- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 2.09 MB |
display wlan ap association-failure-record
display wlan ap connection-record
display wlan ap running-configuration
display wlan ap tunnel latency
display wlan ap tunnel-down-record
display wlan ap unauthenticated
display wlan ap-distribution ap-name
snmp-agent trap enable wlan ap
snmp-agent trap enable wlan capwap
wlan ap-authentication permit-unauthenticated
wlan capwap discovery-policy unicast
display wlan ap continuous-mode
display wlan ap radio-statistics
reset wlan ap radio-statistics
client forwarding-policy enable
client preferred-vlan authorized
display wlan ap all radio client-number
display wlan ap all client-number
display wlan ap-group all client-number
display wlan client online-duration
display wlan forwarding-policy
inherit exclude service-template
reset wlan statistics service-template
snmp-agent trap enable wlan client
snmp-agent trap enable wlan client-audit
wlan client forwarding-policy-name
wlan client reauthentication-period
wlan dynamic-blacklist active-on-ap
wlan dynamic-blacklist lifetime
wlan static-blacklist mac-address
wlan web-server max-client-entry
gtk-rekey client-offline enable
snmp-agent trap enable wlan usersec
client-security accounting-delay time
client-security accounting-start trigger
client-security accounting-update trigger
client-security authentication critical-vlan
client-security authentication fail-vlan
client-security authentication-location
client-security authentication-mode
client-security authorization-fail offline
client-security ignore-authentication
client-security ignore-authorization
client-security intrusion-protection action
client-security intrusion-protection enable
client-security intrusion-protection timer temporary-block
client-security intrusion-protection timer temporary-service-stop
display wlan client-security block-mac
countermeasure attack deauth-broadcast
countermeasure attack disassoc-broadcast
countermeasure attack honeypot-ap
countermeasure attack hotspot-attack
countermeasure attack ht-40-mhz-intolerance
countermeasure attack malformed-packet
countermeasure attack man-in-the-middle
countermeasure attack power-save
countermeasure attack unencrypted-trust-client
countermeasure attack windows-bridge
countermeasure misassociation-client
countermeasure misconfigured-ap
countermeasure potential-authorized-ap
countermeasure potential-external-ap
countermeasure potential-rogue-ap
countermeasure unauthorized-client
countermeasure uncategorized-ap
countermeasure uncategorized-client
display wips virtual-security-domain countermeasure record
display wips virtual-security-domain device
malformed invalid-address-combination
malformed invalid-disassoc-code
match all (AP classification rule view)
reset wips virtual-security-domain
reset wips virtual-security-domain countermeasure record
ssid (AP classification rule view)
bandwidth-guarantee service-template
client-rate-limit (radio view/AP group radio view)
client-rate-limit (service template view)
client-rate-limit { disable | enable }
display wlan mobility roam-track mac-address
snmp-agent trap enable wlan mobility
WLAN radio resource measurement commands
wlan band-navigation aging-time
wlan band-navigation balance access-denial
wlan band-navigation balance session
wlan band-navigation rssi-threshold
WLAN multicast optimization commands
display wlan ipv6 multicast-optimization entry
display wlan multicast-optimization entry
ipv6 multicast-optimization enable
reset wlan ipv6 multicast-optimization entry
reset wlan ipv6 multicast-optimization entry group
reset wlan multicast-optimization entry
reset wlan multicast-optimization entry group
wlan ipv6 multicast-optimization aging-time
wlan ipv6 multicast-optimization client entry-limit
wlan ipv6 multicast-optimization entry client-limit
wlan ipv6 multicast-optimization global entry-limit
wlan ipv6 multicast-optimization packet-rate-limit
wlan multicast-optimization aging-time
wlan multicast-optimization client entry-limit
wlan multicast-optimization entry client-limit
wlan multicast-optimization global entry-limit
wlan multicast-optimization packet-rate-limit
cloud-management server domain
display cloud-management state
adjacency-factor radio-selection
calibrate-channel monitoring time-range
calibrate-channel self-decisive
calibrate-channel self-decisive sensitivity
display wlan rrm baseline apply-history
display wlan rrm-calibration-group
snmp-agent trap enable wlan rrm
wlan calibrate-channel pronto ap all
wlan calibrate-power pronto ap all
wlan rrm calibration-channel interval
wlan rrm calibration-power interval
client ip-snooping http-learning enable
client ipv4-snooping arp-learning enable
client ipv4-snooping dhcp-learning enable
client ipv6-snooping dhcpv6-learning enable
client ipv6-snooping nd-learning enable
client ipv6-snooping snmp-nd-report enable
display wlan load-balance group
display wlan load-balance status service-template
snmp-agent trap enable wlan load-balance
wlan load-balance access-denial
wlan load-balance mode bandwidth
wlan load-balance mode session
wlan load-balance mode traffic
wlan load-balance rssi-threshold
client-proximity-sensor ap-timer
client-proximity-sensor ap-udp-server
client-proximity-sensor client-timer
client-proximity-sensor coordinates
client-proximity-sensor filter-list
client-proximity-sensor random-mac-report enable
client-proximity-sensor report-ac enable
client-proximity-sensor report-ac-interval
client-proximity-sensor report-ap enable
client-proximity-sensor report-oasis client
client-proximity-sensor report-oasis disable
client-proximity-sensor report-oasis rssi-change-threshold
client-proximity-sensor rssi-threshold
client-proximity-sensor rt-report enable
client-proximity-sensor server
client-proximity-sensor timezone-offset
client-proximity-sensor udp-server
display client-proximity-sensor device
display client-proximity-sensor sensor
display client-proximity-sensor statistics receive
reset client-proximity-sensor device
AP management commands
Only the following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC/3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
ac
Use ac to specify an AC for an AP.
Use undo ac to delete the specified AC information.
Syntax
ac { host-name hostname | ip ipv4-address }
undo ac { host-name | ip [ ipv4-address ] }
Default
In AP provision view, an AP uses the configuration in AP group provision view.
In AP group provision view, no AC is specified for an AP.
Views
AP provision view
AP group provision view
Predefined user roles
network-admin
Parameters
host-name host-name: Specifies an AC by its host name, a case-insensitive string of 1 to 253 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.).
ip ipv4-address: Specifies an AC by its IPv4 address.
Usage guidelines
You can configure a maximum of three AC IPv4 addresses and only one host name. If you configure multiple host names, the most recent configuration takes effect.
The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.
The configuration in AP provision view takes precedence over the configuration in AP group provision view.
The undo form of the command deletes all AC IPv4 addresses if you do not specify the ipv4-address argument.
Examples
# Specify the AC whose IP address is 192.168.100.11 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ac ip 192.168.100.11
# Specify the AC whose IP address is 192.168.100.11 for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group1-prvs] ac ip 192.168.100.11
ap
Use ap to create an AP grouping rule by AP names.
Use undo ap to delete an AP grouping rule by AP names.
Syntax
ap ap-name-list
undo ap ap-name-list
Default
No AP grouping rules by AP names exist.
Views
AP group view
Predefined user roles
network-admin
Parameters
ap-name-list: Specifies a maximum of 10 space-separated AP names. An AP name is a case-insensitive string of 1 to 64 characters that can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command does not identify whether the specified AP exists.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
If the created AP grouping rule already exists in another AP group, this command deletes the rule from that AP group.
You cannot execute this command in the view of the default AP group.
Examples
# Create an AP grouping rule by AP names to add APs ap1, ap2, and ap3 to AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap ap1 ap2 ap3
Related commands
wlan ap-group
ap-model
Use ap-model to create an AP model and enter its view, or enter the view of an existing AP model.
Use undo ap-model to remove an AP model and its configuration.
Syntax
ap-model ap-model
undo ap-model ap-model
Default
No AP models exist.
Views
AP group view
Predefined user roles
network-admin
Parameters
ap-model: Specifies an AP model name.
Examples
# Create an AP model named WA4320i-ACN and enter its view.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-group1-ap-model-WA4320i-ACN]
control-address
Use control-address to specify the IP address to be carried in the CAPWAP Control IP Address message element.
Use undo control-address to restore the default.
Syntax
control-address { ip ipv4-address | ipv6 ipv6-address }
undo control-address { ip | ipv6 }
Default
In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, AC's IP address is inserted in the CAPWAP Control IP Address element.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies an IPv4 address in the CAPWAP Control IPv4 Address message element.
ipv6 ipv6-address: Specifies an IPv6 address in the CAPWAP Control IPv6 Address message element.
Usage guidelines
This command takes effect only when the AC rediscovery feature is enabled.
You can specify a maximum of three IPv4 or IPv6 addresses in the CAPWAP Control IP Address message element.
The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.
Examples
# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] control-address ip 192.168.1.1
# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in AP group view.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-ap-group-10] control-address ip 192.168.1.1
# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in global configuration view.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] control-address ip 192.168.1.1
Related commands
control-address enable
control-address enable
Use control-address enable to enable the AC rediscovery feature.
Use control-address disable to disable the AC rediscovery feature.
Use undo control-address to restore the default.
Syntax
control-address { disable | enable }
undo control-address
Default
In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, the AC rediscovery feature is disabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
An AC enabled with AC rediscovery adds the CAPWAP Control IP Address message element to the discovery responses sent to APs. Upon receiving such a discovery response, an AP establishes a CAPWAP tunnel with the IP address representing the optimal AC in the CAPWAP Control IP Address message element.
An AC disabled with AC rediscovery does not add the CAPWAP Control IP Address message element in discovery responses sent to APs. APs that receive the discovery responses will send join requests to the source IP address of the discovery responses to establish CAPWAP tunnels with the AC.
The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.
Examples
# Enable the AC rediscovery feature in AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] control-address enable
# Enable the AC rediscovery feature in AP group view.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-ap-group-10] control-address enable
# Enable the AC rediscovery feature in global configuration view.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] control-address enable
Related commands
control-address
data-tunnel encryption
Use data-tunnel encryption enable to enable CAPWAP data tunnel encryption.
Use data-tunnel encryption disable to disable CAPWAP data tunnel encryption.
Use undo data-tunnel encryption to restore the default.
Syntax
data-tunnel encryption { disable | enable }
undo data-tunnel encryption
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, CAPWAP data tunnel encryption is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
This command takes effect on an AP only when the AP restarts.
When this feature is enabled, an AP exchanges encryption information including keys with the AC through the CAPWAP control tunnel upon receiving the first keepalive packet from the AC. After the exchange, the AC and the AP will encrypt data packets transmitted in a CAPWAP data tunnel. Keepalive packets are not encrypted.
Before enabling this feature, make sure you have enabled the CAPWAP control tunnel encryption.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable CAPWAP data tunnel encryption for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] data-tunnel encryption enable
This operation will restart the AP. Continue? [Y/N]
# Enable CAPWAP data tunnel encryption for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] data-tunnel encryption enable
This operation will restart member APs that are not enabled with CAPWAP data tunnel encryption. Continue? [Y/N]
Related commands
tunnel encryption
delete file
Use delete file to delete a file from an AP.
Syntax
delete file filename
Views
AP view
Predefined user roles
network-admin
Parameters
filename: Specifies a file by its file name, a string of 1 to 255 characters.
Usage guidelines
This command takes effect only after an AP establishes a CAPWAP tunnel with the master AC.
Examples
# Delete file startup.cfg from AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] delete file startup.cfg
Related commands
display wlan ap files
download file
description (AP group view)
Use description to configure a description for an AP group.
Use undo description to restore the default.
Syntax
description text
undo description
Default
An AP group does not have a description.
Views
AP group view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 64 characters.
Usage guidelines
Configure a description for an AP group for easy identification and management purposes.
You can use the display wlan ap-group command to view the configured description.
Examples
# Configure a description for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] description L3-office
Related commands
display wlan ap-group
wlan ap-group
description (AP view)
Use description to configure a description for an AP.
Use undo description to restore the default.
Syntax
description text
undo description
Default
An AP does not have a description.
Views
AP view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 64 characters.
Examples
# Configure a description for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-ap-ap1] description L3-office
Related commands
display wlan ap
description (AP's VLAN view)
|
NOTE: Support for this command depends on the AP model. |
Use description to configure the description of an AP VLAN.
Use undo description to restore the default.
Syntax
description text
undo description
Default
In an AP's VLAN view, a VLAN uses the configuration in an AP group's VLAN view.
In an AP group's VLAN view, the description of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has less than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100.
Views
AP's VLAN view
AP group's VLAN view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Usage guidelines
To manage VLANs efficiently, configure descriptions for them based on their functions or connections.
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
Examples
# Configure the description of VLAN 2 as sales-private in the VLAN view of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] vlan 2
[Sysname-wlan-ap-ap1-vlan2] description sales-private
# Configure the description of VLAN 2 as sales-private in the VLAN view of AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] vlan 2
[Sysname-wlan-ap-group-1-vlan2] description sales-private
Related commands
remote-configuration
discovery-response
Use discovery-response wait-time to set the discovery-response timeout timer.
Use undo discovery-response wait-time to restore the default.
Syntax
discovery-response wait-time seconds
undo discovery-response wait-time
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the discovery-response timeout timer is 2 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
seconds: Specifies the discovery-response timeout timer in the range of 2 to 20 seconds.
Usage guidelines
The discovery-response timeout timer specifies the timeout time for an AP to wait for another discovery response. Whenever an AP receives a discovery response packet, the discovery-response timeout timer is created or refreshed. When the timeout timer expires, the AP sends a join request to the optimal AC.
If the network condition is poor, set a larger discovery-response timeout timer.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the discovery-response timeout timer to 3 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap3
[Sysname-wlan-ap-ap3] discovery-response wait-time 3
# Set the discovery-response timeout timer to 3 seconds for all APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] discovery-response wait-time 3
display wlan ap
Use display wlan ap to display AP information.
Syntax
display wlan ap { all | name ap-name } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
verbose: Displays detailed information.
