4999.
ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 2000 to 3999.
behavior: Specifies a forwarding mode for traffic that matches the specified ACL.
local: Specifies the local forwarding mode.
remote: Specifies the centralized forwarding mode.
Usage guidelines
A forwarding rule takes effect immediately after it is created. You can configure a maximum of 1000 forwarding rules for a forwarding policy.
Examples
# Configure a forwarding rule to locally forward packets that match ACL 2000.
<sysname> system-view
[sysname] wlan forwarding-policy abc
[sysname-wlan-fp-abc] classifier acl 2000 behavior local
client association-location
Use client association-location to enable client association at the AC or APs.
Use undo client association-location to restore the default.
Syntax
client association-location { ac | ap }
undo client association-location
Default
Client association is performed at the AC.
Views
Service template view
Predefined user roles
network-admin
Parameters
ac: Enables client association at the AC.
ap: Enables client association at APs.
Usage guidelines
Make sure the service template is disabled before you execute this command.
Examples
# Enable client association at the AC.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client association-location ac
client cache aging-time
Use client cache aging-time to set the client cache aging time.
Use undo client cache aging-time to restore the default.
Syntax
client cache aging-time aging-time
undo client cache aging-time
Default
The client cache aging time is 180 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the aging time in the range of 0 to 86400 seconds. If you set the aging time to 0, the device deletes the cache information of a client immediately after the client goes offline.
Usage guidelines
Make sure the service template is disabled before you execute this command.
The client cache saves information such as the PMK list and access VLAN for clients. If a client roams to another AP before the cache aging time expires, the client can inherit the cache information. If a client does not come online before the cache aging time expires, its cache information is cleared.
Examples
# Set the client cache aging time to 100 seconds.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client cache aging-time 100
client forwarding-location
Use client forwarding-location to specify the client data traffic forwarder.
Use undo client forwarding-location to restore the default.
Syntax
client forwarding-location { ac | ap [ vlan { vlan-start [ to vlan-end ] } ] }
undo client forwarding-location
Default
The AC forwards client data traffic.
Views
Service template view
Predefined user roles
network-admin
Parameters
ac: Enables the AC to forward client data traffic.
ap: Enables APs to forward client data traffic.
vlan vlan-start to vlan-end: Specifies a VLAN ID range. The value range for the vlan-start and vlan-end arguments is 1 to 4094. If you do not specify this option, APs forward client data traffic from all VLANs.
Usage guidelines
Make sure the service template is disabled before you execute this command.
If APs forward client data traffic, you can specify a VLAN or a VLAN range for the APs to forward client data traffic from the specified VLANs. The AC forwards data traffic from other VLANs.
Make sure client traffic forwarding is enabled when the AC is configured as the client traffic forwarder.
Examples
# Configure APs to forward client data traffic from all VLANs.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client forwarding-location ap
client forwarding-policy-name
Use client forwarding-policy-name to apply a forwarding policy to a service template.
Use undo client forwarding-policy-name to remove a forwarding policy from a service template.
Syntax
client forwarding-policy-name policy-name
undo client forwarding-policy-name
Default
No forwarding policy is applied to a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
Make sure the AC and its associated APs are in different network segments.
Make sure the service template is disabled before you execute this command.
For the forwarding policy to take effect, you must enable policy-based forwarding and specify the AC to perform client authentication for the service template.
Examples
# Apply the forwarding policy strategy to service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client forwarding-policy-name strategy
Related commands
· client forwarding-policy enable
· client-security authentication-location
client forwarding-policy enable
Use client forwarding-policy enable to enable policy-based forwarding for a service template.
Use undo client forwarding-policy enable to disable policy-based forwarding for a service template.
Syntax
client forwarding-policy enable
undo client forwarding-policy enable
Default
Policy-based forwarding is disabled for a service template.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
Enable policy-based forwarding for a service template for the following forwarding policies to take effect:
· The forwarding policy applied to the service template.
· The forwarding policy applied to a user profile that uses the service template.
Examples
# Enable policy-based forwarding for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client forwarding-policy enable
Related commands
client-security authentication-location
client frame-format
Use client frame-format to set the encapsulation mode for client data frames..
Use undo client frame-format to restore the default.
Syntax
client frame-format { dot3 | dot11 }
undo client frame-format
Default
Client data frames are encapsulated in 802.3 format.
Views
Service template view
Predefined user roles
network-admin
Parameters
dot3: Configures the client data frames to be encapsulated in 802.3 format.
dot11: Configures the client data frames to be encapsulated in 802.11 format.
Usage guidelines
Make sure the service template is disabled before you execute this command.
This command takes effect only in centralized forwarding mode.
Examples
# Configure the client data frames to be encapsulated in 802.11 format.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client frame-format dot11
Related commands
client forwarding-location
client idle-timeout
Use client idle-timeout to set the client idle timeout timer.
Use undo client idle-timeout to restore the default.
Syntax
client idle-timeout interval
undo client idle-timeout
Default
In AP view, the AP uses the configuration in AP group view.
In AP group view, the client idle timeout timer is 3600 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.
Usage guidelines
If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the client idle timeout timer to 2000 seconds for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] client idle-timeout 2000
# Set the client idle timeout timer to 2000 seconds for the AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client idle-timeout 2000
client keep-alive
Use client keep-alive enable to enable client keepalive.
Use client keep-alive disable to disable client keepalive.
Use undo client keep-alive to restore the default.
Syntax
client keep-alive { disable | enable }
undo client keep-alive
Default
In AP view, the AP uses the configuration in AP group view.
In AP group view, client keepalive is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
disable: Disables client keepalive.
enable: Enables client keepalive.
Usage guidelines
This feature enables an AP to send keepalive packets to clients at the client keepalive interval to identify whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable client keepalive for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] client keep-alive enable
# Enable client keepalive for the AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client keep-alive enable
Related commands
client keep-alive interval
client keep-alive interval
Use client keep-alive interval to set the client keepalive interval.
Use undo client keep-alive interval to restore the default.
Syntax
client keep-alive interval value
undo client keep-alive interval
Default
In AP view, the AP uses the configuration in AP group view.
In AP group view, the client keepalive interval is 300 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.
Usage guidelines
Enable client keepalive before you execute this command.
This command enables an AP to send keepalive packets to clients at the client keepalive interval to identify whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the keepalive interval to 20 seconds for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] client keep-alive interval 20
# Set the keepalive interval to 20 seconds for the AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client keep-alive interval 20
Related commands
client keep-alive enable
client max-count
Use client max-count to set the maximum number of associated clients for a service template.
Use undo client max-count to restore the default.
Syntax
client max-count max-number
undo client max-count
Default
The number of associated clients for a service template is not limited.
Views
Service template view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of clients in the range of 1 to 2007.
Usage guidelines
When this feature is configured, new clients cannot access the WLAN when the maximum number is reached.
Examples
# Set the maximum number of associated clients to 38 for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client max-count 38
client preferred-vlan authorized
Use client preferred-vlan authorized to configure clients to prefer the authorization VLAN after roaming.
Use undo client preferred-vlan authorized to configure client VLANs to remain unchanged after client roaming.
Syntax
client preferred-vlan authorized
undo client preferred-vlan authorized
Default
Clients prefer the authorization VLAN after roaming.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This feature takes effect only on 802.1X and MAC authentication clients.
Typically, the VLAN of a client remains unchanged after client roaming. However, if the client triggers a security alert configured on IMC after roams to another AP, the issued authorization VLAN for user isolation takes effect.
Examples
# Configure clients to prefer the authorization VLAN after roaming.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client preferred-vlan authorized
client vlan-alloc
Use client vlan-alloc to specify the VLAN allocation method for clients.
Use undo client vlan-alloc to restore the default.
Syntax
client vlan-alloc { dynamic | static }
undo client vlan-alloc { dynamic | static }
Default
The VLAN allocation method for clients is dynamic.
Views
Service template view
Predefined user roles
network-admin
Parameters
dynamic: Specifies dynamic VLAN allocation.
static: Specifies static VLAN allocation.
Usage guidelines
When a client comes online for the first time, the radio assigns a random VLAN to it. When the client comes online again, the VLAN assigned to the client depends on the allocation method.
· Static allocation—The client inherits the VLAN that has been assigned to it. If the IP address lease has not expired, the client will use the same IP address. This method helps save IP addresses.
· Dynamic allocation—The client is re-assigned a VLAN. This method balances clients in all VLANs.
Examples
# Specify the VLAN allocation method for clients as dynamic.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client vlan-alloc dynamic
customlog format wlan
Use customlog format wlan to enable the device to generate client logs in the specified format.
Use undo customlog format wlan to restore the default.
Syntax
customlog format wlan { normal | sangfor }
undo customlog format wlan
Default
The device generates client logs only in the H3C format.
Views
System view
Predefined user roles
network-admin
Parameters
normal: Specifies normal format.
sangfor: Specifies sangfor format.
Usage guidelines
By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.
You can configure the device to generate client logs in one of the following formats:
· normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.
· sangfor—Logs AP MAC address, client IP address, and client MAC address.
This feature does not affect the generation of client logs in H3C format.
Examples
# Enable the device to generate client logs in sangfor format.
<Sysname> system-view
[Sysname] customlog format wlan sangfor
description
Use description to configure a description for a service template.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A service template does not have a description.
Views
Service template view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 64 characters.
Examples
# Configure the description as wlanst for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] description wlanst
display uplink client-rate-limit
Use display uplink client-rate-limit to display uplink client rate limit settings.
Syntax
display uplink client-rate-limit
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware series |
Model |
Uplink client rate limit compatibility |
WX1800H series |
WX1804H |
No |
WX1810H WX1820H WX1840H |
Yes |
|
WX3800H series |
WX3820H WX3840H |
No |
WX5800H series |
WX5860H |
No |
Examples
# Display uplink client rate limit settings.
<Sysname> display uplink client-rate-limit
Direction: Inbound
Status: Enabled
Mode: Static
Global CIR: 2000 kbps
User CIR: 100 kbps
Direction: Outbound
Status: Disabled
Table 20 Command output
Field |
Description |
Direction |
Client rate limit direction: · Inbound. · Outbound. |
Status |
Client rate limit status: · Enabled. · Disabled. |
Mode |
Client rate limit mode: · Dynamic. · Static. |
Global CIR |
Global CIR in kbps. |
User CIR |
Per-client CIR in kbps. |
Related commands
uplink client-rate-limit
display wlan blacklist
Use display wlan blacklist to display blacklist entries.
Syntax
display wlan blacklist { dynamic | static }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
dynamic: Specifies the dynamic blacklist.
static: Specifies the static blacklist.
Examples
# Display static blacklist entries.
<Sysname> display wlan blacklist static
Total number of clients: 3
MAC addresses:
000e-35b2-000e
0019-5b8e-b709
001c-f0bf-9c92
# Display dynamic blacklist entries.
<Sysname> display wlan blacklist dynamic
Total number of clients: 3
MAC address APID Lifetime (s) Duration (hh:mm:ss)
000f-e2cc-0001 1 300 00:02:11
000f-e2cc-0002 2 300 00:01:17
000f-e2cc-0003 3 300 00:02:08
Table 21 Command output
Field |
Description |
MAC address |
Client MAC address. |
APID |
ID of the AP that detects the rogue client. |
Lifetime (s) |
Lifetime of the entry in seconds. |
Duration (hh:mm:ss) |
Duration for the entry since the entry was added to the dynamic blacklist. |
display wlan client
Use display wlan client to display client information.
Syntax
display wlan client [ ap ap-name [ radio radio-id ] | mac-address mac-address | service-template service-template-name | frequency-band { 2.4 | 5 } ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Displays information about clients that are connected to the specified AP. The AP name is a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Displays information about clients that are connected to the specified radio. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays information about all clients that are connected to the specified AP.
mac-address mac-address: Specifies a client by its MAC address.
service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.
frequency-band: Displays information about clients working on the specified band.
2.4: Specifies the 2.4 GHz band.
5: Specifies the 5 GHz band.
verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.
Examples
# Display brief information about all clients.
<Sysname> display wlan client
Total number of clients: 3
MAC address Username AP name R IP address VLAN
000f-e265-6400 N/A ap1 1 1.1.1.1 100
000f-e265-6401 user ap2 1 3.0.0.3 200
84db-ac14-dd08 N/A ap1 1 1::2:0:0:3 1
Table 22 Command output
Field |
Description |
MAC address |
Client MAC address. |
Username |
Client username. · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client. |
AP name |
Name of the AP that the client is associated with. |
R |
ID of the radio that the client is associated with. |
IP address |
IPv4 address of the client. |
VLAN ID |
ID of the VLAN to which the client belongs. |
# Display detailed information about all clients.
<Sysname> display wlan client verbose
Total number of clients: 1
MAC address : 000f-e265-6400
IPv4 address : 10.1.1.114
IPv6 address : 2001::1234:5678:0102:0304
Username : N/A
AID : 1
AP ID : 1
AP name : ap1
Radio ID : 1
SSID : office
BSSID : 0026-3e08-1150
VLAN ID : 3
Sleep count : 0
Wireless mode : 802.11ac
Channel bandwidth : 80MHz
SM power save : Enabled
SM power save mode : Dynamic
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
Short GI for 80MHz : Supported
Short GI for 160/80+80MHz : Not supported
STBC RX capability : Not supported
STBC TX capability : Not supported
LDPC RX capability : Not supported
SU beamformee capability : Not supported
MU beamformee capability : Not supported
Beamformee STS capability : N/A
Block Ack : TID 0 In
Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,
8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20,
21, 22, 23
Supported rates : 6, 9, 12, 18, 24, 36,
48, 54 Mbps
QoS mode : WMM
Listen interval : 10
RSSI : 62
Rx/Tx rate : 130/195 Mbps
Authentication method : Open system
Security mode : PRE-RSNA
AKM mode : Not configured
Cipher suite : N/A
User authentication mode : Bypass
Authorization ACL ID : 3001(Not effective)
Authorization user profile : N/A
Roam status : N/A
Key derivation : SHA1
PMF status : Enabled
Forward policy : Not configured
Online time : 0days 0hours 1minutes 13seconds
FT status : Inactive
Table 23 Command output
Field |
Description |
MAC address |
Client MAC address. |
IPv4 address |
Client IPv4 address. |
IPv6 address |
Client IPv6 address. |
Username |
Client username. · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client. |
AID |
Association ID |
AP ID |
ID of the AP that the client is associated with. |
AP name |
Name of the AP that the client is associated with. |
Radio ID |
ID of the radio that the client is associated with. |
SSID |
SSID with which the client is associated. |
VLAN ID |
ID of the VLAN to which the client belongs. |
Sleep count |
Number of transitions to the sleep state. |
Wireless mode |
Wireless mode: · 802.11a. · 802.11b. · 802.11g. · 802.11gn. · 802.11an. · 802.11ac. |
Channel bandwidth |
Channel bandwidth, 20 MHz, 40 MHz, 80 MHz, or 160 MHz. |
20/40 BSS Coexistence Management |
Whether the client supports 20/40MHz channel bandwidth coexistence. |
SM Power Save |
SM Power Save: · Enabled—Only one antenna of a client operates in active state, and others operate in sleep state to save power. · Disabled. |
SM power save mode |
Power saving mode. · Dynamic. · Static. |
Short GI for 20MHz |
Whether the client supports short GI when its channel bandwidth is 20 MHz. · Supported. · Not supported. |
Short GI for 40MHz |
Whether the client supports short GI when its channel bandwidth is 40 MHz. · Supported. · Not supported. |
Short GI for 80MHz |
Whether the client supports short GI when its channel bandwidth is 80 MHz. · Supported. · Not supported. |
Short GI for 160/80+80MHz |
Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz. · Supported. · Not supported. |
STBC Rx Capability |
Client STBC receive capability. · Not Supported. · Supported. |
STBC Tx Capability |
Client STBC transmission capability. · Not Supported. · Supported. |
LDPC Rx capability |
Client LDPC receive capability. · Not Supported. · Supported. |
SU beamformee capability |
Client SU beamformee capability. · Not Supported. · Supported. |
MU beamformee capability |
Client MU beamformee capability. · Not Supported. · Supported. |
Beamformee STS capability |
Client beamformee STS capability. · Not Supported. · Supported. |
Block Ack |
Negotiation result of Block ACK with TID. · IN—Sends Block ACK for traffic from the inbound direction. · OUT—Sends Block ACK for traffic from the outbound direction. · BOTH—Sends Block ACK for traffic from both inbound and outbound directions. |
Supported VHT-MCS set |
VHT-MCS supported by the client. |
Supported HT MCS set |
HT-MCS supported by the client. |
QoS mode |
QoS mode: · N/A—WMM is not supported. · WMM—WMM is supported. WMM information negotiation is carried out between an AP and a client that both support WMM. |
Listen interval |
Interval at which the client wakes up to listen to beacon frames. It is counted by beacon interval. |
RSSI |
Received signal strength indication. This value indicates the client signal strength detected by the AP. |
Rx/Tx rate |
Sending and receiving rates of data, management, and control frames. |
Authentication method |
Authentication method, open system or shared key. |
Security mode |
Security mode: · RSN—Beacons and probe responses carry RSN IE. · WPA—Beacons and probe responses carry WPA IE. · PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE. |
AKM mode |
AKM mode: · 802.1X. · PSK. · Not configured. |
Cipher suite |
Cipher suite: · N/A. · WEP40. · WEP104. · WEP128. · CCMP. · TKIP. |
User authentication mode |
User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI. |
Authorization ACL ID |
Authorized ACL number: · This field displays the ACL number if the authorized ACL takes effect. · This field displays the ACL number + Not effective if the authorized ACL does not take effect. · This field displays N/A if the authentication server is configured without any authorized ACL. |
Authorization user profile |
Name of the authorized user profile: · This field displays the authorized user profile name if the authorized user profile takes effect. · This field displays the authorized user profile name + Not effective if the authorized user profile does not take effect. · This field displays N/A if the authentication server is configured without any authorized user profile. |
Roam status |
Roam status: · Roaming in progress. · Inter-AC slow roaming. · Inter-AC fast roaming. · Intra-AC slow roaming. · Intra-AC fast roaming. · This field displays N/A if the client stays in one BSS after coming online. |
Key derivation |
Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · N/A—No key derivation algorithm is involved for the authentication type. |
PMF status |
PMF status: · Enabled—Management frame protection is enabled. · Disabled—Management frame protection is disabled. · N/A—Management frame protection is not involved. |
Forward policy |
WLAN forwarding policy. · Not configured—No WLAN forwarding policy is configured. · policy-name. |
Online time |
Client online duration. |
FT status |
Fast BSS transition (FT). · Active—FT is enabled. · Inactive—FT is disabled. |
display wlan client status
Use display wlan client status to display client status information.
Syntax
display wlan client status [ mac-address mac-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.
verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.
Examples
# Display brief status information about the specified client.
<Sysname> display wlan client status mac-address 001c-f08f-f804
Total number of clients: 1
MAC address Access time RSSI Rx/Tx rate Discard AP name RID
001c-f08f-f804 41ms 0 39/117Mbps 0.00% ap2 2
# Display brief status information about all clients.
<Sysname> display wlan client status
Total number of clients: 2
MAC address Access time RSSI Rx/Tx rate Discard AP name RID
000b-c002-9d09 41ms 65 39/117Mbps 0.00% ap2 2
000f-e265-6401 10ms 62 130/195Mbps 0.00% ap1 1
Table 24 Command output
Field |
Description |
MAC address |
Client MAC address. |
Access time |
Time the client took to associate with the WLAN. |
RSSI |
RSSI of the client. |
Rx/Tx rate |
Rates at which the client receives and sends data, management packets, and control packets. |
Discard |
Ratio of packets discarded by the client. |
AP name |
Name of the AP that the client is associated with. |
RID |
ID of the radio that the client is associated with. |
# Display detailed status information about the specified client.
<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose
Total number of clients: 1
MAC address : 001c-f08f-f804
AP name : ap2
Radio ID : 2
Access time : 41 ms
RSSI : 0
Rx/Tx rate : 39/117 Mbps
Received:
Retransmitted packets : 84
Retransmitted packet ratio : 64.12%
Sent:
Retransmitted packets : 0
Retransmitted packet ratio : 0.00%
Discarded:
Discarded packets : 0
Discarded packet ratio : 0.00%
Table 25 Command output
Field |
Description |
MAC address |
Client MAC address. |
AP name |
Name of the AP that the client is associated with. |
Radio ID |
ID of the radio that the client is associated with. |
Access time |
Time the client took to associate with the WLAN. |
RSSI |
RSSI of the client. |
Rx/Tx rate |
Rates at which the client receives and sends data, management packets, and control packets. |
Received |
Received packet statistics: · Retransmitted packets. · Retransmitted packet ratio. |
Sent |
Sent packet statistics: · Retransmitted packets. · Retransmitted packet ratio. |
Discarded |
Discarded packet statistics: · Discarded packets. · Discarded packet ratio. |
display wlan forwarding-policy
Use display wlan forwarding-policy to display WLAN forwarding policy information.
Syntax
display wlan forwarding-policy [ policy-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameter
policy-name: Specifies a WLAN forwarding policy by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all WLAN forwarding policies.
Examples
# Display information about all WLAN forwarding policies.
<Sysname> display wlan forwarding-policy
Total number of forwarding policies: 2
Forwarding policy name: fwd1
Classifier ACL 2000: Local
Classifier ACL 2004: Local
Classifier IPv6 ACL 2001: Remote
Classifier IPv6 ACL 2002: Remote
Forwarding policy name: fwd2
Classifier ACL 4021: Local
Classifier IPv6 ACL 2000: Remote
Classifier IPv6 ACL 3024: Remote
Table 26 Command output
Field |
Description |
IPv4 packet forwarding mode: · Local—Local forwarding. · Remote—Centralized forwarding. |
|
Classifier IPv6 ACL number |
IPv6 packet forwarding mode: · Local—Local forwarding. · Remote—Centralized forwarding. |
Related commands
wlan forwarding-policy
display wlan region-code
Use display wlan region-code to display region code information for all APs or the specified AP.
Syntax
display wlan region-code ap { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display region code information for all APs.
<Sysname> display wlan region-code ap all
Region Code
-----------------------------------------------------------------------
AP name Region Code
ap1 CN CHINA
ap2 CN CHINA
ap3 CN CHINA
Table 27 Command output
Field |
Description |
Region Code |
Region code. For more information about region codes, see Table 30. |
display wlan service-template
Use display wlan service-template to display service template information.
Syntax
display wlan service-template [ service-template-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.
verbose: Displays detailed service template information.
Examples
# Display brief information about all service templates.
<Sysname> display wlan service-template
Total number of service templates: 2
Service template name SSID Status
1 2333 Enabled
2 3222 Enabled
# Display detailed information about all service templates.
<Sysname> display wlan service-template verbose
Service template name : service1
Description : Not configured
SSID : wuxianfuwu
SSID-hide : Disabled
User-isolation : Disabled
Service template status : Disabled
Maximum clients per BSS : 64
Frame format : Dot3
Seamless roam status : Disabled
Seamless roam RSSI threshold : 0
Seamless roam RSSI gap : 0
VLAN ID : 1
AKM mode : PSK
Security IE : RSN
Cipher suite : CCMP
TKIP countermeasure time : 100 sec
PTK lifetime : 43200 sec
PTK rekey : Enabled
GTK rekey : Enabled
GTK rekey method : Time-based
GTK rekey time : 86400 sec
GTK rekey client-offline : Enabled
User authentication mode : Bypass
Intrusion protection : Disabled
Intrusion protection mode : Temporary-block
Temporary block time : 180 sec
Temporary service stop time : 20 sec
Fail VLAN ID : 1
802.1X handshake : Enabled
802.1X handshake secure : Disabled
802.1X domain : my-domain
MAC-auth domain : Not configured
Max 802.1X users per BSS : 4096
Max MAC-auth users per BSS : 4096
802.1X re-authenticate : Enabled
Authorization fail mode : Online
Accounting fail mode : Online
Authorization : Permitted
Key derivation : SHA1
PMF status : Optional
Hotspot policy number : Not configured
Forwarding policy status : Disabled
Forward policy name : Not configured
Forwarder : AC
FT status : Enabled
QoS trust : Port
QoS priority : 0
Table 28 Command output
Field |
Description |
SSID |
SSID of the service template. |
SSID-hide |
Whether the SSID is hidden in beacons. · Disabled. · Enabled. |
User-isolation |
Use isolation: · Disabled. · Enabled. |
Service template status |
Service template status: · Disabled. · Enabled. |
Maximum clients per BSS |
Maximum number of clients that the BSS supports. |
Frame format |
Client data frame encapsulation format: · Dot3—802.3 format. · Dot11—802.11 format. |
Seamless roam status |
Seamless roaming: · Disabled. · Enabled. This field is not supported in the current release. |
Seamless roam RSSI threshold |
Seamless roaming RSSI threshold. This field is not supported in the current release. |
Seamless roam RSSI gap |
Seamless roaming RSSI gap. This field is not supported in the current release. |
VLAN ID |
ID of the VLAN to which clients belong after they come online through the service template. |
AKM mode |
AKM mode, 802.1X or PSK. |
Security IE |
Security IE: · RSN. · WPA. |
Cipher suite |
Cipher suite: · WEP40. · WEP104. · WEP128. · TKIP. · CCMP. |
TKIP countermeasure time |
TKIP countermeasure time. The value 0 represents no countermeasures are taken. |
PTK rekey |
Whether PTK rekey is enabled: · Enabled. · Disabled. |
GTK rekey |
Whether GTK rekey is enabled: · Enabled. · Disabled. |
GTK rekey method |
GTK rekey method, time-based or packet-based. |
GTK rekey time |
GTK rekey interval. |
GTK rekey packets |
Number of packets that can be transmitted before the GTK is refreshed. |
GTK rekey client-offline |
Whether client-off GTK rekey is enabled: · Enabled. · Disabled. |
User authentication mode |
Authentication mode: · Bypass—No authentication. · MAC. · MAC-or-802.1X. · 802.1X. · 802.1X-or-MAC. · OUI-or-802.1X. |
Intrusion protection |
Whether intrusion protection is enabled: · Enabled. · Disabled. |
Intrusion protection mode |
Intrusion protection mode: · Temporary-block—Temporarily adds intruders to the block list. · Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets. · Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets. |
Temporary block time |
Temporary block time in seconds. |
Temporary service stop time |
Temporary service stop time in seconds. |
Fail VLAN ID |
ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured. |
Critical VLAN ID |
ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the Critical VLAN ID is not configured. |
802.1X handshake |
Whether 802.1X handshake is enabled: · Enabled. · Disabled. |
802.1X handshake secure |
Whether secure 802.1X handshake is enabled: · Enabled. · Disabled. |
802.1X domain |
802.1X authentication domain. This field displays Not configured if the domain is not configured. |
MAC-auth domain |
MAC authentication domain. This field displays Not configured if the domain is not configured. |
Max 802.1X users per BSS |
Maximum number of supported 802.1X users in a BSS. |
Max MAC-auth users per BSS |
Maximum number of supported users that pass the MAC authentication in a BSS. |
802.1X re-authenticate |
Whether 802.1X reauthentication is enabled: · Enabled. · Disabled. |
Authorization fail mode |
Authorization fail mode: · Offline—Clients are logged off when authorization fails. · Online—Clients are not logged off when authorization fails. |
Accounting fail mode |
Accounting fail mode: · Offline—Clients are logged off when accounting fails. · Online—Clients are not logged off when accounting fails. |
Authorization |
Authorization information: · Permitted—Applies the authorization information issued by the RADIUS server or the local device. · Ignored—Ignores the authorization information issued by the RADIUS server or the local device. |
Key derivation |
Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm. |
PMF status |
PMF status: · Disabled—Management frame protection is disabled. · Optional—Management frame protection in optional mode is enabled. · Mandatory—Management frame protection in mandatory mode is enabled. |
Forwarding policy status |
WLAN forwarding policy status: · Disabled. · Enabled. |
Forward policy name |
WLAN forwarding policy name: · Not configured—No WLAN forwarding policy is configured. · policy-name. |
Forwarder |
Client traffic forwarder: · AC. · AP. |
FT status |
FT status: · Disabled. · Enabled. |
QoS trust |
QoS priority trust mode: · Port—Port priority trust mode. · Dot11e—802.11e priority trust mode. |
QoS priority |
Port priority in the range of 0 to 7. |
display wlan statistics
Use display wlan statistics to display client statistics or service template statistics.
Syntax
display wlan statistics { ap { all | name ap-name } connect-history | client [ mac-address mac-address ] | service-template service-template-name [ connect-history ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap: Specifies APs.
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
connect-history: Displays the connection history.
client: Specifies client statistics.
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.
service-template service-template-name: Specifies a service template by its name. If you also specify the connect-history keyword, the command displays the connection history for the specified service template.
Examples
# Display statistics for all clients.
<Sysname> display wlan statistics client
MAC address : 0014-6c8a-43ff
AP name : ap1
Radio ID : 1
SSID : office
BSSID : 000f-e2ff-7700
RSSI : 31
Sent frames:
Back ground : 0/0 (frames/bytes)
Best effort : 9/1230 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 2/76 (frames/bytes)
Received frames:
Back ground : 0/0 (frames/bytes)
Best effort : 18/2437 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 7/468 (frames/bytes)
Discarded frames:
Back ground : 0/0 (frames/bytes)
Best effort : 0/0 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 5/389 (frames/bytes)
Table 29 Command output
Field |
Description |
SSID |
SSID of the service template. |
MAC address |
Client MAC address. |
Back ground |
AC-BK queue. |
Best effort |
AC-BE queue. |
Video |
AC-VI queue. |
Voice |
AC-VO queue. |
# Display statistics for service template 1.
<Sysname> display wlan statistics service-template 1
AP name : ap1
Radio ID : 1
Received:
Frame count : 1713
Frame bytes : 487061
Data frame count : 1683
Data frame bytes : 485761
Association request count : 2
Sent:
Frame count : 62113
Frame bytes : 25142076
Data frame count : 55978
Data frame bytes : 22626600
Association response count : 2
# Display the connection history for service template 1.
<Sysname> display wlan statistics service-template 1 connect-history
AP name : ap1
Radio ID : 1
Associations : 132
Association failures : 3
Reassociations : 30
Rejections : 12
Exceptional deassociations : 2
Current associations : 57
AP name : ap1
Radio ID : 2
Associations : 1004
Association failures : 35
Reassociations : 59
Rejections : 4
Exceptional deassociations : 22
Current associations : 300
# Display the connection history for the AP ap1.
<Sysname> display wlan statistics ap name ap1 connect-history
AP name : ap1
Associations : 1
Reassociations : 0
Failures : 0
Rejections : 0
Exceptional deassociations : 0
Current associations : 1
display wlan whitelist
Use display wlan whitelist to display whitelist entries.
Syntax
display wlan whitelist
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display whitelist entries.
<Sysname> display wlan whitelist
Total number of clients: 3
MAC addresses:
000e-35b2-000e
0019-5b8e-b709
001c-f0bf-9c92
inherit exclude service-template
Use inherit exclude service-template to configure an AP to not inherit the specified service template from an AP group.
Use undo inherit exclude service-template to restore the default.
Syntax
inherit exclude service-template service-template-name
undo inherit exclude service-template service-template-name
Default
An AP inherits the service template bound to an AP group.
Views
Radio view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Examples
# Configure the AP ap1 to not inherit the service template st from an AP group.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-ap-ap1] radio 1
[Sysname-ap-ap1-radio-1] inherit exclude service-template st
map-configuration
Use map-configuration to deploy a configuration file to an AP.
Use undo map-configuration to restore the default.
Syntax
map-configuration filename
undo map-configuration
Default
No configuration file is deployed to an AP.
Views
AP view
AP group AP model view
Predefined user roles
network-admin
Parameters
filename: Specifies a configuration file by its name, a case-insensitive string of 1 to 63 characters. Make sure the configuration file is stored in the storage medium of the AC.
Usage guidelines
Contents in the configuration file must be complete commands.
The configuration file takes effect when the CAPWAP tunnel to the AC is in Run state. It does not survive an AP reboot.
An AP can only use its main IP address to establish a CAPWAP tunnel to the AC if the AP is configured by using a configuration file.
Examples
# Deploy the configuration file downconfig.txt to the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] map-configuration downconfig.txt
# Deploy the configuration file downconfig.txt to APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] map-configuration downconfig.txt
nas-id
Use nas-id to set the network access server identifier (NAS ID).
Syntax
nas-id nas-id
undo nas-id
Default
In AP view, the AP uses the configuration in AP group view.
In AP group view, the AP uses the configuration in global configuration view.
In global configuration view, no NAS ID is specified.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
nas-id: Specifies a NAS ID, a case-sensitive string of 1 to 63 characters.
Usage guidelines
After coming online, a client sends a RADIUS request that carries the NAS ID to the RADIUS server to indicate its network access server.
You can set the NAS ID when binding a service template to a radio, or set the NAS ID in global configuration view, AP group view, or AP view. The priorities for these configurations are in descending order.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.
Examples
# Set the NAS ID for the AP ap1 to abc123.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] nas-id abc123
# Set the NAS ID for the AP group group1 to abc123.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] nas-id abc123
# Set the global NAS ID to abc123.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] nas-id abc123
nas-port-id
Use nas-port-id to set the network access server port identifier (NAS port ID).
Use the undo nas-port-id to restore the default.
Syntax
nas-port-id nas-port-id
undo nas-port-id
Default
In AP view, the AP uses the configuration in AP group view. If no NAS ID is specified in AP group view, the AP uses the configuration in global configuration view.
In AP group view, the AP uses the configuration in global configuration view.
In global configuration view, no NAS ID is specified.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
nas-port-id: Specifies a NAS port ID, a case-sensitive string of 1 to 63 characters.
Usage guidelines
After coming online, a client sends a RADIUS request that carries the NAS port ID to the RADIUS server to indicate its network access server.
You can set the NAS port ID when binding a service template to a radio, or set the NAS port ID in global configuration view, AP group view, or AP view. The priorities for these configurations are in descending order.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.
Examples
# Set the NAS port ID to abcd1234 for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] nas-port-id abcd1234
# Set the NAS port ID to abcd1234 for the AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] nas-port-id abcd1234
# Set the global NAS port ID to abcd1234.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] nas-port-id abcd1234
nas-vlan
Use nas-vlan to set the network access server VLAN identifier (NAS VLAN ID) and enable the AC to encapsulate the VLAN ID in RADIUS requests.
Use undo nas-vlan to restore the default.
Syntax
nas-vlan vlan-id
undo nas-vlan
Default
No NAS VLAN ID is set. Authentication requests sent to the RADIUS server do not contain the NAS VLAN ID field.
Views
AP view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a NAS VLAN ID in the range of 1 to 4096.
Usage guidelines
When the NAS VLAN ID is set, the AC encapsulates the VLAN ID in RADIUS requests sent to the RADIUS server to indicate clients' network access server.
Set the NAS VLAN ID when a third-party Security Accounting Management (SAM) server is used as the RADIUS server.
Examples
# Set the NAS VLAN ID to 1234 for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] nas-vlan 1234
quick-association enable
Use quick-association enable to quick association.
Use undo quick-association to restore the default.
Syntax
quick-association enable
undo quick-association enable
Default
Quick association is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.
Examples
# Enable quick association for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1]quick-association enable
region-code
Use region-code to specify a region code.
Use undo region-code to restore the default.
Syntax
region-code code
undo region-code
Default
In AP view, the AP uses the configuration in AP group view. If no region code is specified in AP group view, the AP uses the configuration in global configuration view.
In AP group view, the AP uses the configuration in global configuration view.
In global configuration view, no region code is specified.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
code: Specifies a region code. For more information about region codes, see Table 30.
Table 30 Country code information
Country |
Code |
Country |
Code |
Andorra |
AD |
Korea, Republic of Korea |
KR |
United Arab Emirates |
AE |
Kenya |
KE |
Albania |
AL |
Kuwait |
KW |
Armenia |
AM |
Kazakhstan |
KZ |
Australia |
AU |
Lebanon |
LB |
Argentina |
AR |
Liechtenstein |
LI |
Australia |
AT |
Sri Lanka |
LK |
Azerbaijan |
AZ |
Lithuania |
LT |
Bosnia and Herzegovina |
BA |
Luxembourg |
LU |
Belgium |
BE |
Latvia |
LV |
Bulgaria |
BG |
Libyan |
LY |
Bahrain |
BH |
Morocco |
MA |
Brunei Darussalam |
BN |
Monaco |
MC |
Bolivia |
BO |
Moldova |
MD |
Brazil |
BR |
Macedonia |
MK |
Bahamas |
BS |
Macau |
MO |
Belarus |
BY |
Martinique |
MQ |
Belize |
BZ |
Malta |
MT |
Canada |
CA |
Mauritius |
MU |
Switzerland |
CH |
Mexico |
MX |
Cote d'ivoire |
CI |
Malay Archipelago |
MY |
Chile |
CL |
Namibia |
NA |
China |
CN |
Nigeria |
NG |
Colombia |
CO |
Nicaragua |
NI |
Costarica |
CR |
Netherlands |
NL |
Serbia |
RS |
Norway |
NO |
Cyprus |
CY |
New Zealand |
NZ |
Czech Republic |
CZ |
Oman |
OM |
Germany |
DE |
Panama |
PA |
Denmark |
DK |
Peru |
PE |
Dominica |
DO |
Poland |
PL |
Algeria |
DZ |
Philippines |
PH |
Ecuador |
EC |
Pakistan |
PK |
Estonia |
EE |
Puerto Rico |
PR |
Egypt |
EG |
Portugal |
PT |
Spain |
ES |
Paraguay |
PY |
Faroe Islands |
FO |
Qatar |
QA |
Finland |
FI |
Romania |
RO |
France |
FR |
Russian Federation |
RU |
Britain |
GB |
Saudi Arabia |
SA |
Georgia |
GE |
Sweden |
SE |
Gibraltar |
GI |
Singapore |
SG |
Greenland |
GL |
Slovenia |
SI |
Guadeloupe |
GP |
Slovak |
SK |
Greece |
GR |
San Marino |
SM |
Guatemala |
GT |
Salvador |
SV |
Guyana |
GY |
Syrian |
SY |
Honduras |
HN |
Thailand |
TH |
Hong Kong |
HK |
Tunisia |
TN |
Croatia |
HR |
Turkey |
TR |
Hungary |
HU |
Trinidad and Tobago |
TT |
Iceland |
IS |
, Province of China |
TW |
India |
IN |
Ukraine |
UA |
Indonesia |
ID |
United States of America |
US |
Ireland |
IE |
Uruguay |
UY |
Israel |
IL |
Uzbekistan |
UZ |
Iraq |
IQ |
The Vatican City State |
VA |
Italy |
IT |
Venezuela |
VE |
Iran |
IR |
Virgin Islands |
VI |
Jamaica |
JM |
Vietnam |
VN |
Jordan |
JO |
Yemen |
YE |
Japan |
JP |
South Africa |
ZA |
Democratic People's Republic of Korea |
KP |
Zimbabwe |
ZW |
Usage guidelines
A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.
Examples
# Specify US as the region code for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] region-code US
# Specify US as the region code for the AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] region-code US
# Specify US as the global region code.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] region-code US
Related commands
region-code-lock
region-code-lock
Use region-code-lock enable to lock the region code.
Use region-code-lock disable to unlock the region code.
Use undo region-code-lock to restore the default.
Syntax
region-code-lock { disable | enable }
undo region-code-lock
Default
In AP view, the AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, the AP uses the configuration in global configuration view.
In global configuration view, the region code is not locked.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
You cannot change a region code that has been locked.
If no region code exists in AP view, the AP uses the region code in AP group view or the global region code even if you have locked the region code in AP view. If no region code exists in AP group view, the AP uses the global region code even if you have locked the region code in AP group view.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.
Examples
# Lock the region code for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] region-code-lock enable
# Lock the region code for the AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] region-code-lock enable
# Lock the global region code.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] region-code-lock enable
Related commands
region-code
reset wlan client
Use reset wlan client to log off a client or all clients.
Syntax
reset wlan client { all | mac-address mac-address }
View
User view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address.
all: Specifies all clients.
Examples
# Log off all clients.
<Sysname> reset wlan client all
Related commands
display wlan client
reset wlan dynamic-blacklist
Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.
Syntax
reset wlan dynamic-blacklist [ mac-address mac-address ]
Views
User view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.
Examples
# Remove all clients from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist
# Remove the specified client from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69
Related commands
display wlan blacklist
reset wlan statistics client
Use reset wlan statistics client to clear client statistics.
Syntax
reset wlan statistics client { all | mac-address mac-address }
View
User view
Predefined user roles
network-admin
Parameters
all: Specifies all clients.
mac-address mac-address: Specifies a client by its MAC address.
Examples
# Clear the statistics of all clients.
<Sysname> reset wlan statistics client all
Related commands
display wlan statistics
service-template
Use service-template to bind a service template to a radio or a radio interface.
Use undo service-template to unbind a service template from a radio or a radio interface.
Syntax
service-template service-template-name [ nas-id nas-id | nas-port-id nas-port-id ] [ ssid-hide ] [ vlan vlan-id | vlan-group vlan-group-name ]
undo service-template service-template-name
Default
In radio view, the AP uses the configuration in AP group view.
In AP group radio view, no service template is bound to a radio.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
nas-id nas-id: Specifies a NAS ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.
nas-port-id nas-port-id: Specifies a NAS port ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.
ssid-hide: Hides SSIDs in beacon frames.
vlan vlan-id: Specifies a VLAN to be bound to the radio by its VLAN ID in the range of 1 to 4094. If you do not specify this option, the radio uses the VLAN bound to the service template. If the specified VLAN does not exist, this command creates the VLAN when clients come online.
vlan-group vlan-group-name: Specifies a VLAN group to be bound to the radio by the VLAN group name, a string of 1 to 16 characters. If you do not specify this option, the radio uses the VLAN bound to the service template.
Usage guidelines
Before you bind a service template to a radio or a radio interface, you must create the service template.
You can use the vlan-group command to create a VLAN group. For more information, see Layer 2—LAN Switching Command References.
The VLAN ID or VLAN group configured using this command takes precedence over the VLAN ID configured for a service template.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Bind the service template service1 and the VLAN group vg1 to radio 1.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-ap-ap1] radio 1
[Sysname-ap-ap1-radio-1] service-template service1 vlan-group vg1
# Bind the service template service1 and the VLAN group vg1 to radio 1 in the AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] service-template service1 vlan-group vg1
Related commands
vlan-group
service-template enable
Use service-template enable to enable a service template.
Use undo service-template enable to disable a service template.
Syntax
service-template enable
undo service-template enable
Default
A service template is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
If the number of BSSs on an AC exceeds the limit, you cannot enable a new service template.
Examples
# Enable the service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] service-template enable
snmp-agent trap enable wlan client
Use snmp-agent trap enable wlan client to enable SNMP notification for WLAN access.
Use undo snmp-agent trap enable wlan client to restore the default.
Syntax
snmp-agent trap enable wlan client
undo snmp-agent trap enable wlan client
Default
SNMP notification is disabled for WLAN access.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notification for WLAN access.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan client
snmp-agent trap enable wlan client-audit
Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.
Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.
Syntax
snmp-agent trap enable wlan client-audit
undo snmp-agent trap enable wlan client-audit
Default
SNMP notification is disabled for client audit.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notification for client audit.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan client-audit
ssid
Use ssid to set an SSID for a service template.
Use undo ssid to delete the SSID of a service template.
Syntax
ssid ssid-name
undo ssid
Default
No SSID is configured for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
Disable the service template before you execute this command.
As a best practice, set a unique SSID for a service template.
Examples
# Set the SSID to lynn for the service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] ssid lynn
unknown-client
Use unknown-client to set the way that an AP processes traffic from unknown clients.
Use undo unknown-client to restore the default.
Syntax
unknown-client { deauthenticate | drop }
undo unknown-client
Default
An AP drops packets from unknown clients and deauthenticates these clients.
Views
Service template view
Predefined user roles
network-admin
Parameters
deauthenticate: Drops packets from unknown clients and deauthenticates these clients.
drop: Drops packets from unknown clients.
Examples
# Configure the AP ap1 to drop packets from unknown clients but not deauthenticate these clients.
<Sysname> system-view
[Sysname] wlan service-template example
[Sysname -wlan-st-example] unknown-client drop
uplink client-rate-limit
Use uplink client-rate-limit to configure uplink client rate limit.
Use undo uplink client-rate-limit to restore the default.
Syntax
uplink client-rate-limit { inbound | outbound } mode { dynamic | static } global cir committed-information-rate [ user cir committed-information-rate ]
undo uplink client-rate-limit { inbound | outbound }
Default
Uplink client rate limit is not configured.
Views
System view
Predefined user roles
network-admin
Parameters
inbound: Limits the rate of incoming packets on uplink Ethernet interfaces.
outbound: Limit the rate of outgoing packets on uplink Ethernet interfaces.
mode: Specifies the uplink client rate limit mode.
dynamic: Specifies the dynamic mode. In this mode, you need to specify only the global CIR. The per-client CIR is the global CIR divided by the number of clients.
static: Specifies the static mode. In this mode, you need to specify both the global CIR and the per-client CIR.
global cir committed-information-rate: Specifies the global CIR in the range of 50 to 1000000 kbps.
user cir committed-information-rate: Specifies the per-client CIR in the range of 50 to 1000000 kbps.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware series |
Model |
Uplink client rate limit compatibility |
WX1800H series |
WX1804H |
No |
WX1810H WX1820H WX1840H |
Yes |
|
WX3800H series |
WX3820H WX3840H |
No |
WX5800H series |
WX5860H |
No |
If you rate limit packets in both inbound and outbound directions, make sure the rate limit modes are the same.
If you execute this command multiple times to rate limit packets in one direction, the most recent configuration takes effect.
When this feature is configured, an AP discards non-HTTP packets if both the global CIR and the per-client CIR are exceeded. For an HTTP packet, the AP discards the packet if the global CIR, the per-client CIR, and the HTTP CIR are all exceeded. The HTTP CIR depends on the configured global CIR.
Examples
# Configure dynamic uplink client rate limit.
<Sysname> system-view
[Sysname] uplink client-rate-limit outbound mode dynamic global cir 51200
Related commands
display uplink client-rate-limit
vlan
Use vlan to assign clients coming online through a service template to a VLAN.
Use undo vlan to restore the default.
Syntax
vlan vlan-id
undo vlan
Default
Clients are assigned to VLAN 1 after coming online through a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094. If the specified VLAN does not exist, this command creates the VLAN when clients come online.
Usage guidelines
Disable the service template before you execute this command.
Examples
# Assign clients coming online through service template service1 to VLAN 2.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] vlan 2
wlan client forwarding enable
Use wlan client forwarding enable to enable client traffic forwarding.
Use undo wlan client forwarding enable to disable client traffic forwarding.
Syntax
wlan client forwarding enable
undo wlan client forwarding enable
Default
Client traffic forwarding is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You must enable this feature if you configure the AC as the client traffic forwarder.
Examples
# Disable client traffic forwarding.
<Sysname> system-view
[Sysname] undo wlan client forwarding enable
Related commands
client forwarding-location
wlan client forwarding-policy-name
Use wlan client forwarding-policy-name to apply a forwarding policy to a user profile.
Use undo wlan client forwarding-policy-name to remove a forwarding policy from a user profile.
Syntax
wlan client forwarding-policy-name policy-name
undo wlan client forwarding-policy-name
Default
No forwarding policy is applied to a user profile.
Views
User profile view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
Make sure the AC and its associated APs are in different network segments.
For the AC to perform policy-based forwarding for clients that use a user profile, apply a forwarding policy to the user profile. After a client passes authentication, the authentication server sends the user profile name specified for the client to the AC. The AC will forward traffic of the client based on the forwarding policy applied to the user profile.
For the forwarding policy applied to a user profile to take effect, perform the following tasks for the service template that the user profile uses:
· Enable policy-based forwarding.
· Specify the AC to perform client authentication.
If you modify or delete the applied forwarding policy, the change takes effect when the client comes online again.
The AC preferentially uses the forwarding policy applied to a user profile to direct client traffic forwarding. If the user profile of a client does not have a forwarding policy applied, the AC uses the forwarding policy applied to the service template.
Examples
# Apply the forwarding policy policyname to the user profile profilename.
<Sysname> system-view
[Sysname] user-profile profilename
[Sysname-user-profile-profilename] wlan client forwarding-policy-name policyname
Related commands
· client forwarding-policy enable
· client-security authentication-location
wlan client reauthentication-period
Use wlan client reauthentication-period to set the idle period before client reauthentication.
Use undo wlan client reauthentication-period to restore the default.
Syntax
wlan client reauthentication-period [ period-value ]
undo wlan client reauthentication-period
Default
The idle period is not configured.
Views
System view
Predefined user roles
network-admin
Parameters
period-value: Specifies the idle period in the range of 1 to 3600 seconds. By default, the idle period is 10 seconds.
Usage guidelines
Set the idle period before client reauthentication to reduce reauthentication failures.
When URL redirection is enabled for WLAN MAC authentication clients, an AP logs off a client that has passed MAC authentication. At the next MAC authentication attempt, the client can pass MAC authentication and access the WLAN. With the idle period configured, the AP adds the client to the dynamic blacklist after logging off the client and the client entry ages out after the specified idle period.
Examples
# Set the idle period before client reauthentication to 100 seconds.
<Sysname> system-view
[Sysname] wlan client reauthentication-period 100
wlan dynamic-blacklist active-on-ap
Use wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on APs.
Use undo wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on the AC.
Syntax
wlan dynamic-blacklist active-on-ap
undo wlan dynamic-blacklist active-on-ap
Default
The dynamic blacklist takes effect on APs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If you configure the dynamic blacklist to take effect on the AC, all APs connected to the AC will reject the client in the dynamic blacklist. If you configure the dynamic blacklist to take effect on APs, the AP associated with the client in the dynamic blacklist will reject the client, but the client can still associate with other APs connected to the AC. As a best practice, configure the dynamic blacklist to take effect on the AC in high-density environments.
Examples
# Configure the dynamic blacklist to take effect on the AC.
<Sysname> system-view
[Sysname] undo wlan dynamic-blacklist active-on-ap
wlan dynamic-blacklist lifetime
Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries.
