- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-WLAN access commands | 365.09 KB |
client-mode authentication-method
client-mode roam calibration-interval
client-mode roam rssi-threshold
client-mode roam scan-interval
display wlan ap all client-number
display wlan ap all radio client-number
display wlan client online-duration
display wlan client-mode packet-statistics
display wlan client-mode radio
display wlan client-mode roam-enhance bss
display wlan client-mode roaming-state
display wlan statistics client
display wlan statistics connect-history
display wlan statistics service template
reset wlan client-mode packet-statistics
reset wlan client-mode roaming-state
reset wlan statistics service-template
snmp-agent trap enable wlan client
snmp-agent trap enable wlan client-audit
wlan client keep-alive interval
wlan client reauthentication-period
wlan dynamic-blacklist lifetime
wlan static-blacklist mac-address
wlan web-server max-client-entry
WLAN access commands
The WA6600 series does not support the client mode or the following client mode-related commands:
· client-mode access-retransmit
· client-mode authentication-method
· client-mode beacon-keepalive
· client-mode cipher-suite
· client-mode connect
· client-mode disconnect
· client-mode enable
· client-mode link-hold-rssi
· client-mode min-record-rssi
· client-mode probe-keepalive
· client-mode roam
· client-mode roam calibration-interval
· client-mode roam rssi-threshold
· client-mode roam scan-aging
· client-mode roam scan-interval
· client-mode roam-enhance
· client-mode ssid
· client-mode vlan
· display wlan client-mode packet-statistics radio radio-id
· display wlan client-mode radio
· display wlan client-mode roam-enhance bss
· display wlan client-mode roaming-state
· display wlan client-mode ssid [ ssid ]
· reset wlan client-mode packet-statistics radio radio-id
· reset wlan client-mode roaming-state
access-control acl
Use access-control acl to specify an ACL for ACL-based access control.
Use undo access-control acl to restore the default.
Syntax
access-control acl acl-number
undo access-control acl
Default
No ACL is specified.
Views
Service template view
Predefined user roles
network-admin
Parameters
acl-number: Specifies the number of a Layer 2 ACL, in the range of 4000 to 4999.
Usage guidelines
This feature controls client access by using the specified ACL rules. When the device receives an association request, it performs the following actions:
· Allows the client to access the WLAN if the MAC address of the client matches the MAC address attribute or MAC address OUI attribute in a rule and the rule action is permit. If multiple clients match the OUI attribute, all these clients are allowed to access the WLAN.
· Denies the client's access to the WLAN if no match is found or the matched rule has a deny statement.
When you configure this feature, follow these restrictions and guidelines:
· If the specified ACL contains a deny statement, configure a permit statement for the ACL to permit all clients. If you do not do so, no clients can come online.
· ACL-based access control configuration takes precedence over whitelist and blacklist configuration.
· You can specify only one ACL. If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for service template service1.
<Sysname> system-view
[Sysname] acl mac 4000
[Sysname-acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff
[Sysname-acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000
[Sysname-acl-mac-4000] rule 2 deny
[Sysname-acl-mac-4000] quit
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] access-control acl 4000
beacon ssid-hide
Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames.
Use undo beacon ssid-hide to restore the default.
Syntax
beacon ssid-hide
undo beacon ssid-hide
Default
The SSID is advertised in beacon frames.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command disables a radio from carrying SSIDs in the beacon frames and responding to probe requests after the specified service template is bound to the radio.
Examples
# Disable advertising the SSID in beacon frames.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] beacon ssid-hide
client cache aging-time
Use client cache aging-time to set the aging time for the cache of clients.
Use undo client cache aging-time to restore the default.
Syntax
client cache aging-time aging-time
undo client cache aging-time
Default
The aging time for the cache of clients is 180 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the aging time for the cache of clients, in the range of 0 to 86400 seconds.
Usage guidelines
If you set the aging time to 0 seconds, the AC clears the client cache immediately when the clients go offline.
Make sure the service template is disabled before you execute this command.
Examples
# Set the aging time for the cache of clients to 100 seconds.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client cache aging-time 100
client max-count
Use client max-count to set the maximum number of associated clients for a service template.
Use undo client max-count to restore the default.
Syntax
client max-count max-number
undo client max-count
Default
The number of associated clients for a service template is not limited.
Views
Service template view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of clients in the range of 1 to 512.
Usage guidelines
With this feature configured, new clients cannot access the WLAN from a radio and the SSID is hidden when the maximum number is reached on the radio.
Examples
# Set the maximum number of associated clients to 38 for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client max-count 38
Related commands
beacon ssid-hide
client smart-access enable
Use client smart-access enable to enable smart client access.
Use undo client smart-access enable to restore the default.
Syntax
client smart-access enable
undo client smart-access enable
Default
Smart client access is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This feature enables H3C wireless clients to access the WLAN automatically when the AKM mode is set to PSK or when the radio is bound to an empty service template.
Examples
# Enable smart client access.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client smart-access enable
client-mode access-retransmit
Use client-mode access-retransmit to set the retransmission interval and maximum number of retransmission attempts for authentication and association requests.
Use undo client-mode access-retransmit to restore the default.
Syntax
client-mode access-retransmit interval interval [ count count ]
undo client-mode access-retransmit
Default
The retransmission interval is 300 milliseconds and the AP does not retransmit authentication and association requests.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
interval: Specifies the retransmission interval in the range of 100 to 5000 milliseconds.
count: Specifies the maximum number of retransmission attempts, in the range of 1 to 10.
Usage guidelines
If the AP fails to receive any authentication or association response within the retransmission interval after the last retransmission, the AP tries to associate with another radio.
Make sure the client mode is enabled on the interface before you perform this task. Disabling the client mode removes the retransmission configuration.
Examples
# Set the retransmission interval to 500 ms and the maximum number of retransmission attempts to 3 for authentication and association requests.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode access-retransmit interval 500 count 3
Related commands
client-mode enable
client-mode authentication-method
Use client-mode authentication-method to specify the authentication method for a client-mode AP.
Use undo client-mode authentication-method to restore the default.
Syntax
client-mode authentication-method { open-system | shared-key | wpa2-psk }
undo client-mode authentication-method
Default
The authentication method for a client-mode AP is open-system.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
open-system: Specifies open-system authentication.
shared-key: Specifies shared-key authentication.
wpa2-psk: Specifies WPA2-PSK authentication.
Usage guidelines
Make sure the client mode is enabled before you execute this command. Disabling the client mode removes the configuration.
Specify the CCMP or TKIP cipher suite when WPA2-PSK authentication is configured.
For the client-mode AP to access a WLAN, make sure the RSN IE and PSK AKM mode are configured for the WLAN if the authentication method is WPA2-PSK.
Examples
# Set the authentication method to shared-key.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode authentication-method shared-key
Related commands
client-mode cipher-suite
client-mode enable
client-mode beacon-keepalive
Use client-mode beacon-keepalive to enable beacon-based AP keepalive.
Use undo client-mode beacon-keepalive to disable beacon-based AP keepalive.
Syntax
client-mode beacon-keepalive interval interval count count
undo client-mode beacon-keepalive
Default
Beacon-based AP keepalive is disabled.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
interval: Specifies the keepalive interval, in the range of 100 to 8191 milliseconds.
count: Specifies the keepalive count in the range of 1 to 100.
Usage guidelines
This feature enables the AP to proactively connect to another radio if the AP fails to receive any beacon frame from the currently associated radio before the beacon keepalive timer expires.
The beacon keepalive time equals the keepalive interval multiplied by the keepalive count.
Make sure the client mode has been enabled on the interface before you perform this task. Disabling the client mode removes the keepalive configuration.
As a best practice, set the beacon-based AP keepalive interval to a value twice the beacon sending interval or higher.
Examples
# Enable beacon-based AP keepalive, set the keepalive interval to 100 milliseconds, and set the keepalive count to 5.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode beacon-keepalive interval 100 count 5
Related commands
client-mode enable
client-mode cipher-suite
Use client-mode cipher-suite to specify the cipher suite and the pre-shared key for a client-mode AP.
Use undo client-mode cipher-suite to restore the default.
Syntax
client-mode cipher-suite { ccmp | tkip | { wep40 | wep104 | wep128 } [ key-id key-id ] } key [ cipher | simple ] string
undo client-mode cipher-suite
Default
No cipher suite and pre-shared key are configured for a client-mode AP.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
ccmp: Specifies the AES-CCMP cipher suite.
tkip: Specifies the TKIP cipher suite.
wep40: Specifies the WEP40 cipher suite.
wep104: Specifies the WEP104 cipher suite.
wep128: Specifies the WEP128 cipher suite.
key-id key-id: Specifies the key ID in the range of 1 to 4. The default value is 1.
cipher: Sets a key in encrypted form.
simple: Sets a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies a key string. This argument is case sensitive. The key length varies by key type.
· CCMP and TKIP—Its plaintext form is 8 to 63 characters. Its encrypted form is 8 to 117 characters.
· WEP40—Its plaintext form is 5 characters. Its encrypted form is 37 to 73 characters.
· WEP104—Its plaintext form is 13 characters. Its encrypted form is 37 to 73 characters.
· WEP128—Its plaintext form is 16 characters. Its encrypted form is 37 to 73 characters.
Usage guidelines
Make sure the client mode is enabled before you execute this command. Disabling the client mode removes the configuration.
Examples
# Set the CCMP cipher suite, and configure simple character string 12345678 as the pre-shared key.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode cipher-suite ccmp key simple 12345678
Related commands
client-mode enable
client-mode connect
Use client-mode connect to connect a client-mode AP to the WLAN.
Syntax
client-mode connect
Views
Radio interface view
Predefined user roles
network-admin
Usage guidelines
Make sure the client mode is enabled and the SSID to associate with is specified before you execute this command.
After you use the client-mode disconnect command to disconnect a client-mode AP from the WLAN, you can use this command to reconnect the client-mode AP to the WLAN.
Examples
# Connect the client-mode AP to the WLAN.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode ssid service1
[Sysname-WLAN-Radio1/0/1] client-mode connect
Related commands
client-mode disconnect
client-mode enable
client-mode disconnect
Use client-mode disconnect to disconnect a client-mode AP from the WLAN.
Syntax
client-mode disconnect
Views
Radio interface view
Predefined user roles
network-admin
Usage guidelines
Make sure the client mode is enabled before you execute the command.
Examples
# Disconnect the client-mode AP from the WLAN.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode disconnect
Related commands
client-mode connect
client-mode enable
client-mode enable
CAUTION: Do not configure wireless access services or WDS services on a radio interface with the client mode enabled. |
Use client-mode enable to enable the client mode.