Examples
# Display information about all APs.
<Sysname> display wlan ap all
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 3072
Remaining APs: 3071
Total AP licenses: 128
Remaining AP licenses: 127
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run M = Master, B = Backup
AP name APID State Model Serial ID
ap1 1 R WA4320i-ACN 210235A1BSC123000050
Table 1 Command output
Field |
Description |
APID |
ID of the AP to uniquely identify the AP on the AC. |
State |
Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Serial ID |
Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured. |
# Display detailed information about AP ap1.
<Sysname> display wlan ap name ap1 verbose
AP name : ap1
AP ID : 1
AP group name : default-group
State : Run
Backup type : Master
Online time : 0 days 1 hours 25 minutes 12 seconds
System up time : 0 days 2 hours 22 minutes 12 seconds
Model : WA4320i-ACN
Region code : CN
Region code lock : Disable
Serial ID : 219801A0CNC138011454
MAC address : 0AFB-423B-893C
IP address : 192.168.1.50
UDP control port number : 18313
UDP data port number : N/A
H/W version : Ver.C
S/W version : E2321
Boot version : 1.01
USB state : N/A
Power Level : N/A
PowerInfo : N/A
Description : wtp1
Priority : 4
Echo interval : 10 seconds
Statistics report interval : 50 seconds
Fragment size (data) : 1500
Fragment size (control) : 1450
MAC type : Local MAC & Split MAC
Tunnel mode : Local Bridging & 802.3 Frame & Native Frame
CWPCAP data-tunnel status : Down
Discovery type : Static Configuration
Retransmission count : 3
Retransmission interval : 5 seconds
Firmware upgrade : Enabled
Sent control packets : 1
Received control packets : 1
Echo requests : 147
Lost echo responses : 0
Average echo delay : 3
Last reboot reason : User soft reboot
Latest IP address : 10.1.0.2
Tunnel down reason : Request wait timer expired
Connection count : 1
Backup Ipv4 : Not configured
Backup Ipv6 : Not configured
Tunnel encryption : Disabled
Data-tunnel encryption : Disabled
LED mode : Normal
Remote configuration : Enabled
Radio 1:
Basic BSSID : 7848-59f6-3940
Admin state : Up
Radio type : 802.11ac
Antenna type : internal
Client dot11ac-only : Disabled
Client dot11n-only : Disabled
Channel band-width : 20/40/80MHz
Active band-width : 20/40/80MHz
Secondary channel offset : SCB
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
Short GI for 80MHz : Supported
Short GI for 160MHz : Not supported
A-MSDU : Enabled
A-MPDU : Enabled
LDPC : Not Supported
STBC : Supported
Operational VHT-MCS Set:
Mandatory : Not configured
Supported : NSS1 0,1,2,3,4,5,6,7,8,9
NSS2 0,1,2,3,4,5,6,7,8,9
Multicast : Not configured
Operational HT MCS Set:
Mandatory : Not configured
Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15
Multicast : Not configured
Channel : 44(auto)
Channel usage(%) : 15
Max power : -102 dBm
Operational rate:
Mandatory : 6, 12, 24 Mbps
Multicast : Auto
Supported : 9, 18, 36, 48, 54 Mbps
Disabled : Not configured
Distance : 1 km
ANI : Enabled
Fragmentation threshold : 2346 bytes
Beacon interval : 100 TU
Protection threshold : 2346 bytes
Long retry threshold : 4
Short retry threshold : 7
Maximum rx duration : 2000 ms
Noise Floor : 5 dBm
Smart antenna : Enabled
Smart antenna policy : Auto
Protection mode : rts-cts
Continuous mode : N/A
HT protection mode : No protection
Radio 2:
Basic BSSID : 7848-59f6-3950
Admin state : Down
Radio type : 802.11b
Antenna type : internal
Client dot11n-only : Disabled
Channel band-width : 20MHz
Active band-width : 20MHz
Secondary channel offset : SCN
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
A-MSDU : Enabled
A-MPDU : Enabled
LDPC : Not Supported
STBC : Supported
Operational HT MCS Set:
Mandatory : Not configured
Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15
Multicast : Not configured
Channel : 5(auto)
Channel usage(%) : 0
Max power : 20 dBm
Preamble type : Short
Operational rate:
Mandatory : 1, 2, 5.5, 11 Mbps
Multicast : Auto
Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps
Disabled : Not configured
Distance : 1 km
ANI : Enabled
Fragmentation threshold : 2346 bytes
Beacon interval : 100 TU
Protection threshold : 2346 bytes
Long retry threshold : 4
Short retry threshold : 7
Maximum rx duration : 2000 ms
Noise Floor : 0 dBm
Smart antenna : Enabled
Smart antenna policy : Auto
Protection mode : rts-cts
Continuous mode : N/A
HT protection mode : No protection
Table 2 Command output
Field |
Description |
State |
Current state of the AP: · Idle—Idle. · Join—Join. · JoinAck—Join acknowledge. · Image—The AP is downloading the version. · Config—The AP is downloading initial configurations. · Data Check—The AP is checking data. · Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Backup type |
CAPWAP tunnel type: · Idle—The AP has not established a CAPWAP tunnel with the AC. · Master—The CAPWAP tunnel established between the AP and the master AC. · Backup—The CAPWAP tunnel established between the AP and the backup AC. |
Region code lock |
· Enabled. · Disabled. |
Serial ID |
Serial ID of the AP. If no serial ID is configured, this field displays Not configured. |
MAC address |
MAC address of the AP. If no MAC address is configured, this field displays Not configured. |
UDP control port number |
Port number used by the AP to establish the CAPWAP control tunnel. |
UDP data port number |
Port number used by the AP to establish the CAPWAP data tunnel. |
H/W version |
Hardware version of the AP. |
S/W version |
Software version of the AP. |
USB state |
USB state: · Enabled. · Disabled. This field displays N/A if no USB state information is available. |
Power Level |
Power level: · Low. · Middle. · High. This field displays N/A if the power level is unknown. |
PowerInfo |
Power supply information. · Power adapter—The AP uses local power supply. · PoE (port1+port2)—The AP uses PoE power supply. The port1 and port2 arguments represent the power supply status of PoE+ ports. ¡ N/A. ¡ 802.3af. ¡ 802.3at. Support for this field depends on the AP model. |
PoE status |
PoE power supply state for each PI: · Enabled. · Disabled. Support for this field depends on the AP model. |
Description |
Description for the AP. If no description is configured, this field displays Not configured. |
Priority |
AP connection priority for the AC. |
Fragment size (data) |
Maximum fragment size for CAPWAP data packets. |
Fragment size (control) |
Maximum fragment size for CAPWAP control packets. |
MAC type |
MAC type of the AP-AC connection: · Local MAC—The AP encapsulates frames in 802.3 format before sending them to the AC. · Split MAC—The AP encapsulates frames in 802.11 format before sending them to the AC. · Local & Split MAC—The AP can encapsulate frames in either 802.3 format or 802.11 format before sending them to the AC. |
Tunnel mode |
Supported tunnel mode of the AP: · Local Bridging—The AP supports local bridging and does not forward data to the AC. · 802.3 Frame—The AP encapsulates the frames in 802.3 format to send them to the AC. · Native Frame—The AP encapsulates the frames in 802.11 format to send them to the AC. · Local Bridging & 802.3 Frame—The AP supports the Local Bridging mode and the 802.3 Frame mode. · 802.3 Frame & Native Frame—The AP supports the 802.3 Frame mode and the Native Frame mode. · Local Bridging & Native Frame—The AP supports the Local Bridging mode and the Native Frame mode. |
CWPCAP data-tunnel status |
Running status of the CAPWAP data tunnel: · Up. · Down. |
Discovery type |
Discovery type of the AP: · Static Configuration—The AP uses the manually configured IPv4 or IPv6 address of the AC. · DHCP—The AP gets the IP address of an AC through DHCP. · DNS—The AP gets the IP address of an AC through DNS. · Unknown. |
Retransmission count |
Number of retransmission attempts for an AC request. |
Retransmission interval |
Interval at which AC requests can be retransmitted. |
Firmware upgrade |
AP software upgrade: · Enabled. · Disabled. |
Sent control packets |
Number of sent packets, including Change State Event Response packets after the AC enters Run state. . |
Received control packets |
Number of received packets, including Change State Event Response packets after the AC enters Run state. |
Echo requests |
Number of echo requests sent by the AP in RUN state. |
Lost echo responses |
Number of echo responses not received by the AP in RUN state. |
Average echo delay |
Average echo delay in milliseconds. |
Last reboot reason |
Last reboot reason for the AP: · Power on. · Hard reboot. · Watchdog reboot. · Unknown reboot. · User soft reboot. · Kernel exception soft reboot. · Kernel deadloop soft reboot. · Auto update soft reboot. · Unknown soft reboot. · Memory exhausted. · Other unknown soft reboot. |
Latest IP address |
IP address that was most recently used by the AP. |
Tunnel down reason |
Cause for the CAPWAP tunnel to go down: · Failed to create timer. · Neighbor dead timer expired. · Request wait timer expired. · Data check timer expired. · Failed to process data channel keep-alive message. · Failed to process request. · AP was reset. · AP was deleted. · Failed to come online. · Serial number changed. · MAC address changed. · Number of APs exceeded the limit. · Processed join request in Run state. · Failed to create AP context. · Received failure result code. · Failed to retransmit message. · Failed to download image file. · Image file downloaded successfully. · File operation timer expired. · Failed to add tunnel. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Master and backup tunnel switchover. · Failed to inherit configuration. · AP authentication failed. This field displays N/A if the CAPWAP tunnel did not go down. |
Connection count |
Number of times that the AP connects to the AC. It is cleared in either one of the following cases: · The AC reboots. · The serial ID of the AP changes. The reset wlan ap command does not clear the connection count. |
Backup Ipv4 |
IPv4 address of the backup AC. If no backup AC is specified, this field displays Not configured. |
Backup Ipv6 |
IPv6 address of the backup AC. If no backup AC is specified, this field displays Not configured. |
Tunnel encryption |
CAPWAP control tunnel encryption: · Enabled. · Disabled. |
Data-tunnel encryption |
CAPWAP data tunnel encryption: · Enabled. · Disabled. |
LED mode |
LED lighting mode: · quiet—All LEDs are off. · awake—All LEDs flash once every minute. · always-on—All LEDs are steady on. · normal—How LEDs flash in this mode varies by AP model. |
Remote configuration |
Remote configuration assignment: · Enabled. · Disabled. |
Basic BSSID |
MAC address of the radio. This field displays N/A if the AP has not established a CAPWAP tunnel with the AC. |
Admin state |
Radio state: · Up. · Down. |
Radio type |
Wireless mode: · 5 GHz: ¡ 802.11a. ¡ 802.11n(5GHz). ¡ 802.11ac. · 2.4 GHz: ¡ 802.11b. ¡ 802.11g. ¡ 802.11n(2.4GHz). |
Client dot11ac-only |
· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11ac clients to associate with the radio. |
Client dot11n-only |
· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11n or 802.11ac clients to associate with the radio. |
Channel band-width |
Channel bandwidth mode: · 20 MHz. · 20 or 40 MHz. · 20/40/80 MHz. · 20/40/80/160MHz. · 20/40/80/160/(80+80)MHz. |
Active band-width |
Bandwidth being used by the radio. |
Secondary channel offset |
Secondary channel information for the 802.11n and 802.11ac radio mode: · SCA (Second Channel Above)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is above the primary channel. · SCB (Second Channel Below)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is below the primary channel. · SCN—The AP does not operate in 40 MHz bandwidth mode. This field is available only when the bandwidth that the radio is using is 20/40/80MHz. |
Secondary channel center frequency |
Center frequency information about the 80 MHz bandwidth of the secondary channel when the radio operates in 802.11ac radio mode with a channel bandwidth of 160/(80+80)MHz. This field is available only when the bandwidth that the radio is using is 160/(80+80)MHz. |
Short GI for 20MHz |
Whether the radio supports short GI when it operates in 20 MHz mode. |
Short GI for 40MHz |
Whether the radio supports short GI when it operates in 40 MHz mode. |
Short GI for 80MHz |
Whether the radio supports short GI when it operates in 80 MHz mode. |
Short GI for 160MHz |
Whether the radio supports short GI when it operates in 160 MHz mode. |
A-MSDU |
· Disabled. · Enabled. |
A-MPDU |
· Disabled. · Enabled. |
LDPC |
· Supported. · Not supported. |
STBC |
· Supported. · Not supported. |
Operational VHT MCS Set |
· Supported—Supported VHT MCS set. · Mandatory—Mandatory VHT MCS set. · Multicast—Multicast VHT MCS set. |
Operational HT MCS Set |
· Supported—Supported MCS set. · Mandatory—Mandatory MCS set. · Multicast—Multicast MCS set. |
Channel |
This field displays Number<auto> if the current channel is the optimal channel automatically selected by the AP. This field displays Number if the current channel is manually configured. This field displays Number<avoid radar> if the current channel is automatically selected by the AP to avoid radar signals. |
Max power |
Maximum transmission power of the radio. |
Preamble type |
Preamble type: · Short. · Long. |
Operational rate |
· Mandatory. · Supported. · Multicast. · Disabled. · Not configured. |
Distance |
Maximum distance that the radio signal can reach. |
ANI |
· Enabled. · Disabled. |
Protection threshold |
Frame length threshold required for triggering the protection mechanism. |
Long retry threshold |
Maximum number of retransmission attempts for frames whose length exceeds the RTS threshold. |
Short retry threshold |
Maximum number of retransmission attempts for frames whose length is below the RTS threshold. |
Maximum rx duration |
Maximum buffer duration for frames. |
Smart antenna |
· Enabled. · Disabled. Support for this field depends on the AP model. |
Smart antenna policy |
· Auto. · High availability. · High throughput. Support for this field depends on the AP model. |
Protection mode |
Conflict avoidance mode: · cts-to-self. · rts-cts. |
Continuous mode configuration: · Rate. · MCS index. · NSS index. · VHT-MCS index. This field displays N/A if the continuous mode is not configured. |
|
HT protection mode |
802.11n protection mode: · No protection. ¡ AP-associated clients and nearby wireless devices are operating in 802.11n mode and AP-associated clients are 802.11n clients with a bandwidth of 40 MHz. ¡ AP-associated clients are 802.11n clients with a bandwidth of 20 MHz. · Non-member protection. In this mode, all AP-associated clients are 802.11n clients but some nearby wireless devices are non-802.11n clients. · 20 MHz protection. In this mode, the AP's radio has a bandwidth of 40 MHz. AP-associated clients and nearby wireless devices are operating in 802.11n mode and a minimum of one 802.11n client with a bandwidth of 20 MHz is associated with the AP's radio. · Non-HT mixed. The mode applies when none of the above mentioned modes can apply. |
MU-TxBF |
· Enabled. · Disabled. Support for this field depends on the AP model. |
SU-TxBF |
· Enabled. · Disabled. Support for this field depends on the AP model. |
display wlan ap address
Use display wlan ap address to display AP address information.
Syntax
display wlan ap { all | name ap-name } address
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display address information for all APs.
<Sysname> display wlan ap all address
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual Aps: 1
Total number of connected auto APs: 0
Total number of inside APs: 0
AP name IP address MAC address
ap1 1.1.1.5 000b-6b8f-fc6a
Table 3 Command output
Field |
Description |
IP address |
IP address of an AP. This field displays N/A for an offline AP. |
MAC address |
MAC address of an AP. This field displays N/A for an offline AP. |
display wlan ap association-failure-record
Use display wlan ap association-failure-record to display association failure records for APs.
Syntax
display wlan ap association-failure-record
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display association failure records for APs.
<Sysname> display wlan ap association-failure-record
MAC address AP ID Last failure at Reason
9a48-45ed-0300 12312 07-07/15:56:25 AP authentication failed
Table 4 Command output
Field |
Description |
MAC address |
MAC address of an AP. |
AP ID |
ID of an AP, which uniquely identifies the AP on the AC. |
Last failure at |
Last time an AP associated with the AC. The format is date/hh:mm:ss. |
Reason |
Association failure reason: · Memory is not enough. · The AP model doesn't exist. · Lack of AP license. · MAC address was used. · Failed to add APLB. · AP chose another AC. · Reached AC max capability. · Received join request in Run state. · APLB check failed. · Rejected AP access in HA smooth. · AP authentication failed. · Failed to create auto AP. · Manual AP online info check failed. · Failed to add index. · Mismatched AP and AC versions. · Wait request timer expired. · Received failure result code. · Failed to add tunnel. · AP configuration was not found. · Inconsistent AP IDs. · Failed to add AP basic running data. · Failed to communicate with the other board. |
display wlan ap connection-record
Use display wlan ap connection-record to display AP connection records on the AC.
Syntax
display wlan ap { all | name ap-name } connection-record
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display all AP connection records on an AC.
<Sysname> display wlan ap all connection-record
AP name IP address State Time
ap2 192.168.100.27 Run 01-06 09:06:40
Table 5 Command output
Field |
Description |
State |
Current state of the AP: · Discovery—AC discovery. · Join—The CAPWAP tunnel is being established. · Offline—Offline. · Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. |
Time |
Most recent time when the AP established a CAPWAP tunnel with the AC. |
display wlan ap files
Use display wlan ap files to display information about files and file folders on an AP.
Syntax
display wlan ap name ap-name files
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display information about files and file folders on AP ap1.
<Sysname> display wlan ap name ap1 files
Directory of flash:
0 13638656 wa4300-system.bin
1 2573312 wa4300-boot.bin
131072 KB total (114208 KB free)
Table 6 Command output
Field |
Description |
0 13638656 xx.xx |
File or file folder information: · 0—Serial number, which is automatically assigned by the system. · 13638656—File size in bytes. A hyphen (-) is displayed if it is a file folder. · xx.xx—Name of the file or file folder. |
Related commands
delete file
download file
display wlan ap gps
Use display wlan ap gps to display Global Positioning System (GPS) information for the specified APs.
Syntax
display wlan ap { all | name ap-name } gps
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
Usage guidelines
This command takes effect only on APs that support the GPS module.
Examples
# Display GPS information for AP ap1.
<Sysname> display wlan ap name ap1 gps
AP name : ap1
Serial ID : 219801A17C817200001
Model : WA5620
Longitude : 117.788887
Latitude : 30.822136
Velocity : 25.445878
Orientation: 8.054548
Elevation : 156.655897
Obtained at: 2017-02-20 15:32:19
Table 7 Command output
Description |
|
Name of the AP. |
|
Serial ID of the AP. |
|
AP model. |
|
Longitude |
Longitude rounded to six decimal places. |
Latitude |
Latitude rounded to six decimal places. |
Velocity |
Horizontal velocity rounded to six decimal places. |
Orientation |
Orientation rounded to six decimal places. |
Elevation |
Elevation rounded to six decimal places. |
Obtained at |
Time when the GPS information was obtained. |
display wlan ap group
Use display wlan ap group to display AP groups to which the specified APs belong.
Syntax
display wlan ap { all | name ap-name } group
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display AP groups for all APs.