Use undo wlan dynamic-blacklist lifetime to restore the default.
Syntax
wlan dynamic-blacklist lifetime lifetime
undo wlan dynamic-blacklist lifetime
Default
The aging time is 300 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
lifetime: Specifies the aging time in the range of 1 to 3600 seconds.
Usage guidelines
The configured aging time takes effect only on entries added to the dynamic blacklist afterwards.
Examples
# Set the aging time for dynamic blacklist entries to 3600 seconds.
<Sysname> system-view
[Sysname] wlan dynamic-blacklist lifetime 3600
wlan forwarding-policy
Use wlan forwarding-policy to create a forwarding policy and enter forwarding policy view.
Use undo wlan forwarding-policy to delete a forwarding policy.
Syntax
wlan forwarding-policy policy-name
undo wlan forwarding-policy policy-name
Default
No forwarding policies are created.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
If the specified forwarding policy exists, the command enters forwarding policy view.
Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.
You can create a maximum of 1000 forwarding policies.
Examples
# Create the forwarding policy abc and enter its view.
<Sysname> system-view
[Sysname] wlan forwarding-policy abc
[Sysname-wlan-fp-abc]
wlan link-test
Use wlan link-test to test wireless link quality.
Syntax
wlan link-test mac-address
Views
Any view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the client MAC address in the H-H-H format.
Usage guidelines
Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.
The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.
Examples
# Test the quality of the wireless link to the client with the MAC address 60a4-4cda-eff0.
<Sysname> wlan link-test 60a4-4cda-eff0
Testing link to 60a4-4cda-eff0. Press CTRL + C to break.
Link Status
-----------------------------------------------------------------------
MAC address: 60a4-4cda-eff0
-----------------------------------------------------------------------
VHT-MCS Rate(Mbps) Tx packets Rx packets RSSI Retries RTT(ms)
-----------------------------------------------------------------------
NSS = 1
-----------------------------------------------------------------------
0 6.5 5 5 54 0 0
1 13 5 5 51 0 0
2 19.5 5 5 49 0 0
3 26 5 5 47 0 0
4 39 5 5 45 0 0
5 52 5 5 45 0 0
6 58.5 5 5 44 0 0
7 65 5 5 44 0 0
8 78 5 5 44 0 0
-----------------------------------------------------------------------
Table 31 Command output
Field |
Description |
No./MCS/VHT-MCS |
· No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients. · MCS—MCS index for link quality test on 802.11n clients. · VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients. |
Rate(Mbps) |
Rate at which the AP sends wireless link quality detection frames. |
Tx packets |
Number of wireless link quality detection frames sent by the AP. |
Rx packets |
Number of responses received by the AP. |
RSSI |
RSSI of the client detected by the AP. |
Retries |
Number of wireless link quality retransmissions by the AP. |
RTT(ms) |
Round trip time for link quality test frames from the AP to the client. |
NSS |
Number of spatial streams for link quality test on 802.11n or 802.11ac clients. |
wlan nas-port-id format
Use wlan nas-port-id format to set the format of NAS port IDs for wireless clients.
Use undo wlan nas-port-id format to restore the default.
Syntax
wlan nas-port-id format { 2 | 4 }
undo wlan nas-port-id format
Default
Clients use format 2 to generate NAS port IDs.
Views
System view
Predefined user roles
network-admin
Parameters
2: Specifies the SlotID00IfNOVlanID format.
· SlotID—Slot ID for client access, a string of two characters.
· IfNO—Interface number for client access, a string of three characters.
· VlanID—VLAN ID for client access, a string of nine characters.
4: Specifies the slot=**;subslot=**;port=**;vlanid=**;vlanid2=** format. The vlanid2 field is available only for clients accessing the WLAN through an interface configured with VLAN termination.
Usage guidelines
802.1X and MAC-authenticated clients fill NAS port IDs in the specified format in RADIUS packets.
If a NAS port ID has been specified by using the nas-port-id command, clients use the specified NAS port ID.
Examples
# Set the NAS port ID format to format 4.
<Sysname> system-view
[Sysname] wlan nas-port-id format 4
Related commands
nas-port-id
wlan permit-ap-group
Use wlan permit-ap-group to specify a permitted AP group for client access.
Use undo permit-ap-group to delete a permitted AP group.
Syntax
wlan permit-ap-group ap-group-name
undo wlan permit-ap-group [ ap-group-name ]
Default
No permitted AP group is specified for client access.
Views
User profile view
Predefined user roles
network-admin
Parameters
ap-group-name: Specifies an AP group by its name, a string of 1 to 31 characters.
Usage guidelines
If you do not specify the ap-group-name argument when executing the undo command, the command deletes all permitted AP groups.
If no permitted AP group is specified for client access, client access is not restricted.
If you specify a permitted AP group for client access, clients can only access APs in the AP group.
Examples
# Specify the AP group group1 as the permitted AP group for client access.
<Sysname> system-view
[Sysname] user-profile profile1
[Sysname-user-profile-profile1] wlan permit-ap-group group1
wlan permit-ssid
Use wlan permit-ssid to specify a permitted SSID for client access.
Use undo permit-ssid to delete a permitted SSID.
Syntax
wlan permit-ssid ssid-name
undo wlan permit-ssid [ ssid-name ]
Default
No permitted SSID is specified for client access.
Views
User profile view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
If you do not specify the ap-group-name argument when executing the undo command, the command deletes all permitted SSIDs.
If no permitted SSID is specified for client access, client access is not restricted.
If you specify a permitted SSID for client access, clients can only access WLANs through the SSID.
Examples
# Specify the SSID ssid1 as the permitted SSID for client access.
<Sysname> system-view
[Sysname] user-profile profile1
[Sysname-user-profile-profile1] wlan permit-ssid ssid1
wlan service-template
Use wlan service-template to create a service template.
Use undo wlan service-template to delete a service template.
Syntax
wlan service-template service-template-name
undo wlan service-template service-template-name
Default
No service template exists.
Views
System view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
If the specified service template exists, the command enters service template view.
You cannot delete a service template that has been bound to a radio.
Examples
# Create service template service1 and enter its view.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1]
wlan static-blacklist mac-address
Use wlan static-blacklist mac-address to add a client to the static blacklist.
Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.
Syntax
wlan static-blacklist mac-address mac-address
undo wlan static-blacklist [ mac-address mac-address ]
Default
No clients exist in the static blacklist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.
Usage guidelines
If you add an online client to the static blacklist, the command logs off the client.
You cannot add a client to both the whitelist and the static blacklist.
The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.
Do not add multicast or broadcast MAC addresses to the static blacklist.
Examples
# Add the MAC address 001c-f0bf-9c92 to the static blacklist.
<Sysname> system-view
[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92
Related commands
display wlan blacklist
wlan web-server api-path
Use wlan web-server api-path to specify the path of the Web server to which client information is reported.
Use undo wlan web-server api-path to restore the default.
Syntax
wlan web-server api-path path
undo wlan web-server api-path
Default
The path of the Web server is not specified.
Views
System view
Predefined user roles
network-admin
Parameters
path: Specifies a path, a case-sensitive string of 1 to 256 characters.
Usage guidelines
The Web server accepts client information only when the server's host name, port number, and path are specified.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the path of the Web server as /wlan/dev-cfg.
<Sysname> system-view
[Sysname] wlan web-server api-path /wlan/dev-cfg
Related commands
wlan web-server host
wlan web-server max-client-entry
wlan web-server host
Use wlan web-server host to specify the host name and port number of the Web server to which client information is reported.
Use undo wlan web-server host to restore the default.
Syntax
wlan web-server host host-name port port-number
undo wlan web-server host
Default
The host name and port number of the Web server are not specified.
Views
System view
Predefined user roles
network-admin
Parameters
host host-name: Specifies a host name, a case-insensitive string of 3 to 127 characters that can contain letters, digits, hyphens (-), underscores (_), and dots (.).
port port-number: Specifies a port number in the range of 1 to 65534.
Usage guidelines
The Web server accepts client information only when the server's host name, port number, and path are specified.
Client information changes are reported to the Web server in real time.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the host name and port number of the Web server as www.abc.com and 668, respectively.
<Sysname> system-view
[Sysname] wlan web-server host www.abc.com port 668
Related commands
wlan web-server api-path
wlan web-server max-client-entry
wlan web-server max-client-entry
Use wlan web-server max-client-entry to set the maximum number of client entries to be reported at a time.
Use undo wlan web-server max-client-entry to restore the default.
Syntax
wlan web-server max-client-entry number
undo wlan web-server max-client-entry
Default
A maximum of 10 client entries can be reported at a time.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of client entries, in the range of 1 to 25.
Examples
# Set the maximum number of client entries to be reported at a time to 12.
<Sysname> system-view
[Sysname] wlan web-server max-client-entry 12
Related commands
wlan web-server api-path
wlan web-server host
wlan whitelist mac-address
Use wlan whitelist mac-address to add a client to the whitelist.
Use undo wlan whitelist mac-address to remove a client from the whitelist.
Syntax
wlan whitelist mac-address mac-address
undo wlan whitelist [ mac-address mac-address ]
Default
No clients exist in the whitelist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.
Usage guidelines
When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.
If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.
You cannot add a client to both the whitelist and the static blacklist.
The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.
Do not add multicast or broadcast MAC addresses to the whitelist.
Examples
# Add the MAC address 001c-f0bf-9c92 to the whitelist.
<Sysname> system-view
[Sysname] wlan whitelist mac-address 001c-f0bf-9c92
This command will disconnect all clients. Continue? [Y/N]:
Related commands
display wlan whitelist
WLAN security commands
akm mode
Use akm mode to set an authentication and key management (AKM) mode.
Use undo akm mode to restore the default.
Syntax
akm mode { dot1x | private-psk | psk | anonymous-dot1x }
undo akm mode
Default
No AKM mode is set.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
dot1x: Specifies 802.1X as the AKM mode.
private-psk: Specifies private PSK as the AKM mode.
psk: Specifies PSK as the AKM mode.
anonymous-dot1x: Specifies WiFi alliance anonymous 802.1X as the AKM mode.
Usage guidelines
You must set the AKM mode for RSNA networks.
Each WLAN service template supports only one AKM mode. Set the AKM mode only when the WLAN service template is disabled.
Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.
Each of the following AKM modes must be used with a specific authentication mode:
· 802.1X AKM—802.1X authentication mode.
· Private PSK AKM—MAC authentication mode.
· PSK AKM—MAC or bypass authentication mode.
· WiFi alliance anonymous 802.1X AKM—802.1X authentication mode.
For more information about the authentication mode, see "Configuring WLAN user access authentication."
Examples
# Set the PSK AKM mode.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] akm mode psk
· cipher-suite
· security-ie
cipher-suite
Use cipher-suite to specify the cipher suite used for frame encryption.
Use undo cipher-suite to remove the configuration.
Syntax
cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }
undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }
Default
No cipher suite is set.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
ccmp: Specifies the AES-CCMP cipher suite.
tkip: Specifies the TKIP cipher suite.
wep40: Specifies the WEP40 cipher suite.
wep104: Specifies the WEP104 cipher suite.
wep128: Specifies the WEP128 cipher suite.
Usage guidelines
You must set the cipher suite for RSNA networks. Set a cipher suite only when the WLAN service template is disabled.
Set the TKIP or CCMP cipher suite when you configure the RSN IE or WPA IE.
The WEP cipher suite includes three types, WEP40, WEP104, and WEP128. Each WLAN service template supports only one type of WEP cipher suite. After you set a type of WEP cipher suite, you must create and apply a key of the same type.
WEP128 cannot be set if the CCMP or TKIP cipher suite is configured.
Examples
# Set the TKIP cipher suite for frame encryption.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] cipher-suite tkip
· security-ie
· wep key
· wep key-id
gtk-rekey client-offline enable
Use gtk-rekey client-offline enable to enable offline-triggered GTK update.
Use undo gtk-rekey client-offline to restore the default.
Syntax
gtk-rekey client-offline enable
undo gtk-rekey client-offline enable
Default
Offline-triggered GTK update is disabled.
Views
WLAN service template view
Predefined user roles
network-admin
Usage guidelines
Enable offline-triggered GTK update only when GTK update is enabled.
Examples
# Enable offline-triggered GTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] gtk-rekey client-offline enable
gtk-rekey enable
gtk-rekey enable
Use gtk-rekey enable to enable GTK update.
Use undo gtk-rekey enable to disable GTK update.
Syntax
gtk-rekey enable
undo gtk-rekey enable
Default
GTK update is enabled.
Views
WLAN service template view
Predefined user roles
network-admin
Examples
# Enable GTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] gtk-rekey enable
gtk-rekey method
Use gtk-rekey method to set a GTK update method.
Use undo gtk-rekey method to restore the default.
Syntax
gtk-rekey method { packet-based [ packet ] | time-based [ time ] }
undo gtk-rekey method
Default
The GTK is updated at an interval of 86400 seconds.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
packet-based packet: Specifies the number of packets (including multicasts and broadcasts) that are transmitted before the GTK is updated. The value range for the packet argument is 5000 to 4294967295 and the default is 10000000.
time-based time: Specifies the interval at which the GTK is updated. The value range for the time argument is 180 to 604800 seconds and the default is 86400 seconds.
Usage guidelines
Set the GTK update method only when GTK update is enabled.
The most recent configuration overwrites the previous one. For example, if you set the packet-based method and then set the time-based method, the time-based method takes effect.
If you set the GTK update method after the service template is enabled, the change takes effect when the following conditions exist:
· If you change the GTK update interval, the new interval takes effect when the old timer times out.
· If you change the packet number threshold, the new threshold takes effect immediately.
· If you change the GTK update method to packet-based, the new method takes effect when the timer is deleted and the packet number threshold is reached.
· If you change the GTK update method to time-based, the configuration takes effect immediately.
Examples
# Enable time-based GTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] gtk-rekey method time-based 3600
# Enable packet-based GTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] gtk-rekey method packet-based 600000
gtk-rekey enable
key-derivation
Use key-derivation to set the key derivation function (KDF).
Use undo key-derivation to restore the default.
Syntax
key-derivation { sha1 | sha1-and-sha256 | sha256 }
undo key-derivation
Default
The KDF is the HMAC-SHA1 algorithm.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
sha1: Specifies the HMAC-SHA1 algorithm as the KDF.
sha256: Specifies the HMAC-SHA256 algorithm as the KDF.
sha1-and-sha256: Specifies the HMAC-SHA1 algorithm and the HMAC-SHA256 algorithm as the KDFs.
Usage guidelines
KDFs take effect only for a network that uses the RSNA mechanism.
As a best practice, configure the HMAC-SHA256 algorithm as the KDF if management frame protection is enabled.
Examples
# Configure the HMAC-SHA256 algorithm as the KDF.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] key-derivation sha256
Related commands
· akm mode
· cipher-suite
· security-ie
pmf
Use pmf to enable management frame protection.
Use undo pmf to restore the default.
Syntax
pmf { mandatory | optional }
undo pmf
Default
Management frame protection is disabled.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
mandatory: Specifies the mandatory mode. Only clients that support management frame protection can access the WLAN.
optional: Specifies the optional mode. All clients can access the WLAN.
Usage guidelines
Management frame protection takes effect only for a network that uses the RSNA mechanism and is configured with the CCMP cipher suite and RSN security information element.
Examples
# Enable management frame protection in optional mode.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] pmf optional
Related commands
· cipher-suite
· security-ie
pmf association-comeback
Use pmf association-comeback to set the association comeback time.
Use undo pmf association-comeback to restore the default.
Syntax
pmf association-comeback time
undo pmf association-comeback
Default
The association comeback time is 1 second.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
time: Specifies the association comeback time in the range of 1 to 20 seconds.
Usage guidelines
If an AP rejects the current association or reassociation request from a client, it returns an association/reassociation response that carries the association comeback time. The AP starts to receive the association or reassociation request from the client when the association comeback time times out.
Examples
# Set the association comeback time to 2 seconds.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] pmf association-comeback 2
pmf saquery retrycount
Use pmf saquery retrycount to maximum retransmission attempts for SA query requests.
Use undo pmf saquery retrycount to restore the default.
Syntax
pmf saquery retrycount count
undo pmf saquery retrycount
Default
The maximum retransmission attempt number is 4 for SA query requests.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum retransmission attempts for SA query requests, in the range of 1 to 16.
Usage guidelines
If an AP does not receive an acknowledgment for the SA query request after retransmission attempts reach the maximum number, the AP determines that the client is offline.
Examples
# Set the number of maximum retransmission attempt to 3 for SA query requests.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] pmf saquery retrycount 3
Related commands
· pmf
· pmf saquery retrytimeout
pmf saquery retrytimeout
Use pmf saquery retrytimeout to set the interval for sending SA query requests.
Use undo pmf saquery retrytimeout to restore the default.
Syntax
pmf saquery retrytimeout timeout
undo pmf saquery retrytimeout
Default
The interval for sending SA query requests is 200 milliseconds.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
timeout: Specifies the interval for an AP to send SA query requests, in the range of 100 to 500 milliseconds.
Examples
# Set the interval for sending SA query requests to 300 milliseconds.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] pmf saquery retrytimeout 300
Related commands
· pmf
· pmf saquery retrycount
preshared-key
Use preshared-key to set the PSK.
Use undo preshared-key to restore the default.
Syntax
preshared-key { pass-phrase | raw-key } { cipher | simple } string
undo preshared-key
Default
No PSK is set.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
pass-phrase: Sets a PSK, a character string.
raw-key: Sets a PSK, a hexadecimal number.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies a key string. This argument is case sensitive. Key length varies by key type:
· pass-phrase—Its plaintext form is 8 to 63 characters. Its encrypted form is 8 to 117 characters.
· raw-key—Its plaintext form is 64 hexadecimal digits. Its encrypted form is 8 to 117 characters.
Usage guidelines
Set the PSK only when the WLAN service template is disabled and the AKM mode is PSK. If you set the PSK when the AKM mode is 802.1X, the WLAN service template can be enabled but the PSK configuration does not take effect.
You can set only one PSK for a WLAN service template.
Examples
# Configure simple character string 12345678 as the PSK.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] akm mode psk
[Sysname-wlan-st-security] preshared-key pass-phrase simple 12345678
Related commands
akm mode
ptk-lifetime
Use ptk-lifetime to set the PTK lifetime.
Use undo ptk-lifetime to restore the default.
Syntax
ptk-lifetime time
undo ptk-lifetime
Default
The PTK lifetime is 43200 seconds.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
time: Specifies the lifetime of the PSK, in the range of 180 to 604800 seconds.
Usage guidelines
If you configure the PTK lifetime when the service template is enabled, the configuration takes effect after the old timer times out.
Examples
# Set the PTK lifetime to 200 seconds.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] ptk-lifetime 200
ptk-rekey enable
Use ptk-rekey enable to enable PTK update.
Use undo ptk-rekey enable to disable PTK update.
Syntax
ptk-rekey enable
undo ptk-rekey enable
Default
PTK update is enabled.
Views
WLAN service template view
Predefined user roles
network-admin
Usage guidelines
This feature enables the device to update PTK after the configured PTK lifetime expires.
Examples
# Enable PTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] ptk-rekey enable
Related commands
ptk-lifetime
security-ie
Use security-ie to enable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.
Use undo security-ie to disable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.
Syntax
security-ie { osen | rsn | wpa }
undo security-ie { osen | rsn | wpa }
Default
OSEN IE, RSN IE, and WPA IE are disabled in beacon and probe responses.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
osen: Enables the OSEN IE in the beacon and probe response frames sent by the AP. The OSEN IE advertises the OSEN capabilities of the AP.
rsn: Enables the RSN IE in the beacon and probe response frames sent by the AP. The RSN IE advertises the RSN capabilities of the AP.
wpa: Enables the WPA IE in the beacon and probe response frames sent by the AP. The WPA IE advertises the WPA capabilities of the AP.
Usage guidelines
You must set the security IE for RSNA networks. Set a security IE only when the WLAN service template is disabled and the CCMP or TKIP cipher suite is configured.
You can set both the WPA IE and RSN IE for the same WLAN service template. The WPA IE and RSN IE cannot be used together with the OSEN IE for a WLAN service template.
Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.
Examples
# Enable the RSN IE in beacon and probe responses.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] security-ie rsn
· akm mode
· cipher-suite
snmp-agent trap enable wlan usersec
Use snmp-agent trap enable wlan usersec to enable SNMP notifications for WLAN security.
Use undo snmp-agent trap enable wlan usersec to disable SNMP notifications for WLAN security.
Syntax
snmp-agent trap enable wlan usersec
undo snmp-agent trap enable wlan usersec
Default
SNMP notifications are disabled for WLAN security.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical WLAN security events to an NMS, enable SNMP notifications for WLAN security. For WLAN security event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notifications for WLAN security.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan usersec
tkip-cm-time
Use tkip-cm-time to set the TKIP MIC failure hold time.
Use undo tkip-cm-time to restore the default.
Syntax
tkip-cm-time time
undo tkip-cm-time
Default
The TKIP MIC failure hold time is 0 seconds. The AP does not take any countermeasures.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
time: Sets the TKIP MIC failure hold time in the range of 0 to 3600 seconds.
Usage guidelines
Set the TKIP MIC failure hold time only when the TKIP cipher suite is configured.
If you configure the MIC failure hold time when the service template is enabled, the configuration takes effect after the old timer times out.
If the AP detects two MIC failures within the MIC failure hold time, it disassociates all clients for 60 seconds.
Examples
# Set the TKIP MIC failure hold time to 180 seconds.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] tkip-cm-time 180
cipher-suite
wep key
Use wep key to set a WEP key.
Use undo wep key to delete the configured WEP key.
Syntax
wep key key-id { wep40 | wep104 | wep128 } { pass-phrase | raw-key } { cipher | simple } string
undo wep key key-id
Default
No WEP key is set.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
key-id: Sets the key ID in the range of 1 to 4.
wep40: Sets the WEP40 key.
wep104: Sets the WEP104 key.
wep128: Sets the WEP128 key.
pass-phrase: Sets a WEP key, a character string.
raw-key: Sets a WEP key, a hexadecimal number.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies a key string. This argument is case sensitive. The cipher key length is in the range of 37 to 73 characters. The plaintext key length varies by key type:
· wep40 pass-phrase (plaintext)—5 characters.
· wep104 pass-phrase (plaintext)—13 characters.
· wep128 pass-phrase (plaintext)—16 characters.
· wep40 raw-key (plaintext)—10 hexadecimal digits.
· wep104 raw-key (plaintext)—26 hexadecimal digits.
· wep128 raw-key (plaintext)—32 hexadecimal digits.
Usage guidelines
Set a WEP key only when the WLAN service template is disabled and the cipher suite WEP is configured. You can set a maximum of four WEP keys.
Examples
# Configure the cipher suite WEP40 and configure plain text 12345 as WEP key 1.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] cipher-suite wep40
[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345
Related commands
· cipher-suite
· wep key-id
wep key-id
Use wep key-id to apply a WEP key.
Use undo wep key-id to restore the default.
Syntax
wep key-id { 1 | 2 | 3 | 4 }
undo wep key-id
Default
Key 1 is applied.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
1: Specifies the WEP key whose ID is 1.
2: Specifies the WEP key whose ID is 2.
3: Specifies the WEP key whose ID is 3.
4: Specifies the WEP key whose ID is 4.
Usage guidelines
Apply a WEP key only when the WLAN service template is disabled.
In the RSNA mechanism, key 1 is the negotiated key. To apply a WEP key, specify a WEP key whose ID is not 1.
You can only apply an existing WEP key.
Examples
# Configure the cipher suite WEP40, configure plain text 12345 as WEP key 1, and apply WEP key 1.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] cipher-suite wep40
[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345
[Sysname-wlan-st-security] wep key-id 1
Related commands
wep key
wep mode dynamic
Use the wep mode dynamic command to enable the dynamic WEP mechanism.
Use the undo wep mode dynamic command to disable the dynamic WEP mechanism.
Syntax
wep mode dynamic
undo wep mode dynamic
Default
The dynamic WEP mechanism is disabled.
Views
WLAN service template view
Predefined user roles
network-admin
Usage guidelines
Enable the dynamic WEP mechanism only when the WLAN service template is disabled.
The dynamic WEP mechanism requires 802.1X authentication for user access authentication.
Do not apply WEP key 4 if the dynamic WEP mechanism is enabled.
Examples
# Enable the dynamic WEP mechanism.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] wep mode dynamic
Related commands
· cipher-suite
· client-security authentication-mode (WLAN access commands)
· wep key
· wep key-id
WLAN authentication commands
This chapter describes WLAN-specific authentication commands. For more information about 802.1X and MAC authentication commands, see Security Command Reference.
client-security accounting-delay time
Use client-security accounting-delay time to configure the accounting delay.
Use undo client-security accounting-delay time to restore the default.
Syntax
client-security accounting-delay time time [ no-ip-logoff ]
undo client-security accounting-delay time
Default
The device sends a start-accounting request for a client only when the device learns the IP address of that client.
Views
Service template view
Predefined user roles
network-admin
Parameters
time: Sets the accounting delay timer. The value range for the time argument is 1 to 600 seconds.
no-ip-logoff: Logs off a client if the device has failed to obtain the client IP address before the delay timer expires. If you do not specify this keyword, the device sends a start-accounting request immediately after the accounting delay timer expires.
Usage guidelines
The accounting delay timer operates in conjunction with an IP-based accounting-start trigger. The timer specifies the maximum interval for the device to learn the IP address of an 802.1X or MAC authenticated client before it takes the specified action.
The timer starts when a client passes 802.1X or MAC authentication. If the device has failed to learn an IP address that matches the IP-based accounting-start trigger before the accounting delay timer expires, the device takes either of the following actions:
· Sends a start-accounting request immediately if the no-ip-logoff action is not specified.
· Logs off the client if the no-ip-logoff action is specified.
Configure the accounting delay timer depending on the typical amount of time for the device to learn the IP address of a client. As a best practice, increase the delay timer on a low-performance network.
The timer takes effect only on clients that come online after the timer is configured.
Examples
# Set the accounting delay timer to 15 seconds in service template service1. Configure the device to log off a client if it has failed to learn the required client IP address before the delay timer expires.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security accounting-delay time 15 no-ip-logoff
Related commands
client-security accounting-start trigger
client-security accounting-start trigger
Use client-security accounting-start trigger to configure an accounting-start trigger for clients.
Use undo client-security accounting-start trigger to restore the default.
Syntax
client-security accounting-start trigger { ipv4 | ipv4-ipv6 | ipv6 | none }
undo client-security accounting-start trigger
Default
The accounting-start trigger is based on IPv4 address type.
Views
Service template view
Predefined user roles
network-admin
Parameters
ipv4: Sends an accounting-start request if an 802.1X or MAC authenticated client uses an IPv4 address.
ipv4-ipv6: Sends an accounting-start request if an 802.1X or MAC authenticated client uses an IPv4 or IPv6 address.
ipv6: Sends an accounting-start request if an 802.1X or MAC authenticated client uses an IPv6 address.
none: Sends a start-accounting request when a client passes authentication without examining its IP address type.
Usage guidelines
This command takes effect only on clients that have passed 802.1X or MAC authentication. For more information about accounting, see AAA in Security Configuration Guide.
For the accounting-start trigger to take effect, follow these guidelines:
· If the trigger is IP address type based, you must enable learning IP addresses of that type. For information about wireless client IP address learning, see WLAN IP snooping in WLAN Configuration Guide.
· The IP-based trigger must match the requirement of the accounting server for the IP version.
The trigger takes effect only on clients that come online after the trigger is configured.
Examples
# Configure an IPv6 address-based accounting-start trigger in service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security accounting-start trigger ipv6
Related commands
· client ipv4-snooping arp-learning enable
· client ipv4-snooping dhcp-learning enable
· client ipv6-snooping dhcpv6-learning enable
· client ipv6-snooping nd-learning enable
· client ipv6-snooping snmp-nd-report enable
· client-security accounting-delay time
· client-security accounting-update trigger
client-security accounting-update trigger
Use client-security accounting-update trigger to specify an event-based accounting-update trigger.
Use undo client-security accounting-update trigger to restore the default.
Syntax
client-security accounting-update trigger { ipv4 | ipv4-ipv6 | ipv6 }
undo client-security accounting-update trigger
Default
No event-based accounting-update trigger is configured. The device sends update-accounting requests to the accounting server only regularly at server-assigned or user-defined real-time accounting intervals.
Views
Service template view
Predefined user roles
network-admin
Parameters
ipv4: Sends an update-accounting request when the IPv4 address of an online 802.1X or MAC authenticated client changes.
ipv4-ipv6: Sends an update-accounting request when the IPv4 or IPv6 address of an online 802.1X or MAC authenticated client changes.
ipv6: Sends an update-accounting request when the IPv6 address of an online 802.1X or MAC authenticated client changes.
Usage guidelines
Use accounting-update trigger in conjunction with the accounting-start trigger. The accounting-update trigger can take effect only if you have configured the accounting-start trigger by using the client-security accounting-start trigger command.
In addition to the event-based accounting-update trigger, you can set a regular accounting-update interval by using the timer realtime-accounting command.
The accounting-update trigger takes effect only on clients that come online after the trigger is configured.
Examples
# Configure an IPv6 address change-based accounting-update trigger in service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security accounting-update trigger ipv6
Related commands
· client-security accounting-start trigger
· timer realtime-accounting (Security Command Reference)
client-security authentication fail-vlan
Use client-security authentication fail-vlan to configure an Auth-Fail VLAN for a service template.
Use undo client-security authentication fail-vlan to restore the default.
Syntax
client-security authentication fail-vlan vlan-id
undo client-security authentication fail-vlan
Default
No Auth-Fail VLAN is configured for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies the ID of the Auth-Fail VLAN, in the range of 1 to 4094. Make sure the VLAN has been created.
Usage guidelines
A WLAN Auth-Fail VLAN accommodates clients that have failed WLAN authentication because of the failure to comply with the organization security strategy. For example, the VLAN accommodates clients that have entered wrong passwords. The Auth-Fail VLAN does not accommodate WLAN clients that have failed authentication for authentication timeouts or network connection problems.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Configure VLAN 10 as the Auth-Fail VLAN in service template 1.
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] client-security authentication fail-vlan 10
client-security authentication-location
Use client-security authentication-location to specify the authenticator for WLAN clients.
Use undo client-security authentication-location to restore the default.
Syntax
client-security authentication-location { ac | ap }
undo client-security authentication-location
Default
The AC acts as the authenticator to authenticate WLAN clients.
Views
Service template view
Predefined user roles
network-admin
Parameters
ac: Specifies the AC as the authenticator.
ap: Specifies the AP as the authenticator.
Usage guidelines
You cannot specify the AP as the authenticator if the AC is configured to forward client data traffic (by using the client forwarding-location command). For information about the client forwarding-location command, see "WLAN access commands."
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Configure the AC as the authenticator for WLAN clients in service template s1.
[Sysname] wlan service-template s1
[Sysname-wlan-st-s1] client-security authentication-location ac
Related commands
client forwarding-location
client-security authentication-mode
Use client-security authentication-mode to set the authentication mode for WLAN clients.
Use undo client-security authentication-mode to restore the default.
Syntax
undo client-security authentication-mode
Default
The WLAN authentication mode is Bypass. The device does not perform authentication for WLAN clients.
Views
Service template view
Predefined user roles
network-admin
Parameters
dot1x: Performs 802.1X authentication only.
dot1x-then-mac: Performs 802.1X authentication first, and then MAC authentication. If the client passes 802.1X authentication, MAC authentication is not performed.
mac: Performs MAC authentication only.
mac-then-dot1x: Performs MAC authentication first, and then 802.1X authentication. If the client passes MAC authentication, 802.1X authentication is not performed.
oui-then-dot1x: Performs OUI authentication first, and then 802.1X authentication. If the client passes OUI authentication, 802.1X authentication is not performed.
Usage guidelines
A service template allows access of multiple authenticated clients in any authentication mode. To set the maximum number of 802.1X clients, use the dot1x max-user command. To set the maximum number of MAC authentication clients, use the mac-authentication max-user command.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Set the authentication mode to mac for WLAN clients in service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security authentication-mode mac
client-security authorization-fail offline
Use client-security authorization-fail offline to enable the authorization-fail-offline feature.
Use undo client-security authorization-fail offline to disable the authorization-fail-offline feature.
Syntax
client-security authorization-fail offline
undo client-security authorization-fail offline
Default
The authorization-fail-offline feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
The authorization-fail-offline feature logs off WLAN clients that fail ACL or user profile authorization.
A WLAN client fails ACL or user profile authorization in the following situations:
· The device or server fails to authorize the specified ACL or user profile to the client.
· The authorized ACL or user profile does not exist.
If this feature is disabled, the device does not log off WLAN clients that fail ACL or user profile authorization. However, the device outputs logs to report the failure.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Enable the authorization-fail-offline feature for service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security authorization-fail offline
client-security ignore-authentication
Use client-security ignore-authentication to configure the device to ignore the 802.1X or MAC authentication failures.
Use undo client-security ignore-authentication to restore the default.
Syntax
client-security ignore-authentication
undo client-security ignore-authentication
Default
The device does not ignore the authentication failures for wireless clients that perform 802.1X authentication or perform RADIUS-based MAC authentication.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command applies to the following clients:
· Clients that perform 802.1X authentication.
This command enables the device to ignore the 802.1X authentication failures and allow clients that have failed 802.1X authentication to come online.
· Clients that perform both RADIUS-based MAC authentication and portal authentication.
Typically, a client must pass MAC authentication and portal authentication in turn to access network resources. The client provides username and password each time portal authentication is performed.
This command simplifies the authentication process for a client as follows:
? If the RADIUS server already records the client's MAC authentication information, the client passes MAC authentication. The device allows the client to access network resources without performing portal authentication.
? If the RADIUS server does not record the client's MAC authentication information, the client fails MAC authentication. The device ignores the MAC authentication failures and performs portal authentication for the client. If the client passes portal authentication, it can access network resources. The MAC address of the portal authenticated client will be recorded as MAC authentication information on the RADIUS server. At the next authentication attempt, the client will pass MAC authentication and access network resources without performing portal authentication.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
For RSN + 802.1X clients to roam to a new AP, do not use this command.
Examples
# Configure the device to ignore 802.1X or MAC authentication failures in service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security ignore-authentication
client-security ignore-authorization
Use client-security ignore-authorization to configure the device to ignore the authorization information received from the authentication server (a RADIUS server or the local device).
Use undo client-security ignore-authorization to restore the default.
Syntax
client-security ignore-authorization
undo client-security ignore-authorization
Default
The device uses the authorization information from the server.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
After a client passes RADIUS or local authentication, the server performs authorization based on the authorization attributes configured for the user account. For example, the server can assign a VLAN. If you do not want the device to use these authorization attributes for clients, configure this command to ignore the authorization information from the server.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Configure the device to ignore the authorization information from the authentication server for service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security ignore-authorization
client-security intrusion-protection action
Use client-security intrusion-protection action to configure the intrusion protection action that the device takes when intrusion protection detects illegal frames.
Use undo client-security intrusion-protection action to restore the default.
Syntax
undo client-security intrusion-protection action
Default
The intrusion protection action is temporary-block.
Views
Service template view
Predefined user roles
network-admin
Parameters
service-stop: Stops the BSS where an illegal frame is received until the BSS is enabled manually on the radio interface.
temporary-block: Adds the source MAC address of an illegal frame to the blocked MAC address list for a period. To set the period, use the client-security intrusion-protection timer temporary-block command.
temporary-service-stop: Stops the BSS where an illegal frame is received for a period. To set the period, use the client-security intrusion-protection timer temporary-service-stop command.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
For this command to take effect, you must also use the client-security intrusion-protection enable command to enable the intrusion protection feature.
Examples
# Configure the device to stop the BSS where intrusion protection detects illegal frames for service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security intrusion-protection enable
[Sysname-wlan-st-service1] client-security intrusion-protection action service-stop
Related commands
· client-security intrusion-protection enable
· client-security intrusion-protection timer temporary-block
· client-security intrusion-protection timer temporary-service-stop
client-security intrusion-protection enable
Use client-security intrusion-protection enable to enable the intrusion protection feature.
Use undo client-security intrusion-protection enable to disable the intrusion protection feature.
Syntax
client-security intrusion-protection enable
undo client-security intrusion-protection enable
Default
The intrusion protection feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
When the device receives an association request from an illegal client, the device takes the predefined protection action on the BSS where the request is received. A client is illegal if its MAC address fails WLAN authentication. To set the protection action, use the client-security intrusion-protection action command.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Enable the intrusion protection feature for service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security intrusion-protection enable
Related commands
client-security intrusion-protection action
client-security intrusion-protection timer temporary-block
Use client-security intrusion-protection timer temporary-block to set the period during which a MAC address is blocked by intrusion protection.
Use undo client-security intrusion-protection timer temporary-block to restore the default.
Syntax
client-security intrusion-protection timer temporary-block time
undo client-security intrusion-protection timer temporary-block
Default
An illegal MAC address is blocked for 180 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
time: Sets the period during which a MAC address is blocked. The value range is 60 to 300 seconds.
Usage guidelines
This command takes effect only when the intrusion protection action is temporary-block.
If you change the blocking period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.
Examples
# Configure service template service1 to block illegal MAC addresses for 120 seconds.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security intrusion-protection enable
[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-block
[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-block 120
Related commands
· client-security intrusion-protection action
· client-security intrusion-protection enable
client-security intrusion-protection timer temporary-service-stop
Use client-security intrusion-protection timer temporary-service-stop to set the BSS silence period for intrusion protection.
Use undo client-security intrusion-protection timer temporary-service-stop to restore the default.
Syntax
client-security intrusion-protection timer temporary-service-stop time
undo client-security intrusion-protection timer temporary-service-stop
Default
The BSS silence period is 20 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
time: Sets the period during which a BSS is disabled. The value range is 10 to 300 seconds.
Usage guidelines
This command takes effect only when the intrusion protection action is temporary-service-stop.
If you change the BSS silence period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.
Examples
# Set the BSS silence period to 30 seconds for intrusion protection in service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security intrusion-protection enable
[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-service-stop
[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-service-stop 30
Related commands
· client-security intrusion-protection action
· client-security intrusion-protection enable
display wlan client-security block-mac
Use display wlan client-security block-mac to display blocked MAC address information for WLAN clients.
Syntax
display wlan client-security block-mac [ ap ap-name [ radio radio-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and minus signs (-). If you do not specify this option, the command displays information about all blocked MAC addresses.
radio radio-id: Specifies a radio by its ID. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays blocked MAC address information for all radios on the specified AP.
Usage guidelines
A MAC address that fails authentication is added to the blocked MAC address list when the intrusion protection action is temporary-block.
Examples
# Display information about all blocked MAC addresses.
<Sysname> display wlan client-security block-mac
MAC address AP ID RADIO ID BSSID
0002-0002-0002 1 1 00ab-0de1-0001
000d-88f8-0577 1 1 0ef1-0001-02c1
Total entries: 2
Table 32 Command output
Field |
Description |
MAC address |
Blocked MAC address, in the format of H-H-H. |
AP ID |
AP ID of the blocked MAC address. |
RADIO ID |
Radio ID of the blocked MAC address. |
BSSID |
BSS ID of the blocked MAC address, in the format of H-H-H. |
Number of blocked MAC addresses. |
Related commands:
· client-security intrusion-protection action
· client-security intrusion-protection timer temporary-block
dot1x domain
Use dot1x domain to specify an authentication domain for 802.1X clients on a service template.
Use undo dot1x domain to restore the default.
Syntax
Default
No authentication domain is specified for 802.1X clients on a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
802.1X chooses an authentication domain for WLAN clients in the following order:
1. Authentication domain specified on the service template.
2. Domain specified by username.
3. Default authentication domain.
Examples
# Specify domain my-domain as the authentication domain for 802.1X clients in service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x domain my-domain
dot1x eap
Use dot1x eap to specify an EAP mode for 802.1X authentication.
Use undo dot1x eap to restore the default.
Syntax
dot1x eap { extended | standard }
undo dot1x eap
Default
The EAP mode is standard.
Views
Service template view
Predefined user roles
network-admin
Parameters
extended: Specifies the extended EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the proprietary EAP protocol.
standard: Specifies the standard EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the standard EAP protocol.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
When you configure this command, specify the extended keyword for iNode clients and the standard keyword for other clients.
This command is required only when an IMC server is used as the RADIUS server.
Examples
# Set the EAP mode for 802.1X authentication to extended in service template 1.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] dot1x eap extended
dot1x handshake enable
Use dot1x handshake enable to enable the 802.1X online user handshake feature.
Use undo dot1x handshake enable to disable the 802.1X online user handshake feature.
Syntax
Default
The 802.1X online user handshake feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
The online user handshake feature checks the connection status of online 802.1X clients by periodically sending handshake messages to the clients. The device sets a client to the offline state if it does not receive responses from the client after making the maximum handshake attempts within the handshake timer. To set the handshake timer, use the dot1x timer handshake-period command. To set the maximum handshake attempts, use the dot1x retry command.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Enable the online user handshake feature for 802.1X clients in service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x handshake enable
Related commands
· dot1x handshake secure enable
· dot1x retry (Security Command Reference)
· dot1x timer handshake-period (Security Command Reference)
dot1x handshake secure enable
Use dot1x handshake secure enable to enable the 802.1X online user handshake security feature.
Use undo dot1x handshake secure enable to disable the 802.1X online user handshake security feature.
Syntax
undo dot1x handshake secure enable
Default
The online user handshake security feature is disabled for 802.1X clients.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
For the online user handshake security feature to take effect, you must enable online user handshake.
The online user handshake security feature protects only authenticated online 802.1X clients.
Examples
# Enable the online user handshake security feature for 802.1X clients in service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x handshake enable
[Sysname-wlan-st-service1] dot1x handshake secure enable
Related commands
dot1x max-user
Use dot1x max-user to set the maximum number of concurrent 802.1X clients on a service template.
Use undo dot1x max-user to restore the default.
Syntax
Default
A maximum of 4096 concurrent 802.1X clients are allowed on a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
count: Sets the maximum number of concurrent 802.1X clients. The value range is 1 to 4096.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
When the maximum number is reached, the service template denies subsequent 802.1X clients.
Examples
# Set the maximum number of concurrent 802.1X clients to 32 in service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x max-user 500
dot1x re-authenticate enable
Use dot1x re-authenticate enable to enable the 802.1X periodic online user reauthentication feature on a service template.
Use undo dot1x re-authenticate enable to disable the feature on a service template.
Syntax
undo dot1x re-authenticate enable
Default
The 802.1X periodic online user reauthentication feature is disabled on a service template.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Periodic reauthentication enables the device to periodically authenticate online 802.1X clients on a service template. This feature checks the connection status of online clients and updates the authorization attributes assigned by the server, such as the ACL, VLAN, and user profile.
You can use the dot1x timer reauth-period command to configure the interval for reauthentication.
The server-assigned session timeout timer (Session-Timeout attribute) and termination action (Termination-Action attribute) together can affect the periodic online user reauthentication feature. To display the server-assigned Session-Timeout and Termination-Action attributes, use the display dot1x connection command (see Security Command Reference).
· If the termination action is Default (logoff), periodic online user reauthentication on the template takes effect only when the periodic reauthentication timer is shorter than the session timeout timer.
· If the termination action is Radius-request, the periodic online user reauthentication configuration on the template does not take effect. The device reauthenticates the online 802.1X clients after the session timeout timer expires.
Examples
# Enable the 802.1X periodic online user reauthentication feature in service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x re-authenticate enable
Related commands
dot1x timer (Security Command Reference)
mac-authentication domain
Use mac-authentication domain to specify an authentication domain for MAC authentication clients on a service template.
Use undo mac-authentication domain to restore the default.
Syntax
mac-authentication domain domain-name
undo mac-authentication domain
Default
No authentication domain is specified for MAC authentication clients on a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
MAC authentication chooses an authentication domain for WLAN clients in the following order:
1. Authentication domain specified on the service template.
2. Global authentication domain specified in system view.
3. Default authentication domain.
Examples
# Specify the domain my-domain as the authentication domain for MAC authentication clients in service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] mac-authentication domain my-domain
mac-authentication max-user
Use mac-authentication max-user to set the maximum number of concurrent MAC authentication clients on a service template.
Use undo mac-authentication max-user to restore the default.
Syntax
mac-authentication max-user count
undo mac-authentication max-user
Default
A maximum of 4096 concurrent MAC authentication clients are allowed on a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
count: Sets the maximum number of concurrent MAC authentication clients. The value range for this argument is 1 to 4096.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
When the maximum number is reached, the service template denies subsequent MAC authentication clients.
Examples
# Configure service template service1 to support a maximum of 32 concurrent MAC authentication clients.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] mac-authentication max-user 32
port-security oui
Use port-security oui to configure an OUI value for OUI authentication.
Use undo port-security oui to delete the OUI value with the specified OUI index.
Syntax
port-security oui index index-value mac-address oui-value
undo port-security oui index index-value
Default
No OUI values are configured.
Views
System view
Predefined user roles
network-admin
Parameters
index-value: Sets the OUI index in the range of 1 to 16.
oui-value: Specifies an OUI string, a 48-bit MAC address in the H-H-H format. The system uses only the 24 high-order bits as the OUI value.
Usage guidelines
You can configure a maximum of 16 OUI values.
An OUI, the first 24 binary bits of a MAC address, is assigned by IEEE to uniquely identify a device vendor. Use this command when you configure a device to allow wired packets from certain devices to pass authentication or allow their wireless packets to initiate authentication. For example, when a company allows only IP phones of vendor A in the Intranet, use this command to specify the OUI of vendor A.
The OUI values configured by using this command apply only when the authentication mode is oui-or-dot1x. A port in oui-or-dot1x mode permits frames from one 802.1X authenticated user and one user whose MAC address contains a specific OUI.
Examples
# Configure an OUI value of 000d2a, and set the index to 4.
<Sysname> system-view
[Sysname] port-security oui index 4 mac-address 000d-2a10-003
WIPS commands
ap-channel-change
Use ap-channel-change to configure channel change detection.
Use undo ap-channel-change to disable channel change detection.
Syntax
ap-channel-change [ quiet quiet-value ]
undo ap-channel-change
Default
Channel change detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a channel change. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a channel change within the quiet time.
Examples
# Enable channel change detection and set the quiet time to 5 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-channel-change quiet 5
ap-classification rule
Use ap-classification rule to create an AP classification rule and enter its view. If the AP classification rule already exists, the command enters AP classification rule view.
Use undo ap-classification rule to remove an AP classification rule.
Syntax
ap-classification rule rule-id
undo ap-classification rule rule-id
Default
No AP classification rule is created.
Views
WIPS view
Predefined user roles
network-admin
Parameters
rule-id: Specifies an AP classification rule by its ID in the range of 1 to 65535.
Examples
# Create AP classification rule 1 and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
ap-flood
Use ap-flood to configure AP flood attack detection.
Use undo ap-flood to disable AP flood attack detection.
Syntax
ap-flood [ apnum apnum-value | exceed exceed-value | quiet quiet-value ] *
undo ap-flood
Default
AP flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
apnum apnum-value: Specifies the AP number threshold in the range of 10 to 200. The default AP number threshold is 80.
exceed exceed-value: Specifies the maximum number of excessive APs allowed. The value range for the exceed-value argument is 10 to 200 and the default value is 80. If the number of APs exceeds the sum of the AP number threshold and the maximum number of excessive APs allowed, WIPS triggers an AP flood attack alarm.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP flood attack within the quiet time.
Examples
# Enable AP flood attack detection, and set the apnum-value, exceed-value, and quiet-value arguments to 50, 50, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-flood apnum 50 exceed 50 quiet 100
ap-impersonation
Use ap-impersonation to configure AP impersonation attack detection.
Use undo ap-impersonation to restore the default.
Syntax
ap-impersonation [ quiet quiet-value ]
undo ap-impersonation
Default
AP impersonation attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP impersonation attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP impersonation attack within the quiet time.
Examples
# Enable AP impersonation attack detection, and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-impersonation quiet 360
apply ap-classification rule
Use apply ap-classification rule to bind an AP classification rule to a classification policy.
Use undo apply ap-classification rule to restore the default.
Syntax
apply ap-classification rule rule-id { authorized-ap | { { external-ap | misconfigured-ap | rogue-ap } [ severity-level level ] } }
undo apply ap-classification rule rule-id
Default
No AP classification rule is bound to a classification policy.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
rule-id: Specifies an AP classification rule by its ID in the range of 1 to 65535.
authorized-ap: Specifies APs that match the AP classification rule as authorized APs.
external-ap: Specifies APs that match the AP classification rule as external APs.
misconfigured-ap: Specifies APs that match the AP classification rule as misconfigured APs.
rogue-ap: Specifies APs that match the AP classification rule as rogue APs.
level: Specifies a severity level for the AP that matches the AP classification rule, in the range of 1 to 100. The default severity level is 50.
Examples
# Bind AP classification rule 1 to the classification policy home, specify APs that match AP classification rule 1 as rogue APs, and set the severity level to 80.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] apply ap-classification rule 1 rogue-ap severity-level 80
Related commands
ap-classification rule
apply classification policy
Use apply classification policy to apply a classification policy to a virtual security domain (VSD).
Use undo apply classification policy to remove a classification policy from a VSD.
Syntax
apply classification policy policy-name
undo apply classification policy policy-name
Default
No classification policy is applied to a VSD.
Views
VSD view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a classification policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply the classification policy policy1 to the VSD home.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain home
[Sysname-wips-vsd-home] apply classification policy policy1
apply countermeasure policy
Use apply countermeasure policy to apply a countermeasure policy to a VSD.
Use undo apply countermeasure policy to remove a countermeasure policy from a VSD.
Syntax
apply countermeasure policy policy-name
undo apply countermeasure policy policy-name
Default
No countermeasure policy is applied to a VSD.
Views
VSD view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a countermeasure policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply the countermeasure policy policy2 to the VSD home.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain home
[Sysname-wips-vsd-home] apply countermeasure policy policy2
apply detect policy
Use apply detect policy to apply an attack detection policy to a VSD.
Use undo apply detect policy to remove an attack detection policy from a VSD.
Syntax
apply detect policy policy-name
undo apply detect policy policy-name
Default
No attack detection policy is applied to a VSD.