Use undo client-mode enable to disable the client mode.
Syntax
client-mode enable
undo client-mode enable
Default
The client mode is disabled.
Views
Radio interface view
Predefined user roles
network-admin
Usage guidelines
Make sure the client mode is enabled before you configure client mode settings.
A radio interface with the client mode enabled cannot provide wireless access services or WDS services.
Disabling the client mode removes all client mode configuration.
Examples
# Enable the client mode.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode enable
client-mode link-hold-rssi
Use client-mode link-hold-rssi to set the link hold RSSI for the current link.
Use undo client-mode link-hold-rssi to restore the default.
Syntax
client-mode link-hold-rssi rssi
undo client-mode link-hold-rssi
Default
The link hold RSSI for the current link is 0.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
rssi: Specifies the link hold RSSI in the range of 0 to 100. Setting the interval to 0 disables the AP from proactively switching to another link because of low RSSI.
Usage guidelines
Perform this task to set the minimum RSSI for the current link to be retained. If the current link's RSSI drops below the link hold RSSI, the AP goes offline and then comes online from another radio.
Make sure the client mode has been enabled on the interface before you perform this task.
Examples
# Set the link hold RSSI for the current link to 18.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode link-hold-rssi 18
Related commands
client-mode enable
client-mode min-record-rssi
Use client-mode min-record-rssi to set the minimum RSSI threshold for BSS recording.
Use undo client-mode min-record-rssi to restore the default.
Syntax
client-mode link-hold-rssi rssi
undo client-mode link-hold-rssi
Default
The minimum RSSI threshold for BSS recording is 15.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
rssi: Specifies the minimum RSSI threshold for BSS recording, in the range of 0 to 100.
Usage guidelines
Perform this task to set the minimum RSSI of a BSS that can be recorded. For a BSS that has been recorded, the AP determines that the BSS is not detected if the detected RSSI of the BSS does not reach the minimum threshold.
If roaming enhancement is disabled, you can set the threshold only on the radio enabled with the client mode. Disabling the client mode removes the threshold configuration.
If roaming enhancement is enabled, you can set the threshold only on the radio enabled with roaming enhancement. Disabling roaming enhancement removes the threshold configuration.
Examples
# Set the minimum RSSI threshold for BSS recording to 20.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode min-record-rssi 20
Related commands
client-mode enable
client-mode probe-keepalive
Use client-mode probe-keepalive to enable probe response-based AP keepalive.
Use undo client-mode probe-keepalive to disable probe response-based AP keepalive.
Syntax
client-mode probe-keepalive [ interval interval retry retries ]
undo client-mode probe-keepalive
Default
Probe response-based AP keepalive is enabled, the keepalive interval is 1000 milliseconds, and the maximum number of retransmission attempts is 5.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
interval interval: Specifies the keepalive interval at which the AP sends probe requests, in the range of 100 to 60000 milliseconds. The default value is 1000.
retry retries: Specifies the maximum number of retransmission count, in the range of 1 to 100. The default value is 5.
Usage guidelines
This feature enables the AP to proactively connect to another radio if no probe response is received from the currently associated radio before the maximum number of probe request retransmission attempts is reached.
Make sure the client mode has been enabled on the interface before you perform this task. Disabling the client mode removes the keepalive configuration.
Examples
# Enable probe response-based AP keepalive, set the keepalive interval to 100 milliseconds, and set the maximum number of retransmission attempts to 5.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode probe-keepalive interval 100 retry 5
Related commands
client-mode enable
client-mode roam
Use client-mode roam to enable auto roaming for a client-mode AP to roam between wireless services in an ESS.
Use undo client-mode roam to restore the default.
Syntax
client-mode roam { quick | slow }
undo client-mode roam
Default
The auto roaming feature is disabled for a client-mode AP.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
quick: Specifies quick roaming.
slow: Specifies slow roaming.
Usage guidelines
Make sure the client mode is enabled before you execute this command. Disabling the client mode removes the configuration.
Examples
# Enable quick auto roaming for the client-mode AP.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode roam quick
Related commands
client-mode enable
client-mode roam rssi-threshold
client-mode roam calibration-interval
Use client-mode roam calibration-interval to set the roaming calibration interval.
Use undo client-mode roam calibration-interval to restore the default.
Syntax
client-mode roam calibration-interval interval
undo client-mode roam calibration-interval
Default
The roaming calibration interval is 1000 milliseconds.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
interval: Specifies the roaming calibration interval in the range of 1000 to 10000 milliseconds.
Usage guidelines
Perform this task to set the interval at which the AP triggers a roaming calibration. A short interval might result in frequent roaming, affecting network stability. A long interval might prevent the AP from switching to the optimal WLAN in time, affecting communication quality.
Make sure the client mode has been enabled on the interface before you perform this task. Disabling the client mode removes the interval configuration.
Examples
# Set the roaming calibration interval to 1000 milliseconds.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode roam calibration-interval 1000
Related commands
client-mode enable
client-mode roam rssi-threshold
Use client-mode roam rssi-threshold to set the roaming RSSI threshold and gap threshold.
Use undo client-mode roam rssi-threshold to restore the default.
Syntax
client-mode roam rssi-threshold rssi-value [ gap gap-value ]
undo client-mode roam rssi-threshold
Default
Both the roaming RSSI threshold and gap threshold are 20.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
rssi-value: Specifies the RSSI threshold in the range of 10 to 50.
gap gap-value: Specifies the gap threshold in the range of 1 to 50.
Usage guidelines
Client-mode APs support the following roaming modes:
· Quick roaming—An AP performs roaming when the RSSI gap between an optimal wireless service and the current wireless service exceeds the gap threshold.
· Slow roaming—An AP performs roaming when the following conditions are met:
¡ The RSSI of the current wireless service is lower than the roaming RSSI threshold.
¡ The RSSI gap between an optimal wireless service and the current wireless service has exceeded the gap threshold.
Make sure the client mode is enabled before you execute this command. Disabling the client mode removes the configuration.
Examples
# Set the roaming RSSI threshold to 10 and the gap threshold to 2.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode roam rssi-threshold 10 gap 2
Related commands
client-mode enable
client-mode roam
client-mode roam scan-aging
Use client-mode roam scan-aging to set the scanning aging count for BSS entries.
Use undo client-mode roam scan-aging to restore the default.
Syntax
client-mode roam scan-aging count
undo client-mode roam scan-aging
Default
The scanning aging count for BSS entries is 5.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
count: Specifies the aging count in the range of 1 to 10.
Usage guidelines
The AP generates an entry for each BSS detected through scanning. If the BSS cannot be detected again after the specified scanning intervals, the AP deletes the BSS entry. If the AP is associated with the deleted BSS, the AP goes offline from the BSS and then comes online from another BSS.
Make sure the client mode has been enabled on the interface before you perform this task. Disabling the client mode removes the aging count configuration.
Examples
# Set the scanning aging count for BSS entries to 5.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode roam scan-aging 5
Related commands
client-mode enable
client-mode roam scan-interval
Use client-mode roam scan-interval to set the roaming scanning interval.
Use undo client-mode roam scan-interval to restore the default.
Syntax
client-mode roam scan-interval interval
undo client-mode roam scan-interval
Default
The roaming scanning interval is 5000 milliseconds.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
count: Specifies the scanning interval in the range of 100 to 10000 milliseconds.
Usage guidelines
Perform this task to set the interval at which the AP scans the network for beacon frames and probe responses. A short interval might result in frequent scanning, causing packet loss. A long interval might prevent the AP from discovering the optimal WLAN in time, affecting communication quality.
If roaming enhancement is disabled, you can set the interval only on the radio enabled with the client mode. Disabling the client mode removes the threshold configuration.
If roaming enhancement is enabled, you can set the interval only on the radio enabled with roaming enhancement. Disabling roaming enhancement removes the threshold configuration.
Examples
# Set the roaming scanning interval to 2000 milliseconds.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/2
[Sysname-WLAN-Radio1/0/2] client-mode roam scan-interval 2000
Related commands
client-mode enable
client-mode roam-enhance
Use client-mode roam-enhance to enable roaming enhancement on the fat AP.
Use undo client-mode roam-enhance to disable roaming enhancement on the fat AP.
Syntax
client-mode roam-enhance { quick | slow }
undo client-mode roam-enhance
Default
Roaming enhancement is disabled on the fat AP.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
quick: Specifies quick roaming. In this mode, the AP performs roaming when the RSSI gap between an optimal wireless service and the current wireless service exceeds the gap threshold.
slow: Specifies slow roaming. In this mode, the AP performs roaming when the following conditions are met:
· The RSSI of the current wireless service is lower than the roaming RSSI threshold.
· The RSSI gap between an optimal wireless service and the current wireless service has exceeded the gap threshold.
Usage guidelines
In an Automated Guided Vehicle (AGV) system, client-mode fat APs deployed on the vehicles provide wireless access to onboard devices not equipped with a wireless NIC. In this networking mode, each fat AP must scan the network for better links and transmit data at the same time, which might cause packet loss.
To resolve this issue, enable roaming enhancement on the fat AP to enable the 2.4G radio to scan the network and the 5G radio to transmit data.
When you configure this feature, follow these restrictions and guidelines:
· Enable roaming enhancement on the 2.4G radio and enable client mode on the 5G radio. Make sure auto roaming has been disabled before you enable roaming enhancement.
· Enable automatic channel selection on the 5G radio.
· To ensure good performance, do not configure the 2.4G radio to provide wireless access services.
· Enabling this feature triggers the fat AP to go offline and then come online again.
· To use the client-mode disconnect command to disconnect the fat AP from the WLAN, you must first disable roaming enhancement on the AP.
Examples
# Enable roaming enhancement and set the roaming mode to quick.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/2
[Sysname-WLAN-Radio1/0/2] client-mode roam-enhance quick
Related commands
client-mode roam rssi-threshold
client-mode ssid
Use client-mode ssid to specify an SSID for the client-mode AP and connect the AP to the SSID.
Use undo client-mode ssid to restore the default.
Syntax
client-mode ssid ssid
undo client-mode ssid
Default
No SSID is specified.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
ssid: Specifies an SSID, a case-sensitive string of 1 to 32 characters.
Usage guidelines
Make sure the client mode is enabled before you execute this command. Disabling the client mode removes the configuration.
Examples
# Specify the SSID as service1 and connect the AP to the SSID.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode ssid service1
Related commands
client-mode enable
client-mode vlan
Use client-mode vlan to assign the radio interface with the client mode enabled to a VLAN.