<Sysname> display wlan ap all group
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 3072
Remaining APs: 3071
Total AP licenses: 128
Remaining AP licenses: 127
AP information
State: I = Idle, J= Join, JA= JoinAck, IL= ImageLoad
C= Config, DC= DataCheck, R= Run M= Master, B= Backup
AP name APID State Model AP group name
ap1 1 I WA4320i-ACN default-group
Table 8 Command output
Field |
Description |
APID |
ID of the AP to uniquely identify the AP on the AC. |
State |
Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Model |
AP model |
AP group name |
Name of the AP group to which the AP belongs. |
display wlan ap online-time
Use display wlan ap online-time to display the online duration for APs.
Syntax
display wlan ap { all | name ap-name } online-time
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display online duration for all APs.
<Sysname> display wlan ap all online-time
AP name IP address Time
ap1 1.1.1.2 0 days 0 hours 2 minutes 6 seconds
ap2 1.1.1.1 0 days 0 hours 5 minutes 6 seconds
ap3 1.1.1.6 0 days 0 hours 2 minutes 1 seconds
Table 9 Command output
Field |
Description |
IP address |
IP address of an AP. |
Time |
Realtime association duration of an AP since the AP came online. |
display wlan ap reboot-log
Use display wlan ap reboot-log to display reboot logs for an AP.
Syntax
display wlan ap name ap-name reboot-log
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
If the AP has suffered a system crash, you can use this command to view detailed information about the crash.
To use this command, make sure the specified AP is in Run state.
Examples
# Display reboot logs for AP ap1.
<Sysname> display wlan ap name ap1 reboot-log
Debugging information is not available on the AC.
Downloading debugging data from AP. Continue? [Y/N]:y
Downloading debugging data. Please wait...
Please enter the same command again to view the log messages.
Related commands
reset wlan ap reboot-log
display wlan ap running-configuration
Use display wlan ap running-configuration to display running configuration for the specified AP or all APs.
Syntax
display wlan ap { all | ap-name ap-name } running-configuration [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
ap-name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
verbose: Displays detailed running configuration.
Examples
# Display detailed running configuration for all APs.
<Sysname> display wlan ap all running-configuration verbose
(i) -- Inherited from AP group
(g) -- Inherited from AP global-configuration
#
wlan ap ap1 model WA4320i-ACN id 5
ap group name 1
serialid 210235A1BSC123000050
region code 156
echo interval 10 (i)
retransmission count 3 (i)
retransmission interval 5 (i)
statistics interval 50 (i)
fragment-size data 1500 (i)
fragment-size control 1450 (i)
preempt disable (g)
firmware-upgrade disable (g)
priority 4 (i)
…
radio 1
radio type 802.11ac (i)
radio disable (i)
channel auto<64> (i)
channel unlock (i)
fragment-threshold 2346 (i)
max-power 20 (i)
power unlock (i)
distance 1 kilometer (i)
ANI Enabled (i)
…
radio 2
radio type 802.11n(2.4GHz) (i)
radio disable (i)
channel auto<11> (i)
channel unlock (i)
fragment-threshold 2346 (i)
max-power 20 (i)
power unlock (i)
distance 1 kilometer (i)
ANI Enabled (i)
…
#
wlan ap ap2 model WA4320i-ACN id 6
ap group name 2
serialid 210235A1BSC123000055
region code 156
echo interval 10 (i)
retransmission count 3 (i)
retransmission interval 5 (i)
statistics interval 50 (i)
fragment-size data 1500 (i)
fragment-size control 1450 (i)
preempt disable (g)
firmware-upgrade disable (g)
priority 4 (i)
…
radio 1
radio type 802.11ac (i)
radio disable (i)
channel auto<60> (i)
channel unlock (i)
fragment-threshold 2346 (i)
max-power 20 (i)
power unlock (i)
distance 1 kilometer (i)
ANI Enabled (i)
…
radio 2
radio type 802.11n(2.4GHz) (i)
radio disable (i)
channel auto<13> (i)
channel unlock (i)
fragment-threshold 2346 (i)
max-power 20 (i)
power unlock (i)
distance 1 kilometer (i)
ANI Enabled (i)
…
display wlan ap tunnel latency
Use display wlan ap tunnel latency to display tunnel latency information for an AP.
Syntax
display wlan ap name ap-name tunnel latency
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
Make sure CAPWAP tunnel latency detection is enabled before you execute this command.
Examples
# Display tunnel latency information for AP ap1.
<Sysname> display wlan ap name ap1 tunnel latency
AP name : ap1
Tunnel Latency : Enabled
Control Link Delay:
Current Delay : 1ms
Maximum Delay : 1ms
Minimum Delay : 1ms
Data Link Delay:
Current Delay : 1ms
Maximum Delay : 1ms
Minimum Delay : 1ms
Table 10 Command output
Field |
Description |
Tunnel Latency |
· Disabled. · Enabled. |
Current Delay |
The most recent delay. |
Related commands
reset wlan tunnel latency ap
tunnel latency-detect
display wlan ap tunnel-down-record
Use display wlan ap tunnel-down-record to display CAPWAP tunnel down records.
Syntax
display wlan ap tunnel-down-record
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display CAPWAP tunnel down records.
<Sysname> display wlan ap tunnel-down-record
AP ID AP name Tunnel down at Tunnel down reason
12321 9a48-45ed-0300 2017-07-07/15:56:25 Processed join request in Run state
Table 11 Command output
Field |
Description |
AP ID |
ID of an AP, which uniquely identifies the AP on the AC. |
AP name |
Name of an AP. |
Tunnel down at |
Time when the CAPWAP tunnel between an AP and the AC went down. The format is date/hh:mm:ss. |
Tunnel down reason |
CAPWAP tunnel down reason: · Failed to create timer. · Neighbor dead timer expired. · Request wait timer expired. · Data check timer expired. · Failed to process keepalive message. · Failed to process request. · AP was reset by admin. · AP was reset by CloudTunnel. · AP was reset on Cloud. · WT was offline. · AP was deleted. · Failed to come online. · Serial number changed. · MAC address changed. · Exceeded AC max capability. · Processed join request in Run state. · Failed to create AP context. · Received failure result code. · Failed to retransmit message. · Failed to download image file. · Image file downloaded successfully. · File operation timer expired. · Failed to add tunnel. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Master and backup tunnel switchover. · Failed to inherit configuration. · AP authentication failed. · Backup AP upgrade failed. · Board is inactive. · WT went offline. · Lack of AP license. |
display wlan ap unauthenticated
Use display wlan ap unauthenticated to display information about unauthenticated auto APs.
Syntax
display wlan ap unauthenticated [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information about unauthenticated auto APs. If you do not specify this keyword, this command displays brief information about unauthenticated auto APs.
Examples
# Display brief information about unauthenticated auto APs.
<Sysname> display wlan ap unauthenticated
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 0
Total number of connected auto APs: 1
Total number of inside APs: 0
Maximum supported APs: 3072
Remaining APs: 3071
Fit APs activated by license: 128
Remaining fit APs: 127
WTUs activated by license: 0
Remaining WTUs: 0
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
AP name APID State Model Serial ID
6649-99be-0300 6 R/M WA4320i-ACN 219801A0CNC138011454
Table 12 Command output
Field |
Description |
AP ID |
ID of the AP to uniquely identify the AP on the AC. |
State |
Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the software image version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Serial ID |
Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured. |
# Display detailed information about unauthenticated auto APs.
<Sysname> display wlan ap unauthenticated verbose
Total number of APs: 1
Total number of connected APs: 0
Total number of connected manual APs: 0
Total number of connected auto APs: 1
Total number of inside APs: 0
Maximum supported APs: 3072
Remaining APs: 3071
Fit APs activated by license: 128
Remaining fit APs: 127
WTUs activated by license: 0
Remaining WTUs: 0
AP name : ap1
AP ID : 1
AP group name : default-group
State : Run
Backup Type : Master
Online time : 0 days 1 hours 25 minutes 12 seconds
System up time : 0 days 2 hours 22 minutes 12 seconds
Model : WA4320i-ACN
Region code : CN
Region code lock : Disable
Serial ID : 219801A0CNC138011454
MAC address : 0AFB-423B-893C
IP address : 192.168.1.50
UDP port number : 65488
H/W version : Ver.C
S/W version : V700R001B49D001
Boot version : 1.01
Description : wtp1
Priority : 4
Echo interval : 10 seconds
Statistics report interval : 50 seconds
Fragment-size data : 1500
Fragment-size control : 1450
MAC type : Local MAC & Split MAC
Tunnel mode : Local Bridging & 802.3 Frame & Native Frame
Discovery type : Static Configuration
Retransmission count : 3
Retransmission interval : 5 seconds
Firmware upgrade : Enabled
Sent control packets : 1
Received control packets : 1
Echo requests : 147
Lost echo responses : 0
Average echo delay : 3
Last reboot reason : User soft reboot
Latest IP address : 10.1.0.2
Tunnel down reason : Request wait timer expired
Connection count : 1
Backup IPv4 : Not configured
Backup IPv6 : Not configured
Tunnel encryption : Disabled
Data-tunnel encryption : Disabled
LED mode : Normal
Remote configuration : Enabled
Radio 1:
Basic BSSID : 7848-59f6-3940
Admin state : Up
Radio type : 802.11ac
Antenna type : internal
Client dot11ac-only : Disabled
Client dot11n-only : Disabled
Channel band-width : 20/40/80MHz
Secondary channel offset : SCB
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
Short GI for 80MHz : Supported
Short GI for 160MHz : Not supported
A-MSDU : Enabled
A-MPDU : Enabled
LDPC : Not Supported
STBC : Supported
Operational VHT-MCS Set:
Mandatory : Not configured
Supported : NSS1 0,1,2,3,4,5,6,7,8,9
NSS2 0,1,2,3,4,5,6,7,8,9
Multicast : Not configured
Operational HT MCS Set:
Mandatory : Not configured
Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15
Multicast : Not configured
Channel : 44(auto)
Max power : 20 dBm
Operational rate:
Mandatory : 6, 12, 24 Mbps
Multicast : Auto
Supported : 9, 18, 36, 48, 54 Mbps
Disabled : Not configured
Distance : 1 km
ANI : Enabled
Fragmentation threshold : 2346 bytes
Beacon interval : 100 TU
Protection threshold : 2346 bytes
Long retry threshold : 4
Short retry threshold : 7
Maximum rx duration : 2000 ms
Noise Floor : 5 dBm
Smart antenna : Enabled
Smart antenna policy : Auto
Protection mode : cts-to-self
Continuous-mode : N/A
Radio 2:
Basic BSSID : 7848-59f6-3950
Admin state : Down
Radio type : 802.11b
Antenna type : internal
Client dot11n-only : Disabled
Channel band-width : 20MHz
Secondary channel offset : SCN
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
A-MSDU : Enabled
A-MPDU : Enabled
LDPC : Not Supported
STBC : Supported
Operational HT MCS Set:
Mandatory : Not configured
Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15
Multicast : Not configured
Channel : 5(auto)
Max power : 20 dBm
Preamble type : Short
Operational rate:
Mandatory : 1, 2, 5.5, 11 Mbps
Multicast : Auto
Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps
Disabled : Not configured
Distance : 1 km
ANI : Enabled
Fragmentation threshold : 2346 bytes
Beacon interval : 100 TU
Protection threshold : 2346 bytes
Long retry threshold : 4
Short retry threshold : 7
Maximum rx duration : 2000 ms
Noise Floor : 5 dBm
Smart antenna : Enabled
Smart antenna policy : Auto
Protection mode : cts-to-self
Continuous-mode : N/A
Table 13 Command output
Field |
Description |
State |
Current state of the AP: · Idle—Idle. · Join—Join. · JoinAck—Join acknowledge. · Image—The AP is downloading the software version. · Config—The AP is downloading initial configurations. · Data Check—The AP is checking data. · Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Backup Type |
CAPWAP tunnel type: · Idle—The AP has not established a CAPWAP tunnel with the AC. · Master—The CAPWAP tunnel established between the AP and the master AC. · Backup—The CAPWAP tunnel established between the AP and the backup AC. |
Region code lock |
· Enabled. · Disabled. |
Serial ID |
Serial ID of the AP. If no serial ID is configured, this field displays Not configured. |
MAC address |
MAC address of the AP. If no MAC address is configured, this field displays Not configured. |
UDP port number |
Port number used by the AP to establish the CAPWAP control tunnel. |
H/W version |
Hardware version of the AP. |
S/W version |
Software version of the AP. |
Description |
Description for the AP. If no description is configured, this field displays Not configured. |
Priority |
AP connection priority for the AC. |
Echo interval |
Interval for the AP to send echo requests to the AC. |
Statistics report interval |
Statistics report interval for the AP to send statistics reports to the AC |
Fragment-size data |
Maximum fragment size for CAPWAP data packets. |
Fragment-size control |
Maximum fragment size for CAPWAP control packets. |
MAC type |
MAC type of the AP-AC connection: · Local MAC—The AP encapsulates frames in 802.3 format before sending them to the AC. · Split MAC—The AP encapsulates frames in 802.11 format before sending them to the AC. · Local & Split MAC—The AP can encapsulate frames in either 802.3 format or 802.11 format before sending them to the AC. |
Tunnel mode |
Supported tunnel mode of the AP: · Local Bridging—The AP supports local bridging and does not forward data to the AC. · 802.3 Frame—The AP encapsulates the frames in 802.3 format to send them to the AC. · Native Frame—The AP encapsulates the frames in 802.11 format to send them to the AC. · Local Bridging & 802.3 Frame—The AP supports the Local Bridging mode and the 802.3 Frame mode. · 802.3 Frame & Native Frame—The AP supports the 802.3 Frame mode and the Native Frame mode. · Local Bridging & Native Frame—The AP supports the Local Bridging mode and the Native Frame mode. |
Discovery type |
Discovery type of the AP: · Static Configuration—The AP uses the manually configured IPv4 or IPv6 address of the AC. · DHCP—The AP gets the IP address of an AC through DHCP. · DNS—The AP gets the IP address of an AC through DNS. · Unknown. |
Retransmission count |
Number of retransmission attempts for an AC request. |
Retransmission interval |
Interval at which AC requests can be retransmitted. |
Firmware upgrade |
AP software upgrade: · Enabled. · Disabled. |
Sent control packets |
Number of sent packets, including Change State Event Response packets after the AC enters Run state. . |
Received control packets |
Number of received packets, including Change State Event Response packets after the AC enters Run state. |
Echo requests |
Number of echo requests sent by the AP in RUN state. |
Lost echo responses |
Number of echo responses not received by the AP in RUN state. |
Average echo delay |
Average echo delay in milliseconds. |
Last reboot reason |
Last reboot reason for the AP: · Power on. · Hard reboot. · Watchdog reboot. · Unknown reboot. · User soft reboot. · Kernel exception soft reboot. · Kernel deadloop soft reboot. · Auto update soft reboot. · Unknown soft reboot. · Memory exhausted. · Other unknown soft reboot. |
Latest IP address |
IP address that was most recently used by the AP. |
Tunnel down reason |
Cause for the CAPWAP tunnel to go down: · Failed to create timer. · Neighbor dead timer expired. · Request wait timer expired. · Data check timer expired. · Failed to process data channel keep-alive message. · Failed to process request. · AP was reset. · AP was deleted. · Failed to come online. · Serial number changed. · MAC address changed. · Number of APs exceeded the limit. · Processed join request in Run state. · Failed to create AP context. · Received failure result code. · Failed to retransmit message. · Failed to download image file. · Image file downloaded successfully. · File operation timer expired. · Failed to add tunnel. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Master and backup tunnel switchover. · Failed to inherit configuration. · AP authentication failed. This field displays N/A if the CAPWAP tunnel did not go down. |
Connection count |
Number of times that the AP connects to the AC. It is cleared in either one of the following cases: · The AC reboots. · The serial ID of the AP changes. The reset wlan ap command does not clear the connection count. |
Backup IPv4 |
IPv4 address of the backup AC. If no backup AC is specified, this field displays Not configured. |
Backup IPv6 |
IPv6 address of the backup AC. If no backup AC is specified, this field displays Not configured. |
Tunnel encryption |
CAPWAP control tunnel encryption: · Enabled. · Disabled. |
Data-tunnel encryption |
CAPWAP data tunnel encryption: · Enabled. · Disabled. |
LED mode |
LED lighting mode: · Quiet—All LEDs are off. · Awake—All LEDs flash once every minute. · Always-on—All LEDs are steady on. · Normal—How LEDs flash in this mode varies by AP model. |
Remote configuration |
Remote configuration assignment: · Enabled. · Disabled. |
Basic BSSID |
MAC address of the radio. This field displays N/A if the AP has not established a CAPWAP tunnel with the AC. |
Admin state |
Radio state: · Up. · Down. |
Radio type |
Wireless mode: · 5 GHz: ¡ 802.11a. ¡ 802.11n(5GHz). ¡ 802.11ac. · 2.4 GHz: ¡ 802.11b. ¡ 802.11g. ¡ 802.11n(2.4GHz). |
Client dot11ac-only |
· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11ac clients to associate with the radio. |
Client dot11n-only |
· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11n or 802.11ac clients to associate with the radio. |
Channel band-width |
Channel bandwidth: · 20 MHz. · 20 or 40 MHz. · 20/40/80 MHz. |
Secondary channel offset |
Secondary channel information for the 802.11n and 802.11ac radio mode: · SCA (Second Channel Above)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is above the primary channel. · SCB (Second Channel Below)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is below the primary channel. · SCN—The AP does not operate in 40 MHz bandwidth mode. |
Short GI for 20MHz |
Whether the radio supports short GI when it operates in 20 MHz mode. |
Short GI for 40MHz |
Whether the radio supports short GI when it operates in 40 MHz mode. |
Short GI for 80MHz |
Whether the radio supports short GI when it operates in 80 MHz mode. |
Short GI for 160MHz |
Whether the radio supports short GI when it operates in 160 MHz mode. |
A-MSDU |
· Disabled. · Enabled. |
A-MPDU |
· Disabled. · Enabled. |
LDPC |
· Supported. · Not supported. |
STBC |
· Supported. · Not supported. |
Operational VHT MCS Set |
· Supported—Supported VHT MCS set. · Mandatory—Mandatory VHT MCS set. · Multicast—Multicast VHT MCS set. |
Operational HT MCS Set |
· Supported—Supported MCS set. · Mandatory—Mandatory MCS set. · Multicast—Multicast MCS set. |
Channel |
This field displays Number<auto> if the current channel is the optimal channel automatically selected by the AP. This field displays Number if the current channel is manually configured. This field displays Number<avoid radar> if the current channel is automatically selected by the AP to avoid radar signals. |
Max power |
Maximum transmission power of the radio. |
Preamble type |
Preamble type: · Short. · Long. |
Operational rate |
· Mandatory. · Supported. · Multicast. · Disabled. · Not configured. |
Distance |
Maximum distance that the radio signal can reach. |
ANI |
· Enabled. · Disabled. |
Protection threshold |
Frame length threshold required for triggering the protection mechanism. |
Long retry threshold |
Maximum number of retransmission attempts for frames whose length exceeds the RTS threshold. |
Short retry threshold |
Maximum number of retransmission attempts for frames whose length is below the RTS threshold. |
Maximum rx duration |
Maximum buffer duration for frames. |
Smart antenna |
· Enabled. · Disabled. |
Smart antenna policy |
· Auto. · High availability. · High throughput. |
Protection mode |
Conflict avoidance mode: · cts-to-self. · rts-cts. |
Continuous mode |
Continuous mode configuration: · Rate. · MCS index. · NSS index. · VHT-MCS index. This field displays N/A if the continuous mode is not configured. |
display wlan ap-distribution
Use display wlan ap-distribution to display distribution information for attached APs for ACs.