Views
VSD view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an attack detection policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply the attack detection policy policy2 to the VSD home.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain home
[Sysname-wips-vsd-home] apply detect policy policy2
apply signature policy
Use apply signature policy to apply a signature policy to a VSD.
Use undo apply signature policy to restore the default.
Syntax
apply signature policy policy-name
undo apply signature policy policy-name
Default
No signature policy is applied to a VSD.
Views
VSD view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a signature policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply the signature policy policy1 to the VSD home.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain home
[Sysname-wips-vsd-home] apply signature policy policy1
apply signature rule
Use apply signature rule to bind a signature to a signature policy.
Use undo apply signature rule to restore the default.
Syntax
apply signature rule rule-id
undo apply signature rule rule-id
Default
No signature is bound to a signature policy.
Views
Signature policy view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a signature by its ID in the range of 1 to 65535.
Examples
# Bind signature 1 to the signature policy office.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature policy office
[Sysname-wips-sig-office] apply signature rule 1
ap-rate-limit
Use ap-rate-limit to rate limit AP entry learning.
Use undo ap-rate-limit to restore the default.
Syntax
ap-rate-limit [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo ap-rate-limit
Default
The statistics collection interval for learned AP entries is 60 seconds, the quiet time is 1200 seconds, and the AP entry threshold is 64.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for learned AP entries, in the range of 1 to 3600 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP entry attack. The value range for the quiet-value argument is 1200 to 3600 seconds. WIPS does not trigger an alarm even if it detects an AP entry attack and stops learning new entries within the quiet time.
threshold threshold-value: Specifies the number of AP entries that triggers an AP entry attack alarm. The value range for the threshold-value argument is 1 to 4096.
Examples
# Rate limit AP entry learning.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-rate-limit interval 60 quiet 1600 threshold 100
ap-spoofing
Use ap-spoofing to enable AP spoofing attack detection.
Use undo ap-spoofing to disable AP spoofing attack detection.
Syntax
ap-spoofing [ quiet quiet-value ]
undo ap-spoofing
Default
AP spoofing attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP spoofing attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP spoofing attack within the quiet time.
Examples
# Enable AP spoofing attack detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-spoofing quiet 360
ap-timer
Use ap-timer to set the AP entry timer.
Use undo ap-timer to restore the default.
Syntax
ap-timer [ inactive inactive-value aging aging-value ]
undo ap-timer
Default
The inactive time is 300 seconds, and the aging time is 600 seconds.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
inactive inactive-value: Specifies the inactive time in the range of 60 to 1200 seconds. When an AP neither receives nor sends frames within the specified inactive time, WIPS sets the AP to inactive state.
aging aging-value: Specifies the aging time for an AP entry, in the range of 120 to 86400 seconds. When an AP neither receives nor sends frames within the specified aging time, WIPS deletes the entry. The aging time must be greater than the inactive time.
Examples
# Set the inactive time to 120 seconds, and set the aging time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-timer inactive 120 aging 360
association-table-overflow
Use association-table-overflow to configure association/reassociation DoS attack detection.
Use undo association-table-overflow to disable association/reassociation DoS attack detection.
Syntax
association-table-overflow [ quiet quiet-value ]
undo association-table-overflow
Default
Association/reassociation DoS attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an association/reassociation DoS attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an association/reassociation DoS attack within the quiet time.
Examples
# Enable association/reassociation DoS attack detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] association-table-overflow quiet 100
authentication
Use authentication to configure an AP classification rule to match the authentication mode of APs.
Use undo authentication to restore the default.
Syntax
authentication { equal | include } { 802.1x | none | other | psk }
undo authentication
Default
An AP classification rule does not match the authentication mode of APs.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
equal: Matches authentication modes equal to the specified authentication mode.
include: Matches authentication modes that include the specified authentication mode.
802.1x: Specifies the 802.1X authentication mode.
none: Specifies no authentication.
other: Specifies an authentication mode other than 802.1X and PSK.
psk: Specifies the PSK authentication mode.
Examples
# Configure AP classification rule 1 to match APs that use the PSK authentication mode.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] authentication equal psk
block mac-address
Use block mac-address to add the MAC address of an AP or client to the static prohibited device list.
Use undo block mac-address to remove one or all MAC addresses from the static prohibited device list.
Syntax
block mac-address mac-address
undo block mac-address { mac-address | all }
Default
No MAC address is added to the static prohibited device list.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
mac-address: Specifies an AP or client by its MAC address, in the H-H-H format.
all: Specifies all MAC addresses.
Examples
# Add the MAC address 78AC-C0AF-944F to the static prohibited device list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] block mac-address 78AC-C0AF-944F
classification policy
Use classification policy to create a classification policy and enter its view.
Use undo classification policy to remove a classification policy.
Syntax
classification policy policy-name
undo classification policy policy-name
Default
No classification policy is created.
Views
WIPS view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a classification policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Create the classification policy home and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home]
client-association fast-learn enable
Use client-association fast-learn enable to enable fast learning of client association entries.
Use undo client-association fast-learn enable to disable fast learning of client association entries.
Syntax
client-association fast-learn enable
undo client-association fast-learn enable
Default
Fast learning of client association entries is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Usage guidelines
Client association entries are entries saved on the AC after a client associates with an AP.
If this feature is not enabled, the sensor can learn the client association entries only after a client is associated with an AP successfully. After this feature is enabled, the sensor can learn the client association entries during the association process.
If the sensor learned the client association entries during the association process, the sensor will update the entries every time it detects an association request or response between the AP and the client.
This feature improves the association efficiency but reduces the association accuracy. As a best practice, enable this feature only when fast attack detection and countermeasures are required in the network.
Examples
# Enable fast learning of client association entries.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy 1
[Sysname-wips-dtc-1] client-association fast-learn enable
client-online
Use client-online to configure an AP classification rule to match the number of associated clients for APs.
Use undo client-online to restore the default.
Syntax
client-online value1 [ to value2 ]
undo client-online
Default
An AP classification rule does not match the number of associated clients for APs.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
value1 to value2: Specifies a value range for the number of associated clients for APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 128 for both the value1 and value2 arguments, and value2 must be greater than value1.
Examples
# Configure AP classification rule 1 to match APs that are associated with 20 to 40 clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] client-online 20 to 40
client-rate-limit
Use client-rate-limit to rate limit client entry learning.
Use undo client -rate-limit to restore the default.
Syntax
client-rate-limit [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo client-rate-limit
Default
The statistics collection interval for learned client entries is 60 seconds, the quiet time is 1200 seconds, and the client entry threshold is 512.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for learned client entries, in the range of 1 to 3600 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a client entry attack. The value range for the quiet-value argument is 1200 to 3600 seconds. WIPS does not trigger an alarm even if it detects a client entry attack and stops learning new entries within the quiet time.
threshold threshold-value: Specifies the number of client entries that triggers a client entry attack alarm. The value range for the threshold-value argument is 1 to 4096.
Examples
# Rate limit client entry learning.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] client-rate-limit interval 80 quiet 1600 threshold 100
client-spoofing
Use client-spoofing to enable client spoofing attack detection.
Use undo client-spoofing to disable client spoofing attack detection.
Syntax
client-spoofing [ quiet quiet-value ]
undo client-spoofing
Default
Client spoofing attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a client spoofing attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a client spoofing attack within the quiet time.
Examples
# Enable client spoofing attack detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] client-spoofing quiet 360
client-timer
Use client-timer to set the client entry timer.
Use undo client-timer to restore the default.
Syntax
client-timer inactive inactive-value aging aging-value
undo client-timer
Default
The inactive time is 300 seconds, and the aging time is 600 seconds.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
inactive inactive-value: Specifies the inactive time in the range of 60 to 1200 seconds. When a client neither receives nor sends frames within the specified inactive time, WIPS sets the client to inactive state.
aging aging-value: Specifies the aging time for a client entry, in the range of 120 to 86400 seconds. When a client neither receives nor sends frames within the specified aging time, WIPS deletes the entry. The aging time must be greater than the inactive time.
Examples
# Set the inactive time to 120 seconds, and set the aging time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] client-timer inactive 120 aging 360
countermeasure adhoc
Use countermeasure adhoc to enable WIPS to take countermeasures against Ad hoc devices.
Use undo countermeasure adhoc to restore the default.
Syntax
countermeasure adhoc
undo countermeasure adhoc
Default
WIPS does not take countermeasures against Ad hoc devices.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against Ad hoc devices.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure adhoc
countermeasure attack all
Use countermeasure attack all to enable WIPS to take countermeasures against all attackers.
Use undo countermeasure attack all to restore the default.
Syntax
countermeasure attack all
undo countermeasure attack all
Default
WIPS does not take countermeasures against all attackers.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against all attackers.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack all
countermeasure attack deauth-broadcast
Use countermeasure attack deauth-broadcast to enable WIPS to take countermeasures against devices that launch broadcast deauthentication attacks.
Use undo countermeasure deauth-broadcast to restore the default.
Syntax
countermeasure attack deauth-broadcast
undo countermeasure attack deauth-broadcast
Default
WIPS does not take countermeasures against devices that launch broadcast deauthentication attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch broadcast deauthentication attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack deauth-broadcast
countermeasure attack disassoc-broadcast
Use countermeasure attack disassoc-broadcast to enable WIPS to take countermeasures against devices that launch broadcast disassociation attacks.
Use undo countermeasure attack disassoc-broadcast to restore the default.
Syntax
countermeasure attack disassoc-broadcast
undo countermeasure attack disassoc-broadcast
Default
WIPS does not take countermeasures against devices that launch broadcast disassociation attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch broadcast disassociation attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack disassoc-broadcast
countermeasure attack honeypot-ap
Use countermeasure attack honeypot-ap to enable WIPS to take countermeasures against honeypot APs.
Use undo countermeasure attack honeypot-ap to restore the default.
Syntax
countermeasure attack honeypot-ap
undo countermeasure attack honeypot-ap
Default
WIPS does not take countermeasures against honeypot APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against honeypot APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack honeypot-ap
countermeasure attack hotspot-attack
Use countermeasure attack hotspot-attack to enable WIPS to take countermeasures against devices that launch hotspot attacks.
Use undo countermeasure attack hotspot-attack to restore the default.
Syntax
countermeasure attack hotspot-attack
undo countermeasure attack hotspot-attack
Default
WIPS does not take countermeasures against devices that launch hotspot attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch hotspot attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack hotspot-attack
countermeasure attack ht-40-mhz-intolerance
Use countermeasure attack ht-40-mhz-intolerance to enable WIPS to take countermeasures against devices with the 40 MHz bandwidth mode disabled.
Use undo countermeasure attack ht-40-mhz-intolerance to restore the default.
Syntax
countermeasure attack ht-40-mhz-intolerance
undo countermeasure attack ht-40-mhz-intolerance
Default
WIPS does not take countermeasures against devices with the 40 MHz bandwidth mode disabled.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices with the 40 MHz bandwidth mode disabled.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack ht-40-mhz-intolerance
countermeasure attack malformed-packet
Use countermeasure attack malformed-packet to enable WIPS to take countermeasures against devices that send malformed packets.
Use undo countermeasure attack malformed-packet to restore the default.
Syntax
countermeasure attack malformed-packet
undo countermeasure attack malformed-packet
Default
WIPS does not take countermeasures against devices that send malformed packets.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that send malformed packets.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack malformed-packet
countermeasure attack man-in-the-middle
Use countermeasure attack man-in-the-middle to enable WIPS to take countermeasures against devices that launch MITM attacks.
Use undo countermeasure attack man-in-the-middle to restore the default.
Syntax
countermeasure attack man-in-the-middle
undo countermeasure attack man-in-the-middle
Default
WIPS does not take countermeasures against devices that launch MITM attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch MITM attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack man-in-the-middle
countermeasure attack omerta
Use countermeasure attack omerta to enable WIPS to take countermeasures against devices that launch Omerta attacks.
Use undo countermeasure attack omerta to restore the default.
Syntax
countermeasure attack omerta
undo countermeasure attack omerta
Default
WIPS does not take countermeasures against devices that launch Omerta attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch Omerta attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack omerta
countermeasure attack power-save
Use countermeasure attack power-save to enable WIPS to take countermeasures against devices that launch power save attacks.
Use undo countermeasure attack power-save to restore the default.
Syntax
countermeasure attack power-save
undo countermeasure attack power-save
Default
WIPS does not take countermeasures against devices that launch power save attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch power save attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack power-save
countermeasure attack soft-ap
Use countermeasure attack soft-ap to enable WIPS to take countermeasures against soft APs.
Use undo countermeasure attack soft-ap to restore the default.
Syntax
countermeasure attack soft-ap
undo countermeasure attack soft-ap
Default
WIPS does not take countermeasures against soft APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against soft APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack soft-ap
countermeasure attack unencrypted-trust-client
Use countermeasure attack unencrypted-trust-client to enable WIPS to take countermeasures against unencrypted authorized clients.
Use undo countermeasure attack unencrypted-trust-client to restore the default.
Syntax
countermeasure attack unencrypted-trust-client
undo countermeasure attack unencrypted-trust-client
Default
WIPS does not take countermeasures against unencrypted authorized clients.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against unencrypted authorized clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack unencrypted-trust-client
countermeasure attack weak-iv
Use countermeasure attack weak-iv to enable WIPS to take countermeasures against devices that use weak IVs
Use undo countermeasure weak-iv to restore the default.
Syntax
countermeasure attack weak-iv
undo countermeasure attack weak-iv
Default
WIPS does not take countermeasures against devices that use weak IVs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that use weak IVs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack weak-iv
countermeasure attack windows-bridge
Use countermeasure attack windows-bridge to enable WIPS to take countermeasures against devices that launch Windows bridge attacks.
Use undo countermeasure attack windows-bridge to restore the default.
Syntax
countermeasure attack windows-bridge
undo countermeasure attack windows-bridge
Default
WIPS does not take countermeasures against devices that launch Windows bridge attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch Windows bridge attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack windows-bridge
countermeasure external-ap
Use countermeasure external-ap to enable WIPS to take countermeasures against external APs.
Use undo countermeasure external-ap to restore the default.
Syntax
countermeasure external-ap
undo countermeasure external-ap
Default
WIPS does not take countermeasures against external APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against external APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure external-ap
countermeasure mac-address
Use countermeasure mac-address to enable WIPS to take countermeasures against the device with the specified MAC address.
Use undo countermeasure mac-address to remove the configuration.
Syntax
countermeasure mac-address mac-address
undo countermeasure mac-address { mac-address | all }
Default
WIPS does not take countermeasures against detected devices.
Views
Countermeasure policy view
Predefined user roles
network-admin
Parameters
mac-address: Specifies an AP or a client by its MAC address in the H-H-H format.
all: Specifies all APs and clients.
Usage guidelines
You can configure this command multiple times to enable WIPS to take countermeasures against multiple devices.
Examples
# Enable WIPS to take countermeasures against the device with the MAC address 2a11-1fa1-141f.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure mac-address 2a11-1fa1-141f
countermeasure misassociation-client
Use countermeasure misassociation-client to enable WIPS to take countermeasures against misassociated clients.
Use undo countermeasure misassociation-client to restore the default.
Syntax
countermeasure misassociation-client
undo countermeasure misassociation-client
Default
WIPS does not take countermeasures against misassociated clients.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against misassociated clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure misassociation-client
countermeasure misconfigured-ap
Use countermeasure misconfigured-ap to enable WIPS to take countermeasures against misconfigured APs.
Use undo countermeasure misconfigured-ap to restore the default.
Syntax
countermeasure misconfigured-ap
undo countermeasure misconfigured-ap
Default
WIPS does not take countermeasures against misconfigured APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against misconfigured APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure misconfigured-ap
countermeasure policy
Use countermeasure policy to create a countermeasure policy and enter its view.
Use undo countermeasure policy to remove a countermeasure policy.
Syntax
countermeasure policy policy-name
undo countermeasure policy policy-name
Default
No countermeasure policy is created.
Views
WIPS view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a countermeasure policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Create the countermeasure policy home and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home]
countermeasure potential-authorized-ap
Use countermeasure potential-authorized-ap to enable WIPS to take countermeasures against potential-authorized APs.
Use undo countermeasure potential-authorized-ap to restore the default.
Syntax
countermeasure potential-authorized-ap
undo countermeasure potential-authorized-ap
Default
WIPS does not take countermeasures against potential-authorized APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against potential-authorized APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure potential-authorized-ap
countermeasure potential-external-ap
Use countermeasure potential-external-ap to enable WIPS to take countermeasures against potential-external APs.
Use undo countermeasure potential-external-ap to restore the default.
Syntax
countermeasure potential-external-ap
undo countermeasure potential-external-ap
Default
WIPS does not take countermeasures against potential-external APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against potential-external APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure potential-external-ap
countermeasure potential-rogue-ap
Use countermeasure potential-rogue-ap to enable WIPS to take countermeasures against potential-rogue APs.
Use undo countermeasure potential-rogue-ap to restore the default.
Syntax
countermeasure potential-rogue-ap
undo countermeasure potential-rogue-ap
Default
WIPS does not take countermeasures against potential-rogue APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against potential-rogue APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure potential-rogue-ap
countermeasure rogue-ap
Use countermeasure rogue-ap to enable WIPS to take countermeasures against rogue APs.
Use undo countermeasure rogue-ap to restore the default.
Syntax
countermeasure rogue-ap
undo countermeasure rogue-ap
Default
WIPS does not take countermeasures against rogue APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against rogue APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure rogue-ap
countermeasure unauthorized-client
Use countermeasure unauthorized-client to enable WIPS to take countermeasures against unauthorized clients.
Use undo countermeasure unauthorized-client to restore the default.
Syntax
countermeasure unauthorized-client
undo countermeasure unauthorized-client
Default
WIPS does not take countermeasures against unauthorized clients.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against unauthorized clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure unauthorized-client
countermeasure uncategorized-ap
Use countermeasure uncategorized-ap to enable WIPS to take countermeasures against uncategorized APs.
Use undo countermeasure uncategorized-ap to restore the default.
Syntax
countermeasure uncategorized-ap
undo countermeasure uncategorized-ap
Default
WIPS does not take countermeasures against uncategorized APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against uncategorized APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure uncategorized-ap
countermeasure uncategorized-client
Use countermeasure uncategorized-client to enable WIPS to take countermeasures against uncategorized clients.
Use undo countermeasure uncategorized-client to restore the default.
Syntax
countermeasure uncategorized-client
undo countermeasure uncategorized-client
Default
WIPS does not take countermeasures against uncategorized clients.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against uncategorized clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure uncategorized-client
deauthentication-broadcast
Use deauthentication-broadcast to configure broadcast deauthentication attack detection.
Use undo deauthentication-broadcast to disable broadcast deauthentication attack detection.
Syntax
deauthentication-broadcast [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo deauthentication-broadcast
Default
Broadcast deauthentication attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for broadcast deauthentication frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a broadcast deauthentication attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a broadcast deauthentication attack within the quiet time.
threshold threshold-value: Specifies the number of broadcast deauthentication frames that triggers a broadcast deauthentication attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable broadcast deauthentication attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] deauthentication-broadcast interval 100 threshold 100 quiet 360
detect dissociate-client enable
Use detect dissociate-client enable to enable WIPS to detect unassociated clients.
Use undo detect dissociate-client enable to disable WIPS from detecting unassociated clients.
Syntax
detect dissociate-client enable
undo detect dissociate-client enable
Default
WIPS does not detect unassociated clients.
Views
Attack detection policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to detect unassociated clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] detect dissociate-client enable
detect policy
Use detect policy to create an attack detection policy and enter its view.
Use undo detect policy to remove an attack detection policy.
Syntax
detect policy policy-name
undo detect policy policy-name
Default
No attack detection policy is created.
Views
WIPS view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an attack detection policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Create the attack detection policy home and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home]
detect signature
Use detect signature to enable user-defined attack detection based on signatures.
Use undo detect signature to disable user-defined attack detection based on signatures.
Syntax
detect signature [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo detect
Default
User-defined attack detection based on signatures is enabled.
Views
Signature policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for packets that match a signature. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a user-defined attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a user-defined attack within the quiet time.
threshold threshold-value: Specifies the number of packets matching a signature that triggers a user-defined attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable WIPS to detect packets that match a signature, and set the interval-value, threshold-value, and quiet-value arguments to 60, 100, and 360, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature policy home
[Sysname-wips-sig-home] detect signature interval 60 threshold 100 quiet 360
disassociation-broadcast
Use disassociation-broadcast to configure broadcast disassociation attack detection.
Use undo disassociation-broadcast to disable broadcast disassociation attack detection.
Syntax
disassociation-broadcast [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo disassociation-broadcast
Default
Broadcast disassociation attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for broadcast disassociation frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a broadcast disassociation attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a broadcast disassociation attack within the quiet time.
threshold threshold-value: Specifies the number of broadcast disassociation frames that triggers a broadcast disassociation attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable broadcast disassociation attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] disassociation-broadcast interval 100 threshold 100 quiet 360
discovered-ap
Use discovered-ap to configure an AP classification rule to match the number of sensors that detect an AP.
Use undo discovered-ap to restore the default.
Syntax
discovered-ap value1 [ to value2 ]
undo discovered-ap
Default
An AP classification rule does not match the number of sensors that detect an AP.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
value1 to value2: Specifies a value range for the number of sensors that detect an AP. The value 1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 1 to 128 for both the value1 and value2 arguments, and value2 must be greater than value1.
Examples
# Configure AP classification rule 1 to match APs that are detected by 10 to 128 sensors.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] discovered-ap 10 to 128
display wips sensor
Use display wips sensor to display information about all sensors.
Syntax
display wips sensor
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about all sensors.
<Sysname> display wips sensor
Total number of sensors: 1
Sensor ID Sensor name VSD name Radio ID Status
3 ap1 aaa 1 Active
Table 33 Command output
Field |
Description |
VSD name |
Name of the VSD to which the AP belongs. |
Radio ID |
ID of the radio enabled with WIPS. |
Status |
Status of the sensor: · Active—The sensor is enabled with WIPS. · Inactive—The sensor is not enabled with WIPS. |
display wips statistics
Use display wips statistics to display attack detection information collected from sensors.
Syntax
display wips statistics [ receive | virtual-security-domain vsd-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
receive: Displays attack detection statistics information that the AC receives from sensors in all VSDs.
virtual-security-domain vsd-name: Displays attack detection statistics information that the AC receives from sensors in the specified VSD.
Examples
# Display attack detection information collected from sensors in all VSDs.
<Sysname> display wips statistics receive
Information from sensor 3
Information about attack statistics:
Detected association-request flood messages: 0
Detected authentication flood messages: 0
Detected beacon flood messages: 0
Detected block-ack flood messages: 0
Detected cts flood messages: 0
Detected deauthentication flood messages: 0
Detected disassociation flood messages: 0
Detected eapol-start flood messages: 0
Detected null-data flood messages: 0
Detected probe-request flood messages: 0
Detected reassociation-request flood messages: 0
Detected rts flood messages: 0
Detected eapol-logoff flood messages: 0
Detected eap-failure flood messages: 0
Detected eap-success flood messages: 0
Detected duplicated-ie messages: 0
Detected fata-jack messages: 0
Detected illegal-ibss-ess messages: 0
Detected invalid-address-combination messages: 0
Detected invalid-assoc-req messages: 0
Detected invalid-auth messages: 0
Detected invalid-deauth-code messages: 0
Detected invalid-disassoc-code messages: 0
Detected invalid-ht-ie messages: 0
Detected invalid-ie-length messages: 0
Detected invalid-pkt-length messages: 0
Detected large-duration messages: 0
Detected null-probe-resp messages: 0
Detected overflow-eapol-key messages: 0
Detected overflow-ssid messages: 0
Detected redundant-ie messages: 0
Detected AP spoof AP messages: 0
Detected AP spoof client messages: 0
Detected AP spoof ad-hoc messages: 0
Detected ad-hoc spoof AP messages: 0
Detected client spoof AP messages: 0
Detected weak IV messages: 0
Detected excess AP messages: 0
Detected excess client messages: 0
Detected signature rule messages: 0
Detected 40MHZ messages: 0
Detected power save messages: 0
Detected omerta messages: 0
Detected windows bridge messages: 0
Detected soft AP messages: 0
Detected broadcast disassoc messages: 2
Detected broadcast deauth messages: 0
Detected AP impersonate messages: 0
Detected HT greenfield messages: 0
Detected association table overflow messages: 0
Detected wireless bridge messages: 0
Detected AP flood messages: 11
Table 34 Command output
Field |
Description |
Information from sensor n |
Information collected from sensor n, where n represents the ID of the sensor. |
Detected association-request flood messages |
Number of detected messages for association request flood attacks. |
Detected authentication flood messages |
Number of detected messages for authentication request flood attacks. |
Detected beacon flood messages |
Number of detected messages for beacon flood attacks. |
Detected block-ack flood messages |
Number of detected messages for Block Ack flood attacks. |
Detected cts flood messages |
Number of detected messages for CTS flood attacks. |
Detected deauthentication flood messages |
Number of detected messages for deauthentication flood attacks. |
Detected disassociation flood messages |
Number of detected messages for disassociation flood attacks. |
Detected eapol-start flood messages |
Number of detected messages for EAPOL-start flood attacks. |
Detected null-data flood messages |
Number of detected messages for null data flood attacks. |
Detected probe-request flood messages |
Number of detected messages for probe request flood attacks. |
Detected reassociation-request flood messages |
Number of detected messages for reassociation request flood attacks. |
Detected rts flood messages |
Number of detected messages for RTS flood attacks. |
Detected eapol-logoff flood messages |
Number of detected messages for EAPOL-logoff flood attacks. |
Detected eap-failure flood messages |
Number of detected messages for EAP-failure flood attacks. |
Detected eap-success flood messages |
Number of detected messages for EAP-success flood attacks. |
Detected duplicated-ie messages |
Number of detected messages for malformed packets with duplicated IE. |
Detected fata-jack messages |
Number of detected messages for FATA-Jack malformed packets. |
Detected illegal-ibss-ess messages |
Number of detected messages for malformed packets with abnormal IBSS and ESS setting. |
Detected invalid-address-combination messages |
Number of detected messages for malformed packets with invalid source address. |
Detected invalid-assoc-req messages |
Number of detected messages for malformed association request frames. |
Detected invalid-auth messages |
Number of detected messages for malformed authentication request frames. |
Detected invalid-deauth-code messages |
Number of detected messages for malformed packets with invalid deauthentication code. |
Detected invalid-disassoc-code messages |
Number of detected messages for malformed packets with invalid disassociation code. |
Detected invalid-ht-ie messages |
Number of detected messages for malformed packets with malformed HT IE. |
Detected invalid-ie-length messages |
Number of detected messages for malformed packets with invalid IE length. |
Detected invalid-pkt-length messages |
Number of detected messages for malformed packets with invalid packet length. |
Detected large-duration messages |
Number of detected messages for malformed packets with oversized duration. |
Detected null-probe-resp messages |
Number of detected messages for malformed probe response frames. |
Detected overflow-eapol-key messages |
Number of detected messages for malformed packets with oversized EAPOL key. |
Detected overflow-ssid messages |
Number of detected messages for malformed packets with oversized SSID. |
Detected redundant-ie messages |
Number of detected messages for malformed packets with redundant IE. |
Detected AP spoof AP messages |
Number of detected messages for AP spoofing (AP spoofs AP) attacks. |
Detected AP spoof client messages |
Number of detected messages for client spoofing (AP spoofs client) attacks. |
Detected AP spoof ad-hoc messages |
Number of detected messages for Ad hoc spoofing (AP spoofs Ad hoc) attacks. |
Detected ad-hoc spoof AP messages |
Number of detected messages for AP spoofing (Ad hoc spoofs AP) attacks. |
Detected client spoof AP messages |
Number of detected messages for AP spoofing (client spoofs AP) attacks. |
Detected weak IV messages |
Number of detected messages for weak IVs. |
Detected excess AP messages |
Number of detected messages for AP entry attacks. |
Detected excess client messages |
Number of detected messages for client entry attacks. |
Detected 40MHZ messages |
Number of detected messages for clients disabled with the 40 MHz bandwidth mode. |
Detected power save messages |
Number of detected messages for power saving attacks. |
Detected omerta messages |
Number of detected messages for Omerta attacks. |
Detected windows bridge messages |
Number of detected messages for Windows bridge. |
Detected soft AP messages |
Number of detected messages for soft APs. |
Detected broadcast disassoc messages |
Number of detected messages for broadcast disassociation attacks. |
Detected broadcast deauth messages |
Number of detected messages for broadcast deauthentication attacks. |
Detected AP impersonate messages |
Number of detected messages for AP impersonation attacks. |
Detected HT greenfield messages: |
Number of detected messages for HT greenfield APs. |
Detected association table overflow messages |
Number of detected messages for association/reassociation DoS attacks. |
Detected wireless bridge messages |
Number of detected messages for wireless bridge. |
Detected AP flood messages |
Number of detected messages for AP flood attacks. |
# Display attack detection information collected from sensors in the specified VSD.
<Sysname> display wips statistics virtual-security-domain 111
Information from VSD 111
Information about attack statistics:
Detected hotspot attack messages: 1
Detected unencrypted authorized AP messages: 0
Detected unencrypted trust client messages: 0
Detected honeypot AP messages: 1
Detected man in the middle messages: 1
Detected AP channel change messages: 0
Table 35 Command output
Field |
Description |
Detected hotspot attack messages |
Number of detected messages for hotspot attacks. |
Detected unencrypted authorized AP messages |
Number of detected messages for unencrypted authorized APs. |
Detected unencrypted trust client messages |
Number of detected messages for unencrypted authorized clients. |
Detected honeypot AP messages |
Number of detected messages for honeypot APs. |
Detected man in the middle messages |
Number of detected messages for MITM attacks. |
Detected AP channel change messages |
Number of detected messages for channel changes. |
Related commands
reset wips statistics
display wips virtual-security-domain countermeasure record
Use display wips virtual-security-domain countermeasure record to display information about countermeasures that WIPS has taken against rogue devices.
Syntax
display wips virtual-security-domain vsd-name countermeasure record
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Display information about countermeasures that WIPS has taken against rogue devices for the VSD office.
<Sysname> display wips virtual-security-domain office countermeasure record
Total 3 times countermeasure, current 3 countermeasure record in virtual-security-domain office
Reason: Attack; Ass - associated; Black - blacklist;
Class - classification; Manu - manual;
MAC address Type Reason Countermeasure AP Radio ID Time
1000-0000-00e3 AP Manu ap1 1 2016-05-03/09:32:01
1000-0000-00e4 AP Manu ap2 1 2016-05-03/09:32:11
2000-0000-f282 Client Black ap3 1 2016-05-03/09:31:56
Table 36 Command output
Field |
Description |
Total 3 times countermeasure, current 3 countermeasure record in virtual-security-domain office |
Number of successful countermeasures. This field can display up to 1024 countermeasure records. |
MAC Address |
MAC address of the wireless device against which WIPS has taken countermeasures. |
Type |
Type of the wireless device: AP or Client. |
Reason |
Reason why WIPS takes countermeasures against the wireless device: · Attack—WIPS takes countermeasures against the device because it is an attacker. · Ass—WIPS takes countermeasures against the device because WIPS has taken countermeasures against its associated AP. · Black—After WIPS takes countermeasures against the client, the client is added to the blacklist when it associates with an AP. · Class—WIPS takes countermeasures against the device based on its device type. · Manu—WIPS takes countermeasures against the device based on its MAC address. |
Countermeasure AP |
Name of the sensor that takes countermeasures against the wireless device. |
Radio ID |
Radio ID of the sensor that takes countermeasures against the wireless device. |
Time |
Time when the AC informs the sensor of taking countermeasures against the wireless device. |
Related commands
reset wips virtual-security-domain countermeasure record
display wips virtual-security-domain device
Use display wips virtual-security-domain device to display information about wireless devices detected in a VSD.
Syntax
display wips virtual-security-domain vsd-name device [ ap [ ad-hoc | authorized | external | misconfigured | potential-authorized | potential-external | potential-rogue | rogue ] | client [ [ dissociative-client ] | [ authorized | misassociation | unauthorized | uncategorized ] ] | mac-address mac-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
device: Displays wireless device information.
ap: Displays AP information.
ad-hoc: Displays information about APs operating in Ad hoc mode.
authorized: Displays information about authorized APs.
external: Displays information about external APs.
misconfigured: Displays information about misconfigured APs.
potential-authorized: Displays information about potential-authorized APs.
potential-external: Displays information about potential-external APs.
potential-rogue: Displays information about potential-rogue APs.
rogue: Displays information about rogue APs.
client: Displays client information.
dissociative-client: Displays unassociated client information.
authorized: Displays information about authorized clients.
misassociation: Displays information about misassociated clients.
unauthorized: Displays information about unauthorized clients.
uncategorized: Displays information about uncategorized clients.
mac-address mac-address: Displays information about a specific wireless device. The mac-address argument represents the MAC address of the wireless device and is in the H-H-H format.
verbose: Displays detailed device information.
Examples
# Display information about wireless devices detected in the VSD office.
<Sysname> display wips virtual-security-domain office device
Total 200 detected devices in virtual-security-domain office
Class: Auth - authorization; Ext - external; Mis - mistake;
Unauth - unauthorized; Uncate - uncategorized;
(A) - associate; (C) - config; (P) - potential
MAC address Type Class Duration Sensors Channel Status
1000-0000-0000 AP Ext(P) 00h 10m 46s 1 11 Active
1000-0000-0001 AP Ext(P) 00h 10m 46s 1 6 Active
1000-0000-0002 AP Ext(P) 00h 10m 46s 1 1 Active
Table 37 Command output
Field |
Description |
Type |
Wireless device type: AP, Client, or Mesh. |
Class |
Category of the wireless device. |
Duration |
Duration since the wireless device entered the current state. |
Sensors |
Number of sensors that have detected the wireless device. |
Channel |
Channel on which the wireless device was most recently detected. |
Status |
Status of the AP or client: · Active—The AP or client is active. · Inactive—The AP or client is inactive. |
# Display detailed information about wireless devices detected in the VSD a.
<Sysname> display wips virtual-security-domain a device verbose
Total 2 detected devices in virtual-security-domain a
AP: 1000-0000-0000
Mesh Neighbor: None
Classification: Mis(C)
Severity level: 0
Classify way: Auto
Status: Active
Status duration: 00h 27m 57s
Vendor: Not found
SSID: service
Radio type: 802.11g
Countermeasuring: No
Security: None
Encryption method: None
Authentication method: None
Broadcast SSID: Yes
QoS supported: No
Ad-hoc: No
Beacon interval: 100 TU
Up duration: 00h 27m 57s
Channel band-width supported: 20MHZ
Hotspot AP: No
Soft AP: No
Honeypot AP: No
Total number of reported sensors: 1
Sensor 1:
Sensor ID: 3
Sensor name: 1
Radio ID: 1
RSSI: 15
Channel: 149
First reported time: 2014-06-03/09:05:51
Last reported time: 2014-06-03/09:05:51
Total number of associated clients: 1
01: 2000-0000-0000
Client: 2000-0000-0000
Last reported associated AP: 1000-0000-0000
Classification: Uncate
Severity level: 0
Classify way: Auto
Dissociative status: No
Status: Active
Status duration: 00h 00m 02s
Vendor: Not found
Radio type: 802.11a
40mhz intolerance: No
Countermeasuring: No
Man in the middle: No
Total number of reported sensors: 1
Sensor 1:
Sensor ID: 2
Sensor name: 1
Radio ID: 1
RSSI: 50
Channel: 149
First reported time: 2014-06-03/14:52:56
Last reported time: 2014-06-03/14:52:56
Reported associated AP: 1000-0000-0000
Table 38 Command output
Field |
Description |
AP |
MAC address of the AP. |
Mesh Neighbor |
MAC address of the mesh AP's neighbor. |
Client |
MAC address of the client. |
Last reported associated AP |
MAC address of the associated AP that the client most recently reports. |
Classification |
Category of the AP or client: · AP category options include the following: ? ad_hoc ? authorized ? rogue ? misconfigured ? external ? potential-authorized ? potential-rogue ? potential-external ? uncategorized · Client category options include the following: ? authorized ? unauthorized ? misassociated ? uncategorized |
Severity level |
Severity level of the device. |
Classify way |
AP or client classification method: · Manual—Manual classification. · Invalid OUI—Added to the invalid OUI list. · Block List—Added to the prohibited device list. · Associated—APs that are connected to the AC. · Trust List—Added to the permitted device list. · User Define—User-defined classification. · Auto—Automatic classification. |
Dissociative status |
Whether the client is an unassociated client. |
Status |
Status of the AP or client: · Active—The AP or client is active. · Inactive—The AP or client is inactive. |
Status duration |
Duration since the wireless device entered the current state. |
Vendor |
OUI of the device. This field displays the device OUI if the OUI matches an imported OUI. This field displays Not found if no OUI is configured for the device or the OUI does not match any imported OUIs. |
SSID |
SSID of the wireless service provided by the AP. |
Radio Type |
Radio mode of the wireless device. |
40mhz intolerance |
Whether the client supports 40 MHz bandwidth mode. |
Countermeasuring |
Whether WIPS is taking countermeasures against the wireless device: · No · Yes |
Man in the middle |
Whether an MITM attack is detected. |
Security |
Security method. Options include the following: · None · WEP · WPA · WPA2 |
Encryption method |
Data encryption method. Options include the following: · TKIP · CCMP · WEP · None |
Authentication method |
Authentication method. Options include the following: · None · PSK · 802.1X · Others—Authentication methods except for PSK authentication and 802.1X authentication. |
Broadcast SSID |
Whether the AP broadcasts the SSID. This field displays nothing if the AP does not broadcast the SSID. |
QoS supported |
Whether the wireless device supports QoS. |
Ad-hoc |
Whether the wireless device is in Ad hoc mode. |
Beacon interval |
Beacon interval in TU. One TU is equal to 1024 milliseconds. |
Channel band-width supported |
Supported channel bandwidth mode: · 20/40/80MHZ · 20/40MHZ · 20MHZ |
Hotspot AP |
Whether the AP is a hotspot attack AP. |
Soft AP |
Whether the AP is a soft AP. |
Honeypot AP |
Whether the AP is a honeypot AP. |
Sensor n |
Sensor that detected the wireless device. n represents the ID assigned by the system. |
Channel |
Channel on which the sensor most recently detected the wireless device. |
First reported time |
Time when the sensor first detected the wireless device. |
Last reported time |
Time when the sensor most recently detected the wireless device. |
n: H-H-H |
MAC address of the client associated with the AP. n represents the number assigned by the system. |
Reported associated AP |
MAC address of the associated AP that the sensor reports. |
Related commands
reset wips virtual-security-domain device
display wlan nat-detect
Use display wlan nat-detect to display information about clients with NAT configured.
Syntax
display wlan nat-detect [ mac-address mac-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all detected NAT-configured clients.
Examples
# Display information about all detected NAT-configured clients.
<Sysname> display wlan nat-detect
Total 1 detected clients with NAT configured
MAC address Last report First report Duration
0a98-2044-0000 2015-08-24/11:05:23 2015-08-24/10:05:23 01h 15m 00s
Table 39 Command output
Field |
Description |
Total number detected clients with NAT configured |
Number of detected NAT-configured clients. |
MAC address |
MAC address of the detected client. |
Last report |
Time when the client was most recently detected. |
First report |
Time when the client was detected for the first time. |
Duration |
Duration since the client is configured with NAT. |
Related commands
reset wlan nat-detect
flood association-request
Use flood association-request to configure association request flood attack detection.
Use undo flood association-request to restore the default.
Syntax
flood association-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood association-request
Default
Association request flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for association request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an association request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an association request flood attack within the quiet time.
threshold threshold-value: Specifies the number of association request frames that triggers an association request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable association request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood association-request interval 100 threshold 100 quiet 360
flood authentication
Use flood authentication to configure authentication request flood attack detection.
Use undo flood authentication to restore the default.
Syntax
flood authentication [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood authentication
Default
Authentication request flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for authentication request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an authentication request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an authentication request flood attack within the quiet time.
threshold threshold-value: Specifies the number of authentication request frames that triggers an authentication request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable authentication request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood authentication interval 100 threshold 100 quiet 360
flood beacon
Use flood beacon to configure beacon flood attack detection.
Use undo flood beacon to restore the default.
Syntax
flood beacon [ interval interval-value | quiet quiet-value | threshold threshold-value] *
undo flood beacon
Default
Beacon flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for beacon frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a beacon flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a beacon flood attack within the quiet time.
threshold threshold-value: Specifies the number of beacon frames that triggers a beacon flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable beacon flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood beacon interval 100 threshold 100 quiet 360
flood block-ack
Use flood block-ack to configure Block Ack flood attack detection.
Use undo flood block-ack to restore the default.
Syntax
flood block-ack [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood block-ack
Default
Block Ack flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for Block Ack frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a Block Ack flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a Block Ack flood attack within the quiet time.
threshold threshold-value: Specifies the number of Block Ack frames that triggers a Block Ack flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable Block Ack flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood block-ack interval 100 threshold 100 quiet 360
flood cts
Use flood cts to configure CTS flood attack detection.
Use undo flood cts to restore the default.
Syntax
flood cts [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood cts
Default
CTS flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for CTS frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a CTS flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a CTS flood attack within the quiet time.
threshold threshold-value: Specifies the number of CTS frames that triggers a CTS flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable CTS flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood cts interval 100 threshold 100 quiet 360
flood deauthentication
Use flood deauthentication to configure deauthentication flood attack detection.
Use undo flood deauthentication to restore the default.
Syntax
flood deauthentication [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood deauthentication
Default
Deauthentication flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for deauthentication frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a deauthentication flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a deauthentication flood attack within the quiet time.
threshold threshold-value: Specifies the number of deauthentication frames that triggers a deauthentication flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable deauthentication flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood deauthentication interval 100 threshold 100 quiet 360
flood disassociation
Use flood disassociation to configure disassociation flood attack detection.
Use undo flood disassociation to restore the default.
Syntax
flood disassociation [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood disassociation
Default
Disassociation flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for disassociation frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a disassociation flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a disassociation flood attack within the quiet time.
threshold threshold-value: Specifies the number of disassociation frames that triggers a disassociation flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable disassociation flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood disassociation interval 100 threshold 100 quiet 360
flood eap-failure
Use flood eap-failure to configure EAP-failure flood attack detection.
Use undo flood eap-failure to restore the default.
Syntax
flood eap-failure [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood eap-failure
Default
EAP-failure flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for EAP-failure frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAP-failure flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAP-failure flood attack within the quiet time.
threshold threshold-value: Specifies the number of EAP-failure frames that triggers an EAP-failure flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable EAP-failure flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood eap-failure interval 100 threshold 100 quiet 360
flood eapol-logoff
Use flood eapol-logoff to configure EAPOL-logoff flood attack detection.
Use undo flood eapol-logoff to restore the default.
Syntax
flood eapol-logoff [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood eapol-logoff
Default
EAPOL-logoff flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for EAPOL-logoff frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAPOL-logoff flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAPOL-logoff flood attack within the quiet time.
threshold threshold-value: Specifies the number of EAPOL-logoff frames that triggers an EAPOL-logoff flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable EAPOL-logoff flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood eapol-logoff interval 100 threshold 100 quiet 360
flood eapol-start
Use flood eapol-start to configure EAPOL-start flood attack detection.
Use undo flood eapol-start to restore the default.
Syntax
flood eapol-start [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood eapol-start
Default
EAPOL-start flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for EAPOL-start frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAPOL-start flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAPOL-start flood attack within the quiet time.
threshold threshold-value: Specifies the number of EAPOL-start frames that triggers an EAPOL-start flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable EAPOL-start flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood eapol-start interval 100 threshold 100 quiet 360
flood eap-success
Use flood eap-success to configure EAP-success flood attack detection.
Use undo flood eap-success to restore the default.
Syntax
flood eap-success [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood eap-success
Default
EAP-success flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for EAP-success frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAP-success flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAP-success flood attack within the quiet time.
threshold threshold-value: Specifies the number of EAP-success frames that triggers an EAP-success flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable EAP-success flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood eap-success interval 100 threshold 100 quiet 360
flood null-data
Use flood null-data to configure null data flood attack detection.
Use undo flood null-data to restore the default.
Syntax
flood null-data [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood null-data
Default
Null data flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for null data frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a null data flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a null data flood attack within the quiet time.
threshold threshold-value: Specifies the number of null data frames that triggers a null data flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable null data flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood null-data interval 100 threshold 100 quiet 360
flood probe-request
Use flood probe-request to configure probe request flood attack detection.
Use undo flood probe-request to restore the default.
Syntax
flood probe-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood probe-request
Default
Probe request flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for probe request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a probe request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a probe request flood attack within the quiet time.
threshold threshold-value: Specifies the number of probe request frames that triggers a probe request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable probe request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood probe-request interval 100 threshold 100 quiet 360
flood reassociation-request
Use flood reassociation-request to configure reassociation request flood attack detection.
Use undo flood reassociation-request to restore the default.
Syntax
flood reassociation-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood reassociation-request
Default
Reassociation request flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for reassociation request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a reassociation request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a reassociation request flood attack within the quiet time.
threshold threshold-value: Specifies the number of reassociation request frames that triggers a reassociation request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable reassociation request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood reassociation-request interval 100 threshold 100 quiet 360
flood rts
Use flood rts to configure RTS flood attack detection.
Use undo flood rts to restore the default.
Syntax
flood rts [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood rts
Default
RTS flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for RTS frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an RTS flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an RTS flood attack within the quiet time.
threshold threshold-value: Specifies the number of RTS frames that triggers an RTS flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable RTS flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood rts interval 100 threshold 100 quiet 360
frame-type
Use frame-type to configure a subsignature to match the frame type of a frame.
Use undo frame-type to restore the default.
Syntax
frame-type { control | data | management [ frame-subtype { association-request | association-response | authentication | beacon | deauthentication | disassociation | probe-request } ] }
undo frame-type
Default
No subsignature is configured to match the frame type of a frame.
Views
Signature view
Predefined user roles
network-admin
Parameters
control: Matches control frames.
data: Matches data frames.
management: Matches management frames.
frame-subtype: Specifies a frame subtype.
association-request: Matches association request frames.
association-response: Matches association response frames.
authentication: Matches authentication frames.
beacon: Matches beacon frames.
deauthentication: Matches deauthentication frames.
disassociation: Matches disassociation frames.
probe-request: Matches probe request frames.
Examples
# Configure a subsignature to match data frames for signature 1.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[wips-sig-rule-1] frame-type data
honeypot-ap
Use honeypot-ap to configure honeypot AP detection.
Use undo honeypot-ap to disable honeypot AP detection.
Syntax
honeypot-ap [ similarity similarity-value | quiet quiet-value ] *
undo honeypot-ap
Default
Honeypot AP detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
similarity similarity-value: Specifies the similarity threshold that triggers a honeypot AP alarm, in the range of 70 to 100 in percentage. The default value is 80%. An AP is determined as a honeypot AP if the similarity between the SSID of the AP and the SSID of a legitimate AP reaches the threshold.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a honeypot AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a honeypot AP within the quiet time.
Examples
# Enable honeypot AP detection, and set the similarity threshold and quiet time to 90% and 10 seconds, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] honeypot-ap similarity 90 quiet 10
hotspot-attack
Use hotspot-attack to configure hotspot attack detection.
Use undo hotspot-attack to disable hotspot attack detection.
Syntax
hotspot-attack [ quiet quiet-value ]
undo hotspot-attack
Default
Hotspot attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a hotspot attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a hotspot attack within the quiet time.
Examples
# Enable hotspot attack detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] hotspot-attack quiet 100
ht-40mhz-intolerance
Use ht-40mhz-intolerance to configure detection on clients with the 40 MHz bandwidth mode disabled.
Use undo ht-40mhz-intolerance to disable detection on clients with the 40 MHz bandwidth mode disabled.
Syntax
ht-40mhz-intolerance [ quiet quiet-value ]
undo ht-40mhz-intolerance
Default
Detection on clients with the 40 MHz bandwidth mode disabled is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a client with the 40 MHz bandwidth mode disabled. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a client with the 40 MHz bandwidth mode disabled within the quiet time.
Examples
# Enable detection on clients with the 40 MHz bandwidth mode disabled and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ht-40mhz-intolerance quiet 100
ht-greenfield
Use ht-greenfield to configure HT-greenfield AP detection.
Use undo ht-greenfield to disable HT-greenfield AP detection.
Syntax
ht-greenfield [ quiet quiet-value ]
undo ht-greenfield
Default
HT-greenfield AP detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an HT-greenfield AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an HT-greenfield AP within the quiet time.
Examples
# Enable HT-greenfield AP detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ht-greenfield quiet 100
ignorelist
Use ignorelist to add a MAC address to the alarm-ignored device list.
Use undo ignorelist to remove a specific or all MAC addresses from the alarm-ignored device list.
Syntax
ignorelist mac-address mac-address
undo ignorelist mac-address { mac-address | all }
Default
No MAC address is added to the alarm-ignored device list.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in the H-H-H format.
all: Specifies all MAC addresses in the alarm-ignored device list.
Usage guidelines
For wireless devices in the alarm-ignored device list, WIPS only monitors them but does not generate any alarms.
Examples
# Add the MAC address 2a11-1fa1-1311 to the alarm-ignored device list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ignorelist mac-address 2a11-1fa1-1311
import hotspot
Use import hotspot to import hotspots from a configuration file.
Use undo import hotspot to remove the configuration.
Syntax
import hotspot file-name
undo import hotspot
Default
No hotspot is imported.
Views
WIPS view
Predefined user roles
network-admin
Parameters
file-name: Specifies a configuration file by its name, a case-insensitive string of 1 to 255 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).
Usage guidelines
You can import hotspots from only one configuration file.
Examples
# Import hotspots from the configuration file hotspot_cfg.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] import hotspot hotspot_cfg
import oui
Use import oui to import OUIs from a configuration file.