Use undo client-mode ssid to restore the default.
Syntax
client-mode vlan vlan-id
undo client-mode vlan
Default
A radio interface with the client mode enabled is assigned to VLAN 1.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN ID in the range of 1 to 4094. If the specified VLAN does not exist, the AP creates the VLAN automatically.
Usage guidelines
Make sure the client mode is enabled before you execute this command. Disabling the client mode removes the configuration.
Examples
# Assign the radio interface to VLAN 2.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] client-mode vlan 2
Related commands
client-mode enable
customlog format wlan
Use customlog format wlan to enable the device to generate client logs in the specified format.
Use undo customlog format wlan to restore the default.
Syntax
customlog format wlan { normal | sangfor }
undo customlog format wlan
Default
The device generates client logs only in H3C format.
Views
System view
Predefined user roles
network-admin
Parameters
normal: Specifies normal format.
sangfor: Specifies sangfor format.
Usage guidelines
By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.
You can configure the device to generate client logs in one of the following formats:
· Normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.
· Sangfor—Logs AP MAC address, client IP address, and client MAC address.
This feature does not affect the generation of client logs in H3C format.
Examples
# Enable the device to generate client logs in sangfor format.
<Sysname> system-view
[Sysname] customlog format wlan sangfor
description
Use description to configure a description for a service template.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is configured for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 64 characters.
Examples
# Configure a description for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] description wlanst
display interface wlan-radio
Use display interface wlan-radio to display WLAN radio interface information.
Syntax
display interface wlan-radio [ interface-number ] [ brief ]
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
interface-number: Specifies a WLAN radio interface by its number. If you do not specify this argument, the command displays information about all WLAN radio interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
Examples
# Display detailed information about WLAN radio interface 1/0/1.
<Sysname> display interface wlan-radio 1/0/1
WLAN-Radio1/0/1
Current state: UP
Description: WLAN-Radio1/0/1 Interface
IP Packet Frame Type: PKTFMT_IEEE_802.11, Hardware Address: d461-fe59-4d20
current mode: 802.11ac, current channel: 36
Last link flapping: 0 hours 31 minutes 6 seconds
Last clearing of counters: Never
Current system time:2016-01-01 00:31:19
Last time when physical state changed to up:2016-01-01 00:00:13
Last time when physical state changed to down:2016-01-01 00:00:13
Input (total): 0 packets, 0 bytes
Input (normal): 0packets, 0bytes
0 management, 0 control, 0 data
Input (error): 0 total, 0 CRC, 0 decrypt errors
0 mic failures, 0 phy errors, 0 other errors
Output (total): 0 packets, 0 bytes
Output (normal): Q[0]:0, Q[1]:0, Q[2]:0, Q[3]:0 packets
Q[0]:0, Q[1]:0, Q[2]:0, Q[3]:0 bytes
0 management, 0 control, 0 data
Output (bcn&probe): 0 packets, 0 bytes
Output (error): 0 total, 0 discard, 0 buffer failures
0 ack failures, 0 rts successed, 0 rts failures
Table 1 Command output
Field |
Description |
Current state |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface was shut down with the shutdown command. To bring up the interface, execute the undo shutdown command. · Stby—The interface is a backup interface. |
IP Packet Frame Type |
This field displays PKTFMT_IEEE_802.11, which indicates that the frame is 802.11 encapsulated. |
Hardware Address |
Interface MAC address. |
current mode |
Current radio mode. |
current channel |
Current working channel. |
Last link flapping |
The amount of time that has elapsed since the most recent physical state change of the interface. This field displays Never if the interface has been physically down since device startup. |
Last clearing of counters |
Time when the reset counters interface command was last used to clear the interface statistics. This field displays Never if the reset counters interface command has never been used on the interface since device startup. |
Current system time |
Current system time in the YYYY/MM/DD HH:MM:SS format. If a time zone is specified, this field displays the system time in the HH:MM:SS UTC±HH:MM:SS format. |
Last time when physical state changed to up |
Last time when the physical link state of the interface changed to up. This field displays - if the physical link state has never been changed. |
Last time when physical state changed to down |
Last time when the physical link state of the interface changed to down. This field displays - if the physical link state has never been changed. |
Input(total): 0 packets, 0 bytes |
Inbound packet statistics (in packets and bytes) for the interface. All inbound normal packets and abnormal packets were counted. |
Input (normal): 0packets, 0bytes 0 management, 0 control, 0 data |
Inbound normal packet statistics (in packets and bytes) for the interface. All normal inbound management, control, and data packets were counted. |
Input (error) |
Inbound error packet statistics for the interface. |
Output (total): 0 packets, 0 bytes |
Outbound packet statistics (in packets and bytes) for the interface. All outbound normal packets and abnormal packets were counted. |
Output (normal): Q[0]:0, Q[1]:0, Q[2]:0, Q[3]:0 packets Q[0]:0, Q[1]:0, Q[2]:0, Q[3]:0 bytes 0 management, 0 control, 0 data |
Outbound normal packet statistics (in packets and bytes) for the interface. All normal outbound management, control, and data packets were counted. Q[n] represents an AC queue, where n represents the queue ID. |
Output (bcn&probe) |
Outbound beacon and probe frame statistics (in packets and bytes) for the interface. |
Output (error) |
Outbound error packet statistics for the interface. |
# Display brief information about WLAN radio interface 1/0/1.
<Sysname> display interface wlan-radio 1/0/1 brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
WLAN-Radio1/0/1 UP -- -- -- --
Table 2 Command output
Field |
Description |
Brief information on interfaces in bridge mode |
Brief information about Layer 2 interfaces. |
Link |
Physical link state of the interface: · ADM—The interface was shut down with the shutdown command. To restore the physical state of the interface, execute the undo shutdown command. · Stby—The interface is a backup interface. To display the primary interface, use the display interface-backup state command. |
Speed |
Speed of the interface, in Mbps. This field displays the (a) flag next to the speed if the speed is automatically negotiated. This field displays -- for WLAN radio interfaces. |
Duplex |
Duplex mode of the interface: · (a)/A—Autonegotiation. · H—Half duplex. · F—Full duplex. This field displays -- for WLAN radio interfaces. |
Type |
Link type of the interface: · A—Access. · H—Hybrid. · T—Trunk. This field displays -- for WLAN radio interfaces. |
PVID |
This field displays -- for WLAN radio interfaces. |
Related commands
interface wlan-radio
display wlan ap all client-number
Use display wlan ap all client-number to display the number of online clients at the 2.4 GHz band and the 5 GHz band.
Syntax
display wlan ap all client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients at both the 2.4 GHz and 5 GHz bands.
<System> display wlan ap all client-number
AP name Clients 2.4GHz 5GHz
fatap 2 2 0
Table 3 Command output
Field |
Description |
Clients |
Total number of online clients. |
2.4GHz |
Number of online clients at the 2.4 GHz band. |
5GHz |
Number of online clients at the 5 GHz band. |
display wlan ap all radio client-number
Use display wlan ap all radio client-number to display the number of online clients and channel information for each radio.
Syntax
display wlan ap all radio client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients and channel information for each radio.
<Sysname> display wlan ap all radio client-number
AP name RID Channel Clients
fatap 1 44 12
fatap 2 11 4
display wlan blacklist
Use display wlan blacklist to display blacklist entries.
Syntax
display wlan blacklist { dynamic | static }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
dynamic: Specifies the dynamic blacklist.
static: Specifies the static blacklist.
Examples
# Display static blacklist entries.
<Sysname> display wlan blacklist static
Total number of clients: 3
MAC addresses:
000e-35b2-000e
0019-5b8e-b709
001c-f0bf-9c92
# Display dynamic blacklist entries.
<Sysname> display wlan blacklist dynamic
Total number of clients: 3
MAC address APID Lifetime (s) Duration (hh:mm:ss)
000f-e2cc-0001 1 300 00:02:11
000f-e2cc-0002 2 300 00:01:17
000f-e2cc-0003 3 300 00:02:08
Table 4 Command output
Field |
Description |
MAC address |
Client MAC address. |
APID |
ID of the AP that detects the rogue client. |
Lifetime (s) |
Lifetime of the entry in seconds. |
Duration (hh:mm:ss) |
Duration for the entry since the entry was added to the dynamic blacklist. |
display wlan bss
Use display wlan bss to display basic service set (BSS) information.
Syntax
display wlan bss { all | bssid bssid } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all BSSs.
bssid bssid: Specifies a BSS by its ID. The value is a 48-bit hexadecimal number in the format of H-H-H.
verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.
Examples
# Display brief information about all BSSs.
<Sysname> display wlan bss all
Total number of BSSs: 4
AP name RID SSID BSSID
fatap 1 SSID1 001c-f08f-f804
fatap 2 SSID1 001c-f08f-f806
# Display detailed information about the BSS with ID 001c-f08f-f804.
<Sysname> display wlan bss bssid 001c-f08f-f804 verbose
AP name : fatap
BSSID : 001c-f08f-f804
Radio ID : 1
Service template name : servcie1
SSID : SSID1
VLAN ID : 1
AKM mode : Not configured
User authentication mode : Bypass
Table 5 Command output
Field |
Description |
AKM mode |
AKM mode: · 802.1X. · PSK. · Not configured. |
User authentication mode |
User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI. |
display wlan client
Use display wlan client to display client information.
Syntax
display wlan client [ interface wlan-radio interface-number | mac-address mac-address | service-template service-template-name | vlan vlan-id ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface wlan-radio interface-number: Displays information about clients that are connected to the specified radio interface.
mac-address mac-address: Specifies a client by its MAC address.
service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.
verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.
vlan vlan-id: Displays information about clients in the specified VLAN. The VLAN ID is in the range of 1 to 4094.