Syntax
Centralized devices in standalone mode:
display wlan ap-distribution all
Centralized devices in IRF mode:
display wlan ap-distribution { all | slot slot-number }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all ACs.
slot slot-number: Specifies an IRF member device by its member ID.
Examples
# Display distribution information for APs attached to the specified slot.
<Sysname> display wlan ap-distribution slot 0
Total number of APs: 1
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
AP name APID State Model Serial ID
722a-d561-0300 4 R/M WA4320i-ACN 210235A1BSC123000050
Table 14 Command output
Field |
Description |
APID |
ID of the AP to uniquely identify the AP on the AC. |
State |
Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the software image version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC. |
Model |
AP model information. |
Serial ID |
Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured. |
display wlan ap-distribution ap-name
Use display wlan ap-distribution ap-name to display the attachment location of an AP.
Syntax
display wlan ap-distribution ap-name ap-name
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display the attachment location of AP ap1.
<Sysname> display wlan ap-distribution ap-name ap1
The AP is attached to slot 0.
display wlan ap-group
Use display wlan ap-group to display information about all AP groups or the specified AP group.
Syntax
display wlan ap-group [ brief | name group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
brief: Displays brief information about all AP groups.
name group-name: Displays detailed information about the specified AP group. The group-name argument represents the name of an AP group, a case-insensitive string of 1 to 31 characters.
Usage guidelines
If you do not specify any parameter, this command displays detailed information about all AP groups.
Examples
# Display detailed information about all AP groups.
[Sysname] display wlan ap-group
Total number of AP groups: 2
AP group name : default-group
Description : Not configured
AP model : Not configured
APs : Not configured
AP group name : group1
Description : abcd
AP model : WA4320i-ACN
AP grouping rules:
AP name : ap1, ap2
Serial ID : 219801A0CNC138011454
MAC address : 0AFB-423B-893C
IPv4 address : Not configured
IPv6 address : Not configured
APs : ap1 (AP name)
# Display detailed information about AP group group1.
[Sysname] display wlan ap-group group1
AP group name : group1
Description : Not configured
AP model : WA4320i-ACN
AP grouping rules:
AP name : ap1, ap2
Serial ID : 219801A0CNC138011454
MAC address : 0AFB-423B-893C
IPv4 address : Not configured
IPv6 address : Not configured
APs : ap1 (AP name)
# Display brief information about all AP groups.
<Sysname> display wlan ap-group brief
Total number of AP groups: 4
AP group name Group ID Member APs Online APs
default-group 1 1 0
group1 2 2006 1986
group2 3 10 10
group3 4 4 4
Related commands
wlan ap-group
display wlan ap-model
Use display wlan ap-model to display AP model information.
display wlan ap-model { all | name model-name }
name model-name: Specifies an AP model by its name.
# Display information about AP model WA4320i-ACN.
<Sysname> display wlan ap-model name WA4320i-ACN
AP model : WA4320i-ACN
Alias : WA4320i-ACN
Vendor name : H3C
Vendor ID : 25506
License weight : 100
License type : 1
Radio count : 2
Radio 1:
Mode : 802.11a, 802.11an, 802.11ac
Default mode : 802.11ac
BSS count : 16
Radio 2:
Mode : 802.11b, 802.11g, 802.11gn
Default mode : 802.11gn
BSS count : 16
Version Support List :
Hardware Version Ver.A:
Software Version : R2206P02
Default Software Version : R2206P02
Image Name : wa4300.ipe
Hardware Version Ver.B:
Software Version : R2206P02
Default Software Version : R2206P02
Image Name : wa4300.ipe
Hardware Version Ver.C:
Software Version : R2206P02
Default Software Version : R2206P02
Image Name : wa4300.ipe
Hardware Version Ver.D:
Software Version : R2206P02
Default Software Version : R2206P02
Image Name : wa4300.ipe
Hardware Version Ver.E:
Software Version : R2206P02
Default Software Version : R2206P02
Image Name : wa4300.ipe
Hardware Version Ver.F:
Software Version : R2206P02
Default Software Version : R2206P02
Image Name : wa4300.ipe
display wlan license
Use display wlan license to display the number of installed WLAN licenses.
Syntax
display wlan license
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of installed WLAN licenses.
<Sysname> display wlan license
Installed common AP licenses : 64
Installed WTU licenses : 64
dns domain
Use dns domain to specify a domain name for an AP.
Use undo dns domain to restore the default.
Syntax
dns domain domain-name
undo dns domain
Default
In AP provision view, an AP uses the configuration in AP group provision view.
In AP group provision view, no domain name is specified for an AP.
Views
AP provision view
AP group provision view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters separated by dots. The string can contain letters, digits, hyphens (-), and underscores (_).
Usage guidelines
The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.
The configuration in AP provision view takes precedence over the configuration in AP group provision view.
Examples
# Set the domain name for AP ap1 to com.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] dns domain com
# Set the domain name for APs in AP group group1 to com.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group-prvs] dns domain com
Related commands
dns server
dns server
Use dns server to specify a DNS server for an AP.
Use undo dns server to delete the DNS server configuration.
Syntax
dns server { ip ipv4-address | ipv6 ipv6-address }
undo dns server { ip | ipv6 }
Default
In AP provision view, an AP uses the configuration in AP group provision view.
In AP group provision view, no DNS server is specified for an AP.
Views
AP provision view
AP group provision view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies a DNS server by its IPv4 address. Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.
ipv6 ipv6-address: Specifies a DNS server by its IPv6 address.
Usage guidelines
You can specify only one IPv4 address and one IPv6 address in each view.
The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.
The configuration in AP provision view takes precedence over the configuration in AP group provision view.
Examples
# Set the DNS server IP address to 192.168.100.123 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] dns server ip 192.168.100.123
# Set the DNS server IP address to 192.168.100.123 for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group-prvs] dns server ip 192.168.100.123
Related commands
dns domain
download file
Use download file to download an image file to an AP.
Syntax
download file filename
Views
AP view
Predefined user roles
network-admin
Parameters
filename: Specifies an image file by its name, a string of 1 to 255 characters.
Usage guidelines
This feature takes effect only on the master AC after a CAPWAP tunnel is established.
Examples
# Download image file main.ipe to AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan–ap-ap1] download file main.ipe
echo-interval
Use echo-interval to set the interval for an AP to send echo requests to the AC.
Use undo echo-interval to restore the default.
Syntax
echo-interval interval
undo echo-interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the interval for an AP to send echo requests is 10 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval for sending echo requests, in the range of 5 to 80 seconds.
Usage guidelines
An AP sends echo requests to the AC at the specified echo intervals to identify whether the CAPWAP tunnel is operating correctly. The AC responds by sending echo responses. If the AP does not receive any echo responses from the AC within the keepalive time, the AP terminates the connection. If the AC does not receive any echo requests within the keepalive time, the AC terminates the connection.
The configuration in AP provision view takes precedence over the configuration in AP group provision view.
Examples
# Set the echo interval for AP ap3 to 15 seconds.
<Sysname> system-view
[Sysname] wlan ap ap3 model WA4320i-ACN
[Sysname-wlan-ap-ap3] echo-interval 15
# Set the echo interval for APs in AP group group1 to 15 seconds.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] echo-interval 15
firmware-upgrade
Use firmware-upgrade enable to enable the software upgrade feature.
Use firmware-upgrade disable to disable the software upgrade feature.
Use undo firmware-upgrade to restore the default.
Syntax
firmware-upgrade { disable | enable }
undo firmware-upgrade
Default
In AP view, an AP uses the configuration in AP group view. If no software upgrade configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, the software upgrade feature is enabled.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Usage guidelines
This feature enables the AC to examine whether an AP's software version matches the hardware version and software version mappings stored on the AC during CAPWAP tunnel establishment.
· If a match is found, the AC establishes a CAPWAP tunnel with the AP.
· If no match is found, the CAPWAP tunnel establishment proceeds as follows:
a. The AC notifies the AP of software version inconsistency.
b. After receiving the notification, the AP requests the software version from the AC, upgrades the software, and then establishes a CAPWAP tunnel with the AC.
When this feature is disabled, the AC does not examine the software version of an AP and establishes a CAPWAP tunnel with the AP.
The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.
Examples
# Enable the software upgrade feature for AP ap3.
<Sysname> system-view
[Sysname] wlan ap ap3 model WA4320i-ACN
[Sysname-wlan-ap-ap3] firmware-upgrade enable
# Enable the software upgrade feature for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] firmware-upgrade enable
# Enable the software upgrade feature globally.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] firmware-upgrade enable
Related commands
wlan apdb
fragment-size
Use fragment-size to set the maximum fragment size for CAPWAP control or data packets.
Use undo fragment-size to remove the configuration.
Syntax
fragment-size { control control-size | data data-size }
undo fragment-size { control | data }
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the maximum fragment size for CAPWAP control packets and data packets is 1450 bytes and 1500 bytes, respectively.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
control control-size: Specifies the maximum fragment size for CAPWAP control packets in bytes. The value range for the control-size argument is 1000 to 1450.
data data-size: Specifies the maximum fragment size for CAPWAP data packets in bytes. The value range for the control-size argument is 1000 to 1748.
Usage guidelines
This command prevents packets between AC and AP from being dropped by intermediate devices if the AP connects to the AC across the Internet.
Any maximum fragment size modification takes effect immediately on online APs.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the maximum fragment size for CAPWAP data packets to 1500 bytes for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-ap-ap1] fragment-size data 1500
# Set the maximum fragment size for CAPWAP data packets to 1500 bytes for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] fragment-size data 1500
gateway
Use gateway to specify a gateway for an AP.
Use undo gateway to delete the gateway configuration.
Syntax
gateway { ip ipv4-address | ipv6 ipv6-address }
undo gateway { ip | ipv6 }
Default
No gateway is specified for an AP.
Views
AP provision view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies a gateway by its IPv4 address. Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.
ipv6 ipv6-address: Specifies a gateway by its IPv6 address.
Usage guidelines
You can set only one IPv4 address and one IPv6 address.
Examples
# Set the gateway IP address to 192.168.100.1 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] gateway ip 192.168.100.1
gigabitethernet
|
NOTE: Support for this command depends on the AP model. |
Use gigabitethernet to enter the GigabitEthernet interface view of an AP.
Syntax
gigabitethernet interface-number
Views
AP view
AP group's AP model view
Predefined user roles
network-admin
Parameters
interface-number: Specifies an interface number. The value range varies by AP model.
Examples
# Enter the interface view of GigabitEthernet 1 from AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] gigabitethernet 1
[Sysname-wlan-ap-ap1-gigabitethernet-1]
# Enter the interface view of GigabitEthernet 1 from the AP model view of AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-group1-ap-model-WA4320i-ACN] gigabitethernet 1
[Sysname-wlan-ap-group-group1-ap-model-WA4320i-ACN-gigabitethernet-1]
hybrid-remote-ap
Use hybrid-remote-ap enable to enable remote AP.
Use hybrid-remote-ap disable to disable remote AP.
Use undo hybrid-remote-ap to restore the default.
Syntax
hybrid-remote-ap { disable | enable }
undo hybrid-remote-ap
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, remote AP is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
By default, an AP stops providing services after the tunnel between the AP and the associated AC is disconnected. This command enables the AP to act as a remote AP to still provide services.
This command takes effect only on an AP that operates in local forwarding mode.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable remote AP for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] hybrid-remote-ap enable
# Enable remote AP for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] hybrid-remote-ap enable
if-match ip
Use if-match ip to create an AP grouping rule by IPv4 addresses.
Use undo if-match ip to delete AP grouping rules by IPv4 addresses.
Syntax
if-match ip ip-address { mask-length | mask }
undo if-match ip [ ip-address { mask-length | mask } ]
Default
No AP grouping rules by IPv4 addresses exist.
Views
AP group view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IPv4 address in dotted decimal notation.
mask-length: Specifies the mask length in the range of 1 to 31.
mask: Specifies the mask in dotted decimal notation.
Usage guidelines
You cannot execute this command in the view of the default AP group.
AP grouping rules by IPv4 addresses for an AP group or for different AP groups cannot overlap with each other.
An AP group supports a maximum of 32 AP grouping rules by IPv4 addresses.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
You can create AP grouping rules by both IPv4 addresses and IPv6 addresses for an AP group.
If you do not specify any argument in the undo form of the command, the command deletes all AP grouping rules by IPv4 addresses.
Examples
# Add APs whose IP address belongs to 192.168.0.0/16 to AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] if-match ip 192.168.0.0 16
if-match ipv6
Use if-match ipv6 to create an AP grouping rule by IPv6 addresses.
Use undo if-match ipv6 to delete AP grouping rules by IPv6 addresses.
Syntax
if-match ipv6 { ipv6-address prefix-length | ipv6-address/prefix-length }
undo if-match ip [ ipv6-address prefix-length | ipv6-address/prefix-length ]
Default
No AP grouping rules by IPv6 addresses exist.
Views
AP group view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 address.
prefix-length: Specifies the IPv6 address prefix length in the range of 1 to 128.
Usage guidelines
You cannot execute this command in the view of the default AP group.
AP grouping rules by IPv6 addresses for an AP group or for different AP groups cannot overlap with each other.
An AP group supports a maximum of 32 AP grouping rules by IPv6 addresses.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
You can create AP grouping rules by both IPv4 addresses and IPv6 addresses for an AP group.
If you do not specify any argument in the undo form of the command, the command deletes all AP grouping rules by IPv6 addresses.