Use undo import oui to cancel the configuration.
Syntax
import oui file-name
undo import oui
Default
No OUI is imported.
Views
WIPS view
Predefined user roles
network-admin
Parameters
oui: Specifies a configuration file by its name, a case-insensitive string of 1 to 255 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).
Usage guidelines
You can download the configuration file from the IEEE website.
You can import OUIs from only one configuration file.
Examples
# Import OUIs from the configuration file oui_import_cfg.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] import oui oui_import_cfg
Related commands
invalid-oui-classify illegal
invalid-oui-classify illegal
Use invalid-oui-classify illegal to configure WIPS to classify devices with invalid OUIs as rogue devices.
Use undo invalid-oui-classify to restore the default.
Syntax
invalid-oui-classify illegal
undo invalid-oui-classify
Default
WIPS does not classify devices with invalid OUIs as rogue devices.
Views
Classification policy view
Predefined user roles
network-admin
Examples
# Configure WIPS to classify devices with invalid OUIs as rogue devices.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] invalid-oui-classify illegal
Related commands
import oui
mac-address
Use mac-address to configure a subsignature to match the MAC address of a frame.
Use undo mac-address to restore the default.
Syntax
mac-address { bssid | destination | source } mac-address
undo mac-address
Default
No subsignature is configured to match the MAC address of a frame.
Views
Signature view
Predefined user roles
network-admin
Parameters
bssid: Matches the specified BSSID.
destination: Matches the specified destination MAC address.
source: Matches the specified source MAC address.
mac-address: Specifies a MAC address in the H-H-H format.
Examples
# Configure a subsignature to match frames with the source MAC address 000f-e201-0101 for signature 1.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[Sysname-wips-sig-rule-1] mac-address source 000f-e201-0101
malformed duplicated-ie
Use malformed duplicated-ie to enable WIPS to detect malformed packets with duplicated IE.
Use undo malformed duplicated-ie to restore the default.
Syntax
malformed duplicated-ie [ quiet quiet-value ]
undo malformed duplicated-ie
Default
WIPS does not detect malformed packets with duplicated IE.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a duplicated IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a duplicated IE within the quiet time.
Usage guidelines
This function is applicable to all management frames. WIPS considers a packet malformed if the packet has an duplicate IE. This detection is not applicable to vendor-defined IEs.
Examples
# Enable WIPS to detect malformed packets with duplicated IE and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed duplicated-ie quiet 360
malformed fata-jack
Use malformed fata-jack to enable WIPS to detect FATA-Jack malformed packets.
Use undo malformed fata-jack to restore the default.
Syntax
malformed fata-jack [ quiet quiet-value ]
undo malformed fata-jack
Default
WIPS does not detect FATA-Jack malformed packets.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a FATA-Jack malformed packet. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a FATA-Jack malformed packet within the quiet time.
Usage guidelines
This function is applicable to authentication frames. WIPS considers an authentication frame malformed if the value of the authentication algorithm number is 2.
Examples
# Enable WIPS to detect FATA-Jack malformed packets and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed fata-jack quiet 360
malformed illegal-ibss-ess
Use malformed illegal-ibss-ess to enable WIPS to detect malformed packets with abnormal IBSS and ESS setting.
Use undo malformed illegal-ibss-ess to restore the default.
Syntax
malformed illegal-ibss-ess [ quiet quiet-value ]
undo malformed illegal-ibss-ess
Default
WIPS does not detect malformed packets with abnormal IBSS and ESS setting.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an abnormal IBSS and ESS setting. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an abnormal IBSS and ESS setting within the quiet time.
Usage guidelines
This function is applicable to beacon frames and probe response frames. WIPS considers a frame malformed if both IBSS and ESS are set to 1 in the frame.
Examples
# Enable WIPS to detect malformed packets with abnormal IBSS and ESS setting and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed illegal-ibss-ess quiet 360
malformed invalid-address-combination
Use malformed invalid-address-combination to enable WIPS to detect malformed packets with invalid source address.
Use undo malformed invalid-address-combination to restore the default.
Syntax
malformed invalid-address-combination [ quiet quiet-value ]
undo malformed invalid-address-combination
Default
WIPS does not detect malformed packets with invalid source address.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid source address. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid source address within the quiet time.
Usage guidelines
This function is applicable to all management frames. WIPS considers a frame malformed in the following situations:
· The TO DS of the frame is 1, indicating that the frame is sent to the AP by a client.
· The source MAC address of the frame is a multicast or broadcast address.
Examples
# Enable WIPS to detect malformed packets with invalid source address and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-address-combination quiet 360
malformed invalid-assoc-req
Use malformed invalid-assoc-req to enable WIPS to detect malformed association request frames.
Use undo malformed invalid-assoc-req to restore the default.
Syntax
malformed invalid-assoc-req [ quiet quiet-value ]
undo malformed invalid-assoc-req
Default
WIPS does not detect malformed association request frames.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed association request frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed association request frame within the quiet time.
Usage guidelines
This function is applicable to association request frames. WIPS considers a frame malformed if the SSID length in the frame is 0.
Examples
# Enable WIPS to detect malformed association request frames and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-assoc-req quiet 360
malformed invalid-auth
Use malformed invalid-auth to enable WIPS to detect malformed authentication request frames.
Use undo malformed invalid-auth to restore the default.
Syntax
malformed invalid-auth [ quiet quiet-value ]
undo malformed invalid-auth
Default
WIPS does not detect malformed authentication request frames.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed authentication request frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed authentication request frame within the quiet time.
Usage guidelines
This function is applicable to authentication request frames. WIPS considers a frame malformed in the following situations:
· The authentication algorithm number does not conform to the 802.11 protocol and is larger than 3.
· The authentication transaction sequence number, indicating the authentication process between the client and the AP, is 1 and the status code is not 0.
· The authentication transaction sequence number is larger than 4.
Examples
# Enable WIPS to detect malformed authentication request frames and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-auth quiet 360
malformed invalid-deauth-code
Use malformed invalid-deauth-code to enable WIPS to detect malformed packets with invalid deauthentication code.
Use undo malformed invalid-deauth-code to restore the default.
Syntax
malformed invalid-deauth-code [ quiet quiet-value ]
undo malformed invalid-deauth-code
Default
WIPS does not detect malformed packets with invalid deauthentication code.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid deauthentication code. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid deauthentication code within the quiet time.
Usage guidelines
This function is applicable to deauthentication frames. WIPS considers a frame malformed if the reason code in the frame is 0 or in the range of 67 to 65535.
Examples
# Enable WIPS to detect malformed packets with invalid deauthentication code and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-deauth-code quiet 360
malformed invalid-disassoc-code
Use malformed invalid-disassoc-code to enable WIPS to detect malformed packets with invalid disassociation code.
Use undo malformed invalid-disassoc-code to restore the default.
Syntax
malformed invalid-disassoc-code [ quiet quiet-value ]
undo malformed invalid-disassoc-code
Default
WIPS does not detect malformed packets with invalid disassociation code.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid disassociation code. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid disassociation code within the quiet time.
Usage guidelines
This function is applicable to disassociation frames. WIPS considers a frame malformed if the reason code in the frame is 0 or in the range of 67 to 65535.
Examples
# Enable WIPS to detect malformed packets with invalid disassociation code and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-disassoc-code quiet 360
malformed invalid-ht-ie
Use malformed invalid-ht-ie to enable WIPS to detect malformed packets with malformed HT IE.
Use undo malformed invalid-ht-ie to restore the default.
Syntax
malformed invalid-ht-ie [ quiet quiet-value ]
undo malformed invalid-ht-ie
Default
WIPS does not detect malformed packets with malformed HT IE.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed HT IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed HT IE within the quiet time.
Usage guidelines
This function is applicable to beacon, probe response, association response, and reassociation response frames. WIPS considers a frame malformed in the following situations:
· The SM power save value of the HT capabilities IE is 2.
· The secondary channel offset value of the HT operation IE is 2.
Examples
# Enable WIPS to detect malformed packets with malformed HT IE and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-ht-ie quiet 360
malformed invalid-ie-length
Use malformed invalid-ie-length to enable WIPS to detect malformed packets with invalid IE length.
Use undo malformed invalid-ie-length to restore the default.
Syntax
malformed invalid-ie-length [ quiet quiet-value ]
undo malformed invalid-ie-length
Default
WIPS does not detect malformed packets with invalid IE length.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid IE length. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid IE length within the quiet time.
Usage guidelines
This function is applicable to all management frames. WIPS considers a frame malformed if the length of an IE in the frame does not conform to the 802.11 protocol.
Examples
# Enable WIPS to detect malformed packets with invalid IE length and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-ie-length quiet 360
malformed invalid-pkt-length
Use malformed invalid-pkt-length to enable WIPS to detect malformed packets with invalid packet length.
Use undo malformed invalid-pkt-length to restore the default.
Syntax
malformed invalid-pkt-length [ quiet quiet-value ]
undo malformed invalid-pkt-length
Default
WIPS does not detect malformed packets with invalid packet length.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid packet length. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid packet length within the quiet time.
Usage guidelines
This function is applicable to all management frames. WIPS considers a frame malformed if the remaining length of the IE is not zero after the packet payload is resolved.
Examples
# Enable WIPS to detect malformed packets with invalid packet length and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-pkt-length quiet 360
malformed large-duration
Use malformed large-duration to enable WIPS to detect malformed packets with oversized duration.
Use undo malformed large-duration to restore the default.
Syntax
malformed large-duration [ quiet quiet-value | threshold value ]
undo malformed large-duration
Default
WIPS does not detect malformed packets with oversized duration.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized duration. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized duration within the quiet time.
threshold value: Specifies the duration size that triggers WIPS to determine an oversized duration and trigger an alarm. The value range for the value argument is 1 to 32767 and the default value is 5000.
Usage guidelines
This function is applicable to unicast management frames, unicast data frames, RTS, CTS, and ACK frames. WIPS considers a frame malformed if the duration value in the frame is larger than the specified threshold.
Examples
# Enable WIPS to detect malformed packets with oversized duration and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed large-duration quiet 360
malformed null-probe-resp
Use malformed null-probe-resp to enable WIPS to detect malformed probe response frames.
Use undo malformed null-probe-resp to restore the default.
Syntax
malformed null-probe-resp [ quiet quiet-value ]
undo malformed null-probe-resp
Default
WIPS does not detect malformed probe response frames.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed probe response frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed probe response frame within the quiet time.
Usage guidelines
This function is applicable to probe response frames. WIPS considers a frame malformed if the frame is not a mesh frame and its SSID length is 0, the packet is determined as a malformed packet.
Examples
# Enable WIPS to detect malformed probe response frames and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed null-probe-resp quiet 360
malformed overflow-eapol-key
Use malformed overflow-eapol-key to enable WIPS to detect malformed packets with oversized EAPOL key.
Use undo malformed overflow-eapol-key to restore the default.
Syntax
malformed overflow-eapol-key [ quiet quiet-value ]
undo malformed overflow-eapol-key
Default
WIPS does not detect malformed packets with oversized EAPOL key.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized EAPOL key. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized EAPOL key within the quiet time.
Usage guidelines
This function is applicable to EAPOL-Key frames. WIPS considers a frame malformed if the TO DS is 1 and the key length is larger than 0 in the frame. A malicious EAPOL-Key frame might result in DOS attacks.
Examples
# Enable WIPS to detect malformed packets with oversized EAPOL key and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed overflow-eapol-key quiet 360
malformed overflow-ssid
Use malformed overflow-ssid to enable WIPS to detect malformed packets with oversized SSID.
Use undo malformed overflow-ssid to restore the default.
Syntax
malformed overflow-ssid [ quiet quiet-value ]
undo malformed overflow-ssid
Default
WIPS does not detect malformed packets with oversized SSID.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized SSID. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized SSID within the quiet time.
Usage guidelines
This function is applicable to beacon, probe request, probe response, and association request frames. WIPS considers a frame malformed if the SSID length in the frame is larger than 32, which does not conform to the 802.11 protocol.
Examples
# Enable WIPS to detect malformed packets with oversized SSID and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed overflow-ssid quiet 360
malformed redundant-ie
Use malformed redundant-ie to enable WIPS to detect malformed packets with redundant IE.
Use undo malformed redundant-ie to restore the default.
Syntax
malformed redundant-ie [ quiet quiet-value ]
undo malformed redundant-ie
Default
WIPS does not detect malformed packets with redundant IE.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a redundant IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a redundant IE within the quiet time.
Usage guidelines
This function is applicable to all management frames. WIPS considers a frame malformed if an IE in the frame is neither a necessary IE to the frame nor a reserved IE.
Examples
# Enable WIPS to detect malformed packets with redundant IE and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed redundant-ie quiet 360
man-in-the-middle
Use man-in-the-middle to configure man-in-the-middle (MITM) attack detection.
Use undo man-in-the-middle to disable MITM attack detection.
Syntax
man-in-the-middle [ quiet quiet-value ]
undo man-in-the-middle
Default
MITM attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an MITM attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an MITM attack within the quiet time.
Usage guidelines
Enable honeypot AP detection before you enable MITM attack detection.
Examples
# Enable MITM attack detection.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] honeypot-ap
[Sysname-wips-dtc-home] man-in-the-middle
manual-classify mac-address
Use manual-classify mac-address to specify a category for an AP.
Use undo manual-classify mac-address to restore the default.
Syntax
manual-classify mac-address mac-address { authorized-ap | external-ap | misconfigured-ap | rogue-ap }
undo manual-classify mac-address { mac-address | all }
Default
No category is specified for an AP.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
mac-address: Specifies an AP by its MAC address, in the H-H-H format.
authorized-ap: Specifies the AP as an authorized AP.
external-ap: Specifies the AP as an external AP.
misconfigured-ap: Specifies the AP as a misconfigured AP.
rogue-ap: Specifies the AP as a rogue AP.
all: Specifies all APs.
Examples
# Specify the AP whose MAC address is 000f-00e2-0001 as an authorized AP.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] manual-classify mac-address 000f-00e2-0001 authorized-ap
omerta
Use omerta to configure Omerta attack detection.
Use undo omerta to disable Omerta attack detection.
Syntax
omerta [ quiet quiet-value ]
undo omerta
Default
Omerta attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an Omerta attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an Omerta attack within the quiet time.
Examples
# Enable Omerta attack detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] omerta quiet 100
oui
Use oui to configure an AP classification rule to match the OUI information of APs.
Use undo oui to restore the default.
Syntax
oui oui-info
undo oui
Default
An AP classification rule does not match the OUI information of APs.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
oui-info: Specifies the OUI information in the XXXXXX format, a case-insensitive hexadecimal string.
Examples
# Configure AP classification rule 1 to match APs with the OUI 000fe4.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] oui 000fe4
pattern
Use pattern to configure a subsignature to match the specified bits of a frame.
Use undo pattern to restore the default.
Syntax
pattern pattern-number offset offset-value mask mask value1 [ to value2 ] [ from-payload ]
undo pattern { pattern-number | all }
Default
No subsignature is configured to match the specified bits of a frame.
Views
Signature view
Predefined user roles
network-admin
Parameters
pattern-number: Specifies a subsignature that matches the specified bits of a frame by its number in the range of 0 to 65535.
offset offset-value: Specifies the offset from the specified bit to the reference bit. The value range for the offset-value argument is 0 to 2346 bits. The reference bit can be the first bit of the frame head (default) or the frame payload.
mask mask: Specifies a two-byte mask that is used for the AND operation with the specified bits. The mask is in hexadecimal format and the value range for the mask is 0 to ffff.
value1 [ to value2 ]: Specifies a value range for the specified bits. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 65535 for both the value1 and value2 arguments, and value2 cannot be smaller than value1.
from-payload: Specifies the first bit of the frame payload as the reference bit. If you do not specify this keyword, the first bit of the frame head is the reference bit.
Examples
# Configure a subsignature to match the second and third bits from the frame head of a frame. If the values of the second and third bytes of a frame are within the range of 0x0015 to 0x0020, the frame matches the subsignature.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[Sysname-wips-sig-rule-1] pattern 1 offset 8 mask ffff 15 to 20
permit-channel
Use permit-channel to add one or multiple channels to the permitted channel list.
Use undo permit-channel to remove the specified or all channels from the permitted channel list.
Syntax
permit-channel channel-id-list
undo permit-channel { channel-id-list | all }
Default
No channel is added to the permitted channel list.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
channel-id-list: Specifies a space-separated list of up to 10 permitted channel items. Each item specifies a channel number or a range of channel numbers in the form of value1 to value2. The value range for channel numbers is 1 to 224. The value for the value2 argument must be equal to or greater than the value for the value1 argument.
all: Specifies all permitted channels.
Usage guidelines
To prevent WIPS from taking all channels as prohibited channels, use this command to configure a permitted channel list before you configure prohibited channel detection.
Examples
# Add channel 1 to the permitted channel list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] permit-channel 1
Related commands
prohibited-channel
power-save
Use power-save to configure power saving attack detection.
Use undo power-save to disable power saving attack detection.
Syntax
power-save [ interval interval-value | minoffpacket packet-value | onoffpercent percent-value | quiet quiet-value ] *
undo power-save
Default
Power saving attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for power save frames. The value range for the interval-value argument is 1 to 3600 seconds, and the default value is 10 seconds.
minoffpacket packet-value: Specifies the threshold for the number of power save off frames that triggers power save attack analysis. If the number of off frames from a client reaches the threshold, WIPS analyzes the power save frames to determine whether a power save attack occurs. The value range for the argument is 10 to 150, and the default is 50.
onoffpercent percent-value: Specifies the threshold for the ratio between the power save on frames and off frames from a client. WIPS triggers an alarm for a power save attack when the threshold is reached. The value range for this argument is 0 to 100, and the default is 80.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a power saving attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a power saving attack within the quiet time.
Examples
# Enable power saving attack detection, and set the interval-value, packet-value, percent-value, and quiet-value arguments to 20, 20, 90, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] power-save interval 20 minoffpacket 20 onoffpercent 90 quiet 100
prohibited-channel
Use prohibited-channel to configure prohibited channel detection.
Use undo prohibited-channel to disable prohibited channel detection.
Syntax
prohibited-channel [ quiet quiet-value ]
undo prohibited-channel
Default
Prohibited channel detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a prohibited channel. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a prohibited channel within the quiet time.
Usage guidelines
To prevent WIPS from taking all channels as prohibited channels, use the permit-channel command to configure a permitted channel list before you configure prohibited channel detection.
Examples
# Enable prohibited channel detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] prohibited-channel quiet 100
Related commands
permit-channel
report-interval
Use report-interval to set the interval at which APs report information about detected devices.
Use undo report-interval to restore the default.
Syntax
report-interval interval
undo report-interval
Default
APs report information about detected devices every 30000 milliseconds.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval at which APs report information about detected devices, in the range of 1000 to 300000 milliseconds.
Examples
# Set the interval at which APs report information about detected devices to 10000 milliseconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] report-interval 10000
reset wips statistics
Use reset wips statistics to clear information collected from all sensors.
Syntax
reset wips statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear information collected from all sensors.
<Sysname> reset wips statistics
Related commands
display wips statistics receive
reset wips virtual-security-domain
Use reset wips virtual-security-domain to clear the learned AP or client entries in a VSD.
Syntax
reset wips virtual-security-domain vsd-name device { ap { all | mac-address mac-address } | client { all | mac-address mac-address } | all }
Views
User view
Predefined user roles
network-admin
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
device: Clears device entries.
ap: Clears AP entries.
all: Clears entries for all APs.
mac-address mac-address: Clears the entries for an AP. The mac-address argument represents the MAC address of the AP.
client: Clears client entries.
all: Clears entries for all clients.
mac-address mac-address: Clears the entries for a client. The mac-address argument represents the MAC address of the client
all: Clears entries for all APs and clients.
Examples
# Clear the learned AP and client entries in the VSD aaa.
<Sysname> reset wips virtual-security-domain aaa device all
Related commands
display wips virtual-security-domain device
reset wips virtual-security-domain countermeasure record
Use reset wips virtual-security-domain countermeasure record to clear information about countermeasures that WIPS has taken against rogue devices.
Syntax
reset wips virtual-security-domain vsd-name countermeasure record
Views
User view
Predefined user roles
network-admin
Parameters
vsd-name: Specify a VSD by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Clear information about countermeasures that WIPS has taken against rogue devices for the VSD aaa.
<Sysname> reset wips virtual-security-domain aaa countermeasure record
Related commands
display wips virtual-security-domain countermeasure record
reset wlan nat-detect
Use reset wlan nat-detect to clear information about clients with NAT configured.
Syntax
reset wlan nat-detect
Views
User view
Predefined user roles
network-admin
network-operator
Examples
# Clear information about clients with NAT configured.
<Sysname> reset wlan nat-detect
Related commands
display wlan nat-detect
rssi
Use rssi to configure an AP classification rule to match the RSSI of APs.
Use undo rssi to restore the default.
Syntax
rssi value1 [ to value2 ]
undo rssi
Default
An AP classification rule does not match the RSSI of APs.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
value1 [ to value2 ]: Specifies a value range for the RSSI of APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 100 for both the value1 and value2 arguments, and value2 cannot be smaller than value1.
Examples
# Configure AP classification rule 1 to match APs with an RSSI of 20 to 40.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] rssi 20 to 40
rssi-change-threshold
Use rssi-change-threshold to set the RSSI difference threshold for wireless device detection.
Use undo rssi-change-threshold to restore the default.
Syntax
rssi-change-threshold threshold-value
undo rssi-change-threshold
Default
The RSSI difference threshold is 20.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies the RSSI difference threshold for wireless device detection, in the range of 1 to 100.
Examples
# Set the RSSI difference threshold to 80 for wireless device detection.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] rssi-change-threshold 80
rssi-threshold
Use rssi-threshold to set the RSSI threshold for client or AP detection.
Use undo rssi-threshold to restore the default.
Syntax
rssi-threshold { ap ap-rssi-value | client client-rssi-value }
undo rssi-threshold { ap | client }
Default
The RSSI thresholds for client and AP detection are not set.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
ap ap-rssi-value: Specifies the RSSI threshold for AP detection, in the range of 1 to 100.
client client-rssi-value: Specifies the RSSI threshold for client detection, in the range of 1 to 100.
Examples
# Configure WIPS to ignore APs with an RSSI lower than 80.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] rssi-threshold ap 80
security
Use security to configure an AP classification rule to match the security mode used by APs.
Use undo security to restore the default.
Syntax
security { equal | include } { clear | wep | wpa | wpa2 }
undo security
Default
No AP classification rule is configured to match the security mode used by APs.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
equal: Matches security modes equal to the specified security mode.
include: Matches security modes that include the specified security mode.
clear: Specifies the clear security mode.
wep: Specifies the WEP security mode.
wpa: Specifies the WPA security mode.
wpa2: Specifies the WPA2 security mode.
Examples
# Configure AP classification rule 1 to match APs that use the WEP security mode.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] security equal wep
select sensor all
Use select sensor all to enable all sensors that detect an attacker to take countermeasures against the attacker.
Use undo select sensor all to remove the configuration.
Syntax
select sensor all
undo select sensor all
Default
Only the sensor that most recently detects the attacker takes countermeasures against the attacker.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable all sensors that detect an attacker to take countermeasures against the attacker.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-ctm-home] select sensor all
seq-number
Use seq-number to configure a subsignature to match the sequence number of a frame.
Use undo seq-number to restore the default.
Syntax
seq-number seq-value1 [ to seq-value2 ]
undo seq-number
Default
No subsignature is configured to match the sequence number of a frame.
Views
Signature view
Predefined user roles
network-admin
Parameters
seq-value1 [ to seq-value2 ]: Specifies a value range for the sequence number of a frame. The seq-value1 and seq-value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 4095 for both the seq-value1 and seq-value2 arguments, and seq-value2 cannot be smaller than seq-value1.
Examples
# Configure a subsignature to match frames with the sequence number 100.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[wips-sig-rule-1] seq-number 100
signature policy
Use signature policy to create a signature policy and enter its view. If the specified signature policy already exists, this command enters signature policy view.
Use undo signature policy to remove a signature policy.
Syntax
signature policy policy-name
undo signature policy policy-name
Default
No signature policy is created.
Views
WIPS view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a signature policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Create a signature policy named home and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature policy home
signature rule
Use signature rule to create a signature and enter its view. If the specified signature already exists, the command enters signature view.
Use undo signature rule to remove a signature.
Syntax
signature rule rule-id
undo signature rule rule-id
Default
No signature is created.
Views
WIPS view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a signature by its ID in the range of 1 to 65535.
Examples
# Create signature 1 and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
soft-ap
Use soft-ap to configure soft AP detection.
Use undo soft-ap to disable soft AP detection.
Syntax
soft-ap [ convert-time time-value ]
undo soft-ap
Default
Soft AP detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
convert-time time-value: Specifies the interval at which a soft AP switches between its role of client and AP. The value range for the time-value argument is 5 to 600 seconds, and the default is 10 seconds.
Examples
# Enable soft AP detection and set the time-value argument to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] soft-ap convert-time 100
ssid (AP classification rule view)
Use ssid to configure an AP classification rule to match the SSID of the wireless service for APs.
Use undo ssid to restore the default.
Syntax
ssid [ case-sensitive ] [ not ] { equal | include } ssid-string
undo ssid
Default
An AP classification rule does not match the SSID of the wireless service for APs.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
case-sensitive: Concerns the case of the SSID.
not: Matches SSIDs that are not equal to or do not include the specified SSID.
equal: Matches SSIDs equal to the specified SSID.
include: Matches SSIDs that include the specified SSID.
ssid-string: Specifies an SSID, a case-sensitive string of 1 to 32 characters.
Examples
# Configure AP classification rule 1 to match APs using wireless services with the SSID abc.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] ssid equal abc
ssid (signature view)
Use ssid to configure a subsignature to match the SSID of a frame.
Use undo ssid to restore the default.
Syntax
ssid [ case-sensitive ] [ not ] { equal | include } string
undo ssid
Default
No subsignature is configured to match the SSID of a frame.
Views
Signature view
Predefined user roles
network-admin
Parameters
case-sensitive: Concerns the case of the SSID.
not: Matches SSIDs that are not equal to or do not include the specified SSID.
equal: Matches SSIDs equal to the specified SSID.
include: Matches SSIDs that include the specified SSID.
string: Specifies an SSID, a case-sensitive string of 1 to 32 characters.
Examples
# Configure a subsignature to match frames with the SSID office for signature 1.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[Sysname-wips-sig-rule-1] ssid equal office
ssid-length
Use ssid-length to configure a subsignature to match the SSID length in a frame.
Use undo ssid-length to restore the default.
Syntax
ssid-length length-value1 [ to length-value2 ]
undo ssid-length
Default
No subsignature is configured to match the SSID length in a frame.
Views
Signature rule
Predefined user roles
network-admin
Parameters
length-value1 [ to length-value2 ]: Specifies the value range for the SSID length. The length-value1 and length-value2 arguments specify the start value and end value for the value range, respectively. The value range is 1 to 32 for both the length-value1 and length-value2 arguments, and length-value2 cannot be smaller than length-value1.
Examples
# Configure a subsignature to match frames in which the SSID length is 10.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[Sysname-wips-sig-1] ssid-length 10
trust mac-address
Use trust mac-address to add the MAC address of an AP or client to the permitted device list.
Use undo trust mac-address to remove one or all MAC addresses from the permitted device list.
Syntax
trust mac-address mac-address
undo trust mac-address { mac-address | all }
Default
No MAC address is added to the permitted device list.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address.
all: Specifies all MAC addresses.
Examples
# Add the MAC address 78AC-C0AF-944F to the permitted device list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] trust mac-address 78AC-C0AF-944F
trust oui
Use trust oui to add an OUI to the trusted OUI list.
Use undo trust oui to remove one or all OUIs from the trusted OUI list.
Syntax
trust oui oui
undo trust oui { oui | all }
Default
No OUI is added to the trusted OUI list.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
oui: Specifies an OUI by its name, a case-insensitive string of 6 characters.
all: Specifies all OUIs.
Examples
# Add the OUIs 000fe4 and 000fe5 to the trusted OUI list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] trust oui 000fe4
[Sysname-wips-cls-home] trust oui 000fe5
trust ssid
Use trust ssid to add an SSID to the trusted SSID list.
Use undo trust ssid to remove one or all SSIDs from the trusted SSID list.
Syntax
trust ssid ssid-name
undo trust ssid { ssid-name | all }
Default
No SSID is added to the trusted SSID list.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.
all: Specifies all SSIDs.
Examples
# Add the SSID flood1 to the trusted SSID list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] trust ssid flood1
unencrypted-authorized-ap
Use unencrypted-authorized-ap to configure unencrypted authorized AP detection.
Use undo unencrypted-authorized-ap to disable unencrypted authorized AP detection.
Syntax
unencrypted-authorized-ap [ quiet quiet-value ]
undo unencrypted-authorized-ap
Default
Unencrypted authorized AP detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an unencrypted authorized AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an unencrypted authorized AP within the quiet time.
Examples
# Enable unencrypted authorized AP detection and set the quiet time to 10 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] unencrypted-authorized-ap quiet 10
unencrypted-trust-client
Use unencrypted-trust-client to configure unencrypted authorized client detection.
Use undo unencrypted-trust-client to disable unencrypted authorized client detection.
Syntax
unencrypted-trust-client [ quiet quiet-value ]
undo unencrypted-trust-client
Default
Unencrypted authorized client detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an unencrypted authorized client. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an unencrypted authorized client within the quiet time.
Examples
# Enable unencrypted authorized client detection and set the quiet time to 10 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] unencrypted-trust-client quiet 10
up-duration
Use up-duration to configure an AP classification rule to match the running time of APs.
Use undo up-duration to restore the default.
Syntax
up-duration value1 [ to value2 ]
undo up-duration
Default
An AP classification rule does not match the running time of APs.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
value1 [ to value2 ]: Specifies the value range for the running time of APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 2592000 seconds for both the value1 and value2 arguments, and value2 must be greater than value1.
Examples
# Configure AP classification rule 1 to match APs with a running time of 2000 to 40000 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] up-duration 2000 to 40000
virtual-security-domain
Use virtual-security-domain to create a VSD and enter its view.
Use undo virtual-security-domain to remove a VSD.
Syntax
virtual-security-domain vsd-name
undo virtual-security-domain vsd-name
Default
No VSD is created.
Views
WIPS view
Predefined user roles
network-admin
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Create the VSD office and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain office
[Sysname-wips-vsd-office]
weak-iv
Use weak-iv to enable weak IV detection.
Use undo weak-iv to restore the default.
Syntax
weak-iv [ quiet quiet-value ]
undo weak-iv
Default
Weak IV detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a weak IV. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a weak IV within the quiet time.
Examples
# Enable weak IV detection.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] weak-iv
windows-bridge
Use windows-bridge to configure Windows bridge detection.
Use undo windows-bridge to disable Windows bridge detection.
Syntax
windows-bridge [ quiet quiet-value ]
undo windows-bridge
Default
Windows bridge detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a Windows bridge. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a Windows bridge within the quiet time.
Examples
# Enable Windows bridge detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] windows-bridge quiet 360
wips
Use wips to enter WIPS view.
Use undo wips to clear all configurations in WIPS view.
Syntax
wips
undo wips
Default
No configuration exists in WIPS view.
Views
System view
Predefined user roles
network-admin
Examples
# Enter WIPS view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips]
wips enable
Use wips enable to enable WIPS.
Use undo wips enable to restore the default.
Syntax
wips enable
undo wips enable
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, WIPS is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Examples
# Enable WIPS for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] wips enable
# Enable WIPS for radio 1 of APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] wips enable
wips virtual-security-domain
Use wips virtual-security-domain to add an AP to a VSD.
Use undo wips virtual-security-domain to remove an AP from the VSD.
Syntax
wips virtual-security-domain vsd-name
undo wips virtual-security-domain
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP group is not added to any VSD.
Views
AP view
Predefined user roles
network-admin
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Add AP 1 to the VSD office.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] wips virtual-security-domain office
# Add AP group apgroup1 to VSD office.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] wips virtual-security-domain office
wireless-bridge
Use wireless-bridge to configure wireless bridge detection.
Use undo wireless-bridge to disable wireless bridge detection.
Syntax
wireless-bridge [ quiet quiet-value ]
undo wireless-bridge
Default
Wireless bridge detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a wireless bridge. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a wireless bridge within the quiet time.
Examples
# Enable wireless bridge detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] wireless-bridge quiet 100
wlan nat-detect
Use wlan nat-detect enable to enable detection on clients with NAT configured.
Use wlan nat-detect disable to disable detection on clients with NAT configured.
Use undo wlan nat-detect to restore the default.
Syntax
wlan nat-detect { disable | enable }
undo wlan nat-detect
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, detection on clients with NAT configured is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
disable: Disables detection on clients with NAT configured.
enable: Enables detection on clients with NAT configured.
Usage guidelines
The device generates an alarm when it detects a client configured with NAT. To view information about detected NAT-configured clients, use the display wlan nat-detect command.
Examples
# Enable detection on clients with NAT configured for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] wlan nat-detect enable
# Enable detection on clients with NAT configured for APs in AP group aaa.
<Sysname> system-view
[Sysname] wlan ap-group aaa
[Sysname-wlan-ap-group-aaa] wlan nat-detect enable
WLAN QoS commands
bandwidth-guarantee
Use bandwidth-guarantee enable to enable bandwidth guaranteeing.
Use bandwidth-guarantee disable to disable bandwidth guaranteeing.
Use undo bandwidth-guarantee to restore the default.
Syntax
bandwidth-guarantee { disable | enable }
undo bandwidth-guarantee
Default
In radio view:
· If the service template setting in AP group view is used, an AP uses the configuration in AP group view.
· If a service template is manually bound to a radio, bandwidth guaranteeing is disabled.
In AP group radio view, bandwidth guaranteeing is disabled.
Views
Radio view
AP group radio view
Predefined user roles
Usage guidelines
This command enables clients that are associated with the same radio to get the guaranteed bandwidth when the network is congested. To set the guaranteed bandwidth, use the bandwidth-guarantee service-template command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable bandwidth guaranteeing for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] service-template 1
[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee enable
# Enable bandwidth guaranteeing for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] bandwidth-guarantee enable
Related commands
bandwidth-guarantee service-template
bandwidth-guarantee service-template
Use bandwidth-guarantee service-template to set a guaranteed bandwidth percentage for the specified service template.
Use undo bandwidth-guarantee service-template to cancel the guaranteed bandwidth percentage configuration for the specified service template.
Syntax
bandwidth-guarantee service-template service-template-name percent percent
undo bandwidth-guarantee { all | service-template service-template-name }
Default
In radio view:
· If the service template setting in AP group view is used, an AP uses the configuration in AP group view.
· If a service template is manually bound to a radio, no guaranteed bandwidth percentage is set for the service template.
In AP group radio view, no guaranteed bandwidth percentage is set for a service template.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
service-template service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. Make sure the specified service template has been bound to the radio.
percent percent: Specifies the percentage of the guaranteed bandwidth to the total bandwidth. The value range for the percent argument is 1 to 100. The total bandwidth represents the maximum bandwidth of the radio. The guaranteed bandwidth represents the minimum bandwidth for the BSS corresponding to the service template.
all: Specifies all service templates.
Usage guidelines
For this command to take effect, make sure the bandwidth guaranteeing feature is enabled.
For all service templates bound to the same radio, the sum of the guaranteed bandwidth percentages cannot exceed 100%.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the guaranteed bandwidth percentage to 30% for service template 1 in radio view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] service-template 1
[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee service-template 1 percent 30
[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee enable
# Set the guaranteed bandwidth percentage to 30% for service template 1 in AP group radio view.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] bandwidth-guarantee enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] service-template 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] bandwidth-guarantee service-template 1 percent 30
Related commands
· bandwidth-guarantee enable
· wlan max-bandwidth
cac policy
Use cac policy to configure a Connect Admission Control (CAC) policy.
Use undo cac policy to restore the default.
Syntax
cac policy { channelutilization [ channelutilization-value ] | client [ client-number ] }
undo cac policy
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, the client-based admission policy is used, and the maximum number of admitted clients is 20.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
channelutilization: Specifies the channel usage-based admission policy.
channelutilization-value: Specifies the maximum channel usage in percentage, in the range of 0 to 100. The maximum channel usage refers to the medium time of the accepted AC-VO and AC-VI traffic to the valid time within a certain time. The valid time refers to the time available for transmitting and receiving data. By default, the maximum channel usage is 65%.
client: Specifies the client-based admission policy.
client-number: Specifies the maximum number of clients allowed to be connected, in the range of 0 to 64. A client is counted as one client if it is using both the AC-VO and AC-VI queues.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
The CAC policy takes effect only on the AC-VO and the AC-VI queues.
Examples
# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70%.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] cac policy channelutilization 70
# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70% for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] cac policy channelutilization 70
client-rate-limit (radio view/AP group radio view)
Use client-rate-limit to configure radio-based client rate limiting.
Use undo client-rate-limit to restore the default.
Syntax
client-rate-limit { inbound | outbound } mode { dynamic | static } cir cir
undo client-rate-limit { inbound | outbound }
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, radio-based client rate limiting is not configured.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
inbound: Limits the rate of incoming traffic.
outbound: Limits the rate of outgoing traffic.
dynamic: Specifies the dynamic rate limit mode. In this mode, the maximum rate for each client is the total maximum rate divided by the number of clients.
static: Specifies the static rate limit mode. The maximum rate for each client is fixed.
cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000. This option sets the maximum rate for each client in static rate limit mode and sets the total maximum rate for all clients in dynamic rate limit mode.
Usage guidelines
For this command to take effect, make sure radio-based client rate limiting is enabled.
You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Configure client rate limiting for radio 1 in radio view: set the CIR to 567 Kbps for incoming traffic of each client and set the CIR to 89 Kbps for outgoing traffic of all clients.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-1] client-rate-limit enable
[Sysname-wlan-ap-ap1-1] client-rate-limit inbound mode static cir 567
[Sysname-wlan-ap-ap1-1] client-rate-limit outbound mode dynamic cir 89
# Configure client rate limiting for radio 1 in AP group radio view: set the CIR to 567 Kbps for incoming traffic of each client and set the CIR to 89 Kbps for outgoing traffic of all clients.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client-rate-limit enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client-rate-limit inbound mode static cir 567
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client-rate-limit outbound mode dynamic cir 89
Related commands
client-rate-limit { disable | enable }
client-rate-limit (service template view)
Use client-rate-limit to configure service-template-based client rate limiting.
Use undo client-rate-limit to restore the default.
Syntax
client-rate-limit { inbound | outbound } mode { dynamic | static } cir cir
undo client-rate-limit { inbound | outbound }
Default
Service-template-based client rate limiting is not configured.
Views
Service template view
Predefined user roles
network-admin
Parameters
inbound: Limits the rate of incoming traffic.
outbound: Limits the rate of outgoing traffic.
dynamic: Specifies the dynamic rate limit mode. In this mode, the maximum rate for each client is the total maximum rate divided by the number of clients.
static: Specifies the static rate limit mode. The maximum rate for each client is fixed.
cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000. This option sets the maximum rate for each client in static rate limit mode and sets the total maximum rate for all clients in dynamic rate limit mode.
Usage guidelines
For this command to take effect, make sure service-template-based client rate limiting is enabled.
You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic.
Examples
# Configure rate limiting for service template 1: set the CIR to 567 Kbps for each client's incoming traffic.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] client-rate-limit enable
[Sysname-wlan-st-1] client-rate-limit inbound mode static cir 567
Related commands
client-rate-limit enable
client-rate-limit { disable | enable }
Use client-rate-limit enable to enable radio-based client rate limiting.
Use client-rate-limit disable to disable radio-based client rate limiting.
Use undo client-rate-limit to restore the default.
Syntax
client-rate-limit { disable | enable }
undo client-rate-limit
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, radio-based client rate limiting is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command limits the traffic rate of the WLAN clients associated with the radio. To set the rate limit direction and rate limit rate, use the client-rate-limit command.
You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable client rate limiting for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] client-rate-limit enable
# Enable client rate limiting for radio 1 of AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] client-rate-limit enable
Related commands
client-rate-limit (radio view/AP group radio view)
client-rate-limit enable
Use client-rate-limit enable to enable service-template-based client rate limiting.
Use undo client-rate-limit enable to restore the default.
Syntax
client-rate-limit enable
undo client-rate-limit enable
Default
Service-template-based client rate limiting is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command limits the traffic rate of the WLAN clients associated with the service template. To set the rate limit direction and rate limit rate, use the client-rate-limit command.
You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.
Examples
# Enable client rate limiting for service template 1.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] client-rate-limit enable
Related commands
client-rate-limit (service template view)
display wlan wmm
Use display wlan wmm radio to display WMM statistics for radios.
Use display wlan wmm client to display WMM statistics for clients.
Syntax
Views
Any view
Predefined user roles
Parameters
all: Specifies all radios or all clients.
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.
Examples
# Display WMM statistics for radios of AP test.
<Sysname> display wlan wmm radio ap test
AP ID : 4 AP name : test
Radio : 1
Client EDCA updates : 0
QoS mode : WMM
WMM status : Enabled
Radio max AIFSN : 15 Radio max ECWmin : 10
Radio max TXOPLimit : 32767 Radio max ECWmax : 10
CAC information
Clients accepted : 0
Voice : 0
Video : 0
Total request mediumtime(μs) : 0
Voice(μs) : 0
Video(μs) : 0
Calls rejected due to insufficient resources : 0
Calls rejected due to invalid parameters : 0
Calls rejected due to invalid mediumtime : 0
Calls rejected due to invalid delaybound : 0
Radio : 2
Client EDCA updates : 0
QoS mode : WMM
WMM status: Disabled
Radio max AIFSN : 15 Radio max ECWmin : 10
Radio max TXOPLimit : 32767 Radio max ECWmin : 10
CAC information
Client accepted : 0
Voice : 0
Video : 0
Total request mediumtime(μs) : 0
Voice(μs) : 0
Video(μs) : 0
Calls rejected due to insufficient resources : 0
Calls rejected due to invalid parameters : 0
Calls rejected due to invalid mediumtime : 0
Calls rejected due to invalid delaybound : 0
Table 40 Command output
Description |
|
Times that client EDCA parameters have been updated. |
|
· WMM. |
|
· Enabled. · Disabled. |
|
Maximum AIFSN that the radio supports. |
|
Maximum ECWmin that the radio supports. |
|
Radio max TXOPLimit |
Maximum TXOPLimit that the radio supports. |
Maximum ECWmax that the radio supports. |
|
Total request medium time for AC-VO and AC-VI queues, in microseconds. |
# Display WMM statistics for all clients.
<Sysname> display wlan wmm client all
MAC address : 000f-e23c-0001 SSID : service
QoS mode : WMM
APSD information :
Max SP length : 7
L: Legacy T: Trigger D: Delivery
AC AC-BK AC-BE AC-VI AC-VO
Assoc State T|D L T|D T|D
Statistics information :
Uplink packets : 0 Downlink packets : 0
Uplink bytes : 0 Downlink bytes : 0
Downgrade packets : 0 Discarded packets : 0
Downgrade bytes : 0 Discarded bytes : 0
TS information:
AC : AC-VO User priority : 7
TID : 1 Direction : Bidirectional
PSB : 0 Surplus bandwidth allowance : 1.0000
Medium time (μs) : 39 MSDU size (bytes) : 1500
Mean data rate (Kbps) : 10.000 Minimum PHY rate (Mbps) : 11.000
TS creation time : 0h:0m:5s
TS updating time : 0h:0m:5s
Uplink TS packets : 0 Downlink TS packets : 0
Uplink TS bytes : 0 Downlink TS bytes : 0
Table 41 Command output
Field |
Description |
QoS mode |
WMM represents the QoS mode. If the QoS mode is not available, this field displays N/A. |
Maximum service period (SP) length. |
|
· AC-VO. · AC-VI. · AC-BE. · AC-BK. |
|
Assoc state |
APSD attribute for an AC queue: · T—The AC queue is trigger-enabled. · D—The AC queue is delivery-enabled. · T | D—The AC queue is both trigger-enabled and delivery-enabled. · L—The AC queue is of legacy attributes. |
User priority for packets from wired networks. |
|
Traffic identifier, in the range of 0 to 15. |
|
Traffic direction: · Uplink. · Downlink. · Bidirectional. |
|
PSB |
Power save behavior: · 1—U-APSD power saving mode. · 0—Traditional power saving mode. |
Surplus bandwidth allowance |
Surplus bandwidth allowance in percentage. |
Permitted medium time in microseconds. |
|
MSDU size |
Average MSDU size in bytes. |
Average data transmission rate in Kbps. |
|
Minimum physical transmission rate in Mbps. |
Related commands
edca client (ac-be and ac-bk)
Use edca client to set EDCA parameters of AC-BE or AC-BK queues for clients.
Use undo edca client to restore the default.
Syntax
edca client { ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *
undo edca client { ac-be | ac-bk }
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, the default EDCA parameter values of AC-BE or AC-BK queues for clients are shown in Table 42.
Table 42 Default EDCA parameter values of AC-BE or AC-BK queues for clients
AC |
AIFSN |
ECWmin |
ECWmax |
TXOP Limit |
AC-BK |
7 |
4 |
10 |
0 |
AC-BE |
3 |
4 |
10 |
0 |
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
ac-be: Specifies the AC-BE (best-effort traffic) queue.
ac-bk: Specifies the AC-BK (background traffic) queue.
aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.
ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.
ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.
noack: Configures the AC queue to use the No ACK policy. By default, the No ACK policy is used.
txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value, in the range of 0 to 65535 (in units of 32 microseconds). If the value is 0, a client can send only one packet each time it holds the channel.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
If all the clients are 802.11b clients, set the TXOP Limit value to 0 for both the AC-BE and AC-BK queues as a best practice.
If both 802.11b and 802.11g clients exist in the WLAN, use the default TXOPLimit values for both the AC-BK and AC-BE queues as a best practice.
Examples
# Set the AIFSN to 5 for the AC-BE queue.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] edca client ac-be aifsn 5
# Set the AIFSN to 5 for the AC-BE queue for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] edca client ac-be aifsn 5
edca client (ac-vi and ac-vo)
Use edca client to set EDCA parameters of AC-VI or AC-VO queues for clients.
Use undo edca client to restore the default.
Syntax
edca client { ac-vi | ac-vo } { aifsn aifsn-value | cac { disable | enable } | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *
undo edca client { ac-vi | ac-vo }
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, the default EDCA parameter values of AC-VI or AC-VO queues for clients are shown in Table 43.
Table 43 Default EDCA parameter values of AC-VI or AC-VO queues for clients
AC |
AIFSN |
ECWmin |
ECWmax |
TXOP Limit |
AC-VI |
2 |
3 |
4 |
94 |
AC-VO |
2 |
2 |
3 |
47 |
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
ac-vi: Specifies the AC-VI (video traffic) queue.
ac-vo: Specifies the AC-VO (voice traffic) queue.
aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.
cac: Specifies CAC. The AC-VO and AC-VI queues support CAC. CAC is disabled by default.
disable: Disables CAC.
enable: Enables CAC.
ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.
ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.
txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value, in the range of 0 to 65535 (in units of 32 microseconds). If the value is 0, a client can send only one packet each time it holds the channel.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
When all the clients are 802.11b clients, set the TXOPLimit value to 188 and 102 for the AC-VI and AC-VO queues, respectively as a best practice.
If both 802.11b and 802.11g clients exist in the WLAN, use the default TXOPLimit values for both the AC-VI and AC-VO queues as a best practice.
Examples
# Set the AIFSN to 3 for the AC-VO queue.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] edca client ac-vo aifsn 3
# Set the AIFSN to 3 for the AC-VO queue for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] edca client ac-vo aifsn 3
edca radio
Use edca radio to set EDCA parameters.
Use undo edca radio to restore the default.
Syntax
edca radio { ac-be | ac-bk | ac-vi | ac-vo } { ack-policy { noack | normalack } | aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | noack | txoplimit txoplimit-value } *
undo edca radio { ac-be | ac-bk | ac-vi | ac-vo }
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, the default EDCA parameter values are shown in Table 44.
The default EDCA parameter values are shown in Table 44.
Table 44 Default EDCA parameter values
AC |
AIFSN |
ECWmin |
ECWmax |
TXOP Limit |
AC-BK |
7 |
4 |
10 |
0 |
AC-BE |
3 |
4 |
6 |
0 |
AC-VI |
1 |
3 |
4 |
94 |
AC-VO |
1 |
2 |
3 |
47 |
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
ac-be: Specifies the AC-BE (best-effort traffic) queue.
ac-bk: Specifies the AC-BK (background traffic) queue.
ac-vi: Specifies the AC-VI (video traffic) queue.
ac-vo: Specifies the AC-VO (voice traffic) queue.
ack-policy: Specifies the ACK policy for the AC queue.
noack: Specifies the No ACK policy (the default).
normalack: Specifies the Normal ACK policy.
aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.
ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin). The value range for the ecwmin-value argument is 0 to 10.
ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax). The value range for the ecwmax-value argument is 0 to 10. The value of ECWmax cannot be smaller than the value of ECWmin.
txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value in units of 32 microseconds. The value range for the txoplimit-value argument is 0 to 32767. If the value is 0, a client can send only one packet each time it holds the channel.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
For 802.11b radios, set TXOP Limit values for AC-BK, AC-BE, AC-VI, and AC-VO queues to 0, 0, 188, and 102, respectively as a best practice.
Examples
# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] edca radio ac-vo aifsn 2
# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2 for AP group apgroup1.
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] edca radio ac-vo aifsn 2
qos priority
Use qos priority to set the port priority.
Use undo qos priority to restore the default.
Syntax
Default
The port priority is 0.
Views
Service template view
Predefined user roles
Parameters
priority-value: Specifies the port priority in the range of 0 to 7. A larger value represents a higher priority.
Usage guidelines
When the port trust mode is enabled, an AP assigns the port priority to all packets for the service template.
This command does not take effect when the packet trust mode is enabled.
Examples
# Set the port priority to 2 for service template 1.
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] qos priority 2
Related commands
qos trust
Use qos trust to configure the trusted packet priority type.
Use undo qos trust to restore the default.