Examples
# Display brief information about all clients.
<Sysname> display wlan client
Total number of clients: 3
MAC address Username AP name RID IP address VLAN
000f-e265-6400 N/A fatap 1 1.1.1.1 100
000f-e265-6401 user fatap 1 3.0.0.3 200
84db-ac14-dd08 N/A fatap 1 5.5.5.3 1
Table 6 Command output
Field |
Description |
MAC address |
Client MAC address. |
Username |
Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client. |
AP name |
Name of the AP that the client is associated with. |
R |
ID of the radio that the client is associated with. |
IP address |
IPv4 address of the client. |
VLAN ID |
ID of the VLAN to which the client belongs. |
# Display detailed information about the client with MAC address 000f-e265-6400.
<Sysname> display wlan client mac-address 000f-e265-6400 verbose
Total number of clients: 1
MAC address : 000f-e265-6400
IPv4 address : 10.1.1.114
IPv6 address : 2001::1234:5678:0102:0304
Username : N/A
AID : 1
Radio ID : 1
SSID : office
BSSID : 0026-3e08-1150
VLAN ID : 3
Sleep count : 3
Wireless mode : 802.11gn
Channel bandwidth : 20MHz
20/40 BSS Coexistence Management : Not supported
SM power save : Enabled
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
Short GI for 80MHz : Supported
Short GI for 160/80+80MHz : Not supported
STBC RX capability : Not supported
STBC TX capability : Not supported
LDPC RX capability : Not supported
SU beamformee capability : Not supported
MU beamformee capability : Not supported
Beamformee STS capability : N/A
Block Ack : TID 0 In
Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,
8, 9, 10, 11, 12, 13, 14,
15
Supported rates : 1, 2, 5.5, 6, 9, 11,
12, 18, 24, 36, 48, 54 Mbps
QoS mode : WMM
Listen interval : 10
RSSI : 62
Rx/Tx rate : 130/195 Mpbs
Speed : N/A
Authentication method : Open system
Security mode : PRE-RSNA
AKM mode : Not configured
Cipher suite : N/A
User authentication mode : Bypass
WPA3 status : Disabled
Authorization ACL ID : 3001(Not effective)
Authorization user profile : N/A
Authorization CAR :
Average input rate : 102400 bps
Average output rate : 102400 bps
Roam status : N/A
Key derivation : SHA1
PMF status : Enabled
Forwarding policy name : Not configured
Online time : 0days 0hours 1minutes 13seconds
FT status : Inactive
BTM status : Disabled
Table 7 Command output
Field |
Description |
MAC address |
Client MAC address. |
IPv4 address |
Client IPv4 address. |
IPv6 address |
Client IPv6 address. |
Username |
Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client. |
AID |
Association ID. |
Radio ID |
ID of the radio that the client is associated with. |
SSID |
SSID with which the client is associated. |
VLAN ID |
ID of the VLAN to which the client belongs. |
Sleep count |
Client sleep times. |
Wireless mode |
Wireless mode: · 802.11a. · 802.11b. · 802.11g. · 802.11gn. · 802.11an. · 802.11ac. · 802.11ax. |
Channel bandwidth |
Channel bandwidth: · 20 MHz. · 40 MHz. · 80 MHz. · 160 MHz. |
20/40 BSS Coexistence Management |
Whether the client supports 20/40MHz channel bandwidth coexistence. |
SM Power Save |
SM Power Save status: · Enabled—Only one antenna of a client operates in active state, and others operate in sleep state to save power. · Disabled. |
Short GI for 20MHz |
Whether the client supports short GI when its channel bandwidth is 20 MHz: · Supported. · Not supported. |
Short GI for 40MHz |
Whether the client supports short GI when its channel bandwidth is 40 MHz: · Supported. · Not supported. |
Short GI for 80MHz |
Whether the client supports short GI when its channel bandwidth is 80 MHz: · Supported. · Not supported. |
Short GI for 160/80+80MHz |
Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz: · Supported. · Not supported. |
STBC Rx Capability |
Client STBC receive capability; · Not Supported. · Supported. |
STBC Tx Capability |
Client STBC transmission capability: · Not Supported. · Supported. |
LDPC Rx capability |
Client LDPC receive capability; · Not Supported. · Supported. |
SU beamformee capability |
Client SU beamformee capability: · Not Supported. · Supported. |
MU beamformee capability |
Client MU beamformee capability: · Not Supported. · Supported. |
Beamformee STS capability |
Supported spatial stream quantity if the client is a beamformee receiver, in the range of 0 to 7 (the maximum spatial stream quantity specified by the MIMO mode minus one). This field displays N/A if the client cannot act as a beamformee receiver. |
Number of Sounding Dimensions |
Supported spatial stream quantity if the client is a beamformee transmitter, in the range of 0 to 7 (the maximum spatial stream quantity specified by the MIMO mode minus one). This field displays N/A if the client cannot act as a beamformee transmitter. |
Block Ack |
Negotiation result of Block ACK with TID: · TID 0 In—Sends Block ACK for inbound traffic. · TID 0 Out—Sends Block ACK for outbound traffic. · TID 0 Both—Sends Block ACK for both inbound and outbound traffic. · N/A—Does not send Block ACK for both inbound and outbound traffic. |
Supported VHT-MCS set |
VHT-MCS supported by the client. |
Supported HT MCS set |
HT-MCS supported by the client. |
2.4G 40MHz Channel bandwidth |
Client support for 2.4G 40 MHz channel bandwidth: · Not Supported. · Supported. |
5G 40And80MHz Channel bandwidth |
Client support for 5G 40 MHz and 80 MHz channel bandwidth: · Not Supported. · Supported. |
5G 160MHz Channel bandwidth |
Client support for 5G 160 MHz channel bandwidth: · Not Supported. · Supported. |
5G 8080MHz Channel bandwidth |
Client support for 5G 80+80 MHz channel bandwidth: · Not Supported. · Supported. |
OFDMA random access RUs |
Support for OFDMA random selection of RUs. · Not Supported. · Supported. |
Supported HE80MHz-MCS set |
Supported 80 MHz HE-MCS sets. |
Supported HE160MHz-MCS set |
Supported 160 MHz HE-MCS sets. |
Supported HE 8080MHz-MCS set |
Supported 80+80 MHz HE-MCS sets. |
QoS mode |
QoS mode: · N/A—WMM is not supported. · WMM—WMM is supported. WMM information negotiation is carried out between an AP and a client that both support WMM. |
Listen interval |
Interval at which the client wakes up to listen for beacon frames. It is counted by beacon interval. |
RSSI |
Received signal strength indication. This value indicates the client signal strength detected by the AP. |
Rx/Tx rate |
Sending and receiving rates of data, management, and control frames. |
Speed |
Sending and receiving rates in the past 2 minutes in Kbps, rounded to three decimal places. This field displays N/A if both the sending and receiving rates are 0. |
Authentication method |
Authentication method: · Open system. · Shared key. · SAE. |
Security mode |
Security mode: · RSN—Beacons and probe responses carry RSN IE. · WPA—Beacons and probe responses carry WPA IE. · PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE. |
AKM mode |
AKM mode: · 802.1X. · PSK. · OWE. · Not configured. |
Cipher suite |
Cipher suite: · N/A. · WEP40. · WEP104. · WEP128. · CCMP. · TKIP. · GCMP. |
User authentication mode |
User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI. |
WPA3 status |
WPA3 status: · Disabled. · Enabled. · N/A. |
Authorization ACL ID |
Authorized ACL number: · This field displays the ACL number if the authorized ACL takes effect. · This field displays ACL number(Not effective) if the authorized ACL does not take effect. · This field displays N/A if the authentication server is configured without any authorized ACL. |
Authorization user profile |
Name of the authorized user profile: · This field displays the authorized user profile name if the authorized user profile takes effect. · This field displays authorized user profile name + Not effective if the authorized user profile does not take effect. · This field displays N/A if the authentication server is configured without any authorized user profile. |
Authorization CAR |
Authorization CAR: · Average input rate—Average uplink rate in bps. · Average output rate—Average downlink rate in bps. · N/A—This field displays N/A if the authentication server is not configured with authorization CAR for users. |
Roam status |
This field is not supported in the current software version. Roam status: · Roaming in progress. · Inter-AC roam. · Inter-MA roam. · Intra-AC roam. · Intra-MA roam. · This field displays N/A if the client stays in one BSS after coming online. |
Key derivation |
Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · SHA384—Uses the HMAC-SHA384 hash algorithm. · N/A—No key derivation algorithm is involved for the authentication type. |
PMF status |
PMF status: · Enabled—Management frame protection is enabled. · Disabled—Management frame protection is disabled. · N/A—Management frame protection is not involved. |
Forwarding policy name |
This field is not supported in the current software version. WLAN forwarding policy name: · Not configured. · Policy-name. |
Online time |
Client online duration. |
FT status |
This field is not supported in the current software version. Fast BSS transition (FT) status: · Active—FT is enabled. · Inactive—FT is disabled. |
BTM status |
BSS transition management (BTM) status: · Disabled. · Enabled. |
display wlan client ipv6
Use display wlan client ipv6 to display information about client IPv6 addresses.
Syntax
display wlan client ipv6
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display brief status information about the specified client.
<Sysname> display wlan client ipv6
MAC address AP name IPv6 address VLAN
84db-ac14-dd08 fatap 1::2:0:0:3 300
Table 8 Command output
Field |
Description |
MAC address |
Client MAC address. |
IPv6 address |
Client IPv6 address. |
display wlan client online-duration
Use display wlan client online-duration to display client online duration.
Syntax
display wlan client online-duration [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
Examples
# Display brief information about client online duration.
<Sysname> display wlan client online-duration
Total number of online clients: 2
MAC address IPv4 address Online duration
a4c1-5b79-fa5b-1d62 192.168.11.123 0days 0hours 2minutes 23seconds
22d3-c5b7-a4b5-96fa 192.168.11.234 0days 0hours 5minutes 34seconds
Table 9 Command output
Field |
Description |
MAC address |
Client MAC address. |
IPv4 address |
Client IPv4 address. |
Online duration |
Client online duration. |
display wlan client status
Use display wlan client status to display client status information.
Syntax
display wlan client status [ mac-address mac-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.
verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.