Examples
# Add APs whose IPv6 address belongs to 2001:DB0::/28 to AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] if-match ipv6 2001:DB8:: 28
ip address
Use ip address to specify an IPv4 address for the management VLAN interface for an AP.
Use undo ip address to restore the default.
Syntax
ip address ip-address { mask | mask-length }
undo ip address
Default
No IPv4 address is specified for the management VLAN interface of an AP.
Views
AP provision view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IPv4 address in dotted decimal notation.
mask: Specifies the mask in dotted decimal notation.
mask-length: Specifies the mask length in the range of 1 to 31.
Usage guidelines
Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.
The IP address of the management VLAN interface for an AP must be different from the following IP addresses:
· IP address of the management VLAN interface of another AP.
· AC IP address specified in provision view of any APs.
Examples
# Set the IP address of the management VLAN interface to 10.1.1.1/24 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ip address 10.1.1.1 24
ipv6 address
Use ipv6 address to specify an IPv6 address for the management VLAN interface for an AP.
Use undo ipv6 address to restore the default.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
undo ipv6 address
Default
No IPv6 address is specified for the management VLAN interface of an AP.
Views
AP provision view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 address.
prefix-length: Specifies the prefix length in the range of 1 to 128.
Usage guidelines
The IP address of the management VLAN interface for an AP must be different from the following IP addresses:
· IP address of the management VLAN interface of another AP.
· AC IP address specified in provision view of any APs.
Examples
# Set the IPv6 address of the management VLAN interface to 2001::1/64 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ipv6 address 2001::1/64
led-mode
Use led-mode to set a LED lighting mode.
Use undo led-mode to restore the default.
Syntax
led-mode { always-on | awake | normal | quiet }
undo led-mode
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the LED lighting mode is normal.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
always-on: Specifies the always-on mode. Support for this keyword depends on the AP model.
awake: Specifies the awake mode. Support for this keyword depends on the AP model.
normal: Specifies the normal mode. How LEDs flash in this mode varies by AP model.
quiet: Specifies the quiet mode.
Usage guidelines
If you set the LED lighting mode to awake or always-on in AP group view, the setting takes effect only on member APs that support the specified LED lighting mode.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the LED lighting mode to normal for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] led-mode normal
# Set the LED lighting mode to awake for APs in AP group ap1.
<Sysname> system-view
[Sysname] wlan ap-group g1
[Sysname-wlan-ap-group-g1] led-mode awake
mac-address (AP group view)
Use mac-address to create an AP grouping rule by MAC addresses.
Use undo mac-address to delete an AP grouping rule by MAC addresses.
Syntax
mac-address mac-address
undo mac-address mac-address
Default
No AP grouping rules by MAC addresses exist.
Views
AP group view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the MAC address of an AP.
Usage guidelines
This command does not identify whether the specified AP exists.
You can configure multiple AP grouping rules by MAC addresses.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
If the created AP grouping rule already exists in another AP group, this command deletes the rule from that AP group.
You cannot execute this command in the view of the default AP group.
Examples
# Create an AP grouping rule by MAC addresses for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] mac-address 0AC1-F9B2-B1C2
Related commands
wlan ap-group
mac-address (AP view)
Use mac-address to assign a MAC address to an AP.
Use undo mac-address to restore the default.
Syntax
mac-address mac-address
undo mac-address
Default
No MAC address is assigned to an AP.
Views
AP view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the MAC address in H-H-H format.
Usage guidelines
Changing or deleting the MAC address of an AP terminates the CAPWAP tunnel if the AP has established a CAPWAP tunnel with the AC. Then the AP will reestablish a CAPWAP tunnel with the AC.
Examples
# Assign the MAC address 0001-0000-0000 to AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] mac-address 0001-0000-0000
name
|
NOTE: Support for this command depends on the AP model. |
Use name to assign a name to an AP's VLAN.
Use undo name to restore the default.
Syntax
name text
undo name
Default
In an AP's VLAN view, a VLAN uses the configuration in an AP group's VLAN view.
In an AP group's VLAN view, the name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has less than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.
Views
AP's VLAN view
AP group's VLAN view
Predefined user roles
network-admin
Parameters
text: Specifies a VLAN name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
The configuration in an AP's VLAN view takes precedence over the configuration in an AP group's VLAN view.
Examples
# Assign name test vlan to VLAN 2 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] vlan 2
[Sysname-wlan-ap-ap1-vlan2] name test vlan
# Assign name test vlan to VLAN 2 of all APs in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] vlan 2
[Sysname-wlan-ap-group-1-vlan2] name test vlan
Related commands
remote-configuration
port access vlan
|
NOTE: Support for this command depends on the AP model. |
Use port access vlan to assign an access port on an AP to the specified VLAN.
Use undo port access vlan to restore the default.
Syntax
port access vlan vlan-id
undo port access vlan
Default
In an AP's Layer 2 Ethernet interface view, an access port uses the configuration in an AP group's Layer 2 Ethernet interface view.
In an AP group's Layer 2 Ethernet interface view, all access ports on an AP belong to VLAN 1.
Views
AP's Layer 2 Ethernet interface view
AP group's Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
Before assigning an access port to a VLAN, make sure the VLAN has been created.
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.
Examples
# Assign GigabitEthernet 1 to VLAN 3 in the Layer 2 Ethernet interface view of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] gigabitethernet 1
[Sysname-wlan-ap-ap3-gigabitethernet-1] port access vlan 3
# Assign GigabitEthernet 1 to VLAN 3 in the Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port access vlan 3
Related commands
remote-configuration
port hybrid pvid
|
NOTE: Support for this command depends on the AP model. |
Use port hybrid pvid to set the PVID of a hybrid port on an AP.
Use undo port hybrid pvid to set the PVID of a hybrid port on an AP to 1.
Syntax
port hybrid pvid vlan vlan-id
undo port hybrid pvid
Default
In an AP's Layer 2 Ethernet interface view, a hybrid port uses the configuration in an AP group's Layer 2 Ethernet interface view.
In an AP group's Layer 2 Ethernet interface view, the PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.
Views
AP's Layer 2 Ethernet interface view
AP group's Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, set the same PVID for a hybrid port on an AP and the hybrid port on the switch connected to the AP.
To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.
Examples
# Configure GigabitEthernet 1 as a hybrid port, and set its PVID to VLAN 100 in Layer 2 Ethernet interface view of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] gigabitethernet 1
[Sysname-wlan-ap-ap1-gigabitethernet-1] port link-type hybrid
[Sysname-wlan-ap-ap1-gigabitethernet-1] port hybrid pvid vlan 100
# Configure GigabitEthernet 1 as a hybrid port, and set its PVID to VLAN 100 in Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type hybrid
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port hybrid pvid vlan 100
Related commands
port hybrid vlan
port link-type
remote-configuration
port hybrid vlan
|
NOTE: Support for this command depends on the AP model. |
Use port hybrid vlan to assign a hybrid port to the specified VLANs.
Use undo port hybrid vlan to remove a hybrid port from the specified VLANs
Syntax
port hybrid vlan vlan-id-list { tagged | untagged }
undo port hybrid vlan vlan-id-list
Default
In an AP's Layer 2 Ethernet interface view, a hybrid port uses the configuration in an AP group's Layer 2 Ethernet interface view.
In an AP group's Layer 2 Ethernet interface view, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.
Views
AP's Layer 2 Ethernet interface view
AP group's Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument cannot be lower than the value for the vlan-id1 argument. The specified VLANs must already exist on the device.
tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a VLAN sends packets from the VLAN without removing VLAN tags.
untagged: Configures the port as an untagged member of the specified VLANs. An untagged member of a VLAN sends packets from the VLAN after removing VLAN tags.
Usage guidelines
A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port, the hybrid port allows all the specified VLANs.
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.
Examples
# In Layer 2 Ethernet interface view of AP ap1, perform the following steps:
1. Configure GigabitEthernet 1 as a hybrid port.
2. Assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 as a tagged member.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] gigabitethernet 1
[Sysname-wlan-ap-ap1-gigabitethernet-1] port link-type hybrid
[Sysname-wlan-ap-ap1-gigabitethernet-1] port hybrid vlan 2 4 50 to 100 tagged
# In Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1, perform the following steps:
3. Configure GigabitEthernet 1 as a hybrid port.
4. Assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 as a tagged member.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type hybrid
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port hybrid vlan 2 4 50 to 100 tagged
Related commands
port link-type
remote-configuration
port link-type
|
NOTE: Support for this command depends on the AP model. |
Use port link-type to set the link type of an Ethernet port on an AP.
Use undo port link-type to restore the default.
Syntax
port link-type { access | hybrid | trunk }
undo port link-type
Default
In an AP's Layer 2 Ethernet interface view, an Ethernet port uses the configuration in an AP group's Layer 2 Ethernet interface view.
In an AP group's Layer 2 Ethernet interface view, each Ethernet port is an access port.
Views
AP's Layer 2 Ethernet interface view
AP group's Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
access: Sets the port link type to access.
hybrid: Sets the port link type to hybrid.
trunk: Sets the port link type to trunk.
Usage guidelines
To change the link type of an Ethernet port from trunk to hybrid or vice versa, first set the link type to access.
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.
Examples
# Configure GigabitEthernet 1 as a trunk port in Layer 2 Ethernet interface view of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] gigabitethernet 1
[Sysname-wlan-ap-ap1-gigabitethernet-1] port link-type trunk
# Configure GigabitEthernet 1 as a trunk port in Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type trunk
Related commands
remote-configuration
port trunk permit vlan
|
NOTE: Support for this command depends on the AP model. |
Use port trunk permit vlan to assign a trunk port to the specified VLANs.
Use undo port trunk permit vlan to remove a trunk port from the specified VLANs.
Syntax
port trunk permit vlan { vlan-id-list | all }
undo port trunk permit vlan { vlan-id-list | all }
Default
In an AP's Layer 2 Ethernet interface view, a trunk port uses the configuration in an AP group's Layer 2 Ethernet interface view.
In an AP group's Layer 2 Ethernet interface view, a trunk port allows packets only from VLAN 1 to pass through.
Views
AP's Layer 2 Ethernet interface view
AP group's Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument cannot be lower than the value for the vlan-id1 argument.
all: Specifies all VLANs.
Usage guidelines
A trunk port can allow multiple VLANs. If you execute this command multiple times on a trunk port, the trunk port allows all the specified VLANs.
On a trunk port, only packets from the PVID can pass through untagged.
To prevent unauthorized VLAN users from accessing restricted resources through the port, use the port trunk permit vlan all command with caution.
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.
Examples
# Configure GigabitEthernet 1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 in Layer 2 Ethernet interface view of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] gigabitethernet 1
[Sysname-wlan-ap-ap1-gigabitethernet-1] port link-type trunk
[Sysname-wlan-ap-ap1-gigabitethernet-1] port trunk permit vlan 2 4 50 to 100
# Configure GigabitEthernet 1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 in Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type trunk
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port trunk permit vlan 2 4 50 to 100
Related commands
port link-type
remote-configuration
port trunk pvid
|
NOTE: Support for this command depends on the AP model. |
Use port trunk pvid to set the PVID for a trunk port on an AP.
Use undo port trunk pvid to restore the default.
Syntax
port trunk pvid vlan vlan-id
undo port trunk pvid
Default
In an AP's Layer 2 Ethernet interface view, a trunk port uses the configuration in an AP group's Layer 2 Ethernet interface view.
In an AP group's Layer 2 Ethernet interface view, the PVID of a trunk port is VLAN 1.
Views
AP's Layer 2 Ethernet interface view
AP group's Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can use a nonexistent VLAN as the PVID for a trunk port. When you delete the PVID of a trunk port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, set the same PVID for a hybrid port on an AP and the hybrid port on the switch connected to the AP.
To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.
Examples
# In Layer 2 Ethernet interface view of AP ap1, configure GigabitEthernet 1 as a trunk port, set its PVID to VLAN 100, and assign it to VLAN 100.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] gigabitethernet 1
[Sysname-wlan-ap-ap3-gigabitethernet-1] port link-type trunk
[Sysname-wlan-ap-ap3-gigabitethernet-1] port trunk pvid vlan 100
[Sysname-wlan-ap-ap3-gigabitethernet-1] port trunk permit vlan 100
# In an AP group's Layer 2 Ethernet interface view, configure GigabitEthernet 1 as a trunk port, set its PVID to VLAN 100, and assign it to VLAN 100.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type trunk
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port trunk pvid vlan 100
[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port trunk permit vlan 100
Related commands
port link-type
port trunk permit vlan
remote-configuration
power-level default
|
NOTE: Support for this command depends on the AP model. |
Use power-level default to set the default input power level for an AP in case the AP cannot obtain its input power level.
Use undo power-level default to restore the default.
Syntax
power-level default { high | low | middle }
undo power-level default
Default
In AP view, an AP uses the configuration in an AP group's AP model view.
In an AP group's AP model view, the default input power level of an AP is middle.
Views
AP view
AP group's AP model view
Predefined user roles
network-admin
Parameters
high: Specifies the high default input power level.
low: Specifies the low default input power level.
middle: Specifies the middle default input power level.
Usage guidelines
Configure this command for an AP in case the AP cannot obtain its input power level at startup.
The power level of an AP can be high, middle, or low. An AP automatically performs power supply mode detection to obtain its input power level at startup. If the AP fails to obtain the input power level, it operates at the low input power level before associating with an AC. After the association, it operates at the configured default input power level.
The following table shows the relationship between the AP's power supply mode and input power level:
Power supply mode |
Input power level |
· Power adapter. · Multiple PoE+ ports. · Combination of PoE and PoE+ ports. |
High |
· Single PoE+ port · Multiple PoE ports |
Middle |
Single PoE port |
Low |
An AP's support for MIMO modes and USB interfaces varies by power level, as shown in Table 16.
Table 16 AP's support for MIMO modes and USB interfaces
Input power level |
MIMO modes |
Whether USB interfaces can be enabled |
High |
1×1, 2×2, 3×3, and 4×4. |
Yes. |
Middle |
1×1, 2×2, 3×3, and 4×4. |
Yes when the MIMO mode is 1×1 or 2×2. |
Low |
1×1. |
No. |
The configuration in AP view takes precedence over the configuration in an AP group' AP model view.
Examples
# Set the default input power level to high for AP ap1 in AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA5620i-ACN
[Sysname-wlan-ap-ap1] power-level default high
# Set the default input power level to high in AP model view of AP group g1.
<Sysname> system-view
[Sysname] wlan ap-group g1
[Sysname-wlan-ap-group-g1] ap-model WA5620i-ACN
[Sysname-wlan-ap-group-g1-ap-model-WA5620i-ACN] power-level default high
priority
Use priority to set the AP connection priority for the AC.
Use undo priority to restore the default.
Syntax
priority priority
undo priority
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the AP connection priority for the AC is 4.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
priority: Specifies the AP connection priority for the AC, in the range of 0 to 7. A larger value represents a higher connection priority.
Usage guidelines
The AP prefers to establish a CAPWAP tunnel with an AC that has higher connection priority.
The AP connection priority only takes effect during AC discovery.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the AP connection priority for the AC to 7 for AP ap3.
<Sysname> system-view
[Sysname] wlan ap ap3 model WA4320i-ACN
[Sysname-wlan-ap-ap3] priority 7
# Set the AP connection priority for the AC to 7 for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] priority 7
provision
Use provision to enable AP preprovisioning and enter AP provision view, or enter AP provision view. if AP preprovisioning is already enabled.
Use undo provision to disable AP preprovisioning.
Syntax
provision
undo provision
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, AP preprovisioning is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
AP preprovisioning allows you to configure network settings for APs on the AC. The AC automatically assigns these settings to the APs.
If you disable AP preprovisioning, network settings configured on the AC will be deleted. However, the operation does not affect the network settings already assigned to the APs.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable AP preprovisioning and enter AP provision view of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs]
# Enable AP preprovisioning and enter AP provision view of AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision
[Sysname-wlan-ap-group-group1-prvs]
provision auto-recovery
Use provision auto-recovery enable to enable auto loading of preprovisioned settings.
Use provision auto-recovery disable to disable auto loading of preprovisioned settings.
Use undo provision auto-recovery to restore the default.
Syntax
provision auto-recovery { disable | enable }
undo provision auto-recovery
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, auto loading of preprovisioned settings is enabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
Auto loading of preprovisioned settings ensures successful CAPWAP tunnel establishment between AP and AC. An AP uses the following procedure to discover an AC when you enable this feature:
1. Uses the preprovisioned settings to discover an AC that has the AP's manual or auto AP configuration.
2. Reboots and uses other methods to discover ACs if AC discovery fails.
3. Reboots and uses the preprovisioned settings again to discover ACs if the AP still fails to discover the target AC.
This AC discovery process will be repeated until the AP discovers the target AC to establish a CAPWAP tunnel.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Disable auto loading of preprovisioned settings for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-ap-ap1] provision auto-recovery disable
# Disable auto loading of preprovisioned settings for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision auto-recovery disable
provision auto-update
Use provision auto-update enable to enable auto assignment of preprovisioned settings.