Syntax
Default
The port priority is trusted.
Views
Service template view
Predefined user roles
Parameters
dot11e: Uses the 802.1e priority carried in packets for priority mapping.
dscp: Uses the DSCP priority carried in packets for priority mapping.
Usage guidelines
This feature takes effect only on uplink packets.
Examples
# Configure service template 1 to use the 802.1e priority carried in packets for priority mapping.
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] qos trust dot11e
Related commands
reset wlan wmm
Use reset wlan wmm to clear WMM statistics.
Syntax
reset wlan wmm { client { all | ap ap-name | mac-address mac-address } | radio { all | ap ap-name } }
Views
User view
Predefined user roles
network-admin
Parameters
client: Clears WMM statistics for clients.
all: Clears WMM statistics for all radios or clients.
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.
radio: Clears WMM statistics for radios.
Examples
# Clear WMM statistics for all radios.
<Sysname> reset wlan wmm radio all
Related commands
svp map-ac
Use svp map-ac to enable SVP mapping to the specified AC queue.
Use svp map-ac disable to disable SVP mapping.
Use undo svp map-ac to restore the default.
Syntax
svp map-ac { ac-vi | ac-vo }
svp map-ac disable
undo svp map-ac
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, SVP mapping is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
ac-vi: Specifies the AC-VI (video traffic) queue.
ac-vo: Specifies the AC-VO (voice traffic) queue.
Usage guidelines
SVP mapping takes effect only on non-WMM clients.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Map SVP packets to the AC-VO queue.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] svp map-ac ac-vo
# Map SVP packets to the AC-VO queue for AP group apgroup1.
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] svp map-ac ac-vo
wlan client-rate-limit
Use wlan client-rate-limit to configure client-type-based client rate limiting.
Use undo wlan client-rate-limit to remove the configuration.
Syntax
wlan client-rate-limit { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } { inbound | outbound } cir cir [ cbs cbs ]
undo wlan client-rate-limit [ { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } [ inbound | outbound ] ]
Default
Client-type-based client rate limiting is not configured.
Views
System view
Predefined user roles
network-admin
Parameters
dot11a: Specifies 802.11a clients.
dot11ac: Specifies 802.11ac clients.
dot11an: Specifies 802.11an clients.
dot11b: Specifies 802.11b clients.
dot11g: Specifies 802.11g clients.
dot11gac: Specifies 802.11gac clients.
dot11gn: Specifies 802.11gn clients.
inbound: Limits the rate of incoming traffic.
outbound: Limits the rate of outgoing traffic.
cir cir: Specifies the CIR in Kbps for each client. The value range for the cir argument is 1 to 2097152.
cbs byte: Specifies the CBS in bytes for each client. The value range for the byte argument is 1 to 268435456. If you do not specify this option, the value of CBS is automatically calculated from the value of CIR.
Usage guidelines
You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.
Examples
# Set the rate limit to 20480 Kbps for incoming traffic of 802.11an clients.
<Sysname> system-view
[Sysname] wlan client-rate-limit dot11an inbound cir 20480
wlan max-bandwidth
Use wlan max-bandwidth to set the maximum bandwidth for a radio type.
Use undo wlan max-bandwidth to restore the default setting for a radio type or default settings for all radio types.
Syntax
wlan max-bandwidth { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } bandwidth
undo wlan max-bandwidth [ dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn ]
Default
The following maximum bandwidth settings apply:
· 30000 Kbps for dot11a and dot11g.
· 250000 Kbps for dot11an, dot11gn, and dot11gac.
· 500000 Kbps for dot11ac.
· 7000 Kbps for dot11b.
Views
System view
Predefined user roles
network-admin
Parameters
dot11a: Specifies the 802.11a radio mode.
dot11ac: Specifies the 802.11ac radio mode.
dot11an: Specifies the 802.11an radio mode.
dot11b: Specifies the 802.11b radio mode.
dot11g: Specifies the 802.11g radio mode.
dot11gac: Specifies the 802.11gac radio mode.
dot11gn: Specifies the 802.11gn radio mode.
bandwidth: Specifies the maximum bandwidth in Kbps. The value range varies as follows depending on radio types:
· 16 to 30000 for dot11a and dot11g.
· 16 to 250000 for dot11an, dot11gn, and dot11gac.
· 16 to 500000 for dot11ac.
· 16 to 7000 for dot11b.
Usage guidelines
The maximum bandwidth is used to calculate the guaranteed bandwidth.
Examples
# Set the maximum bandwidth to 2000 Kbps for 802.11ac.
<Sysname> system-view
[Sysname] wlan max-bandwidth dot11ac 2000
wmm
Use wmm enable to enable WMM.
Use wmm disable to disable WMM.
Use undo wmm to restore the default.
Syntax
wmm { disable | enable }
undo wmm
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, WMM is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
disable: Disables WMM.
enable: Enables WMM.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
All 802.11n clients must support WLAN QoS. For 802.11n clients to communicate with the associated AP, enable WMM when the radio operates in 802.11an or 802.11gn mode.
Examples
# Disable WMM.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] wmm disable
# Disable WMM for AP group apgroup1.
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] wmm disable
WLAN roaming commands
authentication-mode
Use authentication-mode to set an authentication mode for IACTP control messages.
Use undo authentication-mode to restore the default.
Syntax
authentication-mode authentication-mode [ cipher | simple ] authentication-key
Default
No authentication mode is configured for IACTP control messages. The AC does not verify the integrity of IACTP control messages.
Views
Mobility group view
Predefined user roles
Parameters
authentication-mode: Specifies an authentication mode. Only the 128-bit MD5 authentication mode is supported.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key.
authentication-key: Specifies the key string. This argument is case sensitive. The length of a plaintext key is in the range of 1 to 16, and the length of a ciphertext key is in the range of 33 to 53.
Usage guidelines
Use this command to enable an AC to verify the integrity of control messages transmitted over IACTP tunnels.
For security purposes, all keys, including plain-text keys, are saved in cipher text.
Examples
# Set the authentication mode to MD5 and set the plaintext key to 12345.
[Sysname] wlan mobility group aaa
[Sysname-wlan-mg-aaa] authentication-mode md5 plain 12345
display wlan mobility
Use display wlan mobility to display information about clients that have roamed to or from the AC.
Syntax
display wlan mobility { roam-in | roam-out } [ member { ip ipv4-address | ipv6 ipv6-address } ]
Views
Any view
Predefined user roles
Parameters
roam-in: Displays information about clients that have roamed from another AC.
roam-out: Displays information about clients that have roamed to another AC.
member ip ipv4-address: Specifies the IPv4 address of a member AC.
member ipv6 ipv6-address: Specifies the IPv6 address of a member AC.
Usage guidelines
If no member AC is specified, this command displays information about all clients that have roamed to and from another AC.
Examples
# Display information about all clients that have roamed to the AC.
<Sysname> display wlan mobility roam-in
Total entries: 1
MAC address BSSID VLAN ID HA IP address
5250-0012-0411 cbab-abab-abab 1 192.168.0.101
# Display information about clients that have roamed to the specified member AC.
<Sysname> display wlan mobility roam-in member ip 192.168.0.101
Total entries: 1
MAC address BSSID VLAN ID
5250-0012-0411 cbab-abab-abab 1
# Display information about all clients that have roamed to another AC.
<Sysname> display wlan mobility roam-out
Total entries: 1
MAC address BSSID VLAN ID Online time FA IP address
5250-0012-0411 cbab-abab-abab 1 00hr 01min 39sec 192.168.0.102
# Display information about clients that have roamed from the specified member AC to another AC.
[Sysname] display wlan mobility roam-out member ip 192.168.0.102
Total entries: 1
MAC address BSSID VLAN ID Online time
5250-0012-0411 cbab-abab-abab 1 00hr 03min 02sec
Table 45 Command output
Field |
Description |
MAC address |
MAC address of the client. |
BSSID |
BSSID of the AP with which the client is associated. |
VLAN ID |
VLAN ID of the client. |
Online time |
Online time of the client. |
display wlan mobility group
Use display wlan mobility group to display mobility group information.
Syntax
Views
Any view
Predefined user roles
Examples
# Display mobility group information.
<Sysname> display wlan mobility group
Mobility group name: office
Tunnel type: IPv4
Source IPv4: 172.16.220.101
Source IPv6: Not configured
Authentication method: Not configured
Mobility group status: Enabled
Member entries: 2
IP address State Online time
172.16.220.102 Down 00hr 00min 00sec
172.16.220.105 Up 00hr 36min 27sec
Table 46 Command output
Field |
Description |
Tunnel type |
IACTP tunnel type for the mobility group: · IPv4. · IPv6. |
Authentication method |
Authentication method used for the mobility group. |
Mobility group status: · Enabled. · Disabled. |
|
IP address |
IP address of the member AC. |
State |
IACTP tunnel state: · Up. · Down. |
Online time |
Online time of the member AC. |
display wlan mobility roam-track mac-address
Use display wlan mobility roam-track mac-address to display roaming information for a client on the home AC.
Syntax
display wlan mobility roam-track mac-address mac-address
Views
Any view
Predefined user roles
Parameters
mac-address mac-address: Specifies a client by its MAC address.
Examples
# Display roaming information for the specified client on the home AC. The most recent roam-track information is displayed the first.
<Sysname> display wlan mobility roam-track mac-address 5250-0012-0411
Total entries: 2
BSSID Created at Online time AC IP address RID AP name
3ce5-a68d-2280 2017-03-14 11:12:28 00hr 48min 46sec 192.168.0.2 2 ap1
0026-3e08-1150 2017-03-14 11:12:05 00hr 40min 46sec 127.0.0.1 2 ap2
Table 47 Command output
Field |
Description |
BSSID |
BSSID of the AP with which the client is associated. |
Created at |
Time when a roam-track entry was created for the client. |
Online time |
Online time of the client. |
AC IP address |
IP address of the AC with which the client is associated. This field displays 127.0.0.1 if the client is associated with the home AC. |
RID |
ID of the radio with which the client is associated. |
AP name |
Name of the AP with which the client is associated. |
group enable
Use group enable to enable a mobility group.
Use undo group enable to restore the default.
Syntax
Default
A mobility group is disabled.
Views
Mobility group view
Predefined user roles
Usage guidelines
This feature enables the AC to establish IACTP tunnels and synchronize roaming entries with member ACs.
If you disable a mobility group on the AC, the AC shuts down all IACTP tunnels established with all member ACs and deletes the roaming entries.
Examples
# Enable mobility group floor1.
[Sysname] wlan mobility group floor1
[Sysname-wlan-mg-floor1] tunnel-type ipv4
[Sysname-wlan-mg-floor1] source ip 192.168.0.1
[Sysname-wlan-mg-floor1] member ip 192.168.0.2
[Sysname-wlan-mg-floor1] group enable
Related commands
· wlan mobility group
member
Use member to add a mobility group member.
Use undo member to delete a mobility group member.
Syntax
member { ip ip-address | ipv6 ipv6-address } [ vlan vlan-id-list ]
undo member [ ip ip-address | ipv6 ipv6-address ] [ vlan [ vlan-id-list ] ]
Default
No member ACs exist in a mobility group.
Views
Mobility group view
Predefined user roles
Parameters
ip ip-address: Specifies an AC by its IPv4 address.
ipv6 ipv6-address: Specifies an AC by its IPv6 address.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 2 to 4094. The value for the vlan-id2 argument cannot be lower than the value for the vlan-id1 argument.
Usage guidelines
Make sure the mobility group is disabled before you use either command.
Members in a mobility group are identified by their IP addresses used to establish IACTP tunnels.
You can add both IPv4 and IPv6 members to a mobility group. Only members whose IP address type is the same as the IP address type of IACTP tunnels take effect.
An AC can belong to only one mobility group.
You can add a maximum of 31 IPv4 members and 31 IPv6 members to a mobility group.
You can specify VLANs for a member AC, so that other member ACs in the mobility group can directly forward client data of the member AC from the specified VLANs. If you do not specify VLANs for the member AC, its client data cannot be directly forwarded by another member in the mobility group unless the clients roam to that member.
If a mobility group has multiple ACs, make sure no loops exist among IACTP tunnels between members within the mobility group.
The undo form of this command deletes all member ACs in a mobility group if you do not specify any parameters.
Examples
# Add a mobility group member.
[Sysname] wlan mobility group abc
[Sysname-wlan-mg-abc] member ip 192.168.1.55 vlan 3 10 19 22 to 30
snmp-agent trap enable wlan mobility
Use snmp-agent trap enable wlan mobility to enable SNMP notifications for WLAN roaming.
Use undo snmp-agent trap enable wlan mobility to disable SNMP notifications for WLAN roaming.
Syntax
snmp-agent trap enable wlan mobility
undo snmp-agent trap enable wlan mobility
Default
SNMP notifications are disabled for WLAN roaming.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical WLAN roaming events to an NMS, enable SNMP notifications for WLAN roaming. For WLAN roaming event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notifications for WLAN roaming.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan mobility
source
Use source to specify the source IP address for establishing IACTP tunnels.
Use undo source to delete the source IP address for establishing IACTP tunnels.
Syntax
source { ip ip-address | ipv6 ipv6-address }
Default
No source IP address is configured for establishing IACTP tunnels.
Views
Mobility group view
Predefined user roles
Parameters
ip ipv4-address: Specifies a source IPv4 address.
ipv6 ipv6-address: Specifies a source IPv6 address.
Usage guidelines
An AC uses its source IP address to establish IACTP tunnels with member ACs.
When you specify the source IP address for establishing IACTP tunnels, follow these restrictions and guidelines:
· Make sure the mobility group is disabled before you specify the source IP address for establishing IACTP tunnels.
· You can specify one IPv4 address, one IPv6 address, or both, but only the IP address type that is the same as the IP address type for IACTP tunnels takes effect.
· If you do not specify an IP address when you use the undo command, this command deletes all source IP addresses.
Examples
# Specify a source IPv4 address for establishing IACTP tunnels.
[Sysname] wlan mobility group abc
[Sysname-wlan-mg-abc] source ip 192.168.1.55
Related commands
tunnel-type
Use tunnel-type to specify the IP address type for IACTP tunnels.
Use undo tunnel-type to restore the default.
Syntax
Default
The IP address type for IACTP tunnels is IPv4.
Views
Mobility group view
Predefined user roles
Parameters
ipv4: Specifies the IPv4 address type.
ipv6: Specifies the IPv6 address type.
Usage guidelines
You cannot specify both the IPv4 and IPv6 address types for IACTP tunnels in a mobility group.
Disable the mobility group before you execute either command.
Examples
# Specify the IP address type as IPv6 for IACTP tunnels in mobility group aaa.
[Sysname] wlan mobility group aaa
[Sysname-wlan-mg-aaa] tunnel-type ipv6
wlan mobility group
Use wlan mobility group to create a mobility group and enter mobility group view.
Use undo wlan mobility group to delete a mobility group.
Syntax
wlan mobility group group-name
undo wlan mobility group group-name
Default
No mobility group exists.
Views
System view
Predefined user roles
Parameters
group-name: Specifies a mobility group by its name, a case-sensitive string of 1 to 15 characters that do not contain spaces.
Usage guidelines
Mobility groups configured on member ACs must have the same name.
You can create only one mobility group on an AC.
Examples
# Create a mobility group named office and enter mobility group view.
[Sysname] wlan mobility group office
[Sysname-wlan-mg-office]
wlan mobility-group-isolation enable
Use wlan mobility-group-isolation enable to enable tunnel isolation for mobility groups.
Use undo wlan mobility-group-isolation enable to disable tunnel isolation for mobility groups.
Syntax
wlan mobility-group-isolation enable
undo wlan mobility-group-isolation enable
Default
Tunnel isolation is enabled for mobility groups.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is required when loops exist among ACs in a mobility group. It prevents ACs from forwarding packets between tunnels in the mobility group and avoids broadcast storm.
Examples
# Enable tunnel isolation for mobility groups.
<Sysname> system-view
[Sysname] wlan mobility-group-isolation enable
WLAN load balancing commands
ap radio
Use ap radio to add a radio to a load balancing group.
Use undo ap to remove one or all radios from a load balancing group.
Syntax
ap name ap-name radio radio-id
undo ap { name ap-name [ radio radio-id ] | all }
Default
No radio exists in a load balancing group.
Views
Load balancing group view
Predefined user roles
network-admin
Parameters
ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), left brackets ([), right brackets (]), slashes (/), and minus signs (-). The AP must already exist.
radio-id: Specifies a radio by its name. The value range for this argument varies by AP model.
all: Specifies all radios.
Usage guidelines
You can add a radio to only one load balancing group.
If you do not specify a radio in the undo ap command, the command removes all radios on the specified AP from the load balancing group.
Examples
# Add radio 2 of AP 1 to load balancing group 10.
<Sysname> system-view
[Sysname] wlan load-balance group 10
[Sysname-wlan-lb-group-10] ap name ap1 radio 2
description
Use description to set a description for a load balancing group.
Use undo description to remove the description for a load balancing group.
Syntax
description text
undo description
Default
No description is set for a load balancing group.
Views
Load balancing group view
Predefined user roles
network-admin
Parameters
text: Specifies a description for a load balancing group, a case-sensitive string of 1 to 64 characters.
Examples
# Set the description for load balancing group 10 to marketing.
<Sysname> system-view
[Sysname] wlan load-balance group 10
[Sysname-wlan-lb-group10] description marketing
display wlan load-balance group
Use display wlan load-balance group to display load balancing group information.
Syntax
display wlan load-balance group { group-id | all }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies a load balancing group by its ID in the range of 1 to 65535.
all: Specifies all load balancing groups.
Examples
# Display information about load balancing group 1.
<Sysname> display wlan load-balance group 1
WLAN load balance group information
--------------------------------------------------------------------------------
Group ID : 1
Description :
Group members : ap3-radio2,
ap2-radio1,
ap1-radio1,
--------------------------------------------------------------------------------
# Display information about all load balancing groups.
<Sysname> display wlan load-balance group all
WLAN load balance group information
--------------------------------------------------------------------------------
Group ID : 1
Description :
Group members : ap3-radio2,
ap2-radio1,
ap1-radio1,
--------------------------------------------------------------------------------
Group ID : 2
Description : marketing
Group members : ap3-radio1,
--------------------------------------------------------------------------------
Table 48 Command output
Field |
Description |
Group members |
List of radios in the load balancing group. |
display wlan load-balance status service-template
Use display wlan load-balance status service-template to display load balancing information for radios that are bound to a service template.
Syntax
display wlan load-balance status service-template template-name { client mac-address | group group-id }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
group-id: Displays information about radios in a load balancing group. The group-id argument specifies the ID of the load balancing group, in the range of 1 to 65535.
mac-address: Displays information about radios that have detected a client. The mac-address argument represents the MAC address of the client and is in H-H-H format.
Examples
# Display load balancing information for radios that are bound to service template st1 and are in load balancing group 1.
<Sysname> display wlan load-balance status service-template st1 group 1
Current load balancing mode (threshold/gap): session (2/1)
Total radios: 4
APID/RID Group ID Session Bandwidth(Mbps) Traffic(%) Balance(Y/N)
----------------------------------------------------------------------------------------
1/1 1 2 100 5 Y
1/2 1 10 50 10 N
2/1 1 2 10 1 Y
2/2 1 2 0 0 Y
# Display load balancing information for radios that are bound to service template st1 and that detect the client with MAC address 702d-2249-33bf.
<Sysname> display wlan load-balance status service-template st1 client 702d-2249-33bf
Current load balancing mode (threshold/gap): session (2/1)
Load balancing group exist: Yes
Total radios: 4
APID/RID Group ID Session Bandwidth(Mbps) Traffic(%) Balance(Y/N)
----------------------------------------------------------------------------------------
3/1 0 2 100 5 Y
1/2 1 10 50 10 N
4/1 1 2 10 1 Y
4/2 0 2 0 0 Y
Table 49 Command output
Field |
Description |
Load-balance group exist |
Whether load balancing groups exist: Yes or No. |
Group ID |
Load balancing group ID. The value of 0 indicates that the radio is not in a load balancing group. |
Session |
Number of clients associated with the radio. |
Bandwidth(Mbps) |
Bandwidth of the radio in Mbps. |
Traffic(%) |
Percentage of the traffic on the radio to the maximum bandwidth supported by the radio. |
Balance(Y/N) |
Load balancing status: · Y—The radio has been load balanced. · N—The radio has not been load balanced. |
snmp-agent trap enable wlan load-balance
Use snmp-agent trap enable wlan load-balance to enable SNMP notifications for WLAN load balancing.
Use undo snmp-agent trap enable wlan load-balance to restore the default.
Syntax
snmp-agent trap enable wlan load-balance
undo snmp-agent trap enable wlan load-balance
Default
SNMP notifications for WLAN load balancing are disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical WLAN load balancing events to an NMS, enable SNMP notifications for WLAN load balancing. For WLAN load balancing event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notifications for WLAN load balancing.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan load-balance
wlan load-balance access-denial
Use wlan load-balance access-denial to set the maximum number of denials for association requests.
Use undo wlan load-balance access-denial to restore the default.
Syntax
wlan load-balance access-denial access-denial
undo wlan load-balance access-denial
Default
The maximum number of denials is 10 for association requests.
Views
System view
Predefined user roles
network-admin
Parameters
access-denial: Specifies the maximum number of denials for association requests, in the range of 2 to 10.
Usage guidelines
If the number of times that an AP rejects a client reaches the maximum number of denials for association requests, the AP accepts the association request from the client.
Examples
# Set the maximum number of denials to 4 for association requests.
<Sysname> system-view
[Sysname] wlan load-balance access-denial 4
wlan load-balance enable
Use wlan load-balance enable to enable WLAN load balancing.
Use undo wlan load-balance enable to disable WLAN load balancing.
Syntax
wlan load-balance enable
undo wlan load-balance enable
Default
WLAN load balancing is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable WLAN load balancing.
<Sysname> system-view
[Sysname] wlan load-balance enable
wlan load-balance group
Use wlan load-balance group to create a load balancing group and enter its view.
Use undo wlan load-balance group to remove one or all load balancing groups.
Syntax
wlan load-balance group group-id
undo wlan load-balance group { group-id | all }
Default
No load balancing group exists.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a load balancing group by its ID. The value range for this argument is 1 to 65535.
all: Specifies all load balancing groups.
Usage guidelines
To perform load balancing among specific APs, you can add the radios of these APs to a load balancing group. The AC does not perform load balancing on radios that do not belong to the load balancing group.
Examples
# Create load balancing group 10 and enter its view.
<Sysname> system-view
[Sysname] wlan load-balance group 10
[Sysname-wlan-lb-group-10]
Related commands
ap radio
wlan load-balance mode bandwidth
Use wlan load-balance mode bandwidth to configure bandwidth-mode load balancing.
Use undo wlan load-balance mode to restore the default.
Syntax
wlan load-balance mode bandwidth value [ gap gap-value ]
undo wlan load-balance mode
Views
System view
Default
Session-mode load balancing is used.
Predefined user roles
network-admin
Parameters
value: Specifies the bandwidth threshold in the range of 1 to 500 Mbps.
gap-value: Specifies the bandwidth gap threshold in the range of 1 to 200 Mbps. The default bandwidth gap threshold is 20 Mbps.
Usage guidelines
The AC performs bandwidth-mode load balancing when the following conditions are met:
· The bandwidth of an AP reaches the bandwidth threshold.
· The bandwidth gap between the AP and the AP that has the smallest bandwidth reaches the bandwidth gap threshold.
Examples
# Set the load balancing mode to bandwidth mode, and set the bandwidth threshold and bandwidth gap threshold to 100 Mbps and 20 Mbps, respectively.
<Sysname> system-view
[Sysname] wlan load-balance mode bandwidth 100 gap 20
wlan load-balance mode session
Use wlan load-balance mode session to configure session-mode load balancing.
Use undo wlan load-balance mode to restore the default.
Syntax
wlan load-balance mode session value [ gap gap-value ]
undo wlan load-balance mode
Default
Session-mode load balancing is used, and the session threshold is 20.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the session threshold in the range of 1 to 120.
gap-value: Specifies the session gap threshold in the range of 1 to 12. The default session gap threshold is 4.
Usage guidelines
The AC performs session-mode load balancing when the following conditions are met:
· The number of clients associated with an AP reaches the session threshold.
· The session gap between the AP and the AP that has the fewest clients reaches the session gap threshold.
Examples
# Set the load balancing mode to session mode, and set the session threshold and session gap threshold to 7 and 5, respectively.
<Sysname> system-view
[Sysname] wlan load-balance mode session 7 gap 5
wlan load-balance mode traffic
Use wlan load-balance mode traffic to configure traffic-mode load balancing.
Use undo wlan load-balance mode to restore the default.
Syntax
wlan load-balance mode traffic value [ gap gap-value ]
undo wlan load-balance mode
Default
Session-mode load balancing is used.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the traffic threshold in the ratio between the traffic and the maximum bandwidth of an AP. The value range for this argument is 1% to 80%.
gap-value: Specifies the traffic gap threshold in the ratio between the traffic gap and the maximum bandwidth of an AP. The value range for this argument is 10% and 40%. The default traffic gap threshold is 20%.
Usage guidelines
The AC performs traffic-mode load balancing when the following conditions are met:
· The traffic of an AP reaches the traffic threshold.
· The traffic gap between the AP and the AP that has the least traffic reaches the traffic gap threshold.
Examples
# Set the load balancing mode to traffic mode, and set the traffic threshold and traffic gap threshold to 25% and 20%, respectively.
<Sysname> system-view
[Sysname] wlan load-balance mode traffic 25 gap 20
wlan load-balance rssi-threshold
Use wlan load-balance rssi-threshold to set the received signal strength indicator (RSSI) threshold.
Use undo wlan load-balance rssi-threshold to restore the default.
Syntax
wlan load-balance rssi-threshold rssi-threshold
undo wlan load-balance rssi-threshold
Default
The RSSI threshold is 25.
Views
System view
Predefined user roles
network-admin
Parameters
rssi-threshold: Specifies the RSSI threshold in the range of 5 to 100.
Usage guidelines
A client might be detected by multiple APs. An AP considers a client not detected if the client's RSSI is lower than the load balancing RSSI threshold. If only one AP can detect the client, the AP increases the access probability for the client even if it is overloaded.
Examples
# Set the RSSI threshold to 40.
<Sysname> system-view
[Sysname] wlan load-balance rssi-threshold 40
WLAN radio resource measurement commands
display wlan measure-report
Use display wlan measure-report to display measurement reports for clients.
Syntax
display wlan measure-report ap ap-name radio radio-id [ client mac-address mac-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Specifies a radio by its number. The value range varies by device model.
client mac-address mac-address: Specifies a client by its MAC address. If you do not specify a client, this command displays measurement reports for all clients.
Examples
# Display measurement reports for clients associated with radio 2 of the AP ap1.
<Sysname> display wlan measure-report ap ap1 radio 2
Total number of clients: 1
Client MAC address : 0aef-e760-3587
Link measurement:
Link margin : 2 dBm
RCPI : -85 dBm
RSNI : 53 dBm
Noise histogram:
Antenna ID : 3
ANPI : -56 dBm
IPI0 to IPI10 density : 5 12 16 13 8 5 5 15 17 1 3
Spectrum measurement:
Transmit power : 20 dBm
BSS : Detected
OFDM preamble : Detected
Radar : Detected
Unidentified signal : Undetected
CCA busy fraction : 60
RPI0 to RPI7 density : 3 7 11 19 15 23 15 7
Frame report entry:
BSSID : a072-2351-e253
PHY type : fhss
Average RCPI : -10 dBm
Last RSNI : 2 dBm
Last RCPI : -20 dBm
Frames : 1
Dot11BSSAverageAccessDelay group:
Average access delay : 32 ms
BestEffort average access delay : 1 ms
Background average access delay : 1 ms
Video average access delay : 1 ms
Voice average access delay : 1 ms
Clients : 32
Channel utilization rate : 11
Transmit stream:
Traffic ID : 0
Sent MSDUs : 60
Discarded MSDUs : 5
Failed MSDUs : 3
MSDUs resent multiple times : 3
Lost QoS CF-Polls : 2
Average queue delay : 2 ms
Average transmit delay : 1 ms
Bin0 range : 0 to 10 ms
Bin0 to Bin5 : 5 10 10 5 10 10
Table 50 Command output
Field |
Description |
Gap between the received RSSI and the lowest available RSSI. |
|
RCPI |
Received Channel Power Indicator. |
RSNI |
Received Signal to Noise Indicator. |
ANPI |
Average Noise Power Indicator during the measurement. |
IPI0 to IPI10 density |
Percentage of time for different IPI ranges to the total measurement period. IPIn represents an IPI range. The value for n is in the range of 1 to 10: · 0: IPI <= –92 dBm. · 1: –92 dBm < IPI <=–89 dBm. · 2: –89 dBm < IPI <= –86 dBm. · 3: –86 dBm < IPI <= –83 dBm. · 4: –83 dBm < IPI <= –80 dBm. · 5: –80 dBm < IPI <= –75 dBm · 6: –75 dBm < IPI <= –70 dBm. · 7: –70 dBm < IPI <= –65 dBm. · 8: –65 dBm < IPI <= –60 dBm. · 9: –60 dBm < IPI <= –55 dBm. · 10: –55 dBm < IPI. |
Transmit power |
Transmission power of the client. |
BSS |
Whether the client has detected wireless packets from other BSSs. |
OFDM preamble |
Whether the client has detected OFDM preambles. |
Radar |
Whether the client has detected radar signals. |
Unidentified signal |
Whether the client has detected unknown signals. |
CCA busy fraction |
Percentage of busy time for a channel to the total measurement period. |
RPI0 to RPI7 density |
Percentage of time for different RPI ranges to the total measurement period. RPIn represents a RPI range. The value for n is in the range of 1 to 7: · 0: RPI <= –87 dBm. · 1: –87 dBm < RPI <= –82 dBm. · 2: –82 dBm < RPI <= –77 dBm. · 3: –77 dBm < RPI <= –72 dBm. · 4: –72 dBm < RPI <= –67 dBm. · 5: –67 dBm < RPI <= –62 dBm. · 6: –62 dBm < RPI <= –57 dBm. · 7: –57 dBm < RPI. |
PHY type |
Physical media type: · fhss. · dsss. · irbaseband. · ofdm. · hrdsss. · erp. |
Frames |
Number of frames from the same MAC address and BSSID during the measurement. |
Bin0 range |
Value range for Bin0. |
Bin0 to Bin5 |
Number of successfully sent MSDUs for each average delay range. Binx represents an average delay range. The value for x is in the range of 0 to 5: · Bin0: Delay< 10 ms. · Bin1: 10 ms <= Delay < 20 ms. · Bin2: 20 ms <= Delay < 40 ms. · Bin3: 40 ms <= Delay < 80 ms. · Bin4: 80 ms <= Delay < 160 ms. · Bin5: 160 ms <= Delay. |
measure
Use measure enable to enable the specified measurement feature or all measurement features.
Use measure disable to disable the specified measurement feature or all measurement features.
Use undo measure to restore the default.
Syntax
measure { all | link | neighbor | radio | spectrum | tpc } { disable | enable }
undo measure
Default
In radio view, the AP uses the configuration in AP group view.
In AP group radio view, measurement is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
all: Specifies all measurement features.
link: Specifies link measurement. Link measurement measures RCPI, RSNI, and link redundancy for the requested link.
neighbor: Specifies neighbor measurement. Neighbor measurement measures the channel and BSSID of neighbor APs.
radio: Specifies radio measurement. Radio measurement measures channel load, noise histogram, beacons, frames, station statistics, locations, and transmit streams.
spectrum: Specifies spectrum measurement, which includes basic measurement, Clear Channel Assessment (CCA) measurement, and Receive Power Indication (RPI) measurement.
tpc: Specifies TPC measurement. TPC measurement measures link redundancy and transmission power for clients.
Usage guidelines
You must enable radio resource measurement if you enable link, neighbor, or radio measurement.
You must enable spectrum management if you enable spectrum or TPC measurement. For more information about spectrum management, see WLAN Configuration Guide.
The spectrum and tpc keywords are available only on 5 GHz radios.
Examples
# Enable spectrum measurement for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] measure spectrum enable
# Enable spectrum measurement for the AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] measure spectrum enable
Related commands
· measure-duration
· measure-interval
· resource-measure
· spectrum-management
measure-duration
Use measure-duration to set the measurement duration.
Use undo measure-duration to restore the default.
Syntax
measure-duration time
undo measure-duration
Default
In radio view, the AP uses the configuration in AP group view.
In AP group radio view, the measurement duration is 500 TUs.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
time: Specifies the measurement duration in the range of 1 to 10000 TUs. One TU is equal to 1024 microseconds.
Usage guidelines
When measurement is enabled on an AP, measurement requests from the AP to clients carry the measurement duration.
Examples
# Set the measurement duration to 512 TUs for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] measure-duration 512
# Set the measurement duration to 512 TUs for the AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] measure-duration 512
Related commands
· measure
· measure-interval
measure-interval
Use measure-interval to set the measurement interval for an AP to send measurement requests to clients.
Use undo measure-interval to restore the default.
Syntax
measure-interval value
undo measure-interval
Default
In radio view, the AP uses the configuration in AP group view.
In AP group radio view, the measurement interval is 30 seconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
value: Specifies the measurement interval in the range of 10 to 60 seconds.
Examples
# Set the measurement interval to 35 seconds for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] measure-interval 35
# Set the measurement interval to 35 seconds for the AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] measure-interval 35
Related commands
· measure
· measure-duration
resource-measure
Use resource-measure enable to enable radio resource measurement.
Use resource-measure disable to disable radio resource measurement.
Use undo resource-measure to restore the default.
Syntax
resource-measure { disable | enable }
undo resource-measure
Default
In radio view, the AP uses the configuration in AP group view.
In AP group radio view, radio resource measurement is disabled.
Views
Radio view
AP group view
Predefined user roles
network-admin
Usage guidelines
When radio measurement is enabled on an AP, the AP sets the Radio Measurement field to 1 in beacons, probe responses, association responses, or reassociation responses. It notifies the clients that they can send measurement requests. These frames also carry measurement capabilities of the AP to inform clients of measurement types that the AP supports.
The AP periodically sends Measurement Pilot frames to help clients fast discover the AP. Measurement Pilot frames are sent more frequently than beacons and carry less information.
Examples
# Enable radio resource measurement for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] resource-measure enable
# Enable radio resource measurement for the AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] resource-measure enable
rm-capability mode
Use rm-capability mode to set the match mode for client radio resource measurement capabilities.
Use undo rm-capability mode to restore the default.
Syntax
rm-capability mode { all | none | partial }
undo rm-capability mode
Default
In radio view, the AP uses the configuration in AP group view.
In AP group radio view, the match mode is none for client radio resource measurement capabilities.
Views
Radio view
AP group view
Predefined user roles
network-admin
Parameters
all: Specifies the all mode. A client is allowed to associate with an AP only when all its radio resource measurement capabilities match the AP's radio resource measurement capabilities.
none: Specifies the none mode. The AP does not check client radio resource measurement capabilities.
partial: Specifies the partial mode. A client is allowed to associate with an AP as long as one of its radio resource measurement capabilities matches any of the AP's radio resource measurement capabilities.
Usage guidelines
The configuration takes effect only when radio resource measurement is enabled.
Examples
# Set the match mode to partial for client radio resource measurement capabilities for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] resource-measure enable
[Sysname-wlan-ap-ap1-radio-2] rm-capability mode partial
# Set the match mode to partial for client radio resource measurement capabilities for the AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] rm-capability mode partial
Related commands
resource-measure
Channel scanning commands
scan channel blacklist
Use scan channel blacklist to configure the channel scanning blacklist.
Use undo scan channel blacklist to remove the specified channels from the channel scanning blacklist.
Syntax
scan channel blacklist channel-list
undo scan channel blacklist { channel-list | all }
Default
In radio view, a radio uses the configuration in AP group radio view
In AP group radio view, no channel scanning blacklist exists.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
channel-list: Specifies channels by their channel numbers in the range of 1 to 165.
all: Specifies all channels in the channel scanning blacklist.
Usage guidelines
After you configure the channel scanning blacklist for an AP, the AP will not scan channels in the blacklist. You cannot configure both the channel scanning blacklist and whitelist for the same AP. Before configuring the channel scanning blacklist, remove all channels in the channel scanning whitelist.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Add channels 1 and 6 to the channel scanning blacklist for AP 1.
<Sysname> system-view
[Sysname] wlan ap 1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] scan channel blacklist 1 6
# Add channels 1 and 6 to the channel scanning blacklist for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA536-WW
[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 2
[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-2] scan channel blacklist 1 6
scan channel whitelist
Use scan channel whitelist to configure the channel scanning whitelist.
Use undo scan channel whitelist to remove the specified channels from the channel scanning whitelist.
Syntax
scan channel whitelist channel-list
undo scan channel whitelist { channel-list | all }
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, no channel scanning whitelist exists.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
channel-list: Specifies channels by their channel numbers in the range of 1 to 165.
all: Specifies all channels in the channel scanning whitelist.
Usage guidelines
After you configure the channel scanning whitelist for an AP, the AP will scan only channels in the whitelist. You cannot configure both the channel scanning blacklist and whitelist for the same AP. Before configuring the channel scanning whitelist, remove all channels in the channel scanning blacklist.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Add channels 1 and 6 to the channel scanning whitelist for AP 1.
<Sysname> system-view
[Sysname] wlan ap 1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] scan channel whitelist 1 6
# Add channels 1 and 6 to the channel scanning whitelist for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA536-WW
[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 2
[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-2] scan channel whitelist 1 6
scan idle-time
Use scan idle-time to set the service idle timeout.
Use undo scan idle-time to restore the default.
Syntax
scan idle-time idle-time
undo scan idle-time
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the service idle timeout is 100 milliseconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
idle-time: Specifies the service idle timeout in the range of 60 to 5000 milliseconds. The service idle timeout cannot be greater than the maximum service period.
Usage guidelines
During a service period, an AP does not begin a new scanning period until the current service period exceeds the scanning period even if the specified service idle timeout expires.
The service idle timeout must be a multiple of the beacon interval. If you set a service idle timeout that is smaller than the beacon interval, the value of the beacon interval is used as the service idle timeout.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the service idle timeout to 500 milliseconds for AP 1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] scan idle-time 500
# Set the service idle timeout timer to 500 milliseconds for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA536-WW
[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] scan idle-time 500
Related commands
beacon interval
scan max-service-time
Use scan max-service-time to set the maximum service period.
Use undo scan max-service-time to restore the default.
Syntax
scan max-service-time { max-service-time | no-limit }
undo scan max-service-time
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the maximum service period is 5000 milliseconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
max-service-time: Specifies the maximum service period in the range of 100 to 5000 milliseconds. When the maximum service period for an AP is reached, the AP begins a scanning period regardless of whether it has traffic to forward.
no-limit: Configures the radio to not limit the service period. Specify this keyword to ensure wireless service quality. The AP does not start a scanning period unless the service idle timeout expires.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum service period to 3000 milliseconds for AP 1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] scan max-service-time 3000
# Set the maximum service period to 3000 milliseconds for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA536-WW
[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] scan max-service-time 3000
scan mode all
Use scan mode all to enable an AP to scan all channels.
Use undo scan mode to disable an AP from scanning all channels.
Syntax
scan mode all [ interval interval-value ]
undo scan mode
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, an AP does not scan all channels.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the interval at which an AP alternatively scans 2.4 GHz channels and 5 GHz channels. The value range for the interval-value argument is 2000 to 10000 milliseconds and the default value is 3000 milliseconds.
Usage guidelines
This command is applicable only to dual-band radios.
After you configure this command for an AP, the AP alternatively scans 2.4 GHz channels and 5 GHz channels at the specified interval.
The configuration in radio view takes precedence over the configuration in AP group radio view.
This command is restricted to Hong Kong and Macao.
Examples
# Enable AP ap1 to scan all channels and set the interval-value argument to 5000 milliseconds.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4330-ACN
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-1] scan mode all interval 5000
This operation will affect WLAN access and RRM. Are you sure you want to perform
this operation?[Y/N]:Y
# Enable APs with model WA4330-ACN in AP group 10 to scan all channels and set the interval-value argument to 5000 milliseconds.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA4330-ACN
[Sysname-wlan-ap-group-10-ap-model-WA4330-ACN] radio 2
[Sysname-wlan-ap-group-10-ap-model-WA4330-ACN-radio-2] scan mode all interval 5000
This operation will affect WLAN access and RRM. Are you sure you want to perform
this operation?[Y/N]:Y
scan scan-time
Use scan scan-time to set the scanning period.
Use undo scan scan-time to restore the default.
Syntax
scan scan-time scan-time
undo scan scan-time
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the scanning period is 100 milliseconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
scan-time: Specifies the scanning period in the range of 100 to 5000 milliseconds. The scanning period cannot be greater than the maximum service period.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the scanning period to 500 milliseconds for AP 1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] scan scan-time 500
# Set the scanning period to 500 milliseconds for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA536-WW
[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] scan scan-time 500
Band navigation commands
band-navigation
Use band-navigation enable to enable band navigation for an AP or AP group.
Use band-navigation disable to disable band navigation for an AP or AP group.
Use undo band-navigation to restore the default.
Syntax
band-navigation { disable | enable }
undo band-navigation
Default
In AP view, the AP uses the configuration in AP group view.
In AP group view, band navigation is enabled for an AP group.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
Band navigation takes effect on an AP only after you enable band navigation both globally and for the AP.
Examples
# Enable band navigation for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] band-navigation enable
# Enable band navigation for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] band-navigation enable
Related commands
wlan band-navigation enable
wlan band-navigation aging-time
Use wlan band-navigation aging-time to set the client information aging time.
Use undo wlan band-navigation aging-time to restore the default.
Syntax
wlan band-navigation aging-time aging-time
undo wlan band-navigation aging-time
Default
The client information aging time is 180 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the client information aging time in the range of 10 to 600 seconds.
Usage guidelines
When an AP receives an association request from a client, the AP records the client's information and starts the client information aging timer. If the AP does not receive any probe requests or association requests from the client before the aging timer expires, the AP deletes the client's information.
Configure an appropriate client information aging time to ensure both client association and system resource efficiency.
Examples
# Set the client information aging time to 50 seconds.
<Sysname> system-view
[Sysname] wlan band-navigation aging-time 50
wlan band-navigation balance access-denial
Use wlan band-navigation balance access-denial to set the maximum number of denials for 5 GHz association requests.
Use undo wlan band-navigation balance access-denial to restore the default.
Syntax
wlan band-navigation balance access-denial access-denial
undo wlan band-navigation balance access-denial
Default
The AP does not reject 5 GHz association requests.
Views
System view
Predefined user roles
network-admin
Parameters
access-denial: Specifies the maximum number of denials for 5 GHz association requests, in the range of 1 to 10.
Usage guidelines
If the number of times that a 5 GHz radio rejects a client reaches the specified maximum number, the radio accepts the association request of the client.
Examples
# Set the maximum number of denials to 5 for 5 GHz association requests.
<Sysname> system-view
[Sysname] wlan band-navigation balance access-denial 5
wlan band-navigation balance session
Use wlan band-navigation balance session to configure load balancing for band navigation.
Use undo wlan band-navigation balance session to restore the default.
Syntax
wlan band-navigation balance session session [ gap gap ]
undo wlan band-navigation balance session
Default
Load balancing is disabled for band navigation.
Views
System view
Predefined user roles
network-admin
Parameters
session: Specifies the client number threshold for the 5 GHz radio, in the range of 2 to 120.
gap: Specifies the threshold for the client number gap between the 5 GHz radio and the radio that has the fewest clients. The value range for this argument is 1 to 8 and the default value is 4.
Usage guidelines
If you enable band navigation but do not enable load balancing, the AC prefers directing dual-band clients to the 5 GHz radio.
The AP rejects the 5 GHz association request of a client when the following conditions are met:
· The number of clients on the 5 GHz radio reaches the specified threshold.
· The client number gap between the 5 GHz radio and the radio that has the fewest clients reaches the specified threshold.
Examples
# Enable load balancing for band navigation, and set the client number threshold and session gap threshold to 10 and 5, respectively.
<Sysname> system-view
[Sysname] wlan band-navigation balance session 10 gap 5
wlan band-navigation enable
Use wlan band-navigation enable to enable band navigation globally.
Use undo wlan band-navigation enable to restore the default.
Syntax
wlan band-navigation enable
undo wlan band-navigation enable
Default
Band navigation is disabled globally.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For band navigation to take effect, make sure fast association is disabled for the wireless service template.
Band navigation takes effect on an AP only when you enable band navigation both globally and for the AP.
Examples
# Enable band navigation globally.
<Sysname> system-view
[Sysname] wlan band-navigation enable
Related commands
· band-navigation
· quick-association enable
wlan band-navigation rssi-threshold
Use wlan band-navigation rssi-threshold to set the received signal strength indicator (RSSI) threshold for band navigation.
Use undo wlan band-navigation rssi-threshold to restore the default.
Syntax
wlan band-navigation rssi-threshold rssi-threshold
undo wlan band-navigation rssi-threshold
Default
The RSSI threshold for band navigation is 15.
Views
System view
Predefined user roles
network-admin
Parameters
rssi-threshold: Specifies the RSSI threshold for band navigation, in the range of 5 to 100.
Usage guidelines
A client might be detected by multiple radios. A 5 GHz radio rejects the association request of a client if the client's RSSI is lower than the band navigation RSSI threshold.
Examples
# Set the RSSI threshold for band navigation to 40.
<Sysname> system-view
[Sysname] wlan band-navigation rssi-threshold 40
WLAN high availability commands
Dual-link backup commands
backup-ac
Use backup-ac to specify a backup AC.
Use undo backup-ac to restore the default.
Syntax
backup-ac { ip ipv4-address | ipv6 ipv6-address }
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, no backup AC is specified.
Views
AP view
AP group view
Predefined user roles
Parameters
ip ip-address: Specifies a backup AC by its IPv4 address.
ipv6 ipv6-address: Specifies a backup AC by its IPv6 address.
Usage guidelines
You can specify only one IPv4 address or one IPv6 address in either AP view or AP group view.
The configuration in AP view takes precedence over the configuration in AP group view. If you execute the undo command in AP view, the backup AC specified in AP group view will be used.
Executing the undo command also terminates the backup CAPWAP tunnel.
Examples
# Specify a backup AC for AP ap1.
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] backup-ac ip 192.168.1.1
# Specify a backup AC for AP group group1.
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] backup-ac ip 192.168.1.1
wlan tunnel-preempt
Use wlan tunnel-preempt enable to enable master CAPWAP tunnel preemption.
Use wlan tunnel-preempt disable to disable master CAPWAP tunnel preemption.
Use undo wlan tunnel-preempt to restore the default.
Syntax
wlan tunnel-preempt { disable | enable }
undo wlan tunnel-preempt
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, master CAPWAP tunnel preemption is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the backup CAPWAP tunnel will become the master tunnel if the backup AC has higher AP connection priority than the master AC.
When this feature is disabled, the backup CAPWAP tunnel becomes the master tunnel only when the master AC fails.
Examples
# Enable master CAPWAP tunnel preemption for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-ap-ap1] wlan tunnel-preempt enable
# Enable master CAPWAP tunnel preemption for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] wlan tunnel-preempt enable
# Enable master CAPWAP tunnel preemption globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] wlan tunnel-preempt enable
AP load balancing commands
The following matrix shows the feature and hardware compatibility:
Hardware series |
Model |
AP load balancing compatibility |
WX1800H series |
WX1804H WX1810H WX1820H WX1840H |
No |
WX3800H series |
WX3820H WX3840H |
Yes |
WX5800H series |
WX5860H |
Yes |
display wlan ap backup multislot
Use display wlan ap-backup multislot to display AP load balancing status for all IRF member ACs.
Syntax
display wlan ap backup multislot
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display AP load balancing status for all IRF member ACs.
<Sysname> display wlan ap backup multislot
Borad Status
Total number of slots: 2
Slot ID State
1 active-backup
2 active-only
Table 51 Command output
Field |
Description |
Total number of slots |
Number of IRF member ACs. |
Slot ID |
IRF member ID of an AC. |
State |
AP load balancing and backup status: · active-backup—The AC is an active AC and backs up AP information. · active-only—The AC is an active AC only. · backup-only—The AC only backs up AP information. · inactive—The AC is not active AC and does not back up AP information. |
wlan ap-backup active count
Use wlan ap-backup active count to set the number of active ACs in an IRF fabric.
Use undo wlan ap-backup active count to restore the default.
Syntax
wlan ap-backup active count number
undo wlan ap-backup active count
Default
The number of active ACs is 1. Only the master AC can act as an active AC to establish CAPWAP tunnels with APs.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies the number of active ACs. The value range varies by device model.
Usage guidelines
After you set the number of active ACs, the master AC will select an active AC among the non-active ACs according to the order in which they are saved to the AC information table. An AC has higher priority if its information is saved earlier.
When an active AC fails, the master AC randomly selects a new active AC from non-active ACs.
Examples
# Set the number of active ACs to 2.
<Sysname> system-view
[Sysname] wlan ap-backup active count 2
wlan ap-backup load-balance
Use wlan ap-backup load-balance to set the threshold and gap threshold for AP load balancing.
Use undo wlan ap-backup load-balance to restore the default.
Syntax
wlan ap-backup load-balance threshold threshold-value gap gap-value
undo wlan ap-backup load-balance threshold
Default
The AP load-balancing threshold is the maximum number of APs supported by the current AC. The gap threshold is a quarter of APs associated with the directly connected AC.
Views
System view
Predefined user roles
network-admin
Parameters
threshold threshold-value: Specifies the threshold in the range of 0 to 65534 for AP load balancing. The threshold-value argument represents the number of APs associated with the directly connected AC.
gap gap-value: Specifies the gap threshold for AP load balancing in percentage. The value range for the gap-value argument is 0 to 100. The gap-value argument represents the percentage of the AP number difference between the directly connected AC and any other active AC to the AP number on the directly connected AC.
Usage guidelines
This command specifies the threshold and gap threshold used in the load balancing algorithm. In an IRF fabric, the master AC uses the LB algorithm to select an AC from active ACs to establish a CAPWAP tunnel with a requesting AP. For information about the LB algorithm, see WLAN high availability in WLAN Configuration Guide.