Examples
# Display brief status information about the specified client.
<Sysname> display wlan client status mac-address 001c-f08f-f804
Total number of clients: 1
MAC address RSSI Rx/Tx rate Speed(bps) Discard AP name RID
001c-f08f-f804 0 39M/117M N/A 0.00 fatap 2
# Display brief status information about all clients.
<Sysname> display wlan client status
Total number of clients: 2
MAC address RSSI Rx/Tx rate Speed(bps) Discard AP name RID
000b-c002-9d09 65 39M/117M N/A 0.00% fatap 2
000f-e265-6401 62 130M/195M N/A 0.00% fatap 1
Table 10 Command output
Field |
Description |
MAC address |
Client MAC address. |
RSSI |
RSSI of the client. |
Rx/Tx rate |
Rates at which the client receives and sends data, management packets, and control packets. |
Speed(bps) |
Rates at which the client receives and sends packets in the past 2 minutes, rounded to one decimal place. If a rate is smaller than 1 Mbps, the value is displayed in Kbps. If a rate equals 1 Mbps or is larger than 1 Mbps, the value is displayed in Mbps. If a rate equals 1 Gbps or is larger than 1 Gbps, the value is displayed in Gbps. This field displays N/A if both the sending and receiving rates are 0. |
Discard |
Ratio of packets discarded by the client. |
AP name |
Name of the AP with which the client is associated. |
RID |
ID of the radio with which the client is associated. |
# Display detailed status information about the specified client.
<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose
Total number of clients: 1
MAC address : 001c-f08f-f804
Radio ID : 2
RSSI : 0
Rx/Tx rate : 39/117 Mbps
Received:
Retransmitted packets : 84
Retransmitted packet ratio : 64.12 %
Sent:
Retransmitted packets : 0
Retransmitted packet ratio : 0.00 %
Discarded:
Discarded packets : 0
Discarded packet ratio : 0.00 %
Table 11 Command output
Field |
Description |
MAC address |
Client MAC address. |
Radio ID |
ID of the radio that the client is associated with. |
RSSI |
RSSI of the client. |
Rx/Tx rate |
Rates at which the client receives and sends data, management packets, and control packets. |
Received |
Received packet statistics: · Retransmitted packets. · Retransmitted packet ratio. |
Sent |
Sent packet statistics: · Retransmitted packets. · Retransmitted packet ratio. |
Discarded |
Discarded packet statistics: · Discarded packets. · Discarded packet ratio. |
display wlan client-mode packet-statistics
Use display wlan client-mode packet-statistics to display statistics about received and transmitted packets in client mode.
Syntax
display wlan client-mode packet-statistics radio radio-id
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
radio-id: Specifies a radio by its ID.
Examples
# Display statistics about received and transmitted packets in client mode.
<Sysname> display wlan client-mode packet-statistics radio 1
Packet statistics:
unknown : 0
recv beacon in scan : 65
recv beacon in run : 47164
recv probe response in fsm : 49
recv probe response in run : 0
recv probe response in scan : 322
recv auth in fsm : 50
recv assoc response in fsm : 50
recv deauth in fsm : 0
recv disassoc in fsm : 0
recv action in fsm : 5
recv other frame in fsm : 5
recv other frame in scan : 0
send auth success : 50
send auth failed : 0
send assoc success : 50
send assoc failed : 0
send deauth success : 49
send deauth failed : 0
send unicast probe success : 50
send unicast probe failed : 0
send broadcast probe(ssid) success : 8
send broadcast probe(ssid) failed : 0
send broadcast probe success : 16
send broadcast probe failed : 0
send null data success : 0
send null data failed : 0
Table 12 Command output
Field |
Description |
unknown |
Number of received unknown frames. |
recv beacon in scan |
Number of received beacon frames at the scanning phase. |
recv beacon in run |
Number of received beacon frames after association. |
recv probe response in fsm |
Number of received probe responses at the association phase. |
recv probe response in run |
Number of received probe responses after association. |
recv probe response in scan |
Number of received probe responses at the scanning phase. |
recv auth in fsm |
Number of received authentication frames at the association phase. |
recv assoc response in fsm |
Number of received association responses at the association phase. |
recv deauth in fsm |
Number of received deauthentication frames at the association phase. |
recv disassoc in fsm |
Number of received disassociation frames at the association phase. |
recv action in fsm |
Number of received action frames at the association phase. |
recv other frame in fsm |
Number of received other frames at the association phase. |
recv other frame in scan |
Number of received other frames at the scanning phase. |
send auth success |
Number of authentication frames sent successfully. |
send auth failed |
Number of authentication frames failed to be sent. |
send assoc success |
Number of association frames sent successfully. |
send assoc failed |
Number of association frames failed to be sent. |
send deauth success |
Number of deauthentication frames sent successfully. |
send deauth failed |
Number of deauthentication frames failed to be sent. |
send unicast probe success |
Number of unicast probe requests sent successfully. |
send unicast probe failed |
Number of unicast probe requests failed to be sent. |
send broadcast probe(ssid) success |
Number of broadcast probe requests (carrying an SSID) sent successfully. |
send broadcast probe(ssid) failed |
Number of broadcast probe requests (carrying an SSID) failed to be sent. |
send broadcast probe success |
Number of broadcast probe requests sent successfully. |
send broadcast probe failed |
Number of broadcast probe requests failed to be sent. |
send null data success |
Number of null data packets sent successfully. |
send null data failed |
Number of null data packets failed to be sent. |
Related commands
client-mode enable
reset wlan client-mode packet-statistics
display wlan client-mode radio
Use display wlan client-mode radio to display information about the radio interface with the client mode enabled.
Syntax
display wlan client-mode radio
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about the radio interface with the client mode enabled.
<Sysname> display wlan client-mode radio
Radio : 2
Mode : 802.11a
Authentication method : Open-system
Cipher suite : N/A
Key (simple) : N/A
WEP Key ID : N/A
SSID : service1
BSSID : 6CF0-49CD-30BB
Status : Connected
Received data packets : 1324939
Received management packets : 34876
Sent data packets : 46365
Discarded packets : 38272
Supported rates : 6, 9, 12, 18, 24, 36, 48, 54 Mbps
Online time : 0 days 0 hours 45 minutes 5 seconds
Table 13 Command output
Field |
Description |
Mode |
Radio mode: · 802.11a. · 802.11b. · 802.11g. · 802.11an. · 802.11gn. · 802.11ac. NOTE: Support for the radio mode depends on the device model. |
Authentication method |
Authentication method: · Open-system. · Shared-key. · WPA2-PSK. |
Cipher suite |
Cipher suite: · CCMP. · TKIP. · WEP40. · WEP104. · WEP128. · N/A. |
Key |
Preshared key: · (Cipher)—Encrypted pre-shared key. · (Simple)—Plaintext pre-shared key. · N/A—No pre-shared key is configured. |
WEP key ID |
WEP key ID. This field displays N/A if no cipher suite is configured. |
SSID |
SSID with which the client-mode AP is associated. |
Status |
Connection status: · Connected—The AP is connected to the WLAN. · Disconnected—The AP is disconnected from the WLAN. |
Received data packets |
Number of received data packets. |
Received management packets |
Number of received management packets. |
Sent data packets |
Number of sent data packets. |
Discarded packets |
Number of discarded packets. |
Online time |
Online time of the AP. |
display wlan client-mode roam-enhance bss
Use display wlan client-mode roam-enhance bss to display information about BSSs detected in client mode.
Syntax
display wlan client-mode roam-enhance bss
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
This command displays information about BSSs carried in beacon frames and probe responses detected in the most recent five scanning operations.
Examples
# Display information about BSSs detected in client mode.
<Sysname> display wlan client-mode roam-enhance bss
Total number of BSSs: 2
BSSID Time MSec RSSI AVER CHL AGE SSID
84d9-3100-4b00 16:51:09 0244 37 36 149 5 agv-work
16:51:08 0834 37
16:51:08 0732 36
16:51:08 0642 37
16:51:09 0253 36
50da-00df-33e0 16:51:08 0802 45 45 149 5 agv-work
16:51:08 0699 44
16:51:08 0597 46
16:51:08 0261 46
16:51:09 0251 45
Table 14 Command output
Field |
Description |
Time |
Time at which the beacon frame or probe response was received. |
MSec |
Time at which the beacon frame or probe response was received, in milliseconds. |
AVER |
Average RSSI of the five most recently received frames that carry the BSSID. |
CHL |
Channel carried in the frame received most recently. |
AGE |
Aging count for the BSS entry. |
display wlan client-mode roaming-state
Use display wlan client-mode roaming-state to display roaming state changes of the AP in client mode.
Syntax
display wlan client-mode roaming-state
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display roaming state changes of the AP in client mode.
<Sysname> display wlan client-mode roaming-state
Radio ID: 1 FSM changes: 9 SSID: agv
Index FSM BSSID RSSI Chl FsmChangeCause Time
1 UnAu 50da-00df-33e0 55 36 Send prob(Bss) Day 2 18:12:36 987
2 Auth 50da-00df-33e0 55 36 Auth direct(Bss) Day 2 18:12:36 35
3 Asso 50da-00df-33e0 55 36 Send assoc Day 2 18:12:36 37
4 Run 50da-00df-33e0 55 36 Rec assoc Day 2 18:12:36 38
5 UnAu 50da-00df-33e0 55 36 Scan aging Day 2 18:12:41 39
6 UnAu 50da-00df-33e0 47 149 Send prob(chlchg) Day 4 8:49:5 41
7 Auth 50da-00df-33e0 47 149 Auth direct(Bss) Day 4 8:49:5 42
8 Asso 50da-00df-33e0 47 149 Send assoc Day 4 8:49:5 43 9
9 Run 50da-00df-33e0 47 149 Rec assoc Day 4 8:49:5 46
Table 15 Command output
Field |
Description |
Radio ID |
ID of the radio in client mode. |
FSM changes |
Number of state changes during the association process. |
FSM |
Device state. Options include: · Init—The device is in initialization state. · UnAu—The device has not been authenticated. · Auth—The device is being authenticated. · Asso—The device is attempting to associate with a WLAN. · Run—The device is in running state. · N/A—The device is in abnormal state. |
Chl |
Channel ID. |
FsmChangeCause |
State change reason. Options include: · Rec prob resp—The device received a probe response and sent an authentication frame. · Send assoc req—The device sent an association request. · Rec assoc resp—The device received an association response. · Rec deauth—The device received a deauthentication frame. · Rec disasso—The device received a disassociation frame. · Unauth timeout—The unauthentication state timed out and the AP sent an authentication frame. · Unauth timeout fail—The unauthentication state timed out and the AP sent an authentication failure frame. · Auth timeout—The authentication state timed out. · Asso timeout—The association state timed out. · Keepalive beacon timeout—The beacon-based keepalive timed out. · Rec action—The device received an action frame. · Init to unauth—The device state changed from initialization to unauthentication. · Disconnect(cfg)—Connection terminated because of manual configuration. · Undo SSID—The SSID configuration was removed. · Send prob req(chlchg)—The AP sent a probe request after a channel change. · Send prob req fail(chlchg)—The AP failed to send a probe request after a channel change. · Radio down—The associated radio became unavailable. · Prob resp fail—The AP failed to process a probe response. · Auth fail(open system)—The AP failed to process an open system authentication frame. · Auth fail(share key)—The AP failed to process a shared key authentication frame. · Asso resp fail—The AP failed to process an association response. · Chl Chg IE(beacon)—The channel changed in a received beacon frame. · Chl Chg IE(probe)—The channel changed in a received probe response. · Send prob req(unchlchg)—The AP sent a probe request and did not change its channel. · Connect BSS fail—The AP failed to access a BSS. · Share-key fail—Shared key authentication failed during association. · 4H fail—Four-way handshake failed during association. · Select BSS by roam—The AP performed a BSS roaming. · Disconnect(dbm)—Disabling the client mode triggered AP reassociation. · Scan aging—The entry for the associated BSS expired. · Unauth timeout—The AP failed to receive probe responses in UnAuth state and stays in UnAuth state. · Auth direct—The AP did not receive any probe response and sent an authentication frame directly. · Active detect timeout—The probe request-based keepalive timed out. · Disconnect(RSSI)—The RSSI of the current link dropped below the link hold RSSI. · Roam enhance enabled—Roaming enhancement was enabled. · Unknown. |
Time |
Time at which the state change occurred. |
Related commands
client-mode enable
reset wlan client-mode roaming-state
display wlan client-mode ssid
Use display wlan client-mode ssid to display information about detected SSIDs.