Use provision auto-update disable to disable auto assignment of preprovisioned settings.
Use undo provision auto-update to restore the default.
Syntax
provision auto-update { disable | enable }
undo provision auto-update
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, auto assignment of preprovisioned settings is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
This command enables the AC to automatically assign preprovisioned settings to an AP so that the AP can use the preprovisioned settings to come online.
This command applies only to offline APs. To deploy preprovisioned settings to online APs, use the save wlan ap provision command.
The configuration in AP provision view has higher priority than the configuration in AP group provision view.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable auto assignment of preprovisioned settings for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-ap-ap1] provision auto-update enable
# Enable auto assignment of preprovisioned settings for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] provision auto-update enable
remote-configuration
|
NOTE: Support for this command depends on the AP model. |
Use remote-configuration enable to enable the remote configuration assignment feature.
Use remote-configuration disable to disable the remote configuration assignment feature.
Use undo remote-configuration to restore the default.
Syntax
remote-configuration { disable | enable }
undo remote-configuration enable
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, remote configuration assignment is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
The AC will assign related VLAN settings to APs only when the remote configuration assignment feature is enabled.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable the remote configuration assignment feature for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] remote-configuration enable
# Enable the remote configuration assignment feature for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] remote-configuration enable
reset wlan ap
Use reset wlan ap to reset all APs or the specified AP.
Syntax
reset wlan ap { all | ap-group group-name | model model-name | name ap-name | native }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all APs connected to the AC.
ap-group group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.
model model-name: Specifies an AP model by model name.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
native: Specifies all APs that have established CAPWAP tunnels with the AC.
Usage guidelines
This command terminates the CAPWAP tunnel between an AP and the AC and deletes all connection information about the AP.
Examples
# Reset the AP ap1.
<Sysname> reset wlan ap name ap1
Reset the AP that has established or is to establish a primary tunnel with the AC. Continue? [Y/N]:
reset wlan ap provision
Use reset wlan ap provision to delete configuration file wlan_ap_prvs.xml from all APs or the specified AP.
Syntax
reset wlan ap provision { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command takes effect only on APs that have established CAPWAP tunnels with the master AC and are in Run state.
For this command to take effect on an AP, restart the AP.
Examples
# Delete configuration file wlan_ap_prvs.xml from AP ap1.
<Sysname> reset wlan ap provision name ap1
reset wlan ap reboot-log
Use reset wlan ap reboot-log to clear the reboot logs of all APs or the specified AP.
Syntax
reset wlan ap reboot-log { all | name ap-name }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Clear the reboot logs of AP ap1.
<Sysname> reset wlan ap reboot-log name ap1
Related commands
display wlan ap reboot-log
reset wlan ap unauthenticated
Use reset wlan ap unauthenticated to restart unauthenticated auto APs for reauthentication.
Syntax
reset wlan ap unauthenticated
Views
User view
Predefined user roles
network-admin
Examples
# Restart unauthenticated auto APs.
<Sysname> reset wlan ap unauthenticated
reset wlan tunnel latency ap
Use reset wlan tunnel latency ap to clear tunnel latency information for all APs or the specified AP.
Syntax
reset wlan tunnel latency ap { all | name ap-name }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command takes effect only on APs that have established tunnels with the master AC and are in Run state.
Examples
# Clear tunnel latency information for AP ap1.
<Sysname> reset wlan tunnel latency ap name ap1
Related commands
display wlan ap name tunnel latency
tunnel latency-detect
retransmit-count
Use retransmit-count to set the maximum number of AC request retransmission attempts.
Use undo retransmit-count to restore the default.
Syntax
retransmit-count value
undo retransmit-count
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the maximum number of AC request retransmission attempts is 3.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
value: Specifies the maximum number of AC request retransmission attempts, in the range of 2 to 5.
Usage guidelines
The AC sends a request to an AP at the retransmission interval until the maximum number of request retransmission attempts is reached or a response is received.
Requests sent by the AC to an AP include the following types:
· Image Data Request.
· Configuration Update Request.
· Reset Request.
· Data Transfer Request.
· IEEE 802.11 WLAN Configuration Request.
· Station Configuration Request.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the maximum number of AC request retransmission attempts to 4 for AP ap3.
<Sysname> system-view
[Sysname] wlan ap ap3 model WA4320i-ACN
[Sysname-wlan-ap-ap3] retransmit-count 4
# Set the maximum number of AC request retransmission attempts to 4 for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] retransmit-count 4
Related commands
retransmit-interval
retransmit-interval
Use retransmit-interval to set the request retransmission interval for the AC to retransmit requests to an AP.
Use undo retransmit-interval to restore the default.
Syntax
retransmit-interval interval
undo retransmit-interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the request retransmission interval is 5 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval: Specifies the request retransmission interval in the range of 3 to 8 seconds.
Usage guidelines
The AC sends a request to an AP at the retransmission interval until the maximum number of request retransmission attempts is reached or a response is received.
Requests sent by the AC to an AP include the following types:
· Image Data Request.
· Configuration Update Request.
· Reset Request.
· Data Transfer Request.
· IEEE 802.11 WLAN Configuration Request.
· Station Configuration Request.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the request retransmission interval to 6 seconds for the AC to send requests to AP ap3.
<Sysname> system-view
[Sysname] wlan ap ap3 model WA4320i-ACN
[Sysname-wlan-ap-ap3] retransmit-interval 6
# Set the request retransmission interval to 6 seconds for the AC to send requests to APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] retransmit-interval 6
Related commands
retransmit-count
save wlan ap provision
Use save wlan ap provision to deploy the provision configuration to all APs or the specified AP.
Syntax
save wlan ap provision { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This command saves the added or modified preprovisioned settings to the wlan_ap_prvs.xml configuration file, and takes effect immediately.
This command takes effect only on online APs that have established tunnels with the master AC.
This command has the same effect as the reset wlan ap provision command if no AP preprovisioned settings exist.
Preprovisioned settings configured in provision view take effect immediately when you execute the save wlan ap provision command.
Cancellations of preprovisioned settings in provision view do not take effect when you execute the save wlan ap provision command. For the cancellations to take effect on an AP, restart the AP.
Examples
# Save the configuration in AP provision view to configuration file wlan_ap_prvs.xml on AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] provision
[Sysname-wlan-ap-ap1-prvs] ac ip 192.168.0.1
[Sysname-wlan-ap-ap1-prvs] save wlan ap provision name ap1
serial-id (AP group view)
Use serial-id to create an AP grouping rule by serial IDs.
Use undo serial-id to delete an AP grouping rule by serial IDs.
Syntax
serial-id serial-id
undo serial-id serial-id
Default
No AP grouping rules by serial IDs exist.
Views
AP group view
Predefined user roles
network-admin
Parameters
serial-id: Specifies an AP serial ID, a case-insensitive string of 1 to 63 characters.
Usage guidelines
This command does not identify whether the specified AP exists.
You can configure multiple AP grouping rules by serial IDs.
The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.
If the created AP grouping rule already exists in another AP group, this command deletes the rule from that AP group.
You cannot execute this command in the view of the default AP group.
Examples
# Create an AP grouping rule by serial IDs for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] serial-id 210235A1BSC123000037
Related commands
wlan ap-group
serial-id (AP view)
Use serial-id to specify the serial ID for an AP.
Use undo serial-id to restore the default.
Syntax
serial-id serial-id
undo serial-id
Default
No serial ID is specified for an AP.
Views
AP view
Predefined user roles
network-admin
Parameters
serial-id: Specifies the serial ID for an AP, a case-insensitive string of 1 to 63 characters.
Usage guidelines
Changing or deleting the serial ID of an AP terminates the CAPWAP tunnel if the AP has established a CAPWAP tunnel with an AC. Then the AP will reestablish a CAPWAP tunnel with the AC.
Examples
# Set the serial ID of AP ap1 to 210235A1BSC123000050.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-ap-ap1] serial-id 210235A1BSC123000050
smartrate-ethernet
|
NOTE: Support for this command depends on the AP model. |
Use smartrate-ethernet to enter 2.5 GigabitEthernet interface view of an AP.
Syntax
smartrate-ethernet interface-number
Views
AP view
AP group's AP model view
Predefined user roles
network-admin
Parameters
interface-number: Specifies an interface number. The value range varies by AP model.
Examples
# Enter the interface view of Smartrate-Ethernet 1 from AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA5620i-CAN
[Sysname-wlan-ap-ap1] smartrate-ethernet 1
[Sysname-wlan-ap-ap3-smartrate-ethernet-1]
# Enter the interface view of Smartrate-Ethernet 1 from the AP model view of AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA5620i-ACN
[Sysname-wlan-ap-group-group1-ap-model-WA4320i-ACN] smartrate-ethernet 1
[Sysname-wlan-ap-group-group1-ap-model-WA5620i-ACN-smartrate-ethernet-1]
snmp-agent trap enable wlan ap
Use snmp-agent trap enable wlan ap to enable SNMP notifications for AP management.
Use undo snmp-agent trap enable wlan ap to disable SNMP notifications for AP management.
Syntax
snmp-agent trap enable wlan ap
undo snmp-agent trap enable wlan ap
Default
SNMP notifications are disabled for AP management.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical AP management events to an NMS, enable SNMP notifications for AP management. For AP management event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.
Examples
# Enable SNMP notifications for AP management.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan ap
snmp-agent trap enable wlan capwap
Use snmp-agent trap enable wlan capwap to enable SNMP notifications for CAPWAP.
Use undo snmp-agent trap enable wlan capwap to disable SNMP notifications for CAPWAP.
Syntax
snmp-agent trap enable wlan capwap
undo snmp-agent trap enable wlan capwap
Default
SNMP notifications are disabled for CAPWAP.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical CAPWAP events to an NMS, enable SNMP notifications for CAPWAP. For CAPWAP event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.
Examples
# Enable SNMP notifications for CAPWAP.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan capwap
statistics-interval
Use statistics-interval to set the statistics report interval for an AP to send statistics reports to the AC.
Use undo statistics-interval to restore the default.
Syntax
statistics-interval interval
undo statistics-interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the statistics report interval is 50 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval: Specifies the statistics report interval in the range of 0 to 240 seconds.
Usage guidelines
Execute this command to change the interval for an AP to report its statistics. You can use these statistics to monitor the operating status of radios on the AP.
To disable an AP from reporting radio statistics to the AC, set the statistics report interval to 0.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the statistics reports interval to 10 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] statistics-interval 10
# Set the statistics reports interval to 10 seconds for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] statistics-interval 10
tunnel encryption
Use tunnel encryption enable to enable CAPWAP control tunnel encryption.
Use tunnel encryption disable to disable CAPWAP control tunnel encryption.
Use undo tunnel encryption enable to restore the default.
Syntax
tunnel encryption { disable | enable }
undo tunnel encryption enable
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, CAPWAP control tunnel encryption is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
This command takes effect on an AP only when the AP restarts.
When this feature is enabled, an AP establishes a CAPWAP tunnel with the AC after receiving a discovery response with the encryption flag from the AC. Then, the AC and the AP encrypt control packets transmitted in the CAPWAP control tunnel after the DTLS handshake.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable CAPWAP tunnel control encryption for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] tunnel encryption enable
This operation will restart the AP. Continue? [Y/N]
# Enable CAPWAP control tunnel encryption for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] tunnel encryption enable
This operation will restart member APs that are enabled with CAPWAP control tunnel encryption. Continue? [Y/N]
tunnel latency-detect
Use tunnel latency-detect to configure CAPWAP tunnel latency detection.
Syntax
tunnel latency-detect { start | stop }
Default
CAPWAP tunnel latency detection is not started.
Views
AP view
Predefined user roles
network-admin
Parameters
start: Starts CAPWAP tunnel latency detection.
stop: Stops CAPWAP tunnel latency detection.
Usage guidelines
CAPWAP tunnel latency detection enables the AC to detect the transmission latency of CAPWAP control frames or data frames from an AP to the AC and back.
When an AP goes offline, CAPWAP tunnel latency detection automatically stops. To restart CAPWAP tunnel latency detection when the AP comes online again, execute the tunnel latency-detect start command again.
The tunnel latency-detect start command takes effect only on APs that have established CAPWAP tunnels with the master AC and are in Run state.
Examples
# Start CAPWAP tunnel latency detection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] tunnel latency-detect start
Related commands
display wlan ap tunnel latency
reset wlan tunnel latency ap
usb
Use usb enable to enable USB interfaces on APs.
Use usb disable to disable USB interfaces on APs.
Use undo usb to restore the default.
Syntax
usb { disable | enable }
undo usb
Default
In AP view, an AP uses the configuration in an AP group's AP model view.
In an AP group's AP model view, USB interfaces are disabled.
Views
AP view
AP group's AP model view
Predefined user roles
network-admin
Usage guidelines
This command takes effect on an AP only when either of the following requirements is met:
· The power level of the AP is high.
· The power level of the AP is middle and the MIMO mode is 1×1 or 2×2.
For information about power levels, see "power-level default." For information about MIMO modes, see radio management in WLAN Configuration Guide.
The configuration in AP view takes precedence over the configuration in AP group' AP model view.
Examples
# Enable USB interfaces in AP view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA5620i-ACN
[Sysname-wlan-ap-ap1] usb enable
# Enable USB interfaces in AP model view of AP group g1.
<Sysname> system-view
[Sysname] wlan ap-group g1
[Sysname-wlan-ap-group-g1] ap-model WA5620i-ACN
[Sysname-wlan-ap-group-g1-ap-model-WA5620i-ACN] usb enable
Related commands
power-level default
vlan
Use vlan vlan-id to create a VLAN for an AP and enter the VLAN view of the AP, or enter the view of an existing VLAN of an AP.
Use vlan vlan-id1 to vlan-id2 to create VLANs vlan-id1 through vlan-id2 for an AP, except for reserved VLANs.
Use vlan all to create VLANs 1 through 4094 for an AP.
Use undo vlan to delete the specified VLANs of an AP.
Syntax
vlan { vlan-id1 [ to vlan-id2 ] | all }
undo vlan { vlan-id1 [ to vlan-id2 ] | all }
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, VLAN 1 (the default VLAN) exists on an AP.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
vlan-id1: Specifies a VLAN ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN range. The vlan-id1 and vlan-id2 arguments specify VLAN IDs. The value range for each of the two arguments is 1 to 4094. The value for the vlan-id2 argument cannot be lower than the value for the vlan-id1 argument.
all: Specifies all VLANs except for reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on an AP is less than 4094. Support for this keyword depends on the AP model.
Usage guidelines
You cannot create or delete VLAN 1 (the default VLAN) or reserved VLANs.
For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.
Examples
# Create VLAN 2 for AP ap1 and enter the VLAN view of the VLAN.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] vlan 2
[Sysname-wlan-ap-ap1-vlan2]
# Create VLAN 2 for AP group group1 and enter the VLAN view of the VLAN.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] vlan 2
[Sysname-wlan-ap-group-1-vlan2]
Related commands
remote-configuration
wlan ap
Use wlan ap to create a manual AP and enter its view, or enter the view of an existing manual AP.
Use undo wlan ap to delete an AP.
Syntax
wlan ap ap-name [ model model-name ]
undo wlan ap ap-name
Default
No manual APs exist.
Views
System view
Predefined user roles
network-admin
Parameters
ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
model model-name: Specifies the model name of the AP. You must specify the model name when you create an AP.
Usage guidelines
If the specified AP has established a CAPWAP tunnel, the undo wlan ap command also terminates the tunnel.
Examples
# Create an AP named ap1 with model WA4320i-ACN.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1]
wlan ap-authentication
Use wlan ap-authentication to manually authenticate unauthenticated auto APs.
Syntax
wlan ap-authentication { accept | reject } ap-unauthenticated { all | name ap-name }
Default
Manual authentication is not configured for unauthenticated auto APs.
Views
System view
Predefined user roles
network-admin
Parameters
accept: Enables unauthenticated auto APs to pass authentication and generate ACL permit rules. Authenticated auto APs can provide wireless services.
reject: Rejects unauthenticated auto APs and generates ACL deny rules. If you specify this keyword, the command logs off all online unauthenticated auto APs.
all: Specifies all unauthenticated auto APs.
name ap-name: Specifies an unauthenticated auto AP by its name, a case-insensitive string of 1 to 64 characters.