Examples
# Set the threshold to 3 and the gap threshold to 20% for AP load balancing.
<Sysname> system-view
[Sysname] wlan ap-backup load-balance threshold 3 gap 20
WLAN uplink detection commands
wlan uplink track
Use wlan uplink track to associate a track entry with WLAN uplink detection.
Use undo wlan uplink track to restore the default.
Syntax
wlan uplink track track-entry-number
undo wlan uplink track
Default
WLAN uplink detection is not associated with any track entry.
Views
System view
Predefined user roles
network-admin
Parameters
track-entry-number: Specifies a track entry ID in the range of 1 to 1024.
Usage guidelines
This command enables the AC to adjust radio state based on the uplink state associated with a track entry. When the track entry is in Negative state, the AC disables radios of all connected APs. When the track entry is in Positive state, the AC enables radios of all connected APs.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Associate track entry 1 with WLAN uplink detection.
<Sysname> system-view
[Sysname] wlan uplink track 1
WLAN 802.11r commands
ft enable
Use ft enable to enable fast BSS transition (FT).
Use undo ft enable to disable FT.
Syntax
Default
FT is disabled.
Views
Service template view
Predefined user roles
Usage guidelines
FT minimizes the delay when a client roams from a BSS to another BSS within the same ESS. During 802.11r FT, a client needs to exchange messages with the target AP. FT provides two message exchanging methods.
Enable FT only when the service template is disabled.
If FT is enabled, you must disable WPA IE and local authentication.
Examples
# Enable FT.
[Sysname] wlan service-template st
[Sysname-wlan-st-st] ft enable
ft method
Use ft method to set the FT method.
Use undo ft method to restore the default.
Syntax
ft method { over-the-air | over-the-ds }
Default
The FT method is over-the-air.
Views
Service template view
Predefined user roles
Parameters
over-the-ds: Specifies over-the-DS FT. This method enables clients to communicate with the target AP through the current AP for pre-roaming authentication.
Usage guidelines
Set the FT method only when the service template is disabled.
This command takes effect only when FT is enabled.
Examples
# Set the FT method to over-the-DS.
[Sysname] wlan service-template st
[Sysname-wlan-st-st] ft method over-the-ds
Related commands
ft reassociation-timeout
Use ft reassociation-timeout to set the reassociation timeout timer.
Use undo ft reassociation-timeout to restore the default.
Syntax
ft reassociation-timeout timeout
Default
The reassociation timeout timer is 20 seconds.
Views
Service template view
Predefined user roles
Parameters
timeout: Specifies the reassociation timeout timer in the range of 1 to 100 seconds.
Usage guidelines
Set the reassociation timeout timer only when the service template is disabled.
This command takes effect only when FT is enabled.
The roaming process is terminated if a client does not send any reassociation requests before the timeout timer expires.
Examples
# Set the reassociation timeout timer to 30 seconds.
[Sysname] wlan service-template st
[Sysname-wlan-st-st] ft reassociation-timeout 30
Related commands
Wireless location commands
display wlan rfid-tracking radio
Use display wlan rfid-tracking radio to display radio information for wireless location.
Syntax
display wlan rfid-tracking radio [ ap ap-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), dots (.), left brackets ([), right brackets (]), slashes (/), and minus signs (-). If you do not specify this option, the command displays radio information for all APs.
Examples
# Display radio information for wireless location.
<Sysname> display wlan rfid-tracking radio
Wireless Locating
--------------------------------------------------------------------------------
AP name Radio ID Type
--------------------------------------------------------------------------------
ap1 1 MU/Tag
ap2 1 MU
ap3 2 Tag
ap4 1 N/A
--------------------------------------------------------------------------------
Table 52 Command output
Field |
Description |
Type |
Type of devices to locate: · MU/Tag—Both MU and Tag devices. · MU. · Tag. · N/A—Type of devices to locate is not specified. |
rfid-tracking client rate-limit
Use rfid-tracking client rate-limit enable to enable rate limiting on incoming wireless packets for an AP.
Use rfid-tracking client rate-limit disable to disable rate limiting on incoming wireless packets for an AP.
Use undo rfid-tracking client rate-limit to restore the default.
Syntax
rfid-tracking client rate-limit { disable | enable }
undo rfid-tracking client rate-limit
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, rate limiting on wireless packets is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to not report location information from excessive client packets when both the CIR and CBS are exceeded. This feature ensures that the location information for each client can be sent to the location server and prevents client packets from flooding the AP.
If packet dilution is enabled, this feature limits the rate for diluted packets.
Examples
# Enable rate limiting on incoming wireless packets for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking client rate-limit enable
# Enable rate limiting on incoming wireless packets for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking client rate-limit enable
# Enable rate limiting on incoming wireless packets globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking client rate-limit enable
Related commands
rfid-tracking client rate-limit cir
rfid-tracking fingerprint enable
rfid-tracking client rate-limit cir
Use rfid-tracking client rate-limit cir to set the rate limits for incoming wireless packets.
Use undo rfid-tracking client rate-limit cir to restore the default.
Syntax
rfid-tracking client rate-limit cir cir [ cbs cbs ]
undo rfid-tracking client rate-limit cir
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, both the CBS and CIR are 0.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
cir cir: Specifies the CIR for incoming wireless packets, in the range of 1 to 1300000 kbps.
cbs cbs: Specifies the CBS for incoming wireless packets, in the range of 80 to 130000000 bytes. The default CBS is the CIR × 700 bytes.
Usage guidelines
The CIR and CBS configuration takes effect only when you enable rate limiting on incoming wireless packets.
Examples
# Set the CIR and CBS to 200000 kbps and 50000 bytes, respectively for incoming wireless packets for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking client rate-limit cir 200000 cbs 50000
# Set the CIR and CBS to 200000 kbps and 50000 bytes, respectively for incoming wireless packets for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking client rate-limit cir 200000 cbs 50000
# Set the CIR to 200000 kbps and the CBS to 50000 bytes globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking client rate-limit cir 200000 cbs 50000
Related commands
rfid-tracking client rate-limit enable
rfid-tracking dilution
Use rfid-tracking dilution enable to enable packet dilution.
Use rfid-tracking dilution disable to disable packet dilution.
Use undo rfid-tracking dilution to restore the default.
Syntax
rfid-tracking dilution { disable | enable }
undo rfid-tracking dilution
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, packet dilution is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
This feature takes effect only on MU clients. It controls the number of location packets from an AP to the location server.
Examples
# Enable packet dilution for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking dilution enable
# Enable packet dilution for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking dilution enable
# Enable packet dilution globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking dilution enable
Related commands
rfid-tracking dilution factor
rfid-tracking fingerprint enable
rfid-tracking dilution factor
Use rfid-tracking dilution factor to set packet dilution parameters.
Use undo rfid-tracking dilution factor to restore the default.
Syntax
rfid-tracking dilution factor factor timeout timeout
undo rfid-tracking dilution factor
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, no packet dilution parameter is configured.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
factor factor: Specifies the dilution factor in the range of 1 to 10000.
timeout timeout: Specifies the dilution timeout timer in the range of 1 to 60 seconds.
Usage guidelines
Packet dilution takes effect only on MU clients.
If the dilution factor is 10 and the timeout timer is 5 seconds, the AP sends a location packet every time it receives 10 wireless packets, excluding management and broadcast packets, from an MU. If the AP fails to receive 10 packets from an MU client within the timeout timer, it sends the most recent wireless packet to the location server.
The dilution factor and dilution timeout timer take effect only when you enable packet dilution.
Examples
# Set the dilution factor to 10 and the dilution timeout timer to 10 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking dilution factor 10 timeout 10
# Set the dilution factor to 10 and the dilution timeout timer to 10 seconds for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking dilution factor 10 timeout 10
# Set the dilution factor to 10 and the dilution timeout timer to 10 seconds globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking dilution factor 10 timeout 10
Related commands
rfid-tracking dilution enable
rfid-tracking fingerprint
Use rfid-tracking fingerprint enable to enable RF fingerprinting.
Use rfid-tracking fingerprint disable to disable RF fingerprinting.
Use undo rfid-tracking fingerprint to restore the default.
Syntax
rfid-tracking fingerprint { disable | enable }
undo rfid-tracking fingerprint
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, RF fingerprinting is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
For an AP to send location packets to the location server, you must enable both RF fingerprinting and radio-based location.
Examples
# Enable RF fingerprinting for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking fingerprint enable
# Enable RF fingerprinting for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking fingerprint enable
# Enable RF fingerprinting globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking fingerprint enable
Related commands
rfid-tracking radio enable
rfid-tracking fingerprint engine-address
Use rfid-tracking fingerprint engine-address to specify an IPv4 address and a port number for the RF fingerprinting server.
Use undo rfid-tracking fingerprint engine-address to restore the default.
Syntax
rfid-tracking fingerprint engine-address engine-address engine-port engine-port
undo rfid-tracking fingerprint engine-address
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, the IPv4 address and port number for the RF fingerprinting server are not configured.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
engine-address engine-address: Specifies an IPv4 address for the RF fingerprinting server.
engine-port engine-port: Specifies a port number for the RF fingerprinting server, in the range of 1 to 65535.
Usage guidelines
APs send location packets to the specified IPv4 address and port number for communicating with the RF fingerprinting server.
Examples
# Set the IPv4 address and port number for the RF fingerprinting server to 192.168.10.10 and 1145 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking fingerprint engine-address 192.168.10.10 engine-port 1145
# Set the IPv4 address and port number for the RF fingerprinting server to 192.168.10.10 and 1145 for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group10] rfid-tracking fingerprint engine-address 192.168.10.10 engine-port 1145
# Set the IPv4 address and port number for the RF fingerprinting server to 192.168.10.10 and 1145 globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking fingerprint engine-address 192.168.10.10 engine-port 1145
rfid-tracking fingerprint mu-report
Use rfid-tracking fingerprint mu-report enable to enable MU information reporting.
Use rfid-tracking fingerprint mu-report disable to disable MU information reporting.
Use undo rfid-tracking fingerprint mu-report to restore the default.
Syntax
rfid-tracking fingerprint mu-report { disable | enable }
undo rfid-tracking fingerprint mu-report
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, MU information reporting is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to encapsulate MU information in location packets. MU information includes the IP address and the transmission rate of an MU.
Examples
# Enable MU information reporting for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking fingerprint mu-report enable
# Enable MU information reporting for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group10] rfid-tracking fingerprint mu-report enable
# Enable MU information reporting globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking fingerprint mu-report enable
rfid-tracking fingerprint raw-frame-report
Use rfid-tracking fingerprint raw-frame-report enable to enable raw frame reporting.
Use rfid-tracking fingerprint raw-frame-report disable to disable raw frame reporting.
Use undo rfid-tracking fingerprint raw-frame-report to restore the default.
Syntax
rfid-tracking fingerprint raw-frame-report { disable | enable }
undo rfid-tracking fingerprint raw-frame-report
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, raw frame reporting is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to encapsulate both the raw frames and the location information obtained from the frames in location packets.
Examples
# Enable raw frame reporting for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking fingerprint raw-frame-report enable
#Enable raw frame reporting for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group10] rfid-tracking fingerprint raw-frame-report enable
# Enable raw frame reporting globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking fingerprint raw-frame-report enable
rfid-tracking fingerprint report-format
Use rfid-tracking fingerprint report-format to specify the location packet format for RF fingerprinting.
Use undo rfid-tracking fingerprint report-format to restore the default.
Syntax
rfid-tracking fingerprint report-format { cupid-hybrid | general | light-weight }
undo rfid-tracking fingerprint report-format
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, location packets for RF fingerprinting are in general format.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
cupid-hybrid: Specifies the CUPID-hybrid packet format.
general: Specifies the general packet format.
light-weight: Specifies the lightweight packet format.
Usage guidelines
RF fingerprinting supports the following location packet formats:
· CUPID-hybrid—An AP encapsulates only clients' MAC addresses and RSSIs in location packets.
· General—This format is applicable to most scenarios. Most third-party location servers support only the general format.
· Lightweight—An AP encapsulates location information for several clients in one lightweight location packet to save bandwidth. This format is applicable to traffic-sensitive scenarios.
Examples
# Configure AP ap1 to use the lightweight format to send RF fingerprinting location packets to the location server.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking fingerprint report-format light-weight
# Configure APs in AP group 10 to use the lightweight format to send RF fingerprinting location packets to the location server.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group10] rfid-tracking fingerprint report-format light-weight
# Configure APs to use the lightweight format to send RF fingerprinting packets to the location server globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking fingerprint report-format light-weight
rfid-tracking fingerprint report-mode
Use rfid-tracking fingerprint report-mode to specify the report mode for RF fingerprinting location packets.
Use undo rfid-tracking fingerprint report-mode to restore the default.
Syntax
rfid-tracking fingerprint report-mode { central | local }
undo rfid-tracking fingerprint report-mode
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, the local report mode is used.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
central: Specifies the central report mode.
local: Specifies the local report mode.
Usage guidelines
Both the AC (centralized report) and APs (local report) can report location packets to the location server. In the centralized report mode, APs need to send location packets to the AC first.
Examples
# Set the report mode for RF fingerprinting location packets to central for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking fingerprint report-mode central
# Set the report mode for RF fingerprinting location packets to central for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group10] rfid-tracking fingerprint report-mode central
# Set the report mode for RF fingerprinting location packets to central globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking fingerprint report-mode central
rfid-tracking fingerprint tag-multicast-address
Use rfid-tracking fingerprint tag-multicast-address to specify a multicast MAC address for Tags.
Use undo rfid-tracking fingerprint tag-multicast-address to restore the default.
Syntax
rfid-tracking fingerprint tag-multicast-address mac-address
undo rfid-tracking fingerprint tag-multicast-address
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, no multicast MAC address is specified for Tags.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in the format of H-H-H.
Usage guidelines
An AP identifies a Tag by the destination MAC address in the received wireless packet. If you do not specify a multicast MAC address for Tags, an AP determines that all received 802.11 packets are from MUs.
Examples
# Set the multicast MAC address for Tags to 0134-ed66-8923 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking fingerprint tag-multicast-address 0134-ed66-8923
# Set the multicast MAC address for Tags to 0134-ed66-8923 for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-ap-group-10] rfid-tracking fingerprint tag-multicast-address 0134-ed66-8923
# Set the multicast MAC address for Tags to 0134-ed66-8923 globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking fingerprint tag-multicast-address 0134-ed66-8923
rfid-tracking fingerprint vendor-port
Use rfid-tracking fingerprint vendor-port to specify a port to listen for messages from the RF fingerprinting server.
Use undo rfid-tracking fingerprint vendor-port to restore the default.
Syntax
rfid-tracking fingerprint vendor-port vendor-port-number
undo rfid-tracking fingerprint vendor-port
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, the port to listen is port 1144.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
vendor-port-number: Specifies a port number in the range of 1 to 65535.
Usage guidelines
Perform this task for an AP to communicate with the RF fingerprinting server.
Examples
# Configure AP ap1 to listen to port 3000 for messages from the RF fingerprinting server.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking fingerprint vendor-port 3000
# Configure APs in AP group 10 to listen to port 3000 for messages from the RF fingerprinting server.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking fingerprint vendor-port 3000
# Configure APs to listen to port 3000 for messages from the RF fingerprinting server globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking fingerprint vendor-port 3000
Related commands
rfid-tracking fingerprint enable
rfid-tracking ignore ap-frame enable
Use rfid-tracking ignore ap-frame enable to enable ignoring AP frames.
Use rfid-tracking ignore ap-frame disable to disable ignoring AP frames.
Use undo rfid-tracking ignore ap-frame to restore the default.
Syntax
rfid-tracking ignore ap-frame { disable | enable }
undo rfid-tracking ignore ap-frame
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, ignoring AP frames is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
Ignoring AP frames disables an AP from sending information in the received AP frames to the location server. AP frames are frames that an AP received from other APs. Configure this feature if you do not need to locate or monitor APs.
Examples
# Enable ignoring AP frames for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking ignore ap-frame enable
# Enable ignoring AP frames for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking ignore ap-frame enable
# Enable ignoring AP frames for APs globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking ignore ap-frame enable
rfid-tracking ignore beacon
Use rfid-tracking ignore beacon enable to configure an AP to not send beacon frames to the location server.
Use rfid-tracking ignore beacon disable to remove the configuration.
Use undo rfid-tracking ignore beacon to restore the default.
Syntax
rfid-tracking ignore beacon { disable | enable }
undo rfid-tracking ignore beacon
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, an AP sends beacon frames to the location server.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
The rfid-tracking ignore beacon enable command disables an AP from sending the received beacon frames to the location server to ensure performance of the location server.
Examples
# Configure AP ap1 to not send beacon frames to the location server.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking ignore beacon enable
# Configure APs in AP group 10 to not send beacon frames to the location server.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking ignore beacon enable
# Configure APs to not send beacon frames to the location server globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking ignore beacon enable
rfid-tracking keepalive
Use rfid-tracking keepalive enable to enable wireless location keepalive.
Use rfid-tracking keepalive disable to disable wireless location keepalive.
Use undo rfid-tracking keepalive to restore the default.
Syntax
rfid-tracking keepalive { disable | enable }
undo rfid-tracking keepalive
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, wireless location keepalive is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to send Hello packets to the location server at an interval of 15 seconds. If the location server does not receive any packets from an AP within 30 seconds, the location server determines that the AP is offline.
Disable this feature to avoid bandwidth waste if the location server cannot process Hello packets.
Examples
# Enable wireless location keepalive for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking keepalive enable
# Enable wireless location keepalive APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-ap-group10] rfid-tracking keepalive enable
# Enable wireless location keepalive globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking keepalive enable
rfid-tracking mode
Use rfid-tracking mode to specify the type of devices to locate.
Use undo rfid-tracking mode to delete the specified device type.
Syntax
rfid-tracking mode { mu | tag } *
undo rfid-tracking mode { mu | tag } *
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, the type of wireless devices to locate is not specified.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
mu: Specifies MUs.
tag: Specifies Tags.
Usage guidelines
An AP sends location packets from the specified devices to the location server when you execute the rfid-tracking mode command.
Examples
# Specify the type of wireless devices to locate as MU for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rfid-tracking mode mu
# Specify the type of wireless devices to locate as MU for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA536-WW
[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] rfid-tracking mode mu
rfid-tracking radio
Use rfid-tracking radio enable to enable radio-based location.
Use rfid-tracking radio disable to disable radio-based location.
Use undo rfid-tracking radio to restore the default.
Syntax
rfid-tracking radio { disable | enable }
undo rfid-tracking radio
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, radio-based location is disabled.
Views
Radio view
AP group view
Predefined user roles
network-admin
Examples
# Enable radio-based location for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rfid-tracking radio enable
# Enable radio-based location for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA536-WW
[Sysname-wlan-ap-group-10-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-10-ap-model-WA536-WW-radio-1] rfid-tracking radio enable
rfid-tracking rate-limit
Use rfid-tracking rate-limit enable to enable rate limiting on outgoing location packets for an AP.
Use rfid-tracking rate-limit disable to disable rate limiting on outgoing location packets for an AP.
Use undo rfid-tracking rate-limit to restore the default.
Syntax
rfid-tracking rate-limit { disable | enable }
undo rfid-tracking rate-limit
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, rate limiting on outgoing location packets is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
This command enables an AP to discard excessive location packets when both the CIR and CBS are exceeded. This prevents location packets from flooding the location server.
Examples
# Enable rate limiting on outgoing location packets for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking rate-limit enable
# Enable rate limiting on outgoing location packets for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking rate-limit enable
# Enable rate limiting on outgoing location packets globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking rate-limit enable
Related commands
rfid-tracking rate-limit cir
rfid-tracking rate-limit cir
Use rfid-tracking rate-limit cir to set the rate limits for outgoing location packets.
Use undo rfid-tracking rate-limit cir to restore the default.
Syntax
rfid-tracking rate-limit cir cir [ cbs cbs ]
undo rfid-tracking rate-limit cir
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, both the CBS and CIR are 0.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
cir cir: Specifies the CIR for outgoing location packets, in the range of 8 to 1300000 kbps.
cbs cbs: Specifies the CBS for outgoing location packets, in the range of 500 to 130000000 bytes. The default CBS is the CIR × 700 bytes.
Usage guidelines
The CIR and CBS configuration take effect only when you enable rate limiting on outgoing location packets.
Examples
# Set the CIR and CBS to 800000 kbps and 50000 bytes, respectively for outgoing location packets for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking rate-limit cir 800000 cbs 50000
# Set the CIR and CBS to 800000 kbps and 50000 bytes, respectively for outgoing location packets for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking rate-limit cir 800000 cbs 50000
# Set the CIR to 800000 kbps and the CBS to 50000 bytes globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking rate-limit cir 800000 cbs 50000
Related commands
rfid-tracking rate-limit enable
rfid-tracking rssi
Use rfid-tracking rssi enable to enable RSSI-based packet filtering.
Use rfid-tracking rssi disable to disable RSSI-based packet filtering.
Use undo rfid-tracking rssi to restore the default.
Syntax
rfid-tracking rssi { disable | enable }
undo rfid-tracking rssi
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, RSSI-based packet filtering is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
After you enable RSSI filtering, an AP does not report location information in packets with an RSSI lower than the specified RSSI threshold.
Examples
# Enable RSSI-based packet filtering for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking rssi enable
# Enable RSSI-based packet filtering for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking rssi enable
# Enable RSSI-based packet filtering globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking rssi enable
Related commands
rfid-tracking rssi threshold
rfid-tracking rssi threshold
Use rfid-tracking rssi threshold to set the RSSI threshold for packet filtering.
Use undo rfid-tracking rssi threshold to restore the default.
Syntax
rfid-tracking rssi threshold rssi-threshold
undo rfid-tracking rssi threshold
Default
In AP view, the configuration in AP group view is used. If no configuration exists in AP group view, the configuration in global configuration view is used.
In AP group view, the configuration in global configuration view is used.
In global configuration view, the RSSI threshold for packet filtering is 5 (–123 dBm).
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
threshold rssi-threshold: Specifies the RSSI threshold for packet filtering, in the range of 5 to 100 (–123 dBm to –28 dBm). The AP does not report location information in packets with an RSSI lower than the specified RSSI threshold.
Usage guidelines
This command takes effect only when RSSI-based packet filtering is enabled.
Examples
# Set the RSSI threshold for packet filtering to 50 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] rfid-tracking rssi threshold 50
# Set the RSSI threshold for packet filtering to 50 for APs in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] rfid-tracking rssi threshold 50
# Set the RSSI threshold for packet filtering to 50 globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] rfid-tracking rssi threshold 50
Related commands
rfid-tracking rssi enable
snmp-agent trap enable wlan location-aware
Use snmp-agent trap enable wlan location-aware to enable SNMP notifications for wireless location.
Use undo snmp-agent trap enable wlan location-aware to disable SNMP notifications for wireless location.
Syntax
snmp-agent trap enable wlan location-aware
undo snmp-agent trap enable wlan location-aware
Default
SNMP notifications for wireless location is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical wireless location events to an NMS, enable SNMP notifications for wireless location. For wireless location notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.
Examples
# Set the RSSI threshold for wireless location.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan location-aware
Hotspot 2.0 commands
3gpp-info
Use 3gpp-info to configure 3GPP information.
Use undo 3gpp-info to remove 3GPP information.
Syntax
3gpp-info country-code mobile-country-code network-code mobile-network-code
undo 3gpp-info country-code mobile-country-code network-code mobile-network-code
Default
No 3GPP information is configured.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
mobile-network-cod: Specifies a mobile network code (MNC). A mobile network code is a two-digit or three-digit numeric code that uniquely identifies the mobile network to which clients belong.
Usage guidelines
You can specify a maximum of 32 country code and mobile network code combinations in a Hotspot 2.0 policy.
One country code can be combined with multiple mobile network codes.
Examples
# Configure 3GPP information: set the country code to 310 and network code to 01.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] 3gpp-info country-code 310 network-code 01
authentication-type
Use authentication-type to specify a network authentication type.
Use undo authentication-type to delete a network authentication type.
Syntax
authentication-type { 0 [ redirect-url url ] | 1 | 2 redirect-url url | 3 }
undo authentication-type { 0 | 1 | 2 | 3 }
Default
No network authentication type is specified.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
0: Specifies acceptance of terms and conditions.
1: Specifies on-line enrollment.
2: Specifies HTTP/HTTPS redirection.
3: Specifies DNS redirection.
redirect-url url: Specifies a redirected URL address.
Usage guidelines
You can specify a maximum of four network authentication types in a Hotspot 2.0 policy.
Examples
# Specify a network authentication type.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] authentication-type 1
comeback-delay
Use comeback-delay to set the comeback delay for clients to send GAS comeback requests.
Use undo comeback-delay to restore the default.
Syntax
Default
The comeback delay is 1 TU.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
value: Specifies the comeback delay in the range of 1 to 1024 TUs. One TU is equal to 1024 μs.
Usage guidelines
This command can prevent clients from sending too many GAS comeback requests.
Examples
# Set the comeback delay to 10 TUs.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] comeback-delay 10d
description
Use description to configure a description for an OSU server.
Use undo description to delete an OSU server description.
Syntax
description description lang-code lang-code
undo description description lang-code lang-code
Default
No description is configured for an OSU server.
Views
OSU server view
Predefined user roles
network-admin
Parameters
description: Specifies a description, a case-sensitive string of 1 to 252 characters.
lang-code: Specifies a language code. The device supports the general international standards.
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
You can configure a maximum of 32 descriptions for an OSU server. A client displays one description that is in the same language as the client system.
Examples
# Configure a description for OSU server 1.
<Sysname> system-view
[Sysname] wlan osu-provider 1
[Sysname-wlan-osu-1] description "Free service for test purpose" lang-code eng
dgaf enable
Use dgaf enable to enable Downstream Group-Addressed Forwarding (DGAF).
Use undo dgaf enable to disable DGAF.
Syntax
dgaf enable
undo dgaf enable
Default
DGAF is enabled.
Views
Hotspot 2.0 policy view
Predefined user roles
network-admin
Usage guidelines
Before disabling DGAF, make sure all service templates bound to the Hotspot 2.0 policy are disabled.
DGAF enables an AP to forward all downstream wireless broadcast ARP packets and wireless multicast packets. To prevent spoofing attacks by using downstream multicasts, you can disable DGAF for the AP.
To avoid packet loss, enable proxy ARP and multicast optimization before disabling DGAF. For more information about proxy ARP, see Layer 3—IP Services Configuration Guide.
Examples
# Disable DGAF.
<Sysname> system-view
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] undo dgaf enable
display wlan hotspot uploaded-osu-icon
Use display wlan hotspot uploaded-osu-icon to display the list of uploaded OSU server icons.
Syntax
display wlan hotspot uploaded-osu-icon
Views
Any view
Predefined user roles
network-admin
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
Examples
# Display the list of uploaded OSU server icons.
<Sysname> display wlan hotspot uploaded-osu-icon
Total uploaded osu icon count: 1
Icon name Icon type
---------------------------------------------------------
college.png png
Related commands
icon-file
wlan hotspot osu-icon upload
domain-name
Use domain-name to set an ISP domain name.
Use undo domain-name to delete an ISP domain name.
Syntax
Default
No domain name is set.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
domain-name: Specifies a domain by its name, a case-sensitive string of 1 to 255 characters.
Usage guidelines
You can configure a maximum of 32 domain names in one Hotspot 2.0 policy.
Examples
# Set the domain name to college in Hotspot 2.0 policy 1.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] domain-name college
gas-limit
Use gas-limit to set the maximum number of GAS initial requests that the AC can receive within the specified interval.
Use undo gas-limit to restore the default.
Syntax
gas-limit number number interval interval
undo gas-limit
Default
The number of GAS initial requests that the AC can receive is not limited.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
number number: Specifies the maximum number of GAS initial requests that the AC can receive, in the range of 10 to 60.
interval interval: Specifies the interval at which the AC receive GAS initial requests, in the range of 10 to 60 seconds.
Usage guidelines
This feature enables you to limit the number of GAS initial requests that the AC can receive within the specified interval to release the burden of the AC.
If the number of GAS initial requests received by the AC exceeds the limit, the exceeded frames will be discarded.
Examples
# Set the maximum number of GAS initial requests that the AC can receive within 15 seconds to 50.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] gas-limit number 50 interval 15
hessid
Use hessid to set a homogenous ESS identifier (HESSID).
Use undo hessid to restore the default.
Syntax
hessid hessid
undo hessid
Default
No HESSID is set.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
hessid: Specifies an HESSID that uniquely identifies a homogeneous ESS, in the H-H-H format. The value cannot be all zeros.
Usage guidelines
Make sure all service templates bound to the Hotspot 2.0 policy are disabled before you set an HESSID.
Examples
# Set the HESSID to 0021-1bea-3660 in Hotspot 2.0 policy 1.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] hessid 0021-1bea-3660
hotspot-policy
Use hotspot-policy to bind a Hotspot 2.0 policy to a service template.
Use undo hotspot-policy to restore the default.
Syntax
hotspot-policy policy-number
undo hotspot-policy
Default
No Hotspot 2.0 policy is bound to a service template.
Views
Service template view
Predefined user roles
Parameters
policy-number: Specifies the number of a Hotspot 2.0 policy, in the range of 1 to 32.
Usage guidelines
Before you bind a Hotspot 2.0 policy to a service template, perform the following tasks:
· Make sure the Hotspot 2.0 policy exists and the service template is disabled.
· Make sure the following settings are configured for the service template:
? 802.1X authentication and key management mode.
? RSN IE.
? AES-CCMP cipher suite.
Examples
# Bind Hotspot 2.0 policy 1 to service template 1.
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] hotspot-policy 1
icon-file
Use icon-file to specify an icon for an OSU server.
Use undo icon-file to delete the specified icon for an OSU server.
Syntax
icon-file filename lang-code lang-code icon-type icon-type
undo icon-file filename
Default
No icon is specified for an OSU server.
Views
OSU server view
Predefined user roles
network-admin
Parameters
filename: Specifies an icon file by its name, a case-sensitive string of 1 to 63 characters.
lang-code lang-code: Specifies a language code. The device supports the general international standards.
icon-type icon-type: Specifies the type of the icon file, a case-sensitive string of 1 to 15 characters.
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
The device loads the specified icon when the command is executed. You can specify a maximum of six icons for an OSU server. A client displays an icon that is in the same language as the client system.
When you specify an icon for an OSU server, follow these restrictions and guidelines:
· Create a directory named icon in the root directory where the version files are saved, and use FTP or TFTP to download icon files to the folder before executing the command.
· If the specified icon file does not exist in the icon directory, the command cannot load the icon file. To load the icon file, save the icon file in the icon directory, and then execute the wlan hotspot osu-icon upload command.
· The file size cannot exceed 64 KB.
· Make sure the file type specified in the command is the same as the actual file type.
· If an OSU server is already bound to a Hotspot 2.0 policy, you cannot delete the most recently specified OSU server icon.
Examples
# Specify an icon for OSU server 1.
<Sysname> system-view
[Sysname] wlan osu-provider 1
[Sysname-wlan-osu-1] icon-file wifi_icon lang-code eng icon-type png
ip-protocol
Use ip-protocol to set the port status for an IP protocol.
Use undo ip-protocol to remove the configuration.
Syntax
ip-protocol { esp | icmp | tcp | udp } port-number port-number { closed | open | unknown }
undo ip-protocol { esp | icmp | tcp | udp } port-number port-number
Default
The port status is not configured for an IP protocol.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
esp: Specifies the ESP protocol.
icmp: Specifies the ICMP protocol.
tcp: Specifies the TCP protocol.
udp: Specifies the UDP protocol.
port-number: Specifies a port by its number.
Table 53 Port number and protocol type
Protocol type |
Port number |
Description |
ICMP |
0 |
ICMP, used for diagnostics |
TCP |
20 |
FTP |
TCP |
22 |
SSH |
TCP |
80 |
HTTP |
TCP |
443 |
Used by TLS VPNs |
TCP |
1723 |
Used by Point to Point Tunneling Protocol VPNs |
TCP |
5060 |
VoIP |
UDP |
500 |
Used by IKEv2 (IPSec VPN) |
UDP |
5060 |
VoIP |
UDP |
4500 |
May be used by IKEv2 (IPSec VPN) |
ESP |
0 |
ESP, used by IPSec VPNs |
closed: Specifies the port status as closed.
open: Specifies the port status as open.
unknown: Specifies the port status as unknown.
Examples
# Set the port number to 20 and the port status to open for TCP.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] ip-protocol tcp port-number 20 open
ip-type
Use ip-type to configure IP address availability.
Use undo ip-type to restore the default.
Syntax
ip-type ipv4 ipv4-type ipv6 ipv6-type
undo ip-type
Default
The availability is 1 for IPv4 addresses and 2 for IPv6 addresses.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
ipv4-type: Specifies the availability for an IPv4 address, in the range of 0 to 7.
Table 54 IPv4 address availability
Address value |
Description |
0 |
Address type not available |
1 |
Public IPv4 address available |
2 |
Port-restricted IPv4 address available |
3 |
Single NATed private IPv4 address available |
4 |
Double NATed private IPv4 address available |
5 |
Port-restricted IPv4 address and single NATed IPv4 address available |
6 |
Port-restricted IPv4 address and double NATed IPv4 address available |
7 |
Availability of the address type is not known |
ipv6-type: Specifies the availability for an IPv6 address, in the range of 0 to 2.
Table 55 IPv6 address availability
Address value |
Description |
0 |
Address type not available |
1 |
Address type available |
2 |
Availability of the address type not known |
Examples
# Set the availability to 2 for IPv4 addresses and 1 for IPv6 addresses.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] ip-type ipv4 2 ipv6 1
method
Use method to specify a protocol for clients to communicate with the OSU server.
Use undo method to delete the specified protocol for clients to communicate with the OSU server.
Syntax
method method-id
undo method method-id
Default
No protocol is specified for clients to communicate with an OSU server.
Views
OSU server view
Predefined user roles
network-admin
Parameters
method-id: Specifies the protocol ID:
· 0—Specifies OMA-DM.
· 1—Specifies SOAP-XML SPP.
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
You can specify both protocols. Clients will choose one protocol to communicate with the OSU server.
If an OSU server is already bound to a Hotspot 2.0 policy, you cannot delete the most recent specified protocol for clients to communicate with the OSU server.
Examples
# Specify a protocol for clients to communicate with the OSU server.
<Sysname> system-view
[Sysname] wlan osu-provider 1
[Sysname-wlan-osu-1] method 0
nai
Use nai to configure a Network Access Identifier (NAI) for an OSU server.
Use undo nai to delete the configured NAI for an OSU server.
Syntax
nai nai
undo nai
Default
No NAI is configured for an OSU server.
Views
OSU server view
Predefined user roles
network-admin
Parameters
nai: Specifies an NAI, a case-sensitive string of 1 to 252 characters.
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
If an NAI is configured for an OSU server, clients connect to the OSU AP through OSEN OSU. If no NAI is configured for an OSU server, clients connects to the OSU AP through Open OSU.
Examples
# Configure an NAI for OSU server 1.
<Sysname> system-view
[Sysname] wlan osu-provider 1
[Sysname-wlan-osu-1] nai joe@example.com
nai-realm
Use nai-realm to create a Network Access Identifier (NAI) realm and specify an authentication type for the NAI realm.
Use undo nai-realm to delete an NAI realm.
Syntax
Default
No NAI realm is created.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
name: Specifies an NAI realm by its name, a case-sensitive string of 1 to 255 characters.
eap-method eap-method-id: Specifies an EAP authentication method by its ID.
Table 56 EAP authentication method
Description |
|
1 |
EAP-Transport Layer Security (EAP-TLS) |
2 |
Lightweight Extensible Authentication Protocol (LEAP) |
3 |
EAP for GSM Subscriber Identity Module (EAP-SIM) |
4 |
EAP-Tunneled Transport Layer Security (EAP-TTLS) |
5 |
|
6 |
Protected EAP (PEAP) |
auth-method auth-method-id: Specifies an authentication method by its ID.
authentication authentication: Specifies an authentication parameter by its ID.
Table 57 Authentication method and authentication parameter
authentication |
||
2 |
Non-EAP Inner Authentication Type |
· 1—PAP. · 2—CHAP. · 3—MSCHAP. · 4—MSCHAPV2. |
5 |
Credential Type |
· 1—SIM. · 2—USIM. · 3—NFC Secure Element. · 4—Hardware Token. · 5—Softoken. · 6—Certificate. · 7—username/password. · 8—none*. |
6 |
Tunneled EAP Method Credential Type |
· 1—SIM. · 2—USIM. · 3—NFC Secure Element. · 4—Hardware Token. · 5—Softoken. · 6—Certificate. · 7—username/password. · 8—Reserved. · 9—Anonymous. |
Usage guidelines
When you use the undo nai-realm command, follow these guidelines:
· The undo nai-realm realm-name command deletes all NAI realms that use the same name.
You can configure a maximum of 32 NAI realm names in a Hotspot 2.0 policy.
Examples
# Specify the authentication type for the NAI realm wifi in Hotspot 2.0 policy 1.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] nai-realm wifi eap-method 2 auth-method 5 authentication 1
network-type
Use network-type to set the access network type.
Use undo network-type to restore the default.
Syntax
network-type network-type [ access-internet ]
undo network-type
Default
The access network type is not set.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
network-type: Specifies a network type in the range of 0 to 5, 14, and 15.
Table 58 Access network type
Value |
Description |
0 |
Private network |
1 |
Private network with guest access |
2 |
Chargeable public network |
3 |
Free public network |
4 |
Personal device network |
5 |
Emergency services only network |
14 |
Test or experimental |
15 |
Wildcard |
access-internet: Enables access to the Internet. If you do not specify this keyword, the Internet cannot be accessed.
Usage guidelines
Make sure all service templates bound to the Hotspot 2.0 policy are disabled before you set the access network type.
Examples
# Set the access network type to 1 and enable access to the Internet.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] network-type 1 access-internet
operator-name
Use operator-name to set service provider information.
Use undo operator-name to remove the configuration.
Syntax
operator-name operator-name lang-code lang-code
undo operator-name operator-name lang-code lang-code
Default
No service provider name is set.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
operator-name: Specifies a service provider by its name, a case-sensitive string of 1 to 252 characters.
lang-code: Specifies a language code. The device supports both the ISO-639-1 and ISO-639-2 standards.
Usage guidelines
You can configure a maximum of 32 service provider and language code combinations in a Hotspot 2.0 policy.
Examples
# Set the language code to en for the service provider cmcc.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] operator-name cmcc lang-code en
osu-provider
Use osu-provider to bind an OSU server to a Hotspot 2.0 policy.
Use undo osu-provider to unbind an OSU server from a Hotspot 2.0 policy.
Syntax
osu-provider osu-provider-number
undo osu-provider osu-provider-number
Default
No OSU server is bound to a Hotspot 2.0 policy.
Views
Hotspot policy view
Predefined user roles
network-admin
Parameters
osu-provider-number: Specifies an OSU server by its number, in the range of 1 to 32. The specified OSU server must exist.
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
You can bind a maximum of 32 OSU servers to a Hotspot 2.0 policy.
Before binding an OSU server to a Hotspot 2.0 policy, make sure you have finished the following configuration:
· Set a name for the OSU server.
· Specify a URI for the OSU server.
· Specify a protocol for clients to communicate with the OSU server.
· Specify an icon for the OSU server.
Examples
# Bind OSU server 1 to Hotspot 2.0 policy 1.
<Sysname> system-view
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] osu-provider 1
Related commands
friendly-name
icon-file
method
uri
wlan osu-provider
osu-ssid
Use osu-ssid to set an SSID for online signup services.
Use undo osu-ssid to delete the configured SSID for online signup services.
Syntax
osu-ssid ssid-name
undo osu-ssid
Default
No SSID is set for online signup services.
Views
Hotspot policy view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
Make sure the configured SSID for online signup services is the same as the SSID for the online signup service template.
Examples
# Set the SSID for online signup services to osu.
<Sysname> system-view
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] osu-ssid osu
policy-name
Use policy-name to set a name for a Hotspot 2.0 policy.
Use undo policy-name to restore the default.
Syntax
policy-name name
undo policy-name
Default
A Hotspot 2.0 policy does not have a name.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
name: Specifies a Hotspot 2.0 policy by its name, a case-insensitive string of 1 to 32 characters.
Examples
# Set the name of Hotspot 2.0 policy 1 to market.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] policy-name market
roam-oi
Use roam-oi to set an organization identifier (OI).
Use undo roam-oi to delete an OI.
Syntax
roam-oi oi [ in-beacon ]
undo roam-oi oi
Default
No OI is set.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
oi: Specifies an OI that can uniquely identify a roaming consortium, a six-digit or ten-digit hexadecimal code.
in-beacon: Adds an OI to beacons. As a best practice, specify this keyword for clients to get OIs.
Usage guidelines
Make sure all service templates bound to the Hotspot 2.0 policy are disabled before you set an OI.
You can configure a maximum of 32 OIs in a Hotspot 2.0 policy, and can add a maximum of three OIs to beacons.
Examples
# Set the OI to 004096 and add the OI to beacons.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] roam-oi 004096 in-beacon
uri
Use uri to specify the URI of an OSU server.
Use undo uri to delete the configured URI of an OSU server.
Syntax
uri uri
undo uri
Default
No URI is specified for an OSU server.
Views
OSU server view
Predefined user roles
network-admin
Parameters
uri: Specifies the URI of an OSU server, a case-sensitive string of 1 to 255 characters.
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
Clients use the configured URI to visit the OSU server and perform online signup.
If an OSU server is already bound to a Hotspot 2.0 policy, you cannot delete the configured URI of the server.
Examples
# Specify the URI of OSU server 1.
<Sysname> system-view
[Sysname] wlan osu-provider 1
[Sysname-wlan-osu-1] uri https://osu-server.r2-testbed.wi-fi.org/
venue group
Use venue group to set venue group information for an AP.
Use undo venue group to restore the default.
Syntax
venue group venue-group-number type venue-type-number
Default
No venue group information is set for an AP.
Views
AP view
Predefined user roles
Parameters
venue-group-number: Specifies a venue group by its number, in the range of 1 to 11.
Table 59 Venue group number and description
Number |
Description |
1 |
Assembly |
2 |
Business |
3 |
Educational |
4 |
Factory |
5 |
Institutional |
6 |
Mercantile |
7 |
Residential |
8 |
Storage |
9 |
Utility |
10 |
Vehicular |
11 |
Outdoor |
venue-type-number: Specifies a venue type by its number. The value depends on the venue group number. For more information, see Table 60.
Table 60 Venue type number and description
Venue group number |
Venue type number |
Venue description |
1 |
0 |
Unspecified |
1 |
1 |
Arena |
1 |
2 |
Stadium |
1 |
3 |
Passenger Terminal |
1 |
4 |
Amphitheater |
1 |
5 |
Amusement Park |
1 |
6 |
Place of Worship |
1 |
7 |
Convention Center |
1 |
8 |
Library |
1 |
9 |
Museum |
1 |
10 |
Restaurant |
1 |
11 |
Theater |
1 |
12 |
Bar |
1 |
13 |
Coffee Shop |
1 |
14 |
Zoo or Aquarium |
1 |
15 |
Emergency Coordination Center |
2 |
0 |
Unspecified |
2 |
1 |
Doctor or Dentist office |
2 |
2 |
Bank |
2 |
3 |
Fire Station |
2 |
4 |
Police Station |
2 |
6 |
Post Office |
2 |
7 |
Professional Office |
2 |
8 |
Research and Development Facility |
2 |
9 |
Attorney Office |
3 |
0 |
Unspecified |
3 |
1 |
School Primary |
3 |
2 |
School Secondary |
3 |
3 |
University or College |
4 |
0 |
Unspecified |
4 |
1 |
Factory |
5 |
0 |
Unspecified |
5 |
1 |
Hospital |
5 |
2 |
Long-Term Care Facility |
5 |
3 |
Alcohol and Drug Rehabilitation Center |
5 |
4 |
Group Home |
5 |
5 |
Prison or Jail |
6 |
0 |
Unspecified |
6 |
1 |
Retail Store |
6 |
2 |
Grocery Market |
6 |
3 |
Automotive Service Station |
6 |
4 |
Shopping Mall |
6 |
5 |
Gas Station |
7 |
0 |
Unspecified |
7 |
1 |
Private Residence |
7 |
2 |
Hotel or Motel |
7 |
3 |
Dormitory |
7 |
4 |
Boarding House |
8 |
0 |
Unspecified |
9 |
0 |
Unspecified |
10 |
0 |
Unspecified |
10 |
1 |
Automobile or Truck |
10 |
2 |
Airplane |
10 |
3 |
Bus |
10 |
4 |
Ferry |
10 |
5 |
Ship or Boat |
10 |
6 |
Train |
10 |
7 |
Motor Bike |
11 |
0 |
Unspecified |
11 |
1 |
Muni-mesh Network |
11 |
2 |
City Park |
11 |
3 |
Rest Area |
11 |
4 |
Traffic Control |
11 |
5 |
Bus Stop |
11 |
6 |
Kiosk |
Examples
# Specify venue group 1 and venue type 2 for AP ap3.
<Sysname> system-view
[Sysname] wlan ap ap3 model WA536-WW
[Sysname-wlan-ap-ap3] venue group 1 type 2
venue name
Use venue name to set a venue name for an AP.
Use undo venue name to remove the configuration.
Syntax
venue name venue-name lang-code lang-code
undo venue name venue-name lang-code lang-code
Default
No venue name is set for an AP.
Views
AP view
Predefined user roles
Parameters
venue-name: Specifies a venue by its name, a case-sensitive string of 1 to 252 characters.
lang-code: Specifies the language code for a venue. The device supports both the ISO-639-1 and ISO-639-2 standards.
Usage guidelines
One venue can have multiple language codes.
You can configure a maximum of 32 venue name and language code combinations for an AP.
Examples
# Set the venue name to office and language codes to en for the AP ap3.
[Sysname] wlan ap ap3 model WA536-WW
[Sysname-wlan-ap-ap3] venue name office lang-code en
wan-metrics
Use wan-metrics to set WAN link status parameters.
Use undo wan-metrics to restore the default.
Syntax
undo wan-metrics
Default
No WAN link status parameters are set.
Views
Hotspot 2.0 policy view
Predefined user roles
Parameters
link-down: Sets the link status for the WAN to down.
link-test: Sets the link status for the WAN to testing.
link-up: Sets the link status for the WAN to up.
asymmetric: Specifies the asymmetric link.
downlink-speed downlink-speed: Specifies the downlink speed in the range of 1 to 4194304 Kbps.
uplink-speed uplink-speed: Specifies the uplink speed in the range of 1 to 4194304 Kbps.
symmetric: Specifies the symmetric link.
link-speed link-speed: Specifies the symmetric link speed in the range of 1 to 4194304 Kbps.
Examples
# Set the link status to up and the symmetric link rate to 67 Kbps for the WAN.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1] wan-metrics link-up symmetric link-speed 67
wlan hotspot-policy
Use wlan hotspot-policy to create a Hotspot 2.0 policy and enter its view, or enter the view of an existing Hotspot 2.0 policy.
Use undo wlan hotspot-policy to delete a Hotspot 2.0 policy.
Syntax
wlan hotspot-policy policy-number
undo wlan hotspot-policy policy-number
Default
No Hotspot 2.0 policies exist.
Views
System view
Predefined user roles
Parameters
policy-number: Specifies the number of a Hotspot 2.0 policy, in the range of 1 to 32.
Usage guidelines
You cannot delete a Hotspot 2.0 policy that has been bound to a service template.
Examples
# Create Hotspot 2.0 policy 1 and enter its view.
[Sysname] wlan hotspot-policy 1
[Sysname-wlan-hs-1]
wlan hotspot osu-icon unload
Use wlan hotspot osu-icon unload to unload all OSU server icon files.
Syntax
wlan hotspot osu-icon unload
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
This command only unloads OSU server icon files, and does not delete icon files.
Examples
# Unload all OSU server icon files.
<Sysname> system-view
[Sysname] wlan hotspot osu-icon unload
Related commands
icon-file
wlan hotspot osu-icon upload
wlan hotspot osu-icon upload
Use wlan hotspot osu-icon upload to load all the specified OSU server icon files.
Syntax
wlan hotspot osu-icon upload
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
Use this command to load all icon files specified for an OSU server to validate the changes when icon file changes occur.
Examples
# Load all the specified OSU server icon files.
<Sysname> system-view
[Sysname] wlan hotspot osu-icon upload
Related commands
icon-file
wlan hotspot osu-icon unload
wlan osu-provider
Use wlan osu-provider to create an OSU server and enter its view, or enter the view of an existing OSU server.
Use undo wlan osu-provider to delete the specified OSU server.
Syntax
wlan osu-provider osu-provider-number
undo wlan osu-provider osu-provider-number
Default
No OSU server exists.
Views
System view
Predefined user roles
network-admin
Parameters
osu-provider-number: Specifies an OSU server by its number, in the range of 1 to 32.
Usage guidelines
This command is available only for version 2 of Hotspot 2.0.
You cannot delete an OSU server that has been bound to a Hotspot 2.0 policy.
Examples
# Create OSU server 1 and enter its view.
<Sysname> system-view
[Sysname] wlan osu-provider 1
[Sysname-wlan-osu-1]
WLAN RRM commands
adjacency-factor
Use adjacency-factor to set the adjacency factor.
Use undo adjacency-factor to restore the default.
Syntax
adjacency-factor neighbor
undo adjacency-factor
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the adjacency factor is 3.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
neighbor: Specifies the adjacency factor in the range of 1 to 16.
Usage guidelines
The adjacency factor defines the quantity of manageable detected radios that trigger TPC and the ranking of the RSSI used for comparison with the power adjustment threshold. An AC can manage only radios associated with it.
For example, if the adjacency factor is 3, the AC performs TPC for a radio when the radio detects 3 other manageable radios. After ranking the radio's RSSIs detected by other manageable radios in descending order, the AC selects the third largest RSSI to compare with the power adjustment threshold.
Examples
# Set the adjacency factor to 7 for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] adjacency-factor 7
# Set the adjacency factor to 7 for radio 1 of APs with model in WA536-WW AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] adjacency-factor 7
ap name
Use ap name to add a radio to an RRM holddown group.