Syntax
display wlan client-mode ssid [ ssid ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameter
ssid: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters. If you do not specify this argument, the command displays information about all SSIDs with an RSSI equal to or higher than 15.
Usage guidelines
If roaming enhancement is disabled, the command displays information about all detected SSIDs.
If roaming enhancement is enabled and the client-mode ssid command has been executed, the display command displays information about the specified SSID.
If roaming enhancement is enabled but the client-mode ssid command has not been executed, the display command displays information about all detected SSIDs enabled with roaming enhancement.
Examples
# Display information about detected SSIDs.
<Sysname> display wlan client-mode ssid
SSID BSSID Type RSSI Quality
service1 1A76-2435-FD21 Clear 55 *****
Temp 2334-5431-BDA1 WPA2 19 **
TC 6CF0-AAFD-12FF WEP 22 **
Test 4512-ABC4-F555 Unknown 17 **
Lab 4138-FAB7-8545 Clear 39 ****
Home_123456789000000000000000000 F643-ABD4-439F WPA2 27 ***
Table 16 Command output
Field |
Description |
Type |
Encryption type: · Clear. · WPA2. · WEP. · Unknown. |
Quality |
Signal quality: · *****—RSSI ≥ 45. · ****—35 ≤ RSSI < 45. · ***—25 ≤ RSSI < 35. · **—15 ≤ RSSI < 25. · *—0 < RSSI < 15. · No Signal—RSSI = 0. |
display wlan service-template
Use display wlan service-template to display service template information.
Syntax
display wlan service-template [ service-template-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.
verbose: Displays detailed service template information.
Examples
# Display brief information about all service templates.
[Sysname] display wlan service-template
Total number of service templates: 2
Service template name SSID Status
1 2333 Enabled
2 3222 Enabled
# Display detailed information about all service templates.
<Sysname> display wlan service-template verbose
Service template name : service1
Description : Not configured
SSID : wuxianfuwu
SSID-hide : Disabled
User-isolation : Disabled
Service template status : Disabled
Maximum clients per BSS : 64
VLAN ID : 1
Customer Vlan : 3
AKM mode : PSK
Security IE : RSN
Cipher suite : CCMP
WEP key ID : 1
TKIP countermeasure time : 100 sec
PTK lifetime : 43200 sec
PTK rekey : Enabled
GTK rekey : Enabled
GTK rekey method : Time-based
GTK rekey time : 86400 sec
GTK rekey client-offline : Enabled
WPA3 status : Disabled
Enhance-open status : Enabled
Enhanced-open transition-mode service-template : N/A
User authentication mode : Bypass
Intrusion protection : Disabled
Intrusion protection mode : Temporary-block
Temporary block time : 180 sec
Temporary service stop time : 20 sec
Fail VLAN ID : 1
802.1X handshake : Enabled
802.1X handshake secure : Disabled
802.1X domain : my-domain
MAC-auth domain : Not configured
Max 802.1X users per BSS : 4096
Max MAC-auth users per BSS : 4096
802.1X re-authenticate : Enabled
Authorization fail mode : Online
Accounting fail mode : Online
Authorization : Permitted
Key derivation : SHA1
PMF status : Optional
Hotspot policy number : Not configured
Forwarding policy status : Disabled
Forwarding policy name : Not configured
Forwarder : AP
FT status : Disabled
QoS trust : Port
QoS priority : 0
BTM status : Disabled
Table 17 Command output
Field |
Description |
SSID |
SSID of the service template. |
SSID-hide |
Whether the SSID is hidden in beacons: · Disabled. · Enabled. |
User-isolation |
Use isolation: · Disabled. · Enabled. |
Service template status |
Service template status: · Disabled. · Enabled. |
Maximum clients per BSS |
Maximum number of clients that the BSS supports. |
VLAN ID |
ID of the VLAN to which clients belong after they come online through the service template. |
Customer Vlan |
ID of the inner VLAN to which clients belong after they come online through the service template. |
AKM mode |
AKM mode: · 802.1X. · PSK. |
Security IE |
Security IE: · RSN. · WPA. |
Cipher suite |
Cipher suite: · WEP40. · WEP104. · WEP128. · TKIP. · CCMP. · GCMP. |
TKIP countermeasure time |
TKIP countermeasure time. The value 0 indicates no countermeasures are taken. |
PTK rekey |
Whether PTK rekey is enabled: · Enabled. · Disabled. |
GTK rekey |
Whether GTK rekey is enabled: · Enabled. · Disabled. |
GTK rekey method |
GTK rekey method: · Time-based. · Packet-based. |
GTK rekey time |
GTK rekey interval. |
GTK rekey packets |
Number of packets that can be transmitted before the GTK is refreshed. |
GTK rekey client-offline |
Whether client-off GTK rekey is enabled: · Enabled. · Disabled. |
WPA3 status |
WPA3 security mode: · Disabled. · Mandatory. · Optional. |
Enhance-open status |
Whether enhanced open system authentication is enabled: · Disabled. · Enabled. |
Enhanced-open transition-mode service-template |
Recommended service template in transition mode. If no service template is specified, this field displays N/A. |
User authentication mode |
Authentication mode: · Bypass—No authentication. · MAC. · MAC-or-802.1X—MAC authentication is performed first. If MAC authentication fails, 802.1X authentication is performed. · 802.1X. · 802.1X-or-MAC—802.1X authentication is performed first. If 802.1X authentication fails, MAC authentication is performed. · OUI-or-802.1X—OUI authentication is performed first. If OUI authentication fails, 802.1X authentication is performed. · MAC-and-802.1X—MAC authentication is performed first. If MAC authentication succeeds, 802.1X authentication is performed. |
Intrusion protection |
Whether intrusion protection is enabled: · Enabled. · Disabled. |
Intrusion protection mode |
Intrusion protection mode: · Temporary-block—Temporarily adds intruders to the block list. · Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets. · Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets. |
Temporary block time |
Temporary block time in seconds. |
Temporary service stop time |
Temporary service stop time in seconds. |
Fail VLAN ID |
ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured. |
Critical VLAN ID |
ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the critical VLAN ID is not configured. |
802.1X handshake |
Whether 802.1X handshake is enabled: · Enabled. · Disabled. |
802.1X handshake secure |
Whether secure 802.1X handshake is enabled: · Enabled. · Disabled. |
802.1X domain |
802.1X authentication domain. This field displays Not configured if the domain is not configured. |
MAC-auth domain |
MAC authentication domain. This field displays Not configured if the domain is not configured. |
Max 802.1X users per BSS |
Maximum number of supported 802.1X users in a BSS. |
Max MAC-auth users per BSS |
Maximum number of supported users that pass the MAC authentication in a BSS. |
802.1X re-authenticate |
Whether 802.1X reauthentication is enabled: · Enabled. · Disabled. |
Authorization fail mode |
Authorization fail mode: · Offline—Clients are logged off when authorization fails. · Online—Clients are not logged off when authorization fails. |
Accounting fail mode |
Accounting fail mode: · Offline—Clients are logged off when accounting fails. · Online—Clients are not logged off when accounting fails. |
Authorization |
Authorization information: · Permitted—Applies the authorization information issued by the RADIUS server or the local device. · Ignored—Ignores the authorization information issued by the RADIUS server or the local device. |
Key derivation |
Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm. |
PMF status |
PMF status: · Disabled—Management frame protection is disabled. · Optional—Management frame protection in optional mode is enabled. · Mandatory—Management frame protection in mandatory mode is enabled. |
Hotspot policy number |
This field is not supported in the current software version. Hotspot 2.0 policy number. |
Forwarding policy status |
This field is not supported in the current software version. WLAN forwarding policy status: · Disabled. · Enabled. |
Forward policy name |
This field is not supported in the current software version. WLAN forwarding policy name: · Not configured—No WLAN forwarding policy is configured. · policy-name. |
Forwarder |
Client traffic forwarder: AP. |
FT status |
This field is not supported in the current software version. FT status: · Disabled. · Enabled. |
FT method |
This field is not supported in the current software version. FT method: · over-the-air. · over-the-ds. |
FT reassociation deadline |
This field is not supported in the current software version. FT reassociation timeout timer in seconds. |
QoS trust |
QoS priority trust mode: · Port—Port priority trust mode. · Dot11e—802.11e priority trust mode. |
QoS priority |
Port priority in the range of 0 to 7. |
BTM status |
BSS Transition Management (BTM) status: · Disabled. · Enabled. |
display wlan statistics client
Use display wlan statistics client to display client statistics.
Syntax
display wlan statistics client [ mac-address mac-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.
Examples
# Display statistics for all clients.
<Sysname> display wlan statistics client
MAC address : 0014-6c8a-43ff
AP name : fatap
Radio ID : 1
SSID : office
BSSID : 000f-e2ff-7700
RSSI : 31
Sent frames:
Back ground : 0/0 (frames/bytes)
Best effort : 9/1230 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 2/76 (frames/bytes)
Received frames:
Back ground : 0/0 (frames/bytes)
Best effort : 18/2437 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 7/468 (frames/bytes)
Discarded frames:
Back ground : 0/0 (frames/bytes)
Best effort : 0/0 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 5/389 (frames/bytes)
Table 18 Command output
Field |
Description |
SSID |
SSID of the service template. |
MAC address |
Client MAC address. |
Back ground |
AC-BK queue. |
Best effort |
AC-BE queue. |
Video |
AC-VI queue. |
Voice |
AC-VO queue. |
display wlan statistics connect-history
Use display wlan statistics connect-history to display client connection history.
Syntax
display wlan statistics connect-history service-template service-template-name
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
service-template service-template-name: Specifies a service template by its name.