Usage guidelines
Unauthenticated auto APs can associate with the AC but cannot provide wireless services. You can execute this command to authenticate these APs.
Before you execute this command, perform the following tasks:
· Use the acl wlan ap command to create a WLAN AP ACL.
· Use the wlan ap-authentication acl command to specify the ACL as the ACL for authenticating unauthenticated auto APs.
The generated ACL rules will be added to the specified ACL.
Examples
# Enable unauthenticated auto APs to pass authentication and generate permit rules in ACL 200.
<Sysname> system-view
[Sysname] acl wlan ap 200
[Sysname-acl-ap-200] quit
[Sysname] wlan ap-authentication acl 200
[Sysname] wlan ap-authentication accept ap-unauthenticated all
Related commands
acl wlan ap
permit-unauthenticated
wlan ap-authentication
wlan ap-authentication acl
Use wlan ap-authentication acl to specify an ACL for authenticating auto APs.
Use undo wlan ap-authentication acl to restore the default.
Syntax
wlan ap-authentication acl acl-number
undo wlan ap-authentication acl
Default
No ACL is specified for authenticating auto APs.
Views
System view
Predefined user roles
network-admin
Parameters
acl-number: Specifies a WLAN AP ACL by its number, in the range of 200 to 299.
Usage guidelines
Before you execute this command, use the acl wlan ap command to create a WLAN AP ACL and configure ACL rules. You can use either of the following methods to configure ACL rules:
· Use the ap-authentication import command.
· Use the rule command. If this method is used, make sure the match criterion used in the rule is consistent with the auto AP authentication method. To configure an auto AP authentication method, use the wlan ap-authentication method command.
Unauthenticated auto APs that match ACL permit rules are allowed to associate with the AC. Unauthenticated auto APs that match ACL deny rules or do not match any ACL rules are rejected to associate with the AC.
If you do not configure any ACL rules, all auto APs will become unauthenticated.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify ACL 200 for authenticating auto APs by serial ID.
<Sysname> system-view
[Sysname] acl wlan ap 200
[Sysname-acl-ap-200] rule 0 permit serial-id 210235A42QB095000766
[Sysname-acl-ap-200] quit
[Sysname] wlan ap-authentication acl 200
Related commands
acl wlan ap
rule
wlan ap-authentication import
wlan ap-authentication method
wlan ap-authentication domain
Use wlan ap-authentication domain to configure an ISP domain for auto AP authentication.
Use undo wlan ap-authentication domain to restore the default.
Syntax
wlan ap-authentication domain domain-name
undo wlan ap-authentication domain
Default
No ISP domain is configured for auto AP authentication.
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters. For information about ISP domains, see AAA in Security Configuration Guide.
Usage guidelines
You must configure this command when remote authentication is configured. If the remote authentication succeeds, the AC accepts the AP. If it does not succeed, the AC rejects the AP.
Examples
# Configure the authentication domain as office for auto AP authentication.
<Sysname> system-view
[Sysname] wlan ap-authentication domain office
wlan ap-authentication enable
Use wlan ap-authentication enable to enable auto AP authentication.
Use undo wlan ap-authentication enable to restore the default.
Syntax
wlan ap-authentication enable
undo wlan ap-authentication enable
Default
Auto AP authentication is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Auto AP authentication only takes effect on auto APs that have not come online. It does not take effect on online auto APs, manual APs, and manual APs converted from auto APs.
Auto AP authentication does not take effect on online auto APs.
Examples
# Enable auto AP authentication.
<Sysname> system-view
[Sysname] wlan ap-authentication enable
wlan ap-authentication import
Use wlan ap-authentication import to import an authentication file and generate corresponding ACL permit rules for auto AP authentication.
Syntax
wlan ap-authentication import file-name
Views
System view
Predefined user roles
network-admin
Parameters
file-name: Specifies the name of an auto AP authentication file. It is a case-insensitive string of 1 to 32 characters and must have extension .txt.
Usage guidelines
An auto AP authentication file contains either the MAC address or serial ID of auto APs but not both of them. The MAC addresses must be in the format of HH-HH-HH-HH-HH-HH. MAC addresses and serial IDs are comma-separated.
Before you execute this command, make sure the following tasks are completed:
· Use the wlan ap-authentication acl command to specify an ACL.
The generated permit rules will be added to the ACL.
· Use the wlan ap-authentication method command to specify an auto AP authentication method.
The ACL rules are generated according to the authentication method. Make sure the authentication file format is consistent with the authentication method.
Examples
# Import auto AP authentication file office.txt to generate ACL permit rules in ACL 200.
<Sysname> system-view
[Sysname] acl number 200
[Sysname-acl-ap-200] quit
[Sysname] wlan ap-authentication acl 200
[Sysname] wlan ap-authentication import office.txt
Related commands
wlan ap-authentication acl
wlan ap-authentication method
wlan ap-authentication method
Use wlan ap-authentication method to specify an auto AP authentication method.
Use undo wlan ap-authentication method to restore the default.
Syntax
wlan ap-authentication method { mac-address | serial-id }
undo wlan ap-authentication method
Default
Auto APs are authenticated by MAC address.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the MAC address authentication method.
serial-id: Specifies the serial ID authentication method.
Examples
# Authenticate auto APs by AP serial ID.
<Sysname> system-view
[Sysname] wlan ap-authentication method serial-id
wlan ap-authentication permit-unauthenticated
Use wlan ap-authentication permit-unauthenticated to enable unauthenticated auto APs to associate with the AC.
Use undo wlan ap-authentication permit-unauthenticated to disable unauthenticated auto APs from associating with the AC.
Syntax
wlan ap-authentication permit-unauthenticated
undo wlan ap-authentication permit-unauthenticated
Default
Unauthenticated auto APs are allowed to associate with the AC, but they cannot provide wireless services.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Unauthenticated auto APs are auto APs that do not match an ACL rule in local authentication. Unauthenticated auto APs can associate with the AC but cannot provide wireless services. You can use the undo wlan ap-authentication permit-unauthenticated command to log off all unauthenticated auto APs.
Examples
# Disable unauthenticated auto APs from associating with the AC.
<Sysname> system-view
[Sysname] undo wlan ap-authentication permit-unauthenticated
wlan apdb
Use wlan apdb to configure the mapping between a software version and a hardware version of an AP model.
Use undo wlan apdb to restore the default.
Syntax
wlan apdb model-name hardware-version software-version
undo wlan apdb model-name hardware-version
Default
The software version for a hardware version of an AP model is the software version that is stored in APDB user scripts.
Views
System view
Predefined user roles
network-admin
Parameters
model-name: Specifies an AP model name in the APDB.
hardware-version: Specifies a hardware version in the APDB.
software-version: Specifies an AP software version, a case-insensitive string of 1 to 31 characters.
Usage guidelines
CAUTION: To avoid CAPWAP tunnel establishment failure, use this command under the guidance of H3C Support. |
This command is used together with the software upgrade feature for software version consistency check during software upgrade.
Use this command only when the software version you expect for an AP is inconsistent with the software version specified for the AP model stored in the APDB.
Examples
# Configure the mapping between software version E2108 and hardware version Ver.C of AP model WA4320i-ACN.
<Sysname> system-view
[Sysname] wlan apdb WA4320i-ACN Ver.C E2108
Related commands
firmware-upgrade
wlan apdb file
Use wlan apdb file to load an APDB user script.
Use undo wlan apdb file to delete an APDB user script.
Syntax
wlan apdb file user.apdb
undo wlan apdb file
Default
No APDB user script is loaded.
Views
System view
Predefined user roles
network-admin
Parameters
user.apdb: Specifies an APDB user profile by its name, a case-sensitive string of 1 to 63 characters. apdb is the filename extension.
Usage guidelines
When you load an APDB user script, follow these restrictions and guidelines:
· Make sure the user script is valid. Invalid scripts can cause loading failure.
· The AP models in the user script must be different from the AP models in the system script.
· If you load multiple user scripts on the AC, the most recently loaded user script overwrites the old user scripts.
· If you rename the user script in the file system, reload the user script to prevent AP model configuration in the user script from being lost after an AC reboot.
· If you replace the user script with a new user script in the file system, reload the new user script. If the new user script does not include AP model information saved in the replaced user script, the AP model information will be lost after an AC reboot.
· If you delete a user script in the file system, the AP model configuration in the user script will be lost after an AC reboot.
If an old user script already exists, follow these restrictions and guidelines when you load an APDB user script:
· If a manual AP or an online auto AP whose model is listed in the old user script exists ,you can load a new user script only when you delete the corresponding AP model information on the AC.
· If APs of an AP model listed in the old user script have been added to an AP group, you can load a new user script only when you remove the APs from the AP group.
· If the old user script includes an AP model whose software version was already configured, you can load a new user script only when you use the wlan apdb command to restore the original software version.
Examples
# Load user script user.apdb.
<Sysname> system-view
[Sysname] wlan apdb file user.apdb
Related commands
wlan apdb
wlan ap-group
Use wlan ap-group to create an AP group and enter its view, or enter the view of an existing AP group.
Use undo wlan ap-group to delete an AP group.
Syntax
wlan ap-group group-name
undo wlan ap-group group-name
Default
The default AP group default-group exists, and it cannot be deleted.
Views
System view
Predefined user roles
network-admin
Parameters
group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.
Examples
# Create an AP group named group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1]
Related commands
display wlan ap-group
wlan auto-ap enable
Use wlan auto-ap enable to enable the auto AP feature.
Use undo wlan auto-ap enable to disable the auto AP feature.
Syntax
wlan auto-ap enable
undo wlan auto-ap enable
Default
The auto AP feature is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables an AP to connect to an AC without manual AP configuration. It simplifies configuration when you deploy a large number of APs in a WLAN.
To configure an auto AP, you must use auto-AP persistence to convert the auto AP to a manual AP or configure it through an AP group.
Examples
# Enable the auto AP feature.
<Sysname> system-view
[Sysname] wlan auto-ap enable
wlan auto-ap persistent
Use wlan auto-ap persistent to convert online auto APs to manual APs.
Syntax
wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ] }
Views
System view
Predefined user roles
network-admin
Parameters
all: Specifies all online auto APs. If you specify this keyword, the command converts all online auto APs to manual APs with AP names unchanged.
auto-ap-name: Specifies an online auto AP.
new-ap-name: Specifies a new name for the AP, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-). If you do not specify this argument, the converted manual AP uses the name of the auto AP.
Examples
# Convert the auto AP whose MAC address is 0001-ab12-cd36 to manual AP ap2.
<Sysname> system-view
[Sysname] wlan auto-ap persistent name 0001-ab12-cd36 ap2
wlan auto-persistent enable
Use wlan auto-persistent enable to convert auto APs to manual APs after they come online.
Use undo wlan auto-persistent enable to restore the default.
Syntax
wlan auto-persistent enable
undo wlan auto-persistent enable
Default
Auto AP conversion is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only on auto APs that come online after you execute this command. For auto APs that are already online, use the wlan auto-ap persistent command to convert them to manual APs.
Examples
# Enable auto AP conversion.
<Sysname> system-view
[Sysname] wlan auto-persistent enable
wlan capwap discovery-policy unicast
Use wlan capwap discovery-policy unicast to enable an AC to respond only to unicast discovery requests.
Use undo wlan capwap discovery-policy to disable an AC to respond only to unicast discovery requests.
Syntax
wlan capwap discovery-policy unicast
undo wlan capwap discovery-policy
Default
An AC can respond to unicast, multicast, and broadcast discovery requests.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the AC to respond only to unicast discovery requests.
<Sysname> system-view
[Sysname] wlan capwap discovery-policy unicast
wlan detect-anomaly enable
Use wlan detect-anomaly enable to enable service anomaly detection.
Use undo wlan detect-anomaly enable to restore the default.
Syntax
wlan detect-anomaly enable
undo wlan detect-anomaly enable
Default
Service anomaly detection is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AC to check service status and start a reboot timer upon detecting that no APs are associated with the AC. When the reboot timer (10 minutes) expires, the AC restarts. If an AP comes online on the AC before the reboot timer expires, the AC deletes the timer.
Examples
# Enable service anomaly detection.
<Sysname> system-view
[Sysname] wlan detect-anomaly enable
wlan global-configuration
Use wlan global-configuration to enter global configuration view.
Syntax
wlan global-configuration
Views
System view
Predefined user roles
network-admin
Usage guidelines
The configuration priorities for an AP in AP view, AP group view, and global configuration view are in descending order. If no settings are configured in one view, the settings in the view with a lower priority are used. If no settings are configured in any one of the three views, the AP uses the default configuration in the view that has the lowest priority.
Examples
# Enter global configuration view.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration]
wlan image-load filepath
Use wlan image-load filepath to specify the preferred location for the AC to obtain an AP image file for software version assignment.
Use undo wlan image-load filepath to restore the default.
Syntax
wlan image-load filepath { local | ram }
undo wlan image-load filepath
Default
The AC prefers the AP image file stored in the RAM when assigning a software version to APs.
Views
System view
Predefined user roles
network-admin
Parameters
local: Specifies the local folder as the preferred location to obtain an AP image file. If the local folder does not contain an AP image file, the AC obtains the AP image file from the RAM. If the RAM does not contain an AP image file, the AC fails to obtain an AP image file.
ram: Specifies the RAM as the preferred location to obtain an AP image file. If the RAM does not contain an AP image file, the AC obtains the AP image file from the local folder. If the local folder does not contain an AP image file, the AC fails to obtain an AP image file.
Usage guidelines
The AC image file contains AP image files. The AC reads the AP image files into the RAM when it starts.
Specify the local keyword only when the following conditions are met:
· The required AP image file is not contained in the AC's image file.
· The software version an AP uses when it comes online has been specified using the wlan apdb command.
When you specify the local keyword, make sure the AC uses a CF card as the default file system and the AP image file is stored in the root directory of the file system on the AC.
The AC can assign only .ipe AP image files to APs.
Examples
# Specify the local folder as the preferred location to obtain an AP image file for AP software version assignment.
<Sysname> system-view
[Sysname] wlan image-load filepath local
wlan re-group
Use wlan re-group to move an AP grouping rule or a list of AP grouping rules to the specified AP group.
Syntax
wlan re-group { ap ap-name | ap-group old-group-name | mac-address mac-address | serial-id serial-id } group-name
Views
System view
Predefined user roles
network-admin
Parameters
ap ap-name: Specifies an AP grouping rule by AP names.
ap-group old-group-name: Specifies the source AP group. The source AP group cannot be the default AP group.
mac-address mac-address: Specifies an AP grouping rule by MAC addresses.
serial-id serial-id: Specifies an AP grouping rule by serial IDs.
group-name: Specifies the target AP group. The target AP group cannot be the default AP group.
Examples
# Create an AP group named group1, and create AP grouping rules by AP names to add APs ap1, ap2, and ap3 to AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap ap1 ap2 ap3
[Sysname-wlan-ap-group-group1] quit
# Create an AP group named group2, and move an AP grouping rule by AP names to AP group group2.
[Sysname] wlan ap-group group2
[Sysname-wlan-ap-group-group2] quit
[Sysname] wlan re-group ap ap1 group2
wlan rename-ap
Use wlan rename-ap to rename a manual AP.
Syntax
wlan rename-ap ap-name new-ap-name
Views
System view
Predefined user roles
network-admin
Parameters
ap-name: Specifies a manual AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
new-ap-name: Specifies a new AP name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Change the name of AP ap1 to ap1-office.
<Sysname> system-view
[Sysname] wlan rename-ap ap1 ap1-office
wlan tcp mss
Use wlan tcp mss to set the maximum TCP segment size (TCP MSS) for CAPWAP tunnels.
Use undo wlan tcp mss to restore the default.
Syntax
wlan tcp mss value
undo wlan tcp mss
Default
The TCP MSS is 1460 bytes for CAPWAP tunnels.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the TCP MSS in bytes in the range of 128 to 2048.
Usage guidelines
This command sets the value of the MSS option in SYN packets transmitted over a CAPWAP tunnel.
The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the size of a TCP segment is smaller than or equal to the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, TCP fragments the segment based on the receiver's MSS.
Examples
# Set the TCP MSS to 2000 bytes for CAPWAP tunnels.
<Sysname> system-view
[Sysname] wlan tcp mss 2000
Radio management commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
a-mpdu
Use a-mpdu enable to enable the A-MPDU aggregation method.
Use a-mpdu disable to disable the A-MPDU aggregation method.