Use undo ap name to remove one or all radios from an RRM holddown group.
Syntax
ap name ap-name radio radio-id
undo ap { name ap-name [ radio radio-id ] | all }
Default
No radio exists in an RRM holddown group.
Views
RRM holddown group view
Predefined user roles
network-admin
Parameters
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can contain letters, digits, underlines (_), dots (.), left brackets ([), right brackets (]), slashes (/), and hyphens (-). The specified AP must already exist.
radio-id: Specifies a radio by its ID. The value of this argument can be 1 or 2. A radio can belong to only one RRM holddown group. Adding a radio to a new RRM holddown group removes the radio from the old RRM holddown group.
all: Specifies all radios.
Examples
# Add radio 2 of the AP ap1 to RRM holddown group 10.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10] ap name ap1 radio 2
calibrate-channel mode
Use calibrate-channel mode to set the auto-DFS mode.
Use undo calibrate-channel mode to restore the default.
Syntax
calibrate-channel mode { periodic | scheduled }
undo calibrate-channel mode
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the auto-DFS mode is periodic.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
periodic: Specifies periodic auto-DFS.
scheduled: Specifies scheduled auto-DFS.
Usage guidelines
In periodic auto-DFS mode, the AC automatically performs DFS for a radio at the channel calibration interval.
In scheduled auto-DFS mode, the AC performs DFS at the specified time in a time range. Use this mode when interference is severe to avoid affecting ongoing wireless services.
Examples
# Set the auto-DFS mode to scheduled for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel mode scheduled
# Set the auto-DFS mode to scheduled for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-channel self-decisive enable
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-channel mode scheduled
Related commands
calibrate-channel monitoring time-range
calibrate-channel pronto
wlan rrm calibration-channel interval
calibrate-channel monitoring time-range
Use calibrate-channel monitoring time-range to specify a time range for channel monitoring.
Use undo calibrate-channel monitoring time-range to delete the specified time range for channel monitoring.
Syntax
calibrate-channel monitoring time-range time-range-name
undo calibrate-channel monitoring time-range
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, no time range is specified for channel monitoring.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
time-range-name: Specifies the name of a time range, a case-insensitive string of 1 to 32 characters. The string must start with a letter and cannot be all.
Usage guidelines
In scheduled auto-DFS, the AC collects statistics in the specified time range to generate channel reports and neighbor reports.
Examples
# Specify a time range for channel monitoring for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel monitoring time-range time1
# Specify a time range for channel monitoring for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-channel monitoring time-range time1
Related commands
time-range
calibrate-channel pronto
Use calibrate-channel pronto to execute scheduled auto-DFS.
Syntax
calibrate-channel pronto
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Examples
# Create a job and assign commands to the job for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] scheduler job calibration1
[Sysname-job-calibration1] command 1 system-view
[Sysname-job-calibration1] command 2 wlan ap ap1
[Sysname-job-calibration1] command 3 radio 1
[Sysname-job-calibration1] command 4 rrm
[Sysname-job-calibration1] command 5 calibrate-channel pronto
# Create a job and assign commands to the job for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] scheduler job calibration2
[Sysname-job-calibration2] command 1 system-view
[Sysname-job-calibration2] command 2 wlan ap-group g1
[Sysname-job-calibration2] command 3 ap-model WA536-WW
[Sysname-job-calibration2] command 4 radio 1
[Sysname-job-calibration2] command 5 rrm
[Sysname-job-calibration2] command 6 calibrate-channel pronto
calibrate-channel self-decisive
Use calibrate-channel self-decisive enable to enable auto-DFS.
Use calibrate-channel self-decisive disable to disable auto-DFS.
Use undo calibrate-channel self-decisive to restore the default.
Syntax
calibrate-channel self-decisive { disable | enable }
undo calibrate-channel self-decisive
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, auto-DFS is disabled.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Examples
# Enable auto-DFS for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable
# Enable auto-DFS for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-channel self-decisive enable
Related commands
calibrate-channel mode
calibrate-power min
Use calibrate-power min to set the minimum transmit power for a radio after TPC is performed.
Use undo calibrate-power min to restore the default.
Syntax
calibrate-power min tx-power
undo calibrate-power min
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the minimum transmit power of a radio is 1 dBm after TPC is performed.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
tx-power: Specifies the minimum transmit power for a radio, in the range of 1 to 20 dBm.
Usage guidelines
This command ensures that the transmit power of a radio can still meet network requirements after TPC is performed.
Examples
# Set the minimum transmit power to 10 dBm for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power min 10
# Set the minimum transmit power to 10 dBm for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-power min 10
calibrate-power mode
Use calibrate-power mode to set the TPC mode.
Use undo calibrate-power mode to restore the default.
Syntax
calibrate-power mode { coverage | custom | density }
undo calibrate-power mode
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the TPC mode is custom.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
coverage: Specifies the coverage mode.
custom: Specifies the custom mode.
density: Specifies the density mode.
Usage guidelines
To avoid interference among APs, use the density mode. To increase signal coverage performance, use the coverage mode. If these two modes cannot meet your network requirements, use the custom mode to customize power adjustment settings.
In either density or coverage mode, power adjustment settings are defined by the system and cannot be changed.
Examples
# Set the TPC mode to coverage for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power mode coverage
# Set the TPC mode to density for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-power mode density
calibrate-power self-decisive
Use calibrate-power self-decisive enable to enable periodic auto-TPC for the AC to perform TPC at the power calibration interval.
Use calibrate-power self-decisive disable to disable periodic auto-TPC.
Use undo calibrate-power self-decisive to restore the default.
Syntax
calibrate-power self-decisive { disable | enable }
undo calibrate-power self-decisive
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, periodic auto-TPC is disabled.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Examples
# Enable periodic auto-TPC for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power self-decisive enable
# Enable periodic auto-TPC for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-power self-decisive enable
Related commands
wlan rrm calibration-power interval
calibrate-power threshold
Use calibrate-power threshold to set the power adjustment threshold.
Use undo calibrate-power threshold to restore the default.
Syntax
calibrate-power threshold value
undo calibrate-power threshold
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the power adjustment threshold is 65.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
value: Specifies the power adjustment threshold in the range of 50 to 90. The value range indicates that the power of the radio is in the range of –90 dBm to –50 dBm.
Usage guidelines
As a best practice to avoid interference among radios, set the power adjustment threshold to –80 dBm for high-density WLANs.
Examples
# Set the power adjustment threshold to 70 for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power threshold 70
# Set the power adjustment threshold to 70 for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] calibrate-power threshold 70
channel holddown-time
Use channel holddown-time to set the channel holddown time.
Use undo channel holddown-time to restore the default.
Syntax
channel holddown-time minutes
undo channel holddown-time
Default
The channel holddown time is 720 minutes.
Views
RRM holddown group view
Predefined user roles
network-admin
Parameters
minutes: Specifies the channel holddown time in the range of 10 to 1440 minutes.
Usage guidelines
Each time the channel of a radio in the RRM holddown group changes, the system starts the channel holddown timer for the radio. The channel for every radio in the RRM holddown group remains unchanged during the specified channel holddown time.
Examples
# Set the channel holddown time to 600 minutes for RRM holddown group 10.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10] channel holddown-time 600
channel-capability mode
Use channel-capability mode to set the client channel capability match mode.
Use undo channel-capability mode to restore the default.
Syntax
channel-capability mode { all | none | partial }
undo channel-capability mode
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, client channel capabilities are not checked.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
all: Specifies the all mode. A client is allowed to associate with a radio only when all its supported channels match the radio's supported channels.
none: Specifies the none mode. Client channel capabilities are not checked.
partial: Specifies the partial mode. A client is allowed to associate with a radio as long as one of its supported channels matches any one of the radio's supported channels.
Usage guidelines
This command is available only on 5 GHz radios.
This command takes effect on a radio only when the radio operates in 5 GHz mode and is enabled with spectrum management.
Examples
# Set the client channel capability match mode to all for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
[Sysname-wlan-ap-ap1-radio-1] channel-capability mode all
# Set the client channel capability match mode to all for radio 1 of APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel-capability mode all
Related commands
spectrum-management
channel-switch mode
Use channel-switch mode to set the channel switch mode.
Use undo channel-switch mode to restore the default.
Syntax
channel-switch mode { continuous | suspend }
undo channel-switch mode
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, all online clients stop sending frames during channel switch.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
continuous: Configures the online clients to continue sending frames during channel switch.
suspend: Configures the online clients to stop sending frames during channel switch until channel switch is complete.
Examples
# Set the channel switch mode to continuous for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
[Sysname-wlan-ap-ap1-radio-1] channel-switch mode continuous
# Set the channel switch mode to continuous for radio 1 of APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] channel-switch mode continuous
Related commands
spectrum-management
crc-error-threshold
Use crc-error-threshold to set the CRC error threshold.
Use undo crc-error-threshold to restore the default.
Syntax
crc-error-threshold percent
undo crc-error-threshold
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the CRC error threshold is 20%.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
percent: Specifies the CRC error threshold in the range of 1% to 100%.
Usage guidelines
When the AC detects that the proportion of CRC-error packets in all 802.11 packets reaches the CRC error threshold on a radio, it performs DFS for the radio.
Examples
# Set the CRC error threshold to 50% for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] crc-error-threshold 50
# Set the CRC error threshold to 50% for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] crc-error-threshold 50
description
Use description to set a description for an RRM holddown group.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is set for an RRM holddown group.
Views
RRM holddown group view
Predefined user roles
network-admin
Parameters
text: Specifies the RRM holddown group description, a case-sensitive string of 1 to 64 characters.
Examples
# Set the description for RRM holddown group 10 to office.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10] description office
display wlan rrm baseline
Use display wlan rrm baseline to display radio baseline information.
Syntax
display wlan rrm baseline { all | name baseline-name } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all radio baselines.
name baseline-name: Specifies a radio baseline by its name, a case-insensitive string of 1 to 32 characters.
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief radio baseline information.
Usage guidelines
You cannot display information about a radio baseline if you do not have the right to manage radios with the location identifier in the radio baseline.
Examples
# Display brief radio baseline information.
<Sysname> display wlan rrm baseline all
Baseline name : apbaseline
Radio range : AP
Created at : 2015-06-22 19:56:31
Baseline name : groupbaseline
Radio range : AP group
Created at : 2015-06-22 19:56:12
Baseline name : globalbaseline
Radio range : Global
Created at : 2015-06-22 19:55:12
Table 61 Command output
Field |
Description |
Radio range |
Range of radios saved in the baseline: · AP—Radios on an AP. · AP group—Radios on APs in an AP group. · Global—Radios on all APs associated with the AC. |
Created at |
Time and date when the baseline was created. |
# Display detailed radio baseline information.
<Sysname> display wlan rrm baseline all verbose
--------------------------------------------------------------------------------
Baseline name : apbaseline
Radio range : AP
Created at : 2015-06-22 19:56:31
--------------------------------------------------------------------------------
APName RadioID RadioType Bandwidth Channel Power RegionCode
--------------------------------------------------------------------------------
ap1 2 dot11gn 20 13 20 CN
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Baseline name : groupbaseline
Radio range : AP group
Created at : 2015-06-22 19:56:12
--------------------------------------------------------------------------------
APName RadioID RadioType Bandwidth Channel Power RegionCode
--------------------------------------------------------------------------------
ap1 1 dot11an 40 157 20 CN
ap2 1 dot11an 40 149 20 CN
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Baseline name : globalbaseline
Radio range : Global
Created at : 2015-06-22 19:55:12
--------------------------------------------------------------------------------
APName RadioID RadioType Bandwidth Channel Power RegionCode
--------------------------------------------------------------------------------
ap1 1 dot11an 40 149 20 CN
ap1 2 dot11gn 20 13 20 CN
ap2 1 dot11an 40 149 20 CN
ap2 2 dot11gn 20 1 20 CN
--------------------------------------------------------------------------------
Table 62 Command output
Field |
Description |
Radio range |
Range of radios saved in the baseline: · AP—Radios on an AP. · AP group—Radios on all APs in an AP group. · Global—Radios on all APs associated with the AC. |
Created at |
Time and date when the baseline was created. |
Power |
Transmit power of the radio in dBm. |
RegionCode |
Region code of the AP. |
display wlan rrm baseline apply-result
Use display wlan rrm baseline apply-result to display the most recent application result of a radio baseline.
Syntax
display wlan rrm baseline apply-result
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the most recent application result of a radio baseline.
<Sysname> display wlan rrm baseline apply-result
Radio count : 6
Success : 4
Failure : 2
Failure reason
Radio doesn't exist : 0
Radio is down : 0
Mismatching radio type : 0
Mismatching region code : 1
No service template : 0
Illegal channel : 0
Mismatching bandwidth : 1
Channel locked : 0
Channel fixed : 0
Within channel holddown time : 0
Mismatching channel gap policy: 0
Power locked : 0
Within power holddown time : 0
Power lower than min. power : 0
Power greater than max. power : 0
Table 63 Command output
Field |
Description |
Radio count |
Number of radios in the radio baseline. |
Success |
Number of successful applications. |
Failure |
Number of failed applications. |
Mismatching radio type |
The radio mode saved in the baseline does not match the actual radio mode. |
Mismatching region code |
The region code saved in the baseline does not match the actual region code of the AP. |
Wireless service not effective |
No service template is bound to a radio in the baseline or the bound service template is disabled. |
Mismatching channel gap policy |
The channel in the baseline does not match the specified channel gap. |
Power lower than min. power |
The transmit power in the baseline is lower than the specified minimum transmit power for the radio. |
Power greater than max. power |
The transmit power in the baseline is higher than the specified maximum transmit power for the radio. |
display wlan rrm-calibration-group
Use display wlan rrm-calibration-group to display RRM holddown group information.
Syntax
display wlan rrm-calibration-group { all | group-id }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all RRM holddown groups.
group-id: Specifies an RRM holddown group by its ID. The value range for this argument is 1 to 128.
Examples
# Display information about RRM holddown group 10.
<Sysname> display wlan rrm-calibration-group 10
RRM Calibration Group Information
--------------------------------------------------------------------------------
Group ID : 10
Description : office
Channel holddown time : 720 minutes
Power holddown time : 60 minutes
Group members : ap4-radio2, ap3-radio2
--------------------------------------------------------------------------------
Table 64 Command output
Field |
Description |
Group ID |
ID of the RRM holddown group. |
Description |
Description for the RRM holddown group. |
Channel holddown time |
Channel holddown time. |
Power holddown time |
Power holddown time. |
Group members |
Radios in the RRM holddown group. |
display wlan rrm-history ap
Use display wlan rrm-history ap to display historical channel and power adjustment information.
Syntax
display wlan rrm-history ap { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), slashes (/), and minus signs (-).
Usage guidelines
You can use this command to display detailed information about the most recent three channel and power adjustments. The detailed information includes adjustment time, cause, power, and interference.
Examples
# Display historical channel and power adjustment information for radios of the AP ap1.
<Sysname> display wlan rrm-history ap name ap1
AP RRM History
--------------------------------------------------------------------------
Flags : I - Interference, P - Packets discarded, F - Retransmission,
R - Radar, C - Coverage, O - Others
--------------------------------------------------------------------------
AP RRM History : ap1
--------------------------------------------------------------------------
Radio : 1 Basic BSSID : 000f-e2ff-7700
--------------------------------------------------------------------------
Ch Power Load Util Intf PER Retry Reason Date Time
(dBm) (%) (%) (%) (%) (%) (yyyy-mm-dd) (hh:mm:ss)
--------------------------------------------------------------------------
Before 6 20 24 2 21 11 18 -P---- 2014-07-07 17:31:50
After 1 20 9 0 8 0 27 - - -
--------------------------------------------------------------------------
Before 1 20 54 1 53 11 15 IP---- 2014-07-08 12:19:50
After 6 20 10 0 10 3 29 - - -
--------------------------------------------------------------------------
Before 6 20 29 1 28 21 20 -P---- 2014-07-08 12:59:50
After 1 20 30 0 29 2 24 - - -
--------------------------------------------------------------------------
Table 65 Command output
Field |
Description |
Radio |
Radio ID. |
Basic BSSID |
Basic service set identifier. |
Ch |
Working channel of the radio. |
Power |
Transmit power of the radio. |
Load |
Channel load in percentage. |
Util |
Channel usage in percentage. |
Intf |
Interference detected on the channel, in percentage. |
PER |
Bit error rate detected on the channel, in percentage. |
Retry |
Retransmission rate detected on the channel, in percentage. |
Reason |
Channel or power adjustment reason. |
Date |
Channel or power adjustment date. |
Time |
Channel or power adjustment time. |
display wlan rrm-status ap
Use display wlan rrm-status ap to display detailed RRM information.
Syntax
display wlan rrm-status ap { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), slashes (/), and minus signs (-).
Usage guidelines
If both channel adjustment and power adjustment are disabled, this command displays only the working channel and power level for radios on the AP.
Examples
# Display detailed information about channel and power adjustments for radios of the AP ap1.
<Sysname> display wlan rrm-status ap name ap1
AP RRM Profile : ap1
--------------------------------------------------------------------------------
Radio : 1 Basic BSSID : 70f9-6d31-2fe0
Channel : 157 Tx Power (dBm) : 18
--------------------------------------------------------------------------------
Ch Nbrs Load Util Intf PER Retry Radar
(%) (%) (%) (%) (%)
--------------------------------------------------------------------------------
36 0 0 - 0 0 - -
40 0 0 - 0 0 - -
44 0 0 - 0 0 - -
48 0 0 - 0 0 - -
52 0 0 - 0 0 - -
56 0 0 - 0 0 - -
60 0 0 - 0 0 - -
64 0 0 - 0 0 - -
100 0 0 - 0 0 - -
104 0 0 - 0 0 - -
108 0 0 - 0 0 - -
112 0 0 - 0 0 - -
116 0 0 - 0 0 - -
132 0 0 - 0 0 - -
136 0 0 - 0 0 - -
140 0 0 - 0 0 - -
149 1 0 - 0 0 - -
153 4 0 - 0 0 - -
157 0 0 0 0 0 0 -
161 2 0 - 0 0 - -
165 0 0 - 0 0 - -
--------------------------------------------------------------------------------
Nbr-MACAddress Ch Intf SignalStrength Type
(%) (dBm)
--------------------------------------------------------------------------------
000f-e212-ff01 161 0 -60 Unmanaged
5866-ba74-e461 153 0 -72 Unmanaged
70f9-6d30-9020 153 0 -40 Managed
70f9-6d31-3080 149 0 -54 Managed
70f9-6d31-34e0 161 0 -59 Managed
7425-8a86-bbe0 153 0 -48 Unmanaged
7425-8a86-c720 153 0 -63 Unmanaged
--------------------------------------------------------------------------------
Radio : 2 Basic BSSID : 70f9-6d31-2ff0
Channel : 1 Tx Power (dBm) : 19
--------------------------------------------------------------------------------
Ch Nbrs Load Util Intf PER Retry Radar
(%) (%) (%) (%) (%)
--------------------------------------------------------------------------------
1 6 4 0 4 0 0 -
6 4 2 - 2 0 - -
11 6 2 - 2 0 - -
--------------------------------------------------------------------------------
Nbr-MACAddress Ch Intf SignalStrength Type
(%) (dBm)
--------------------------------------------------------------------------------
000f-e212-ff11 1 49 -77 Unmanaged
0023-89e1-ed00 11 0 -87 Unmanaged
006a-55f6-ae10 1 57 -88 Unmanaged
5866-ba64-aa31 1 10 -60 Unmanaged
5866-ba74-e471 6 0 -76 Unmanaged
5866-baa9-a610 11 0 -62 Unmanaged
70f9-6d30-9030 6 0 -63 Managed
70f9-6d31-3090 1 51 -86 Managed
70f9-6d31-34f0 6 0 -85 Managed
7425-8a86-bbf0 6 0 -73 Unmanaged
7425-8a86-c731 11 0 -93 Unmanaged
80f6-2ec0-3330 11 0 -76 Unmanaged
80f6-2ec0-3331 11 0 -73 Unmanaged
80f6-2edd-d2d0 1 40 -60 Unmanaged
80f6-2edd-d2d1 1 44 -68 Unmanaged
80f6-2ede-0b30 11 0 -74 Unmanaged
Table 66 Command output
Field |
Description |
Radio |
Radio ID. |
Basic BSSID |
Basic service set identifier. |
Channel |
Working channel of the radio. |
Tx Power |
Transmit power of the radio. |
Ch |
Channels supported by the radio. |
Nbrs |
Number of detected radios. |
Load |
Load detected on the channel, in percentage. Channel load refers to the ratio between the outbound packets and the inbound packets as well as the interferences. Interferences refer to the error packets that are received by the radio. |
Util |
Channel usage in percentage. Channel usage refers to the ratio between the outbound packets and the inbound packets. |
Intf |
Interference detected on the channel, in percentage. |
PER |
Bit error rate detected on the channel, in percentage. |
Retry |
Retransmission rate detected on the channel, in percentage. |
Radar |
Radar detection status: · –—No radar signals are detected on the channel. · Detected—Radar signals have been detected on the channel. |
Nbr-MACAddress |
MAC address of the detected radio. |
SignalStrength |
Signal strength of the radio, in dBm. |
Type |
Type of the radio: · Unmanaged—Radios that can be detected by the radio but are not managed by the same AC. · Managed—Radios that can be detected by the radio and are managed by the same AC. |
interference-threshold
Use interference-threshold to set the channel interference threshold.
Use undo interference-threshold to restore the default.
Syntax
interference-threshold percent
undo interference-threshold
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the channel interference threshold is 50%.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
percent: Specifies the channel interference threshold in the range of 1% to 100%.
Usage guidelines
When the AC detects that the proportion of interference packets in all data packets reaches the interference threshold on a radio, it performs DFS for the radio. Interference packets are packets sent to other radios.
Examples
# Set the channel interference threshold to 60% for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] interference-threshold 60
# Set the channel interference threshold to 60% for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] interference-threshold 60
power holddown-time
Use power holddown-time to set the power holddown time.
Use undo power holddown-time to restore the default.
Syntax
power holddown-time minutes
undo power holddown-time
Default
The power holddown time is 60 minutes.
Views
RRM holddown group view
Predefined user roles
network-admin
Parameters
minutes: Specifies the power holddown time in the range of 10 to 1440 minutes.
Usage guidelines
Each time the power of a radio in the RRM holddown group changes, the system starts the power holddown timer for the radio. The power for every radio in the RRM holddown group remains unchanged during the specified power holddown time.
Examples
# Set the power holddown time to 600 minutes for RRM holddown group 10.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10] power holddown-time 600
power-capability mode
Use power-capability mode to set the transmit power capability match mode.
Use undo power-capability mode to restore the default.
Syntax
power-capability mode { all | none | partial }
undo power-capability mode
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, client transmit power capabilities are not checked.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
all: Specifies the all mode. A client is allowed to associate with a radio only when all its transmit power capabilities match the radio's transmit power capabilities.
none: Specifies the none mode. Client transmit power capabilities are not checked.
partial: Specifies the partial mode. A client is allowed to associate with a radio as long as one of its transmit power capabilities matches the radio's transmit power capabilities.
Usage guidelines
This command takes effect only when you enable spectrum management or radio resource measurement. For more information about radio resource measurement, see WLAN Configuration Guide.
Examples
# Set the client power capability match mode to all for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
[Sysname-wlan-ap-ap1-radio-1] power-capability mode all
# Set the client power capability match mode to all for radio 1 of APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] power-capability mode all
Related commands
· resource-measure
· spectrum-management
power-constraint mode
Use power-constraint mode to set the power constraint mode.
Use undo power-constraint mode to restore the default.
Syntax
power-constraint mode { auto [ anpi-interval anpi-interval-value ] | manual power-constraint }
undo power-constraint mode
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, the power constraint mode is auto.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
auto: Specifies the auto mode.
anpi-interval anpi-interval-value: Adds a value to the average noise power indicator (ANPI) for the device to calculate the power constraint value, in the range of 0 to 30 in dBm. The default value is 10 dBm.
manual power-constraint: Specifies the power constraint value in the range of 0 to 30 dBm.
Usage guidelines
This command is available only on 5 GHz radios.
If you specify the auto mode, the device calculates the power constraint value by using this formula: power-constraint = Received Channel Power Indicator (RCPI) minus (ANPI + anpi-interval-value).
This command takes effect only when you enable spectrum management or radio resource measurement. For more information about radio resource measurement, see WLAN Configuration Guide.
Examples
# Set the power constraint mode to manual and set the power constraint value to 5 dBm for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
[Sysname-wlan-ap-ap1-radio-1] power-constraint mode manual 5
# Set the power constraint mode to manual and set the power constraint value to 5 dBm for radio 1 of APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] power-constraint mode manual 5
Related commands
· resource-measure
· spectrum-management
rrm
Use rrm to enter Radio Resource Management (RRM) view.
Syntax
rrm
Views
Radio view
Predefined user roles
network-admin
Examples
# Enter RRM view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
scan-only
Use scan-only enable to enable radio scanning.
Use scan-only disable to disable radio scanning.
Use undo scan-only to restore the default.
Syntax
scan-only { disable | enable }
undo scan-only
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, radio scanning is disabled.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Usage guidelines
This feature enables APs to scan the WLAN environment and report collected statistics to the AC at the specified interval. The AC uses the statistics to generate channel reports and neighbor reports.
To view the channel reports and neighbor reports, use the display wlan rrm-status ap command.
If you have configured periodic auto-DFS, scheduled auto-DFS, or periodic auto-TPC, you do not need to enable this feature.
Examples
# Enable radio scanning for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] scan-only enable
# Enable radio scanning for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] scan-only enable
Related commands
display wlan rrm-status ap
snmp-agent trap enable wlan rrm
Use snmp-agent trap enable wlan rrm to enable SNMP notifications for WLAN RRM.
Use undo snmp-agent trap enable wlan rrm to restore the default.
Syntax
snmp-agent trap enable wlan rrm
undo snmp-agent trap enable wlan rrm
Default
SNMP notifications are disabled for WLAN RRM.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical WLAN RRM events to an NMS, enable SNMP notifications for WLAN RRM. For WLAN RRM event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notifications for WLAN RRM.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan rrm
spectrum-management
Use spectrum-management enable to enable spectrum management.
Use spectrum-management disable to disable spectrum management.
Use undo spectrum-management to restore the default.
Syntax
spectrum-management { disable | enable }
undo spectrum-management
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, spectrum management is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is available only on 5 GHz radios.
Examples
# Enable spectrum management for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
# Enable spectrum management for radio 1 of APs with model WA536-WW in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA536-WW
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA536-WW-radio-1] spectrum-management enable
tolerance-level
Use tolerance-level to set the tolerance level.
Use undo tolerance-level to restore the default.
Syntax
tolerance-level percent
undo tolerance-level
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the tolerance level is 20%.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
percent: Specifies the tolerance level in the range of 1% to 45%.
Usage guidelines
The AC selects an optimal channel for a radio when the CRC error threshold, interference threshold, or retransmission threshold is reached on the current channel. The AC does not apply the optimal channel to the radio until the quality gap between the optimal channel and the current channel exceeds the tolerance level.
Examples
# Set the tolerance level to 25% for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] tolerance-level 25
# Set the tolerance level to 25% for radio 1 of APs with model WA536-WW in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA536-WW
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA536-WW-radio-1-rrm] tolerance-level 25
wlan calibrate-channel pronto ap all
|
IMPORTANT: This command consumes system resources. Use it with caution. |
Use wlan calibrate-channel pronto ap all to execute on-demand DFS for radios of all APs.
Syntax
wlan calibrate-channel pronto ap all
Views
System view
Predefined user roles
network-admin
Examples
# Execute on-demand DFS for radios of all APs.
<Sysname> system-view
[Sysname] wlan calibrate-channel pronto ap all
wlan calibrate-power pronto ap all
|
IMPORTANT: This command consumes system resources. Use it with caution. |
Use wlan calibrate-power pronto ap all to execute on-demand TPC for radios of all APs.
Syntax
wlan calibrate-power pronto ap all
Views
System view
Predefined user roles
network-admin
Examples
# Execute on-demand TPC for radios of all APs.
<Sysname> system-view
[Sysname] wlan calibrate-power pronto ap all
wlan rrm baseline apply
Use wlan rrm baseline apply to apply a radio baseline.
Syntax
wlan rrm baseline apply name baseline-name
Views
System view
Predefined user roles
network-admin
Parameters
name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
You cannot apply a radio baseline when one of the following conditions is met:
· You do not have the right to manage radios with the location identifier in the radio baseline.
· The name of the radio baseline is start_config_baseline.csv.
Examples
# Apply radio baseline bl.
<Sysname> system-view
[Sysname] wlan rrm baseline apply name bl
Related commands
display wlan rrm baseline apply-result
wlan rrm baseline save
wlan rrm baseline remove
Use wlan rrm baseline remove to delete a radio baseline.
Syntax
wlan rrm baseline remove name baseline-name
Views
System view
Predefined user roles
network-admin
Parameters
name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
You cannot apply a radio baseline if you do not have the right to manage radios with the location identifier in the radio baseline.
Examples
# Delete radio baseline bl.
<Sysname> system-view
[Sysname] wlan rrm baseline remove name bl
Related commands
wlan rrm baseline save
wlan rrm baseline save
Use wlan rrm baseline save to create a radio baseline by saving the current radio settings.
Syntax
wlan rrm baseline save name baseline-name { ap ap-name radio radio-id | ap-group group-name ap-model ap-model radio radio-id | global }
Views
System view
Predefined user roles
network-admin
Parameters
name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.
ap ap-name: Specifies an AP name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-). Make sure the AP is online.
radio radio-id: Specifies a radio ID.
ap-group group-name: Specifies an AP group name, a case-insensitive string of 1 to 31 characters. Make sure the AP group already exists.
ap-model ap-model: Specifies an AP model.
global: Specifies all radios.
Usage guidelines
A radio baseline saves the working channel, transmit rate, and other radio attributes for a radio or several radios. You can create a radio baseline by saving the current radio settings and apply the baseline to use these settings.
A radio baseline is saved in a .csv file in the file system on the AC.
Examples
# Save the settings of radio 1 on AP ap1 and create radio baseline ap1-1.
<Sysname> system-view
[Sysname] wlan rrm baseline save name ap1-1 ap ap1 radio 1
# Save the settings of radio 1 of APs with model WA536-WW in AP group group1 and create radio baseline ap1g1-1.
<Sysname> system-view
[Sysname] wlan rrm baseline save name ap1g1-1 ap-group group1 ap-model WA536-WW radio 1
# Save the settings of all radios and create radio baseline global.
<Sysname> system-view
[Sysname] wlan rrm baseline save name global global
wlan rrm calibration-channel interval
Use wlan rrm calibration-channel interval to set the channel calibration interval.
Use undo wlan rrm calibration-channel interval to restore the default.
Syntax
wlan rrm calibration-channel interval minutes
undo wlan rrm calibration-channel interval
Default
The channel calibration interval is 8 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Specifies the channel calibration interval, in the range of 3 to 1440 minutes.
Examples
# Set the channel calibration interval to 10 minutes.
<Sysname> system-view
[Sysname] wlan rrm calibration-channel interval 10
Related commands
calibrate-channel self-decisive
wlan rrm-calibration-group
Use wlan rrm-calibration-group to create an RRM holddown group and enter its view, or enter the view of an existing RRM holddown group.
Use undo wlan rrm-calibration-group to remove an RRM holddown group.
Syntax
wlan rrm-calibration-group group-id
undo wlan rrm-calibration-group { all | group-id }
Default
No RRM holddown group exists.
Views
System view
Predefined user roles
network-admin
Parameters
all: Specifies all RRM holddown groups.
group-id: Specifies an RRM holddown group ID in the range of 1 to 128.
Examples
# Create RRM holddown group 10.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10]
wlan rrm calibration-power interval
Use wlan rrm calibration-power interval to set the power calibration interval.
Use undo wlan rrm calibration-power interval to restore the default.
Syntax
wlan rrm calibration-power interval minutes
undo wlan rrm calibration-power interval
Default
The power calibration interval is 8 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Specifies the power calibration interval, in the range of 3 to 180 minutes.
Examples
# Set the power calibration interval to 10 minutes.
<Sysname> system-view
[Sysname] wlan rrm calibration-power interval 10
Related commands
calibrate-power self-decisive
IoT AP commands
This feature is restricted to Hong Kong and Macao.
Support for IoT capability depends on the AP model.
display wlan module firmware-upgrade history
Use display wlan module firmware-upgrade history to display firmware upgrade information for modules.
Syntax
display wlan module firmware-upgrade history { all | ap ap-name module module-id }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all modules.
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
module-id: Specifies a module by its ID. The value range varies by AP model.
Usage guidelines
This command displays firmware upgrade information for a module on an AP from the time that the AP starts.
Examples
# Display firmware upgrade information for all modules.
<Sysname> display wlan module firmware-upgrade history all
Total number of APs: 3
--------------------------------------------------------------------------------
AP name Module ID Last upgrade time Upgrade status SW Version
--------------------------------------------------------------------------------
ap1 1 Mon Nov 2 13:54:23 2015 Success 12-09-02-22
ap1 2 Mon Nov 2 13:54:23 2015 Upgrading 12-09-02-22
ap2 1 N/A N/A 12-09-02-22
ap3 1 Mon Nov 2 13:54:23 2015 Failed 12-09-02-22
Table 67 Command output
Field |
Description |
Upgrade status |
Upgrade status: · Succeeded.. · Failed. · Upgrading. This field displays N/A if the module has not been upgraded. |
SW version |
Module software version. |
display wlan module-information
Use display wlan module-information to display module information for an AP.
Syntax
display wlan module-information ap ap-name module module-id
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
module module-id: Specifies a module by its ID. The value range varies by AP model.
Examples
# Display information about module 1 on AP ap1.
<Sysname> display wlan module-information ap ap1 module 1
Module administrate type : BLE
Module physical type : H3C
Model : T300-B
HW version : 12090031
SW version : 12090202
Sequence ID : 0000051700000002
Node physical status : Normal
Module physical status : Normal
Module administrate status : Enabled
RF1 : Enabled
RF2 : Enabled
RF3 : Enabled
ZIGBEE : Enabled
Table 68 Command output
Field |
Description |
Module administrate type |
Configured module type: · NotConfig. · BLE. · IOT. |
Module physical type |
Physical type of the module: · H3C. · IOT. This field displays N/A if no physical type information is available. |
Model |
Module model information. This field displays N/A if no module model information is available. |
HW version |
Module hardware version. |
SW version |
Module software version. |
Sequence ID |
Module sequence ID. |
Node physical status |
Physical status of the node where the module is installed: · Unavailable. · Normal. · Absent. |
Module physical status |
Physical status of the module: · Unavailable. · Normal. · Absent. |
Module administrate status |
Configured module status: · Enabled. · Disabled. |
RF1 |
RF1 status: · Enabled. · Disabled. |
RF2 |
RF2 status: · Enabled. · Disabled. |
RF3 |
RF3 status: · Enabled. · Disabled. |
ZIGBEE |
Zigbee status: · Enabled. · Disabled. |
module
Use module to enter module view.
Syntax
module module-id
Views
AP view
AP group AP model view
Predefined user roles
network-admin
Parameters
module-id: Specifies a module by its ID. The value range varies by AP model.
Usage guidelines
To configure and manage a module on an AP, you must first enter module view of the AP.
Examples
# Enter the view of module 1 on AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP380
[Sysname-wlan-ap-ap1] module 1
[Sysname-wlan-ap-ap1-module-1]
# Enter the view of module 1 on all APs with AP model UAP380 in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-apgroup1] ap-model UAP380
[Sysname-wlan-ap-apgroup1-ap-model-UAP380] module 1
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1]
module enable
Use module enable to enable a module.
Use module disable to disable a module.
Use undo module to restore the default.
Syntax
module { disable | enable }
undo module
Default
In module view, an AP uses the configuration in AP group's module view.
In AP group's module view, a module is disabled.
Views
Module view
AP group's module view
Predefined user roles
network-admin
Examples
# Enable module 1 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP380
[Sysname-wlan-ap-ap1] module 1
[Sysname-wlan-ap-ap1-module-1] module enable
# Enable module 1 for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model UAP380
[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] module enable
module firmware-upgrade
Use module firmware-upgrade enable to enable automatic firmware upgrade for a module.
Use module firmware-upgrade disable to disable automatic firmware upgrade for a module.
Use undo firmware-upgrade to restore the default.
Syntax
module firmware-upgrade { disable | enable }
undo module firmware-upgrade
Default
In module view, a module uses the configuration in AP group's module view.
In AP group's module view, automatic firmware upgrade is disabled for a module.
Views
Module view
AP group's module view
Predefined user roles
network-admin
Usage guidelines
This feature enables a module to immediately upgrade its firmware if its firmware version is different from the version stored in the AP's image file.
After you enable this feature for a module, this feature takes effect every time the connected IoT AP reboots.
Examples
# Enable automatic firmware upgrade in module view.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP380
[Sysname-wlan-ap-ap1] module 1
[Sysname-wlan-ap-ap1-module-1] module firmware-upgrade enable
# Enable automatic firmware upgrade in AP group's module view.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model UAP380
[Sysname-wlan-ap-group-10-ap-model-UAP380] module 1
[Sysname-wlan-ap-group-10-ap-model-UAP380-module-1] module firmware-upgrade enable
Related commands
· display wlan module firmware-upgrade history
· display wlan module-information
rfid-tracking ble advertisement
Use rfid-tracking ble advertisement to configure the advertisement information for a BLE module.
Use undo rfid-tracking ble advertisement to restore the default.
Syntax
rfid-tracking ble advertisement { major-id major-id | measured-power measured-power | minor-id minor-id | uuid uuid }
undo rfid-tracking ble advertisement { major-id | measured-power | minor-id | uuid }
Default
In module view, a module uses the configuration in AP group's module view.
In AP group's module view, the Major ID is 1, Minor ID is 1, measured power is -58 dBm, and UUID is 0 in the advertisement information for a BLE module.
Views
Module view
AP group's module view
Predefined user roles
network-admin
Parameters
major-id major-id: Specifies the Major ID in the advertisement information for a BLE module. The value range for the major-id argument is 0 to 65535.
measured-power measured-power: Specifies the measured power in the advertisement information for a BLE module. The value range for the measured-power argument is 0 to 127, representing that the value range for the signal intensity is -127 to 0 dBm. A larger value represents weaker signal intensity. The measured power is the signal intensity detected by the advertisement receiving device when the device is at a 1-meter distance from the iBeacon device. The measured power can be used to calculate the distance between the advertisement receiving device and the iBeacon device.
minor-id minor-id: Specifies the Minor ID in the advertisement information for a BLE module. The value range for the minor-id argument is 0 to 65535.
uuid uuid: Specifies the UUID in the advertisement information for a BLE module. The value range for the uuid argument is a case-insensitive string of 32 hexadecimal digits from 0 to f.
Usage guidelines
A BLE module broadcasts iBeacon advertisements containing Major ID, Minor ID, measured power, and UUID to nearby application software. Application software that receives the advertisement information will take specific actions according to the advertisement information to fulfill their software functions.
Examples
# Configure the advertisement information for BLE module 1 in module view.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP380
[Sysname-ap-ap1] module 1
[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement major-id 4
[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement minor-id 4
[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement uuid 34ae56115098ca67321a11256bca3007
[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement measured-power 30
# Configure the advertisement information for BLE module 1 in AP group's module view.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model UAP380
[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement major-id 4
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement minor-id 4
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement uuid 34ae56115098ca67321a11256bca3007
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement measured-power 30
Related commands
· rfid-tracking ble advertisement enable
· rfid-tracking ble advertisement interval
rfid-tracking ble advertisement enable
Use rfid-tracking ble advertisement enable to enable the iBeacon transmission feature for a BLE module.
Use rfid-tracking ble advertisement disable to disable the iBeacon transmission feature for a BLE module.
Use undo rfid-tracking ble advertisement to restore the default.
Syntax
rfid-tracking ble advertisement { disable | enable }
undo rfid-tracking ble advertisement
Default
In module view, a module uses the configuration in AP group's module view.
In AP group's module view, the iBeacon transmission feature is disabled for a BLE module.
Views
Module view
AP group's module view
Predefined user roles
network-admin
Usage guidelines
This command enables a BLE module to periodically broadcast iBeacon advertisements. An iBeacon advertisement contains a UUID, Major ID, measured power, and Minor ID.
This command takes effect only for BLE modules.
Examples
# Enable the iBeacon transmission feature for BLE module 1 in module view.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP380
[Sysname-ap-ap1] module 1
[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement enable
# Enable the iBeacon transmission feature for BLE module 1 in AP group's module view.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model UAP380
[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement enable
Related commands
· rfid-tracking ble advertisement
· rfid-tracking ble advertisement interval
rfid-tracking ble advertisement interval
Use rfid-tracking ble advertisement interval to set the interval at which a BLE module broadcasts iBeacon advertisements.
Use undo rfid-tracking ble advertisement interval to restore the default.
Syntax
rfid-tracking ble advertisement interval interval
undo rfid-tracking ble advertisement interval
Default
In module view, a module uses the configuration in AP group's module view.
In AP group's module view, a BLE module broadcasts iBeacon advertisements every 100 centiseconds (1 second).
Views
Module view
AP group's module view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval at which a BLE module broadcasts iBeacon advertisements with a step size of 10. The value range is 50 to 1000 centiseconds.
Examples
# Configure BLE module 1 to broadcast iBeacon advertisements every 200 centiseconds in module view.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP380
[Sysname-ap-ap1] module 1
[Sysname-ap-ap1-module-1] rfid-tracking ble advertisement interval 200
# Configure BLE module 1 to broadcast iBeacon advertisements every 200 centiseconds in AP group's module view.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model UAP380
[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] rfid-tracking ble advertisement interval 200
Related commands
· rfid-tracking ble advertisement
· rfid-tracking ble advertisement enable
serial-number
Use serial-number to specify a serial number for a module.
Use undo serial-number to restore the default.
Syntax
serial-number serial-number
undo serial-number
Default
No serial number is specified for a module.
Views
Module view
Predefined user roles
network-admin
Parameters
serial-number : Specifies a serial number that can uniquely identify a module, a case-insensitive string of 1 to 31 characters.
Usage guidelines
|
CAUTION: Deleting the serial number or specifying a different serial number than the actual serial number of an online module logs off the module if the module connects to an IoT AP through network cables. |
This command is required for a module when the module connects to an AP through network cables. The module can come online on the AP only when the specified serial number is the same as the actual serial number of the module.
For a module that is installed on an AP, this command does not take effect. The module can come online directly no matter whether the specified serial number is the same as the module's serial number or not.
Examples
# Set the serial number of module 1 to 210235A1BSC123000050.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP300
[Sysname-wlan-ap-ap1] module 1
[Sysname-wlan-ap-ap1-module-1] serial-number 210235A1BSC123000050
tx-power
Use tx-power to set the transmit power level for a module.
Use undo tx-power to restore the default.
Syntax
tx-power power
undo tx-power
Default
In module view, a module uses the configuration in AP group's module view.
In AP group's module view, the transmit power level for a module is 1, which indicates a transmit power of 4 dBm.
Views
Module view
AP group's module view
Predefined user roles
network-admin
Parameters
power: Specifies the transmit power level. The value can be 1, 2, 3, or 4, which indicates a transmit power of 4 dBm, –1 dBm, –5 dBm, and –9 dBm, respectively.
Examples
# Set the transmit power level to 4 for module 1 in module view.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP380
[Sysname-ap-ap1] module 1
[Sysname-ap-ap1-module-1] tx-power 4
# Set the transmit power level to 4 for module 1 in AP group's module view.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model UAP380
[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] tx-power 4
Related commands
rfid-tracking ble advertisement enable
type
Use type to specify the supported module type.
Use undo type to restore the default.
Syntax
type { ble | iot }
undo type
Default
In module view, an AP uses the configuration in AP group's module view.
In AP group's module view, no supported module type is specified.
Views
Module view
AP group's module view
Predefined user roles
network-admin
Parameters
ble: Specifies the Bluetooth low energy type.
iot: Specifies the IoT type.
Usage guidelines
For a module to operate correctly, make sure the specified module type is the same as the actual module type.
Examples
# Specify the supported module type IoT for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model UAP380
[Sysname-wlan-ap-ap1] module 1
[Sysname-wlan-ap-ap1-module-1] type iot
# Specify the supported module type IoT for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model UAP380
[Sysname-wlan-ap-group-1-ap-model-UAP380] module 1
[Sysname-wlan-ap-group-1-ap-model-UAP380-module-1] type iot
wlan execute module firmware-upgrade
Use wlan execute module firmware-upgrade to manually upgrade the firmware of a module.
Syntax
wlan execute module firmware-upgrade { ap ap-name | ap-group group-name ap-model ap-model } module module-id firmware-path filepath
Views
System view
Predefined user roles
network-admin
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
ap-group group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.
ap-model ap-model: Specifies an AP model.
module module-id: Specifies a module by its ID. The value range varies by AP model.
firmware-path filepath: Specifies the path of the image file for module upgrade.
Usage guidelines
When you use this command to manually upgrade the firmware of an IoT module, make sure the automatic firmware upgrade feature is disabled for the module. Automatic firmware upgrade performs version consistency check every time the connected IoT AP restarts and upgrades the module's firmware to the version stored in the AP' image file as necessary.
Examples
# Obtain an upgrade file to manually upgrade module 1 on AP ap1.
<Sysname> system-view
[Sysname] wlan execute module firmware-upgrade ap ap1 module 1 firmware-path flash:/a.ipe
wlan execute module reset
Use wlan execute module reset to restart a module on an AP.
Syntax
wlan execute module reset ap ap-name module module-id
Views
System view
Predefined user roles
network-admin
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
module module-id: Specifies a module by its ID. The value range varies by AP model.
Examples
# Restart module 1 on AP ap1.
<Sysname> system-view
[Sysname] wlan execute module reset ap ap1 module 1
wlan execute module restore-factory
Use restore factory-default wlan ap to restore the factory settings for a module on an AP.
Syntax
wlan execute module restore-factory ap ap-name module module-id
Views
System view
Predefined user roles
network-admin
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
module module-id: Specifies a module by its ID. The value range varies by AP model.
Usage guidelines
This command restarts a module and restores the factory settings of the module immediately.
Examples
# Restore the factory settings for module 1 on AP ap1.
<Sysname> system-view
[Sysname] wlan execute module restore-factory ap ap1 module 1
CM tunnel commands
This feature is restricted to Hong Kong and Macao.
cmtunnel server domain
Use cmtunnel server domain to configure the domain name of the H3C Oasis server.
Use undo cmtunnel server domain to restore the default.
Syntax
cmtunnel server domain domain-name
undo cmtunnel server domain
Default
The domain name of the H3C Oasis server is not configured.
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the domain name of the H3C Oasis server, a case-sensitive string of 1 to 253 characters.
Usage guidelines
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Configure the domain name of the H3C Oasis server as lvzhou.h3c.com.
<Sysname> system-view
[Sysname] cmtunnel server domain-name lvzhou.h3c.com
display cmtunnel state
Use display cmtunnel state to display CM tunnel state information.
Syntax
display cmtunnel state
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display CM tunnel state information.
<Sysname> display cmtunnel state
Cloud management tunnel
Server address : 20.0.0.1
Server name : lvzhou.h3c.com
Local port : 80
Connection state : Established
Device state : Request_success
Table 69 Command output
Field |
Description |
Server address |
IP address of the H3C Oasis server. |
Server name |
Domain name of the H3C Oasis server. |
Local port |
TCP port number used to establish CM tunnels. |
Connection state |
CM tunnel state: · Unconnected. · Request. · Established. · Close_recv—Received a CM tunnel closing packet. · Close_send—Sent a CM tunnel closing packet. |
Device state |
Local device state: · Idle—In idle state. · Connecting—Connecting to the H3C Oasis server. · Register—Sent a registration request. · Register_success—Registration succeeded. · Request—Sent a handshake request. · Request_success—Handshake succeeded. |
Cloud connection commands
This feature is restricted to Hong Kong and Macao.
cloud-management keepalive
Use cloud-management keepalive to set the keepalive interval for the local device to send keepalive packets to the H3C Oasis server.
Use undo cloud-management keepalive to restore the default.
Syntax
cloud-management keepalive interval
undo cloud-management keepalive
Default
The keepalive interval is 180 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the keepalive interval in the range of 10 to 600 seconds.
Usage guidelines
If the device does not receive a response from the H3C Oasis server within three keepalive intervals, the device sends a registration request to re-establish the cloud connection.
Examples
# Set the keepalive interval to 360 seconds.
<Sysname> system-view
[Sysname] cloud-management keepalive 360
cloud-management server domain
Use cloud-management server domain to configure the domain name of the H3C Oasis server.
Use undo cloud-management server domain to restore the default.
Syntax
cloud-management server domain domain-name
undo cloud-management server domain
Default
The domain name of the H3C Oasis server is not configured.
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the domain name of the H3C Oasis server, a case-sensitive string of 1 to 253 characters.
Usage guidelines
Before you configure the domain name of the H3C Oasis server, make sure a DNS server is configured to translate the domain name.
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Configure the domain name of the H3C Oasis server as lvzhouv3.h3c.com.
<Sysname> system-view
[Sysname] cloud-management server domain lvzhouv3.h3c.com
cloud-management server port
Use cloud-management server port to specify the TCP port number used to establish cloud connections.
Use undo cloud-management server port to restore the default.
Syntax
cloud-management server port port-number
undo cloud-management server port
Default
The TCP port number used to establish cloud connections is 443.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies the TCP port number used to establish cloud connections, in the range of 1 to 65535.
Usage guidelines
After you change the TCP port number used to establish cloud connections, the device tears down the cloud connection and establishes a cloud connection again to the Oasis platform.
Examples
# Set the TCP port number used to establish cloud connections to 80.
<Sysname> system-view
[Sysname] cloud-management server port 80
display cloud-management state
Use display cloud-management state to display cloud connection state information.
Syntax
display cloud-management state
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display cloud connection state information.