Examples
# Display the connection history for service template 1.
<Sysname> display wlan statistics connect-history service-template 1
AP name : fatap
Radio ID : 1
Associations : 132
Association failures : 3
Reassociations : 30
Rejections : 12
Abnormal disassociations : 2
Current associations : 57
display wlan statistics service template
Use display wlan statistics service-template to display service template statistics.
Syntax
display wlan statistics service-template service-template-name
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
service-template service-template-name: Specifies a service template by its name.
Examples
# Display statistics for service template 1.
<Sysname> display wlan statistics service-template 1
AP name : fatap
Radio ID : 1
Received:
Frame count : 1713
Frame bytes : 487061
Data frame count : 1683
Data frame bytes : 485761
Association request count : 2
Sent:
Frame count : 62113
Frame bytes : 25142076
Data frame count : 55978
Data frame bytes : 22626600
Association response count : 2
display wlan whitelist
Use display wlan whitelist to display whitelist entries.
Syntax
display wlan whitelist
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display whitelist entries.
<Sysname> display wlan whitelist
Total number of clients: 3
MAC addresses:
000e-35b2-000e
0019-5b8e-b709
001c-f0bf-9c92
interface wlan-radio
Use interface wlan-radio to enter WLAN radio interface view.
Syntax
interface wlan-radio interface-number
Views
System view
Predefined user roles
network-admin
Examples
interface-number: Specifies the WLAN radio interface ID.
Examples
# Enter interface view of WLAN radio interface 1/0/1.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-wlan-radio-1]
Related commands
display interface wlan-radio
nas-id
Use nas-id to set the network access server identifier (NAS ID).
Syntax
nas-id nas-id
undo nas-id
Default
No NAS ID is specified.
Views
Global configuration view
Predefined user roles
network-admin
Parameters
nas-id: Specifies a NAS ID, a case-sensitive string of 1 to 63 characters.
Usage guidelines
After coming online, a client sends a RADIUS request that carries the NAS ID to the RADIUS server to indicate its network access server.
Examples
# Set the global NAS ID to abc123.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] nas-id abc123
nas-port-type
Use nas-port-type to set the NAS port type attribute in RADIUS requests.
Use the undo nas-port-type to restore the default.
Syntax
nas-port-type value
undo nas-port-type
Default
The NAS port type is Wireless-IEEE 802.11.
Views
Service template view
Predefined user roles
network-admin
Parameters
value: Specifies a NAS port type by its code value in the range of 0 to 255. Table 19 lists the most commonly used NAS port types and their code values.
Table 19 Common NAS port types and their code values
NAS port type |
Code value |
Async |
0 |
Sync |
1 |
ISDN Sync |
2 |
ISDN Async V.120 |
3 |
ISDN Async V.110 |
4 |
Virtual |
5 |
PIAFS |
6 |
HDLC Clear Channel |
7 |
X.25 |
8 |
X.75 |
9 |
G.3 Fax |
10 |
SDSL |
11 |
ADSL-CAP |
12 |
ADSL-DMT |
13 |
IDSL |
14 |
Ethernet |
15 |
xDSL |
16 |
Cable |
17 |
Wireless-Other |
18 |
Wireless-IEEE 802.11 |
19 |
Usage guidelines
You can execute this command to set the NAS port type attribute in RADIUS requests for 802.11X and MAC-authenticated clients.
Make sure the service template is disabled before you execute this command.
Examples
# Set the NAS port type in RADIUS requests to 15 (Ethernet).
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] nas-port-type 15
quick-association enable
Use quick-association to enable quick association.
Use undo quick-association to disable quick association.
Syntax
quick-association enable
undo quick-association enable
Default
Quick association is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.
Examples
# Enable quick association for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1]quick-association enable
reset wlan client
Use reset wlan client to log off a client or all clients.
Syntax
reset wlan client { all | mac-address mac-address }
View
User view
Predefined user roles
network-admin
Parameters
all: Specifies all clients.
mac-address mac-address: Specifies a client by its MAC address.
Examples
# Log off all clients.
<Sysname> reset wlan client all
Related commands
display wlan client
reset wlan client-mode packet-statistics
Use reset wlan client-mode packet-statistics to clear statistics about received and transmitted packets in client mode.
Syntax
reset wlan client-mode packet-statistics radio radio-id
View
User view
Predefined user roles
network-admin
Parameters
radio-id: Specifies a radio by its ID.
Examples
# Clear statistics about received and transmitted packets in client mode.
<Sysname> reset wlan client-mode packet-statistics radio 1
Related commands
client-mode enable
display wlan client-mode packet-statistics
reset wlan client-mode roaming-state
Use reset wlan client-mode roaming-state to clear information about BSSs detected in client mode.
Syntax
reset wlan client-mode roaming-state
View
User view
Predefined user roles
network-admin
Examples
# Clear information about BSSs detected in client mode.
<Sysname> reset wlan client-mode roaming-state
Related commands
client-mode enable
display wlan client-mode roaming-state
reset wlan dynamic-blacklist
Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.
Syntax
reset wlan dynamic-blacklist [ mac-address mac-address ]
Views
User view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.
Examples
# Remove all clients from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist
# Remove the specified client from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69
Related commands
display wlan blacklist
reset wlan statistics client
Use reset wlan statistics client to clear client statistics.
Syntax
reset wlan statistics client { all | mac-address mac-address }
View
User view
Predefined user roles
network-admin
Parameters
all: Specifies all clients.
mac-address mac-address: Specifies a client by its MAC address.
Examples
# Clear statistics about all clients.
<Sysname> reset wlan statistics client all
Related commands
display wlan statistics
reset wlan statistics service-template
Use reset wlan statistics service-template to clear service template statistics.
Syntax
reset wlan statistics service-template service-template-name
View
User view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Examples
# Clear statistics about service template service1.
<Sysname> reset wlan statistics service-template service1
Related commands
display wlan statistics
service-template
Use service-template to bind a service template to a radio interface.
Use undo service-template to unbind a service template from a radio interface.
Syntax
service-template service-template-name
undo service-template service-template-name
Default
In radio interface view, no service template is bound to a radio interface.
Views
Radio interface view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
Before you bind a service template to a radio or a radio interface, you must create the service template.
Examples
# Bind service template service1 to interface WLAN-Radio 1/0/1.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-wlan-radio-1] service-template service1
service-template enable
Use service-template enable to enable a service template.
Use undo service-template enable to disable a service template.
Syntax
service-template enable
undo service-template enable
Default
A service template is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
If the number of BSSs on a device exceeds the limit, you cannot enable a new service template.
Examples
# Enable service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] service-template enable
snmp-agent trap enable wlan client
Use snmp-agent trap enable wlan client to enable SNMP notification for client access.
Use undo snmp-agent trap enable wlan client to disable SNMP notification for client access.
Syntax
snmp-agent trap enable wlan client
undo snmp-agent trap enable wlan client
Default
SNMP notification is disabled for client access.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notification for client access.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan client
snmp-agent trap enable wlan client-audit
Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.
Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.
Syntax
snmp-agent trap enable wlan client-audit
undo snmp-agent trap enable wlan client-audit
Default
SNMP notification is disabled for client audit.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notification for client audit.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan client-audit
ssid
Use ssid to set an SSID for a service template.
Use undo ssid to restore the default.
Syntax
ssid ssid-name
undo ssid
Default
No SSID is configured for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
Disable the service template before you execute this command.
Examples
# Set the SSID to lynn for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] ssid lynn
unknown-client
Use unknown-client to set the way that an AP processes traffic from unknown clients.
Use undo unknown-client to restore the default.
Syntax
unknown-client { deauthenticate | drop }
undo unknown-client
Default
An AP drops packets from unknown clients and deauthenticates these clients.
Views
Service template view
Predefined user roles
network-admin
Parameters
deauthenticate: Drops packets from unknown clients and deauthenticates these clients.
drop: Drops packets from unknown clients.
Examples
# Configure APs that use service template example to drop packets from unknown clients but not deauthenticate these clients.
<Sysname> system-view
[Sysname] wlan service-template example
[Sysname-wlan-st-example] unknown-client drop
vlan
Use vlan to assign clients coming online through a service template to the specified VLAN.
Use undo vlan to restore the default.
Syntax
vlan vlan-id
undo vlan
Default
Clients are assigned to VLAN 1 after coming online through a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094.
Usage guidelines
Disable the service template before you execute this command.
If the specified VLAN does not exist, this command creates the VLAN when clients come online.
Examples
# Assign clients coming online through service template service1 to VLAN 2.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] vlan 2
wlan association optimization
Use wlan association optimization to set the index for optimizing client association ratios.
Use undo wlan association optimization to restore the default.
Syntax
wlan association optimization value
undo wlan association optimization
Default
The index is 0. The device does not optimize client association ratios.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the index for optimizing client association ratios, in the range of 900 to 1000. The smaller the index is, the smaller the calculated association success ratio will be and the larger the calculated congestion ratio and abnormal disassociation ratio will be.
Usage guidelines
This feature enables the device to recalculate the client association success ratio, association congestion ratio, and abnormal disassociation ratio by using the specified index to get smaller ratio values.
The client association success ratio is the number of successful client associations divided by the total number of client association attempts. The client association congestion ratio is the number of failed client associations caused by AP overloading divided by the total number of client association attempts. The client abnormal disassociation ratio is the number of abnormal disassociations divided by the sum of successful associations and online clients.
Examples
# Set the index for optimizing client association ratios to 950.
<Sysname> system-view
[Sysname] wlan association optimization 950
wlan broadcast-probe reply
Use wlan broadcast-probe reply to enable the AP to respond to broadcast probe requests.
Use undo wlan broadcast-probe reply to disable the AP from responding to broadcast probe requests.
Syntax
wlan broadcast-probe reply
undo wlan broadcast-probe reply
Default
The AP responds to all broadcast probe requests.
Views
System view
Predefined user roles
network-admin
Examples
# Disable the AP from responding to broadcast probe requests.
<Sysname> system-view
[Sysname] undo wlan broadcast-probe reply
wlan client idle-timeout
Use wlan client idle-timeout to set the client idle timeout timer.
Use undo wlan client idle-timeout to restore the default.
Syntax
wlan client idle-timeout timeout
undo wlan client idle-timeout
Default
The client idle timeout timer is 3600 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
timeout: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.
Usage guidelines
If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.
Examples
# Set the client idle timeout timer to 2000 seconds.
<Sysname> system-view
[Sysname] wlan client idle-timeout 2000
wlan client keep-alive
Use wlan client keep-alive enable to enable client keepalive.
Use undo wlan client keep-alive to disable client keepalive.
Syntax
wlan client keep-alive enable
undo wlan client keep-alive
Default
Client keepalive is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables the AP to send keepalive packets to clients at the specified intervals to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.
Examples
# Enable client keepalive.
<Sysname> system-view
[Sysname] wlan client keep-alive enable
Related commands
wlan client keep-alive interval
wlan client keep-alive interval
Use wlan client keep-alive interval to set the client keepalive interval.
Use undo wlan client keep-alive interval to restore the default.
Syntax
wlan client keep-alive interval interval
undo wlan client keep-alive interval
Default
The client keepalive interval is 300 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.
Usage guidelines
Enable client keepalive on the AP before you execute this command.
This feature enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.
Examples
# Set the client keepalive interval to 1000 seconds.
<Sysname> system-view
[Sysname] wlan client keep-alive interval 1000
Related commands
wlan client keep-alive
wlan client reauthentication-period
Use wlan client reauthentication-period to set the idle period before client reauthentication.
Use undo wlan client reauthentication-period to restore the default.
Syntax
wlan client reauthentication-period [ period-value ]
undo wlan client reauthentication-period
Default
The idle period is 10 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
period-value: Specifies the idle period in the range of 1 to 3600 seconds.
Usage guidelines
When URL redirection for WLAN MAC authentication is enabled, an AP redirects clients whose information is not recorded on the RADIUS server to the specified URL for Web authentication. Clients passing Web authentication are logged off and must perform MAC reauthentication to come online. However, MAC reauthentication fails if the IP addresses assigned to the clients have not expired.
Perform this task to add these clients to the dynamic blacklist for the specified idle period after they pass Web authentication to reduce reauthentication failures.
Examples
# Set the idle period before client reauthentication to 100 seconds.
<Sysname> system-view
[Sysname] wlan client reauthentication-period 100
wlan dynamic-blacklist lifetime
Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries.
Use undo wlan dynamic-blacklist lifetime to restore the default.
Syntax
wlan dynamic-blacklist lifetime lifetime
undo wlan dynamic-blacklist lifetime
Default
The aging time is 300 seconds for dynamic blacklist entries.
Views
System view
Predefined user roles
network-admin
Parameters
lifetime: Specifies the aging time in the range of 1 to 3600 seconds.
Usage guidelines
The configured aging time takes effect only on entries added to the dynamic blacklist after this command is executed.
The aging time for dynamic blacklist entries only applies to rogue client entries.
Examples
# Set the aging time for dynamic blacklist entries to 3600 seconds.
<Sysname> system-view
[Sysname] wlan dynamic-blacklist lifetime 3600
wlan link-test
Use wlan link-test to test wireless link quality.
Syntax
wlan link-test mac-address
Views
Any view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the client MAC address in the H-H-H format.
Usage guidelines
Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.
The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.
Examples
# Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0.
<Sysname> wlan link-test 60a4-4cda-eff0
Testing link to 60a4-4cda-eff0. Press CTRL + C to break.
Link Status
-----------------------------------------------------------------------
MAC address: 60a4-4cda-eff0
-----------------------------------------------------------------------
VHT-MCS Rate(Mbps) Tx packets Rx packets RSSI Retries RTT(ms)
-----------------------------------------------------------------------
NSS = 1
-----------------------------------------------------------------------
0 32.5 5 5 54 0 0
1 65 5 5 51 0 0
2 97.5 5 5 49 0 0
3 130 5 5 47 0 0
4 195 5 5 45 0 0
5 260 5 5 45 0 0
6 292.5 5 5 44 0 0
7 325 5 5 44 0 0
8 390 5 5 44 0 0
9 433.3 5 5 43 0 0
-----------------------------------------------------------------------
NSS = 2
-----------------------------------------------------------------------
0 65 5 5 44 0 0
1 130 5 5 44 0 0
2 195 5 5 44 0 0
3 260 5 5 44 0 0
4 390 5 5 44 0 0
5 520 5 5 44 0 0
6 585 5 5 43 0 0
7 650 5 5 43 0 0
8 780 5 5 43 0 0
9 866.7 5 5 43 0 0
# Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0.
<Sysname> wlan link-test 784f-43b6-077c
Testing link to 784f-43b6-077c. Press CTRL + C to break.
Link Status
-----------------------------------------------------------------------
MAC address: 784f-43b6-077c
-----------------------------------------------------------------------
MCS Rate(Mbps) Tx packets Rx packets RSSI Retries RTT(ms)
-----------------------------------------------------------------------
0 6.5 5 5 54 0 0
1 13 5 5 51 0 0
2 19.5 5 5 49 0 0
3 26 5 5 47 0 0
4 39 5 5 45 0 0
5 52 5 5 45 0 0
6 58.5 5 5 44 0 0
7 72.2 5 5 44 0 0
8 13 5 5 44 0 0
9 26 5 5 43 0 0
10 39 5 5 44 0 0
11 52 5 5 44 0 0
12 78 5 5 44 0 0
13 104 5 5 44 0 0
14 117 5 5 44 0 0
15 144.4 5 5 44 11 0
-----------------------------------------------------------------------
Table 20 Command output
Field |
Description |
No./MCS/VHT-MCS |
· No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients. · MCS—MCS index for link quality test on 802.11n clients. · VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients. |
Rate(Mbps) |
Rate at which the AP sends wireless link quality detection frames. |
Tx packets |
Number of wireless link quality detection frames sent by the AP. |
Rx packets |
Number of responses received by the AP. |
RSSI |
RSSI of the client detected by the AP. |
Retries |
Number of wireless link quality retransmission frames sent by the AP. |
RTT(ms) |
Round trip time for link quality test frames from the AP to the client. |
NSS |
Number of spatial streams for link quality test on 802.11n or 802.11ac clients. |
wlan nas-port-id format
Use wlan nas-port-id format to set the format of NAS port IDs for wireless clients.
Use undo wlan nas-port-id format to restore the default.
Syntax
wlan nas-port-id format { 2 | 4 }
undo wlan nas-port-id format
Default
Clients use format 2 to generate NAS port IDs.
Views
System view
Predefined user roles
network-admin
Parameters
2: Specifies the SlotID00IfNOVlanID format.
· SlotID—Slot ID for client access, a string of two characters.
· IfNO—Interface number for client access, a string of three characters.
· VlanID—VLAN ID for client access, a string of nine characters.
4: Specifies the slot=**;subslot=**;port=**;vlanid=**;vlanid2=** format. The vlanid2 field is available only for clients accessing the WLAN through an interface configured with VLAN termination.
Usage guidelines
802.1X and MAC-authenticated clients provide NAS port IDs in the specified format in RADIUS packets.
Examples
# Set the NAS port ID format to format 4.
<Sysname> system-view
[Sysname] wlan nas-port-id format 4
wlan service-template
Use wlan service-template to create a service template and enter its view, or enter the view of an existing service template.
Use undo wlan service-template to delete a service template.
Syntax
wlan service-template service-template-name
undo wlan service-template service-template-name
Default
No service template exists.
Views
System view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
You cannot delete a service template that has been bound to a radio.
Examples
# Create service template service1 and enter its view.
<Sysname> system-view
[Sysname] wlan service-template service1
wlan static-blacklist mac-address
Use wlan static-blacklist mac-address to add a client to the static blacklist.
Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.
Syntax
wlan static-blacklist mac-address mac-address
undo wlan static-blacklist [ mac-address mac-address ]
Default
No clients exist in the static blacklist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.
Usage guidelines
If you add an online client to the static blacklist, the command logs off the client.
You cannot add a client to both the whitelist and the static blacklist.
The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.
Do not add multicast or broadcast MAC addresses to the static blacklist.
Examples
# Add MAC address 001c-f0bf-9c92 to the static blacklist.
<Sysname> system-view
[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92
Related commands
display wlan blacklist
wlan web-server api-path
Use wlan web-server api-path to specify the path of the Web server to which client information is reported.
Use undo wlan web-server api-path to restore the default.
Syntax
wlan web-server api-path path
undo wlan web-server api-path
Default
The path of the Web server is not specified.
Views
System view
Predefined user roles
network-admin
Parameters
path: Specifies a path, a case-sensitive string of 1 to 256 characters.
Usage guidelines
The Web server accepts client information only when the server's host name, port number, and path are specified.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the path of the Web server as /wlan/dev-cfg.
<Sysname> system-view
[Sysname] wlan web-server api-path /wlan/dev-cfg
Related commands
wlan web-server host
wlan web-server max-client-entry
wlan web-server host
Use wlan web-server host to specify the host name and port number of the Web server to which client information is reported.
Use undo wlan web-server host to restore the default.
Syntax
wlan web-server host host-name port port-number
undo wlan web-server host
Default
The host name and port number of the Web server are not specified.
Views
System view
Predefined user roles
network-admin
Parameters
host host-name: Specifies a host name, a case-insensitive string of 3 to 127 characters that can contain letters, digits, hyphens (-), underscores (_), and dots (.).
port port-number: Specifies a port number in the range of 1 to 65534.
Usage guidelines
The Web server accepts client information only when the server's host name, port number, and path are specified.
Client information changes are reported to the Web server in real time.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the host name and port number of the Web server as www.abc.com and 668, respectively.
<Sysname> system-view
[Sysname] wlan web-server host www.abc.com port 668
Related commands
wlan web-server api-path
wlan web-server max-client-entry
wlan web-server max-client-entry
Use wlan web-server max-client-entry to set the maximum number of client entries that can be reported at a time.
Use undo wlan web-server max-client-entry to restore the default.
Syntax
wlan web-server max-client-entry number
undo wlan web-server max-client-entry
Default
A maximum of ten client entries can be reported at a time.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies a maximum number of client entries that can be reported at a time, in the range of 1 to 25.
Examples
# Set the maximum of client entries that can be reported at a time to 12.
<Sysname> system-view
[Sysname] wlan web-server max-client-entry 12
Related commands
wlan web-server api-path
wlan web-server host
wlan whitelist mac-address
Use wlan whitelist mac-address to add a client to the whitelist.
Use undo wlan whitelist mac-address to remove a client from the whitelist.
Syntax
wlan whitelist mac-address mac-address
undo wlan whitelist [ mac-address mac-address ]
Default
No clients exist in the whitelist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.
Usage guidelines
When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.
If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.
You cannot add a client to both the whitelist and the static blacklist.
The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.
Do not add multicast or broadcast MAC addresses to the whitelist.
Examples
# Add MAC address 001c-f0bf-9c92 to the whitelist.
<Sysname> system-view
[Sysname] wlan whitelist mac-address 001c-f0bf-9c92
This command will disconnect all clients. Continue? [Y/N]:
Related commands
display wlan whitelist