<Sysname> display cloud-management state
Cloud connection state : Established
Device state : Request_success
Cloud server address : 10.1.1.1
Cloud server domain name : lvzhouv3.h3c.com
Local port : 443
Connected at : Wed Jan 27 14:18:40 2016
Duration : 00d 00h 02m 01s
Process state : DNS not parsed
Failure reason : DNS parse failed
Last down reason : socket connection error (Details:N/A)
Last down at : Wed Jan 27 13:18:40 2016
Last report failure reason : SSL sending failure (Details: ssl msg = ssl error read ,system msg = No such file or directory)
Last report failure at : Wed Jan 27 13:18:40 2016
Dropped packets after reaching buffer limit : 0
Total dropped packets : 1
Last report incomplete reason : N/A
Last report incomplete at : N/A
Buffer full count : 0
Table 70 Command output
Field |
Description |
Cloud connection state |
Cloud connection state: Unconnected, Request, and Established. |
Device state |
Local device state: · Idle—In idle state. · Connecting—Connecting to the H3C Oasis server. · Request_CAS_url—Sent a central authentication service (CAS) URL request. · Request_CAS_url_success—Requesting CAS URL succeeded. · Request_CAS_TGT—Sent a ticket granting ticket (TGT) request. · Request_CAS_TGT_success—Requesting TGT succeeded. · Request_CAS_ST—Sent a service ticket (ST) request. · Request_CAS_ST_success—Requesting ST succeeded. · Request_cloud_auth—Sent an authentication request. · Request_cloud_auth_success—Authentication succeeded. · Register—Sent a registration request. · Register_success—Registration succeeded. · Request—Sent a handshake request. · Request_success—Handshake succeeded. |
Cloud server address |
IP address of the H3C Oasis server. |
Cloud server domain name |
Domain name of the H3C Oasis server. |
Local port |
TCP port number used to establish cloud connections. |
Connected at |
Time when the cloud connection was established. |
Duration |
Duration since the establishment of the cloud connection. |
Process state |
Cloud connection processing state: · DNS not parsed. · DNS parsed. · Message not sent. · Message sent. · Message not received. · Message received. |
Failure reason |
Cloud connection failure reason: · DNS parse failed. · Socket connection failed. · SSL creation failed. · Sending CAS url request failed. · Sending CAS TGT failed. · Sending CAS ST failed. · Sending cloud auth failed. · Sending register failed. · Processing CAS url response failed. · Processing CAS TGT response failed. · Processing CAS ST response failed. · Processing cloud auth response failed. · Processing register response failed. · Sending handshake request failed. · Processing handshake failed. · Sending websocket request failed. · Processing websocket packet failed. |
Last down reason |
Reason for the most recent cloud connection interruption: · Device or process rebooted. · Socket connection error. · Configuration changed. · Received websocket close packet from cloud. · Keepalive expired. · Packet processing failed. · Main connection went down. · Cloud reset connection. · Memory reached threshold. |
Last down at |
Time when the cloud connection went down most recently. |
Last report failure reason |
Reason for the most recent cloud connection packet sending failure: · Tunnel is being deleted. · Tunnel socket is invalid. · Failed to convert string to json. · Failed to convert json to string. · Failed to create message node. · Tunnel is not ready. · Failed to create packet buffer. · SSL sending failure. If the reason is SSL sending failure, one of the following detailed reason will be displayed: · ssl error none. · ssl error ssl. · ssl error read. · ssl error write. · ssl error x509 lookup. · ssl error syscall. · ssl error zero return. · ssl error connect. · ssl error accept. |
Last report failure at |
Time when the most recent cloud connection packet sending failure occurred. |
Dropped packets after reaching buffer limit |
Number of packets that are dropped because the CMTNL buffer limit is reached. |
Total dropped packets |
Total number of dropped packets. |
Last report incomplete reason |
Reason for the most recent unfinished packet sending: · Interrupted system call. · Socket buffer is full. |
Last report incomplete at |
Time when the most recent unfinished packet sending occurred. |
Buffer full count |
Number of times that the buffer becomes full. |
WLAN IP snooping commands
client ip-snooping http-learning enable
Use client ip-snooping http-learning enable to enable snooping HTTP requests redirected to the portal server.
Use undo client ip-snooping http-learning enable to disable snooping HTTP requests redirected to the portal server.
Syntax
client ip-snooping http-learning enable
undo client ip-snooping http-learning enable
Default
Snooping HTTP requests is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
The AC can use this method to learn IP addresses of clients performing portal authentication. For more information about portal authentication, see Security Configuration Guides.
The priorities for learning IP addresses through snooping DHCP packets, ARP or ND packets, and HTTP requests are in descending order.
Make sure the service template is disabled before you execute this command.
Examples
# Enable snooping HTTP requests redirected to the portal server.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client ip-snooping http-learning enable
client ipv4-snooping arp-learning enable
Use client ipv4-snooping arp-learning enable to enable snooping ARP packets.
Use undo client ipv4-snooping arp-learning enable to disable snooping ARP packets.
Syntax
client ipv4-snooping arp-learning enable
undo client ipv4-snooping arp-learning enable
Default
Snooping ARP packets is enabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
The priorities for learning IP addresses through snooping DHCP packets, ARP or ND packets, and HTTP requests are in descending order.
Make sure the service template is disabled before you execute this command.
Examples
# Disable snooping ARP packets.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client ipv4-snooping arp-learning enable
client ipv6-snooping nd-learning enable
Use client ipv6-snooping nd-learning enable to enable snooping ND packets.
Use undo client ipv6-snooping nd-learning enable to disable snooping ND packets.
Syntax
client ipv6-snooping nd-learning enable
undo client ipv6-snooping nd-learning enable
Default
Snooping ND packets is enabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
Make sure the service template is disabled when you execute this command.
By default, an AP learns clients' IPv6 addresses through snooping both ND and DHCPv6 packets. Disable this feature to configure an AP to learn clients' IPv6 addresses only from DHCPv6 packets.
Examples
# Disable snooping ND packets.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client ipv6-snooping nd-learning enable
client ipv6-snooping snmp-nd-report enable
Use client ipv6-snooping snmp-nd-report enable to enable SNMP to obtain client IPv6 addresses learned from ND packets.
Use undo client ipv6-snooping snmp-nd-report enable to disable SNMP from obtaining client IPv6 addresses learned from ND packets.
Syntax
client ipv6-snooping snmp-nd-report enable
undo client ipv6-snooping snmp-nd-report enable
Default
SNMP obtains client IPv6 addresses learned from both DHCPv6 and ND packets.
Views
Service template view
Predefined user roles
Usage guidelines
Make sure the service template is disabled when you execute this command.
Examples
# Disable SNMP from obtaining client IPv6 addresses learned from ND packets.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client ipv6-snooping snmp-nd-report enable
WLAN fast forwarding
The following matrix shows the feature and hardware compatibility:
Hardware series |
Model |
WLAN fast forwarding compatibility |
WX1800H series |
WX1804H WX1810H WX1820H WX1840H |
No |
WX3800H series |
WX3820H WX3840H |
Yes |
WX5800H series |
WX5860H |
Yes |
display wlan fast-forwarding status
Use display wlan fast-forwarding status to display WLAN fast forwarding status.
Syntax
display wlan fast-forwarding status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display WLAN fast forwarding status.
<Sysname> display wlan fast-forwarding status
Slot 1 WLAN fast forwarding information:
Status : Enabled
Mode : Software fast forwarding
Table 71 Command output
Field |
Description |
Status |
WLAN fast forwarding status: · Enabled. · Disabled. |
Mode |
WLAN fast forwarding mode: · Software fast forwarding. |
wlan fast-forwarding enable
Use wlan fast-forwarding enable to enable WLAN fast forwarding.
Use undo wlan fast-forwarding enable to disable WLAN fast forwarding.
Syntax
wlan fast-forwarding enable
undo wlan fast-forwarding enable
Views
System view
Predefined user roles
network-admin
network-operator
Usage guidelines
When this feature is enabled, ACL and QoS only support matching 5-tuple in fast forwarded packets.
Examples
# Enable WLAN fast forwarding.
<Sysname> system-view
[Sysname] wlan fast-forwarding enable
WLAN probe commands
client-proximity-sensor
Use client-proximity-sensor enable to enable WLAN probe.
Use client-proximity-sensor disable to disable WLAN probe.
Use undo client-proximity-sensor to restore the default.
Syntax
client-proximity-sensor { disable | enable }
undo client-proximity-sensor
Default
· In radio view, a radio uses the configuration in AP group radio view.
· In AP group radio view, WLAN probe is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Examples
# Enable WLAN probe for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] client-proximity-sensor enable
# Enable WLAN probe for radio 1 of APs with model WA536-WW in AP group aaa.
<Sysname> system-view
[Sysname] wlan ap-group aaa
[Sysname-wlan-ap-group-aaa] ap-model WA536-WW
[Sysname -wlan-ap-group-aaa-ap-model-WA536-WW] radio 1
[Sysname -wlan-ap-group-aaa-ap-model-WA536-WW-radio-1] client-proximity-sensor enable
client-proximity-sensor ap-timer
Use client-proximity-sensor ap-timer to set the AP entry timers.
Use undo client-proximity-sensor ap-timer to restore the default.
Syntax
client-proximity-sensor ap-timer inactive inactive-value aging aging-value
undo client-proximity-sensor ap-timer
Default
The inactivity timer and aging timer for AP entries are 300 seconds and 600 seconds, respectively.
Views
System view
Predefined user roles
network-admin
Parameters
inactive inactive-value: Specifies the inactivity timer for AP entries, in the range of 60 to 1200 seconds.
aging aging-value: Specifies the aging timer for AP entries, in the range of 120 to 86400 seconds.
Examples
# Set the inactivity timer and aging timer for AP entries to 120 seconds and 360 seconds, respectively.
<Sysname> system-view
[Sysname] client-proximity-sensor ap-timer inactive 120 aging 360
client-proximity-sensor ap-udp-server
Use client-proximity-sensor ap-udp-server to specify a UDP server to receive wireless device information.
Use undo client-proximity-sensor udp-server to restore the default.
Syntax
client-proximity-sensor ap-udp-server ip-address port port-number [ interval interval | preshared-key [ cipher | simple ] key-string ] *
undo client-proximity-sensor ap-udp-server
Default
No UDP server is specified.
Views
AP view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IPv4 address of the UDP server.
port port-number: Specifies the port number of the UDP server, in the range of 1 to 65534.
interval interval: Specifies the interval at which the sensor sends device information to the UDP server, in the range of 1 to 600 seconds. The default interval is 30 seconds.
preshared-key: Specifies a preshared key.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form.
key-string: Specifies the key. Its plaintext form is a case-sensitive string of 8 to 63 characters. Its encrypted form is a case-sensitive string of 41 to 117 characters.
Examples
# Specify the UDP server with IP address 10.152.3.209 and port number 443 to receive wireless device information.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-ap-ap1] client-proximity-sensor ap-udp-server 10.152.3.209 port 443
client-proximity-sensor client-timer
Use client-proximity-sensor client-timer to set the client entry timers.
Use undo client-proximity-sensor client-timer to restore the default.
Syntax
client-proximity-sensor client-timer inactive inactive-value aging aging-value
undo client-proximity-sensor client-timer
Default
The inactivity timer and aging timer for client entries are 300 seconds and 600 seconds, respectively.
Views
System view
Predefined user roles
network-admin
Parameters
inactive inactive-value: Specifies the inactivity timer for client entries, in the range of 60 to 1200 seconds.
aging aging-value: Specifies the aging timer for client entries, in the range of 120 to 86400 seconds.
Examples
# Set the inactivity timer and aging timer for client entries to 120 seconds and 360 seconds, respectively.
<Sysname> system-view
[Sysname] client-proximity-sensor client-timer inactive 120 aging 360
client-proximity-sensor coordinates
Use client-proximity-sensor coordinates to set the longitude and latitude of a sensor.
Use undo client-proximity-sensor coordinates to remove the configuration.
Syntax
client-proximity-sensor coordinates longitude longitude-value latitude latitude-value
undo client-proximity-sensor coordinates
Default
The longitude and latitude are not set for a sensor.
Views
AP view
Predefined user roles
network-admin
Parameters
longitude longitude-value: Specifies the longitude of the sensor, in XXX-XX-XX.X format. The value ranges for XXX and XX are 0 to 180 and 0 to 60, respectively. The value of X can be e or w and is case insensitive.
latitude latitude-value: Specifies the latitude of the sensor, in XXX-XX-XX.X format. The value ranges for XXX and XX are 0 to 90 and 0 to 60, respectively. The value of X can be s or n and is case insensitive.
Usage guidelines
After you configure this command for a sensor, the longitude and latitude information for the sensor is reported together with the information about wireless devices detected by the sensor.
Examples
# Set the longitude and latitude for sensor ap1 to 123-40-40.e and 80-30-30.n, respectively.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA536-WW
[Sysname-ap-ap1] client-proximity-sensor coordinates longitude 123-40-40.e latitude 80-30-30.n
client-proximity-sensor filter-list
Use client-proximity-sensor filter-list to configure the MAC address filtering list. The AC does not report information about devices with MAC addresses in the list.
Use undo client-proximity-sensor filter-list to remove the configuration.
Syntax
client-proximity-sensor filter-list list
undo client-proximity-sensor filter-list { list | all }
Default
No MAC address filtering list is configured.
Views
System view
Predefined user roles
network-admin
Parameters
list: Specifies a MAC address or a class of MAC addresses in H-H-H format. For example, if you specify 0400-0000-0000, you specify MAC addresses whose third bit in the first byte is 1.
all: Specifies all MAC addresses.
Examples
# Add MAC addresses whose third bit in the first byte is 1 to the MAC address filtering list.
<Sysname> system-view
[Sysname] client-proximity-sensor filter-list 0400-0000-0000
client-proximity-sensor random-mac-report enable
Use client-proximity-sensor random-mac-report enable to enable reporting of information about Apple terminals that use a random MAC address.
Use undo client-proximity-sensor random-mac-report enable to disable reporting of information about Apple terminals that use a random MAC address
Syntax
client-proximity-sensor random-mac-report enable
undo client-proximity-sensor random-mac-report enable
Default
Information about Apple terminals that use a random MAC address is not reported.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Apple terminals send probe requests by using a random MAC address whose second bit in the first byte is 1 and cause sensors to detect non-existent wireless devices. Enable or disable this command as appropriate.
Examples
# Enable reporting of information about Apple terminals that use a random MAC address.
<Sysname> system-view
[Sysname] client-proximity-sensor random-mac-report enable
client-proximity-sensor report-ac enable
Use client-proximity-sensor report-ac enable to enable sensors to report information about detected devices to the AC.
Use undo client-proximity-sensor report-ac enable to disable sensors from reporting information about detected devices to the AC.
Syntax
client-proximity-sensor report-ac enable
undo client-proximity-sensor report-ac enable
Default
Sensors do not report information about detected devices to the AC.
Views
System view
Predefined user roles
network-admin
Examples
# Enable sensors to report information about detected devices to the AC.
<Sysname> system-view
[Sysname] client-proximity-sensor report-ac enable
client-proximity-sensor report-ac-interval
Use client-proximity-sensor report-ac-interval to set the interval at which sensors report information about detected devices to the AC.
Use undo client-proximity-sensor report-ac interval to restore the default.
Syntax
client-proximity-sensor report-ac interval interval
undo client-proximity-sensor report-ac interval
Default
Sensors report information about detected devices to the AC every 3000 milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval at which sensors report information about detected devices to the AC, in the range of 100 to 60000 milliseconds.
Examples
# Configure sensors to report information about detected devices to the AC every 2000 milliseconds.
<Sysname> system-view
[Sysname] client-proximity-sensor report-ac interval 2000
client-proximity-sensor report-ap enable
Use client-proximity-sensor report-ap enable to enable reporting of AP information to the UDP server.
Use undo client-proximity-sensor report-ap enable to disable reporting of AP information to the UDP server.
Syntax
client-proximity-sensor report-ap enable
undo client-proximity-sensor report-ap enable
Default
AP information is not reported to the UDP server.
Views
System view
Predefined user roles
network-admin
Examples
# Enable reporting of AP information to the UDP server.
<Sysname> system-view
[Sysname] client-proximity-sensor report-ap enable
client-proximity-sensor rssi-change-threshold
Use client-proximity-sensor rssi-change-threshold to set the RSSI difference threshold for reporting client information to the AC.
Use undo client-proximity-sensor rssi-change-threshold to restore the default.
Syntax
client-proximity-sensor rssi-change-threshold threshold-value
undo client-proximity-sensor rssi-change-threshold
Default
The RSSI difference threshold is 100.
Views
System view
Predefined user roles
network-admin
Parameters
threshold-value: Specifies the RSSI difference threshold for reporting client information to the AC, in the range of 1 to 100.
Parameters
An AP does not report the client information to the AC when the following conditions are met:
· The client has been detected before.
· The RSSI difference of the client between the most recent two detections does not reach the specified threshold.
Examples
# Set the RSSI difference threshold to 50 for reporting client information to the AC.
<Sysname> system-view
[Sysname] client-proximity-sensor rssi-change-threshold 50
client-proximity-sensor rssi-threshold
Use client-proximity-sensor rssi-threshold to set the RSSI threshold for clients or APs.
Use undo client-proximity-sensor rssi-threshold to restore the default.
Syntax
client-proximity-sensor rssi-threshold { ap ap-rssi-value | client client-rssi-value }
undo client-proximity-sensor rssi-threshold { ap | client }
Default
The RSSI thresholds for clients and APs are not set.
Views
System view
Predefined user roles
network-admin
Parameters
ap ap-rssi-value: Specifies the RSSI threshold for APs, in the range of 1 to 100.
client client-rssi-value: Specifies the RSSI threshold for clients, in the range of 1 to 100.
Usage guidelines
Sensors do not ignore any wireless devices by default. After you configure this command, sensors will ignore wireless devices with an RSSI lower than the specified RSSI threshold.
Examples
# Configure sensors to ignore APs with an RSSI lower than 30.
<Sysname> system-view
[Sysname] client-proximity-sensor rssi-threshold ap 30
client-proximity-sensor rt-report enable
Use client-proximity-sensor rt-report enable to enable real-time reporting of wireless device information to the UDP server.
Use undo client-proximity-sensor rt-report enable to disable real-time reporting of wireless device information to the UDP server.
Syntax
client-proximity-sensor rt-report enable
undo client-proximity-sensor rt-report enable
Default
Information about wireless devices is reported to the UDP server at the specified interval.
Views
System view
Predefined user roles
network-admin
Examples
# Enable real-time reporting of wireless device information to the UDP server.
<Sysname> system-view
[Sysname] client-proximity-sensor rt-report enable
client-proximity-sensor server
Use client-proximity-sensor server to specify an HTTPS server to receive wireless device information.
Use undo client-proximity-sensor server to restore the default.
Syntax
client-proximity-sensor server string [ window-time window-time-value | partner partner-value ] *
undo client-proximity-sensor server
Default
No HTTPS server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
string: Specifies an HTTPS server by its address, a case-sensitive string of 8 to 127 characters. The address must start with https://.
window-time window-time-value: Specifies the window time in the range of 10 to 60 seconds. The default window time is 30 seconds.
partner partner-value: Specifies the partner flag value. The default partner flag value is 11.
Examples
# Specify the HTTPS server with address https://10.152.3.209:443/xxx/yy to receive wireless device information.
[Sysname] client-proximity-sensor server https://10.152.3.209:443/xxx/yy
client-proximity-sensor udp-server
Use client-proximity-sensor udp-server to specify a UDP server to receive wireless device information.
Use undo client-proximity-sensor udp-server to restore the default.
Syntax
client-proximity-sensor udp-server ip-address port port-number [ interval interval | preshared-key [ cipher | simple ] key-string ] *
undo client-proximity-sensor udp-server
Default
No UDP server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IPv4 address of the UDP server.
port port-number: Specifies the port number of the UDP server, in the range of 1 to 65534.
interval interval: Specifies the interval at which the AC sends device information to the UDP server, in the range of 1 to 600 seconds. The default interval is 30 seconds.
preshared-key: Specifies a preshared key.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form.
key-string: Specifies the key. Its plaintext form is a case-sensitive string of 8 to 63 characters. Its encrypted form is a case-sensitive string of 41 to 117 characters.
Examples
# Specify the UDP server with IP address 10.152.3.209 and port number 443 to receive wireless device information.
<Sysname> system-view
[Sysname] client-proximity-sensor udp-server 10.152.3.209 port 443
display client-proximity-sensor device
Use display client-proximity-sensor device to display information about wireless devices detected by sensors.
Syntax
display client-proximity-sensor device [ ap | client | mac-address mac-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap: Displays information about detected APs.
client: Displays information about detected clients.
mac-address mac-address: Displays information about the wireless device with the specified MAC address. The mac-address argument is in H-H-H format.
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
Examples
# Display brief information about wireless devices detected by sensors.
<Sysname> display client-proximity-sensor device
Total 3 detected devices
MAC address Type Duration Sensors Channel Status
0AFB-423B-893C AP 00h 10m 46s 1 11 Active
0AFB-423B-893D AP 00h 10m 46s 1 6 Active
0AFB-423B-893E AP 00h 10m 46s 1 1 Active
Table 72 Command output
Field |
Description |
MAC address |
MAC address of the wireless device. |
Type |
Wireless device type: · AP. · Client. |
Duration |
Time elapsed since the wireless device entered the current status. |
Sensors |
Number of sensors that detected the wireless device. |
Channel |
Channel on which the wireless device was most recently detected. |
Status |
Wireless device status: · Active. · Inactive. |
# Display detailed information about wireless devices detected by sensors.
<Sysname> display client-proximity-sensor device verbose
Total 2 detected devices
AP: 0AFB-423B-893C
Status: Active
Status duration: 00h 27m 57s
Vendor: Not found
SSID: service
Radio type: 802.11ac
Security: None
Encryption method: None
Authentication method: None
Broadcast SSID: Yes
QoS supported: No
Beacon interval: 100 TU
Up duration: 00h 27m 57s
Channel bandwidth supported: 20/40/80MHz
Total number of reported APs: 1
AP 1:
AP ID: 3
AP name: 1
Radio ID: 1
RSSI: 15
Channel: 419
First reported time: 2016-04-03/09:05:51
Last reported time: 2016-04-03/09:05:51
Total number of associated clients: 1
01: 80EA-9656-AAAB
Client: 80EA-9656-AAAB
Last detected associated AP: 0AFB-423B-893C
Last associated AP (not detected): None
Status: Active
Status duration: 00h 00m 02s
Vendor: Not found
Radio type: 802.11a
Total number of reported APs: 1
AP 1:
AP ID: 2
AP name: 1
Radio ID: 1
RSSI: 50
Channel: 116
First reported time: 2016-04-03/14:52:56
Last reported time: 2016-04-03/14:52:56
Reported associated AP: 0AFB-423B-893C
Table 73 Command output
Field |
Description |
Total number detected devices |
Number of detected wireless devices. |
AP |
MAC address of the detected AP. |
Client |
MAC address of the detected client. |
Last detected associated AP |
MAC address of the AP with which the client most recently associated. The MAC address is the BSSID of the AP. |
Last associated AP (not detected) |
MAC address of the AP with which the client most recently communicated. This AP has not been detected, and the MAC address of the AP is obtained from packets exchanged between the client and the AP. |
Status |
Wireless device status: · Active. · Inactive. |
Status duration |
Time elapsed since the wireless device entered the current status. |
Vendor |
OUI of the wireless device. This field displays Not found if no OUIs are imported or the OUI of the device does not match any of the imported OUIs. |
Security |
Security method: · WEP. · WPA. · WPA2. · None. |
Encryption method |
Encryption method: · TKIP. · CCMP. · WEP. · None. |
Authentication method |
Authentication method: · PSK. · 802.1X. · Others—Authentication methods except for PSK authentication and 802.1X authentication. · None. |
Broadcast SSID |
Whether the AP broadcasts SSIDs. If the AP does not broadcast SSIDs, the SSID field in the output is null. |
Beacon interval |
Beacon interval in TU. One TU is equal to 1024 microseconds. |
Up duration |
Time elapsed since the AP started. |
Total number of reported APs |
Number of sensors that detected the client. |
AP n |
Sensor that detected the wireless device. n represents the number of the sensor and is automatically assigned by the system. |
AP ID |
AP ID of the sensor. |
AP name |
Name of the sensor that detected the wireless device. |
Radio ID |
ID of the radio that detected the wireless device. |
RSSI |
RSSI of the sensor. |
Channel |
Channel on which the sensor most recently detected the wireless device. |
First reported time |
Time when the sensor detected the wireless device for the first time. |
Last reported time |
Time when the sensor most recently detected the wireless device. |
Total number of associated clients |
Number of clients that are associated with the AP. |
n:H-H-H |
MAC address of the wireless client associated with the AP. n is the number of the wireless client and is automatically assigned by the system. |
Reported associated AP |
AP with which the wireless client is associated. |
display client-proximity-sensor sensor
Use display client-proximity-sensor sensor to display information about sensors.
Syntax
display client-proximity-sensor sensor
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about sensors.
<Sysname> display client-proximity-sensor sensor
Total number of sensors: 1
Sensor ID Sensor name Radio ID
3 ap1 1
display client-proximity-sensor statistics receive
Use display client-proximity-sensor statistics receive to display statistics received from sensors.
Syntax
display client-proximity-sensor statistics receive
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display statistics received from sensors
<Sysname> display client-proximity-sensor statistics receive
Information from sensor 1
Statistics information for received messages:
Detected AP updated messages: 7
Detected client updated messages: 5
Detected AP deleted messages: 3
Detected client deleted messages: 0
Detected all device deleted messages: 0
Information from sensor 2
Statistics information for received messages:
Detected AP updated messages: 6
Detected client updated messages: 5
Detected AP deleted messages: 3
Detected client deleted messages: 2
Detected all device deleted messages: 0
Table 74 Command output
Field |
Description |
Information from sensor n |
Information collected from sensor n, where n represents the ID of the sensor. |
Detected AP updated messages |
Number of AP update messages. |
Detected client updated messages |
Number of client update messages. |
Detected AP deleted messages |
Number of AP delete messages. |
Detected client deleted messages |
Number of client delete messages. |
Detected all device deleted messages |
Number of device delete messages |
Related commands
reset client-proximity-sensor statistics
reset client-proximity-sensor device
Use reset client-proximity-sensor device to clear wireless device information.
Syntax
reset client-proximity-sensor device { ap | client | mac-address mac-address | all }
Views
User view
Predefined user roles
network-admin
Parameters
ap: Specifies detected APs.
client: Specifies detected clients.
mac-address mac-address: Specifies a wireless device by its MAC address, in H-H-H format.
all: Specifies all detected devices.
Examples
# Clear information about detected clients.
<Sysname> reset client-proximity-sensor device client
# Clear information about the wireless device with MAC address 0023-1212-2323.
<Sysname> reset client-proximity-sensor device mac-address 0023-1212-2323
Related commands
display client-proximity-sensor entry
reset client-proximity-sensor statistics
Use reset client-proximity-sensor statistics to clear statistics received from sensors.
Syntax
reset client-proximity-sensor statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear statistics received from sensors.
<Sysname> reset client-proximity-sensor statistics
Related commands
display client-proximity-sensor statistics receive
WLAN process maintenance commands
display maintain cpu-usage history
Use display maintain cpu-usage history to display CPU usage history of a WLAN process.
Syntax
display maintain cpu-usage history process process-name [ days-ago days ] [ start-time value ] [ interval interval ]
Views
Any view
Predefined user roles
network-admin
Parameters
process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters.
days-ago days: Specifies the number of past days, in the range of 1 to 7. If you do not specify this option, the command displays CPU history information for the current day.
start-time value: Specifies the start hour, in the range of 0 to 23. The default value is 0. If you specify 3, the command displays the CPU history after 3 o'clock.
interval interval: Specifies the statistics collection interval. The value can be 1, 5, or 20 minutes. The default value is 5.
Examples
# Display the CPU usage of process stamgr every five minutes from 9:00 yesterday.
<Sysname> display maintain cpu-usage history process stamgr days-ago 1 start-time 9
CPU utilization rate
Process: stamgr Time: 2017-07-20 09:00 Interval: 5min
(%)
100|
90|
80|
70|
60| ** *
50| *** **** **
40| ************ *********
30| ****************** *********
20|*** *********
10|
0+-----------+-----------+-----------+-----------+-----------+-----------+
09:00 10:00 11:00 12:00 13:00 14:00 15:00
Table 75 Command output
Field |
Description |
Process |
Process name. |
Time |
Start time. |
Interval |
Statistics collection interval. |
display maintain memory-usage history
Use display maintain memory-usage history to display memory usage history of a WLAN process.
Syntax
display maintain memory-usage history process process-name [ days-ago days ] [ start-time value ] [ interval interval ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters.
days-ago days: Specifies the number of past days, in the range of 1 to 7. If you do not specify this option, the command displays history information in the current day.
start-time value: Specifies the start hour, in the range of 0 to 23. The default value is 0. If you specify 3, the command displays the memory usage history after 3 o'clock.
interval interval: Specifies the statistics collection interval. The value can be 5, 20, or 60 minutes. The default value is 20.
Examples
# Display the memory usage of process apmgr every 20 minutes from yesterday.
<Sysname> display maintain memory-usage history process apmgr days-ago 1
Memory utilization
Process: apmgr Time: 2017-07-20 00:00 Interval: 20min
(MB)
2048|
1792| ***
1536|
1280| **** *****
1024| ************ *********
768| ****************** *********
512|*** *********
256|
0+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 0
Table 76 Command output
Field |
Description |
Process |
Process name. |
Time |
Start time. |
Interval |
Statistics collection interval. |
maintain enable
Use maintain enable to enable WLAN process maintenance.
Use undo maintain enable to disable WLAN process maintenance.
Syntax
maintain enable
undo maintain enable
Default
WLAN process maintenance is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables the system to monitor the CPU usage, memory usage, and thread state of the apmgr, stamgr, and portal processes.
Examples
# Enable WLAN process maintenance.
<Sysname> system-view
[Sysname] maintain enable
maintain process inactive-time
Use maintain process inactive-time to set the inactive timeout for a process.
Use undo maintain process inactive-time to restore the default.
Syntax
maintain process process-name inactive-time value
undo maintain process process-name inactive-time
Default
The inactive timeout is 10 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
process-name: Specifies the name of a process.
value: Specifies the inactive timeout in the range of 5 to 30 seconds.
Usage guidelines
When WLAN process maintenance is enabled, the system periodically sends a message to each monitored process to examine the process state. If the system fails to receive any response from a process when the inactive timeout expires, the system determines that the process is in defunct state.
You can set the inactive timeout only for the apmgr, stamgr, and portal processes.
The configuration starts to take effect the first time the system sends a message upon execution of the command.
Examples
# Set the inactive timeout for process apmgr.
<Sysname> system-view
[Sysname] maintain process apmgr inactive-time 20
maintain process memory-threshold
Use maintain process memory-threshold to set the memory usage threshold.
Use undo maintain process memory-threshold to restore the default.
Syntax
maintain process process-name memory-threshold value
undo maintain process process-name memory-threshold
Default
The memory usage threshold is 300 MB.
Views
System view
Predefined user roles
network-admin
Parameters
process-name: Specifies the name of a process.
value: Specifies the memory usage threshold in the range of 50 to 1000 MB.
Usage guidelines
The system outputs a log entry when the memory usage of the specified process exceeds the threshold.
You can set the threshold only for the apmgr, stamgr, and portal processes.
Examples
# Set the memory usage threshold to 100 MB for process apmgr.
<Sysname> system-view
[Sysname] maintain process apmgr memory-threshold 100
WLAN forwarding commands
display wlan forward statistics
Use display wlan forward statistics to display WLAN forwarding statistics.
Syntax
display wlan forward statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display WLAN forwarding statistics.
<Sysname> display wlan forward statistics
Discarded frames:
Forwarding type error : 5
Packet validity check fail : 7
Service module discard : 0
Packets only for listening : 0
BSS/station info get fail : 13
Radio info get fail : 0
Tunnel info get fail : 3
Memory/MBUF fail : 3
Roaming discard : 0
Adjacency list get fail : 0
CAPWAP validity check fail : 0
Format conversion fail : 0
Inside packet decode fail : 0
Encrypt/decrypt fail : 0
Radio fragment/reassemble fail : 6
CAPWAP fragment/reassemble fail : 5
Priority process fail : 0
QoS/IP forward fail : 0
MAC forward fail : 0
Radio forward fail : 0
Table 77 Command output
Field |
Description |
Forwarding type error |
Number of packets discarded because neither local forwarding nor centralized forwarding is used. |
Packet validity check fail |
Number of packets discarded because of validity check failure. |
Service module discard |
Number of packets discarded by the service module. |
Packets only for listening |
Number of packets only for packet listening. |
BSS/station info get fail |
Number of packets from which the system fails to get BSS or client information. |
Radio info get fail |
Number of packets from which the system fails to get radio information. |
Tunnel info get fail |
Number of packets from which the system fails to get tunnel information. |
Memory/MBUF fail |
Number of packets discarded because of memory or MBUF operation failure. |
Roaming discard |
Number of packets discarded because of roaming. |
Adjacency list get fail |
Number of packets from which the system fails to get the adjacency list. |
CAPWAP validity check fail |
Number of packets discarded because of CAPWAP validity check failure. |
Format conversion fail |
Number of packets discarded because of format conversion failure. |
Inside packet decode fail |
Number of packets discarded because of decoding failure. |
Encrypt/decrypt fail |
Number of packets discarded because of encryption or decryption failure. |
Radio fragment/reassemble fail |
Number of packets discarded because of radio fragmentation or reassembling failure. |
CAPWAP fragment/reassemble fail |
Number of packets discarded because of tunnel fragmentation or reassembling failure. |
Priority process fail |
Number of packets discarded because of priority processing failure. |
QoS/IP forward fail |
Number of packets discarded because of QoS or IP forwarding failure. |
MAC forward fail |
Number of packets discarded because of MAC forwarding failure. |
Radio forward fail |
Number of packets discarded because of radio forwarding failure. |
reset wlan forward statistics
Use reset wlan forward statistics to clear WLAN forwarding statistics.
Syntax
reset wlan forward statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear WLAN forwarding statistics.
<Sysname> reset wlan forward statistics
ac,1
ac discovery policy ipv6,2
adjacency-factor,422
akm mode,184
a-mpdu,70
a-msdu,70
ani,71
antenna type,72
ap,2
ap name,423
ap radio,341
ap-channel-change,217
ap-classification rule,217
ap-flood,218
ap-impersonation,218
ap-model,73
apply ap-classification rule,219
apply classification policy,220
apply countermeasure policy,220
apply detect policy,221
apply signature policy,221
apply signature rule,222
ap-rate-limit,223
ap-spoofing,223
ap-timer,224
association-table-overflow,224
authentication,225
authentication-mode,332
authentication-type,398
auto-channel european-gap enable,74
backup-ac,368
band-navigation,364
bandwidth-guarantee,312
bandwidth-guarantee service-template,313
beacon ssid-hide,127
beacon-interval,74
block mac-address,226
broadcast-probe reply,127
cac policy,314
calibrate-channel mode,423
calibrate-channel monitoring time-range,424
calibrate-channel pronto,425
calibrate-channel self-decisive,426
calibrate-power min,427
calibrate-power mode,428
calibrate-power self-decisive,429
calibrate-power threshold,429
channel,75
channel auto-select,76
channel band-width,77
channel holddown-time,430
channel-capability mode,431
channel-switch mode,432
channel-usage measure,78
cipher-suite,185
classification policy,226
classifier acl,128
client association-location,129
client cache aging-time,129
client dot11ac-only,79
client dot11b-forbidden,80
client dot11n-only,81
client forwarding-location,130
client forwarding-policy enable,131
client forwarding-policy-name,131
client frame-format,132
client idle-timeout,133
client ip-snooping http-learning enable,474
client ipv4-snooping arp-learning enable,474
client ipv6-snooping nd-learning enable,475
client ipv6-snooping snmp-nd-report enable,475
client keep-alive,133
client keep-alive interval,134
client max-count,135
client max-count,82
client preferred-vlan authorized,136
client vlan-alloc,136
client-association fast-learn enable,227
client-online,228
client-proximity-sensor,479
client-proximity-sensor ap-timer,479
client-proximity-sensor ap-udp-server,480
client-proximity-sensor client-timer,481
client-proximity-sensor coordinates,481
client-proximity-sensor filter-list,482
client-proximity-sensor random-mac-report enable,482
client-proximity-sensor report-ac enable,483
client-proximity-sensor report-ac-interval,484
client-proximity-sensor report-ap enable,484
client-proximity-sensor rssi-change-threshold,485
client-proximity-sensor rssi-threshold,485
client-proximity-sensor rt-report enable,486
client-proximity-sensor server,486
client-proximity-sensor udp-server,487
client-rate-limit,228
client-rate-limit (radio view/AP group radio view),315
client-rate-limit (service template view),316
client-rate-limit { disable | enable },317
client-rate-limit enable,318
client-security accounting-delay time,198
client-security accounting-start trigger,199
client-security accounting-update trigger,200
client-security authentication fail-vlan,201
client-security authentication-location,201
client-security authentication-mode,202
client-security authorization-fail offline,203
client-security ignore-authentication,203
client-security ignore-authorization,204
client-security intrusion-protection action,205
client-security intrusion-protection enable,206
client-security intrusion-protection timer temporary-block,207
client-security intrusion-protection timer temporary-service-stop,207
client-spoofing,229
client-timer,229
cloud-management keepalive,469
cloud-management server domain,469
cloud-management server port,470
cmtunnel server domain,467
comeback-delay,399
continuous-mode,82
control-address,3
control-address enable,4
countermeasure adhoc,230
countermeasure attack all,231
countermeasure attack deauth-broadcast,231
countermeasure attack disassoc-broadcast,232
countermeasure attack honeypot-ap,232
countermeasure attack hotspot-attack,233
countermeasure attack ht-40-mhz-intolerance,233
countermeasure attack malformed-packet,234
countermeasure attack man-in-the-middle,234
countermeasure attack omerta,235
countermeasure attack power-save,235
countermeasure attack soft-ap,236
countermeasure attack unencrypted-trust-client,236
countermeasure attack weak-iv,237
countermeasure attack windows-bridge,237
countermeasure external-ap,238
countermeasure mac-address,238
countermeasure misassociation-client,239
countermeasure misconfigured-ap,239
countermeasure policy,240
countermeasure potential-authorized-ap,240
countermeasure potential-external-ap,241
countermeasure potential-rogue-ap,241
countermeasure rogue-ap,242
countermeasure unauthorized-client,242
countermeasure uncategorized-ap,243
countermeasure uncategorized-client,243
crc-error-threshold,433
custom-antenna gain,83
customlog format wlan,137
deauthentication-broadcast,244
delete file,5
description,138
description,341
description,400
description,434
description (AP group view),6
description (AP view),6
detect dissociate-client enable,244
detect policy,245
detect signature,246
dgaf enable,400
disassociation-broadcast,246
discovered-ap,247
display client-proximity-sensor device,488
display client-proximity-sensor sensor,491
display client-proximity-sensor statistics receive,491
display cloud-management state,470
display cmtunnel state,467
display maintain cpu-usage history,494
display maintain memory-usage history,495
display uplink client-rate-limit,138
display wips sensor,248
display wips statistics,248
display wips virtual-security-domain countermeasure record,252
display wips virtual-security-domain device,254
display wlan ap,7
display wlan ap address,18
display wlan ap all feature capwap,19
display wlan ap backup multislot,370
display wlan ap connection,20
display wlan ap continuous-mode,84
display wlan ap files,20
display wlan ap online-time,21
display wlan ap radio,85
display wlan ap radio channel,86
display wlan ap radio type,87
display wlan ap radio-statistics,88
display wlan ap reboot-log,23
display wlan ap running-configuration,22
display wlan ap statistics association-failure-record,24
display wlan ap statistics online-record,25
display wlan ap statistics tunnel-down-record,26
display wlan ap-distribution,27
display wlan ap-distribution ap-name,28
display wlan ap-group,29
display wlan ap-model,30
display wlan blacklist,139
display wlan client,140
display wlan client status,146
display wlan client-security block-mac,208
display wlan fast-forwarding status,477
display wlan forward statistics,498
display wlan forwarding-policy,148
display wlan hotspot uploaded-osu-icon,401
display wlan load-balance group,342
display wlan load-balance status service-template,343
display wlan measure-report,350
display wlan mobility,332
display wlan mobility group,333
display wlan mobility roam-track mac-address,334
display wlan module firmware-upgrade history,454
display wlan module-information,455
display wlan nat-detect,258
display wlan region-code,149
display wlan rfid-tracking radio,376
display wlan rrm baseline,434
display wlan rrm baseline apply-result,436
display wlan rrm-calibration-group,437
display wlan rrm-history ap,438
display wlan rrm-status ap,439
display wlan service-template,149
display wlan statistics,154
display wlan tunnel latency ap name,32
display wlan whitelist,156
display wlan wmm,318
distance,95
dns domain,33
dns server,34
domain-name,401
dot11ac mandatory maximum-nss,96
dot11ac multicast-nss,97
dot11ac support maximum-nss,98
dot11g protection,99
dot11n mandatory maximum-mcs,100
dot11n multicast-mcs,101
dot11n protection,102
dot11n support maximum-mcs,103
dot1x domain,209
dot1x eap,210
dot1x handshake enable,211
dot1x handshake secure enable,211
dot1x max-user,212
dot1x re-authenticate enable,213
download file,35
dtim,104
echo-count,35
echo-interval,36
edca client (ac-be and ac-bk),321
edca client (ac-vi and ac-vo),323
edca radio,324
firmware-upgrade,37
flood association-request,259
flood authentication,260
flood beacon,261
flood block-ack,261
flood cts,262
flood deauthentication,263
flood disassociation,263
flood eap-failure,264
flood eapol-logoff,265
flood eapol-start,266
flood eap-success,266
flood null-data,267
flood probe-request,268
flood reassociation-request,269
flood rts,269
fragment-size,38
fragment-threshold,105
frame-type,270
ft enable,373
ft method,373
ft reassociation-timeout,374
gas-limit,402
gateway,39
green-energy-management,106
group enable,335
gtk-rekey client-offline enable,185
gtk-rekey enable,186
gtk-rekey method,186
hessid,403
honeypot-ap,271
hotspot-attack,272
hotspot-policy,403
ht-40mhz-intolerance,272
ht-greenfield,273
hybrid-remote-ap,39
icon-file,404
if-match ip,40
if-match ipv6,41
ignorelist,273
import hotspot,274
import oui,275
inherit exclude service-template,157
interference-threshold,442
invalid-oui-classify illegal,275
ip address,42
ip-protocol,405
ip-type,406
ipv6 address,43
keepalive-interval,43
key-derivation,188
ldpc,107
led-mode,44
long-retry threshold,108
mac-address,276
mac-address (AP group view),45
mac-address (AP view),45
mac-authentication domain,214
mac-authentication max-user,214
maintain enable,496
maintain process inactive-time,496
maintain process memory-threshold,497
malformed duplicated-ie,276
malformed fata-jack,277
malformed illegal-ibss-ess,278
malformed invalid-address-combination,278
malformed invalid-assoc-req,279
malformed invalid-auth,280
malformed invalid-deauth-code,281
malformed invalid-disassoc-code,281
malformed invalid-ht-ie,282
malformed invalid-ie-length,283
malformed invalid-pkt-length,283
malformed large-duration,284
malformed null-probe-resp,285
malformed overflow-eapol-key,286
malformed overflow-ssid,286
malformed redundant-ie,287
man-in-the-middle,288
manual-classify mac-address,288
map-configuration,157
max-power,109
measure,352
measure-duration,354
measure-interval,355
member,336
method,407
mimo,110
module,456
module enable,457
module firmware-upgrade,458
mu-txbf,111
nai,408
nai-realm,408
nas-id,158
nas-port-id,159
nas-vlan,160
network-type,410
omerta,289
operator-name,411
osu-provider,412
osu-ssid,413
oui,290
pattern,290
permit-channel,291
pmf,188
pmf association-comeback,189
pmf saquery retrycount,190
pmf saquery retrytimeout,190
policy-name,413
port-security oui,215
power holddown-time,443
power-capability mode,443
power-constraint mode,445
power-level default,46
power-lock,112
power-save,292
preamble,113
preshared-key,191
priority,47
prohibited-channel,292
protection-mode,113
protection-threshold,115
provision,48
provision auto-recovery,49
provision auto-update,50
ptk-lifetime,192
ptk-rekey enable,192
qos priority,325
qos trust,326
quick-association enable,161
radio,115
radio,116
rate,117
region-code,161
region-code-lock,164
report-interval,293
reset client-proximity-sensor device,492
reset client-proximity-sensor statistics,493
reset wips statistics,294
reset wips virtual-security-domain,294
reset wips virtual-security-domain countermeasure record,295
reset wlan ap,51
reset wlan ap provision,51
reset wlan ap radio-statistics,118
reset wlan ap reboot-log,52
reset wlan client,165
reset wlan dynamic-blacklist,165
reset wlan forward statistics,499
reset wlan nat-detect,295
reset wlan statistics client,166
reset wlan tunnel latency ap,52
reset wlan wmm,327
resource-measure,355
retransmit-count,53
retransmit-interval,54
rfid-tracking ble advertisement,458
rfid-tracking ble advertisement enable,460
rfid-tracking ble advertisement interval,461
rfid-tracking client rate-limit,376
rfid-tracking client rate-limit cir,377
rfid-tracking dilution,378
rfid-tracking dilution factor,379
rfid-tracking fingerprint,380
rfid-tracking fingerprint engine-address,381
rfid-tracking fingerprint mu-report,382
rfid-tracking fingerprint raw-frame-report,383
rfid-tracking fingerprint report-format,384
rfid-tracking fingerprint report-mode,385
rfid-tracking fingerprint tag-multicast-address,386
rfid-tracking fingerprint vendor-port,387
rfid-tracking ignore ap-frame enable,388
rfid-tracking ignore beacon,389
rfid-tracking keepalive,390
rfid-tracking mode,391
rfid-tracking radio,392
rfid-tracking rate-limit,392
rfid-tracking rate-limit cir,393
rfid-tracking rssi,394
rfid-tracking rssi threshold,395
rm-capability mode,356
roam-oi,414
rrm,446
rssi,296
rssi-change-threshold,296
rssi-threshold,297
save wlan ap provision,55
scan channel blacklist,358
scan channel whitelist,359
scan idle-time,359
scan max-service-time,360
scan mode all,361
scan scan-time,362
scan-only,446
security,297
security-ie,193
select sensor all,298
seq-number,298
serial-id (AP group view),56
serial-id (AP view),56
serial-number,462
service-template,166
service-template enable,168
short-gi,119
short-retry threshold,119
signature policy,299
signature rule,300
smart-antenna,120
smart-antenna policy,121
snmp-agent trap enable wlan ap,57
snmp-agent trap enable wlan capwap,57
snmp-agent trap enable wlan client,168
snmp-agent trap enable wlan client-audit,169
snmp-agent trap enable wlan load-balance,344
snmp-agent trap enable wlan location-aware,396
snmp-agent trap enable wlan mobility,337
snmp-agent trap enable wlan rrm,447
snmp-agent trap enable wlan usersec,194
soft-ap,300
source,337
spectrum-management,447
ssid,169
ssid (AP classification rule view),301
ssid (signature view),301
ssid-length,302
statistics-interval,58
stbc,122
su-txbf,123
svp map-ac,327
tkip-cm-time,194
tolerance-level,448
trust mac-address,302
trust oui,303
trust ssid,304
tunnel latency-detect,59
tunnel-type,338
tx-power,462
type,124
type,463
unencrypted-authorized-ap,304
unencrypted-trust-client,305
unknown-client,170
up-duration,305
uplink client-rate-limit,170
uri,414
usb,60
venue group,415
venue name,418
virtual-security-domain,306
vlan,171
wan-metrics,419
weak-iv,306
wep key,195
wep key-id,196
wep mode dynamic,197
windows-bridge,307
wips,308
wips enable,308
wips virtual-security-domain,309
wireless-bridge,309
wlan ap,60
wlan ap-backup active count,370
wlan ap-backup load-balance,371
wlan apdb,61
wlan apdb file,62
wlan ap-group,63
wlan auto-ap enable,64
wlan auto-ap persistent,64
wlan auto-persistent enable,65
wlan band-navigation aging-time,364
wlan band-navigation balance access-denial,365
wlan band-navigation balance session,366
wlan band-navigation enable,366
wlan band-navigation rssi-threshold,367
wlan calibrate-channel pronto ap all,449
wlan calibrate-power pronto ap all,449
wlan capwap discovery-policy unicast,65
wlan client forwarding enable,172
wlan client forwarding-policy-name,173
wlan client reauthentication-period,173
wlan client-rate-limit,328
wlan detect-anomaly enable,66
wlan dynamic-blacklist active-on-ap,174
wlan dynamic-blacklist lifetime,175
wlan execute module firmware-upgrade,464
wlan execute module reset,465
wlan execute module restore-factory,465
wlan fast-forwarding enable,477
wlan forwarding-policy,175
wlan global-configuration,66
wlan hotspot osu-icon unload,420
wlan hotspot osu-icon upload,420
wlan hotspot-policy,419
wlan image-load filepath,67
wlan link-test,176
wlan load-balance access-denial,345
wlan load-balance enable,345
wlan load-balance group,346
wlan load-balance mode bandwidth,346
wlan load-balance mode session,347
wlan load-balance mode traffic,348
wlan load-balance rssi-threshold,349
wlan max-bandwidth,329
wlan mobility group,339
wlan mobility-group-isolation enable,339
wlan nas-port-id format,177
wlan nat-detect,310
wlan osu-provider,421
wlan permit-ap-group,178
wlan permit-ssid,179
wlan radio,125
wlan re-group,68
wlan rename-ap,68
wlan rrm baseline apply,450
wlan rrm baseline remove,450
wlan rrm baseline save,451
wlan rrm calibration-channel interval,452
wlan rrm calibration-power interval,453
wlan rrm-calibration-group,452
wlan service-template,179
wlan static-blacklist mac-address,180
wlan tcp mss,69
wlan tunnel-preempt,368
wlan uplink track,372
wlan web-server api-path,181
wlan web-server host,181
wlan web-server max-client-entry,182
wlan whitelist mac-address,183
wmm,330