Use undo a-mpdu to restore the default.
Syntax
a-mpdu { disable | enable }
undo a-mpdu
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the A-MPDU aggregation method is enabled.
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Disable the A-MPDU aggregation method for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] a-mpdu disable
# Disable the A-MPDU aggregation method for radio 1 of APs with model WA4320i-ACN in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] a-mpdu disable
a-msdu
Use a-msdu enable to enable the A-MSDU aggregation method.
Use a-msdu disable to disable the A-MSDU aggregation method.
Use undo a-msdu to restore the default.
Syntax
a-msdu { disable | enable }
undo a-msdu
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the A-MSDU aggregation method is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The device can receive but cannot send A-MSDUs.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Disable the A-MSDU aggregation method for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] a-msdu disable
# Disable the A-MSDU aggregation method for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] a-msdu disable
ani
Use ani enable to enable Adaptive Noise Immunity (ANI).
Use ani disable to disable ANI.
Use undo ani to restore the default.
Syntax
ani { disable | enable }
undo ani
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, ANI is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
ANI enables the device to adjust the anti-noise level based on the environment to reduce interference from the surrounding environment.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] ani enable
# Enable ANI for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] ani enable
antenna type
Use antenna type to set the antenna type for an AP.
Use undo antenna type to restore the default.
Syntax
antenna type antenna-type
undo antenna type
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the default antenna type for an AP varies by device model.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
antenna-type: Specifies an antenna type, a string of 1 to 10 characters. Antenna types supported by an AP vary by device model.
Usage guidelines
Perform this task to set the antenna type for an AP. The antenna type setting for an AP must be consistent with the type of the antenna used on the AP.
To ensure that the Effective Isotropic Radiated Power (EIRP) is within the correct range, the antenna gain automatically changes after you set the antenna type.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the antenna type to internal for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] antenna type internal
# Set the antenna type to internal for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] antenna type internal
beacon-interval
Use beacon-interval to set the beacon interval.
Use undo beacon-interval to restore the default.
Syntax
beacon-interval interval
undo beacon-interval
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the beacon interval is 100 Time Units (TUs).
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
interval: Specifies the beacon interval in the range of 32 to 8191 TUs.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the beacon interval to 1000 TUs for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] beacon-interval 1000
# Set the beacon interval to 1000 TUs for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] beacon-interval 1000
channel
Use channel to specify a working channel for a radio.
Use undo channel to restore the default.
Syntax
channel { channel-number | auto { lock | unlock } }
undo channel [ auto ]
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the AC automatically selects a channel for a radio and the channel is unlocked.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
channel-number: Specifies a channel by its number. The value range for this argument varies by country code and radio mode.
auto lock: Configures the AC to automatically select a channel for a radio and lock the channel.
auto unlock: Configures the AC to automatically select a channel for a radio and not lock the channel.
Usage guidelines
When radar signals are detected on the working channel of a radio, one of the following events occurs:
· If the channel is automatically assigned, the radio changes its channel.
· If the channel is manually specified, the radio changes its channel, and switches back to the specified channel after 30 minutes and then starts the quiet timer. If no radar signals are detected within the quiet time, the radio starts to use the channel. If radar signals are detected within the quiet time, the radio changes it channel again.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Specify working channel 149 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] channel 149
# Specify working channel 149 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel 149
channel auto-select
Use channel auto-select to configure the channel selection blacklist or whitelist.
Use undo channel auto-select to remove the specified channels from the channel selection blacklist or whitelist.
Syntax
channel auto-select { blacklist | whitelist } channel-number
undo channel auto-select { blacklist | whitelist } { all | channel-number }
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, no channel selection blacklist or whitelist exists
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
blacklist: Adds channels to the channel selection blacklist. An AP will not select channels in the blacklist.
whitelist: Adds channels to the channel selection whitelist. An AP will only select channels in the whitelist.
channel-number: Specifies channels by their channel numbers. The value range for this argument varies by country code and radio mode.
all: Specifies all channels in the channel selection blacklist or whitelist.
Usage guidelines
You cannot configure both the channel selection blacklist and whitelist for the same AP.
This command takes effect only on APs operating in auto channel selection mode.
Examples
# Add channels 149, 153, and 157 to the channel selection whitelist for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] channel auto-select whitelist 149 153 157
# Add channels 149, 153, and 157 to the channel selection whitelist for APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel auto-select whitelist 149 153 157
Related commands
channel
channel band-width
Use channel band-width to set the bandwidth mode.
Use undo channel band-width to restore the default.
Syntax
channel band-width { 20 | 40 [ auto-switch ] | 80 | { 160 | dual-80 } [ secondary-channel channel-number ] }
undo channel band-width
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the bandwidth mode is 80 MHz for 802.11ac radios, 40 MHz for 802.11an radios, and 20 MHz for 802.11gn radios.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
20: Sets the bandwidth mode to 20 MHz.
40: Sets the bandwidth mode to 40 MHz.
80: Sets the bandwidth mode to 80 MHz.
auto-switch: Allows a radio to switch its bandwidth mode between 20 MHz and 40 MHz. This keyword is applicable only to 802.11gn radios.
160: Sets the bandwidth mode to 160 MHz. Support for this keyword depends on the device model.
dual-80: Sets the bandwidth mode to 80+80 MHz. Support for this keyword depends on the device model.
secondary-channel channel-number: Specifies the secondary channel for the 160 MHz or 80+80 MHz bandwidth mode. Support for this option depends on the device model.
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. When you change the mode of a radio, the default setting of this command for the new radio mode is restored.
The radio uses the specified 40/80/160 MHz bandwidth if adjacent channels can be bound to form a 40/80/160 channel. If adjacent channels cannot form a 40/80/160 channel, the radio uses the next available bandwidth less than the specified one.
For example, the bandwidth mode is set to 80 MHz. The radio uses the 80 MHz bandwidth if adjacent channels that can be bound together exist. If adjacent channels that can be bound to an 80 MHz channel do not exist, but two adjacent channels that can be bound to a 40 MHz channel exist, the 40 MHz bandwidth is used. If no adjacent channels that can be bound together exist, the radio uses the 20 MHz bandwidth.
When the bandwidth mode is set to 80+80 MHz, the radio uses the 160 MHz bandwidth if two adjacent 80 MHz channels that can be bound together exist. If a 160 MHz channel cannot be formed but two non-adjacent 80 MHz channels are available, the radio uses the two 80 MHz channels to achieve the 160 MHz bandwidth.
If the working channel is specified, you can specify the secondary 80 MHz channel for the 160 MHz or 80+80 MHz bandwidth mode. If no working channel is specified, the device automatically selects a secondary channel. The working channel forwards all packets and the secondary channel forwards only data packets.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the bandwidth mode to 40 MHz for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] channel band-width 40
# Set the bandwidth mode to 40 MHz for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel band-width 40
# Set the bandwidth mode to 160 MHz for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[System-wlan-ap-ap1-radio-1] type dot11ac
[Sysname-wlan-ap-ap1-radio-1] channel band-width 160
# Set the bandwidth mode to 160 MHz for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11ac
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel band-width 160
# Set the bandwidth mode to 80+80 MHz and set the secondary channel to 36 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[System-wlan-ap-ap1-radio-1] type dot11ac
[Sysname-wlan-ap-ap1-radio-1] channel 149
[Sysname-wlan-ap-ap1-radio-1] channel band-width dual-80 secondary-channel 36
# Set the bandwidth mode to 80+80 MHz and set the secondary channel to 36 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11ac
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel 149
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel band-width dual-80 secondary-channel 36
channel
channel-usage measure
Use channel-usage measure to perform on-demand channel usage measurement.
Syntax
channel-usage measure
Views
Radio view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to scan supported channels and display the channel usage after measurement. The measurement of each channel takes about one second.
Examples
# Perform on-demand channel usage measurement on radio 2 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] channel-usage measure
Please wait......Done.
Channel Usage
1 63%
2 61%
3 55%
4 45%
5 64%
6 74%
7 66%
8 48%
9 35%
10 38%
11 54%
12 30%
13 72%
client dot11ac-only
Use client dot11ac-only enable to enable the client dot11ac-only feature.
Use client dot11ac-only disable to disable the client dot11ac-only feature.
Use undo client dot11ac-only to restore the default.
Syntax
client dot11ac-only { disable | enable }
undo client dot11ac-only
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the client dot11ac-only feature is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11ac radios. Changing the radio mode invalidates the command.
After you configure this command on a radio, the radio accepts only 802.11ac clients, and all non-802.11ac clients that are associated with the radio are logged off.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable the client dot11ac-only feature for AP ap1.
<System> system-view
[System] wlan ap ap1 model WA2620-WiNet
[System-wlan-ap-ap1] radio 1
[System-wlan-ap-ap1-radio-1] type dot11ac
[System-wlan-ap-ap1-radio-1] client dot11ac-only enable
# Enable the client dot11ac-only feature for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] client dot11ac-only enable
Related commands
dot11ac mandatory maximum-nss
client dot11b-forbidden
Use client dot11b-forbidden enable to disable access services for 802.11b clients.
Use client dot11b-forbidden disable to enable access services for 802.11b clients.
Use undo client dot11b-forbidden to restore the default.
Syntax
client dot11b-forbidden { disable | enable }
undo client dot11b-forbidden
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, access services for 802.11b clients are enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
Enabling an 802.11g or 802.11gn radio to reject 802.11b clients reduces the impact of low-speed 802.11b clients and speeds up wireless data transmission.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Configure AP ap1 to reject 802.11b clients.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] client dot11b-forbidden enable
# Configure AP group apgroup1 to reject 802.11b clients.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-model-WA2620-WiNet] radio 2
[Sysname-wlan-ap-group-apgroup1-model-WA2620-WiNet-radio-2] client dot11b-forbidden enable
client dot11n-only
Use client dot11n-only enable to enable the client dot11n-only feature.
Use client dot11n-only disable to disable the client dot11n-only feature.
Use undo client dot11n-only to restore the default.
Syntax
client dot11n-only { disable | enable }
undo client dot11n-only
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the client dot11n-only feature is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
After you configure this command on a radio, the radio accepts only the 802.11n and 802.11ac clients, and all 802.11a/b/g clients that are associated with the radio are logged off.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable the client dot11n-only feature for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] client dot11n-only enable
# Enable the client dot11n-only feature for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client dot11n-only enable
client max-count
Use client max-count to set the maximum number of clients that can associate with an AP.
Use undo client max-count to restore the default.
Syntax
client max-count max-number
undo client max-count
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, no limit is set for the number of clients that can associate with an AP.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of clients that can associate with an AP. The value range depends on the AP model.
Usage guidelines
When the maximum number of clients is reached on an AP, the AP stops accepting new clients.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum number of clients that can associate with an AP to 38 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] client max-count 38
# Set the maximum number of clients that can associate with an AP to 38 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client max-count 38
continuous-mode
Use continuous-mode to enable the continuous mode for a radio.
Use undo continuous-mode to restore the default.
Syntax
continuous-mode { mcs mcs-index | nss nss-index vht-mcs vhtmcs-index | rate rate-value }
undo continuous-mode
Default
The continuous mode is disabled.
Views
Radio view
Predefined user roles
network-admin
Parameters
mcs mcs-index: Specifies the MCS index in the range of 0 to 76. This option applies only to 802.11n and 802.11ac radios.
nss nss-index vht-mcs vhtmcs-index: Specifies the VHT-MCS index. The value ranges for the nss-index and vhtmcs-index arguments are 1 to 8 and 0 to 9, respectively. This option applies only to 802.11ac radios.
rate rate-value: Specifies the transmit rate in Mbps. This option applies to all radio types.
Usage guidelines
This feature is used for network testing only. Do not use it under any other circumstances.
It enables continuous data packet sending at the specified rate. When the feature is enabled, do not perform any other operations except changing the transmit rate.
Examples
# Enable the continuous mode and set the transmit rate to 6 Mbps.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] continuous-mode rate 6
Related commands
display wlan ap continuous-mode
custom-antenna gain
Use custom-antenna gain to set the antenna gain.
Use undo custom-antenna gain to restore the default.
Syntax
custom-antenna gain antenna-gain
undo custom-antenna gain
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the antenna gain is 0 dBi.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
antenna-gain: Specifies the antenna gain in the range of 0 to 20 dBi.
Usage guidelines
This command is applicable only when an AP uses a third-party antenna.
Effective Isotropic Radiated Power (EIRP) is the actual transmit power of an antenna, and it is the sum of the antenna gain and the maximum transmit power of the radio. If the configured antenna gain causes the EIRP to exceed the threshold, the antenna gain configuration fails.
Make sure the antenna gain setting is the same as the gain of the antenna used on the AP.
Changing the radio mode automatically changes the antenna gain.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the antenna gain to 2 dBi for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] custom-antenna gain 2
# Set the antenna gain to 2 dBi for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] custom-antenna gain 2
display wlan ap continuous-mode
Use display wlan ap continuous-mode to display information about the continuous mode.
Syntax
display wlan ap { all | name ap-name } continuous-mode
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display information about the continuous mode for radios on AP ap1.
<Sysname> display wlan ap name ap1 continuous-mode
AP name Radio ID Radio type Rate Mcs-Index Nss Vht-mcs
ap1 1 802.11a 6 N/A N/A N/A
Table 17 Command output
Field |
Description |
Mcs-Index |
MCS index. |
Nss |
NSS index. |
Vht-mcs |
VHT-MCS index. |
Related commands
continuous-mode
display wlan ap radio
Use display wlan ap radio to display AP radio information.
Syntax
display wlan ap { all | name ap-name } radio [ frequency-band { 5 | 2.4 } ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
frequency-band: Specifies a frequency band.
5: Specifies the 5 GHz frequency band.
2.4: Specifies the 2.4 GHz frequency band.
Examples
# Display radio information for all APs.
<Sysname> display wlan ap all radio
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 256
Remaining APs: 255
Total AP licenses: 128
Remaining AP licenses: 127
AP name RID State Channel Usage TxPower AntGain EIRP
(%) (dBm) (dBi) (dBm)
ap1 1 Up 149(auto) 10 20 10 30
ap1 2 Up 11(auto) 15 20 10 30
# Display 2.4 GHz radio information for AP ap1.
<Sysname> display wlan ap name ap1 radio frequency-band 2.4
AP name RID State Channel Usage TxPower AntGain EIRP
(%) (dBm) (dBi) (dBm)
ap1 2 Up 11(auto) 15 20 10 30
Table 18 Command output
Field |
Description |
Total number of inside APs |
An inside AP is a manual AP automatically created for radio management when an anchor AP acts as an AC. The name and serial ID of the inside AP are the MAC address and serial ID of the anchor AP, respectively. |
Maximum supported APs |
Maximum number of supported APs, including fit APs and WTUs, on the AC. |
Remaining APs |
Remaining number of supported APs. The value equals the number of maximum supported APs minus the number of connected common APs and the number of connected WTUs. |
Total AP licenses |
Total number of AP licenses. Each WTU license is considered as 0.25 AP licenses. |
Remaining AP licenses |
Number of remaining AP licenses. Each AP occupies one AP license and each WTU occupies 0.25 AP licenses. |
State |
Radio state: · Up. · Down. |
Usage |
Channel usage. |
TxPower (dBm) |
Transmission power. By default, the maximum supported power is used to transmit packets. |
AntGain (dBi) |
Antenna gain. |
EIRP (dBm) |
Effective Isotropic Radiated Power. |
display wlan ap radio channel
Use display wlan ap radio channel to display radio channel information.
Syntax
display wlan ap { all | name ap-name } radio channel
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display radio channel information for AP ap3.
<Sysname> display wlan ap name ap3 radio channel
AP name RID Channel Band-width CenterFreq
(MHz)
ap3 1 36(auto) 20/40/80/160/(80+80) 42/58
ap3 2 149 20/40/80 155
ap3 3 11(auto) 20 0
Table 19 Command output
Field |
Description |
Band-width (MHz) |
Supported channel bandwidth. |
CenterFreq |
Central frequencies. This field is available only when the supported channel bandwidth reaches 80 MHz. This field displays the central frequencies for both the main and the secondary channels when 160 MHz or 80+80 MHz bandwidth is supported. |
display wlan ap radio type
Use display wlan ap radio type to display radio type information.
Syntax
display wlan ap { all | name ap-name } radio type
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display radio type information for AP ap1.
<Sysname> display wlan ap name ap1 radio type
AP name RID AP state Radio state Radio type
ap1 1 Up Up 802.11n(5GHz)
ap1 2 Up Down 802.11n(2.4GHz)
Table 20 Command output
Field |
Description |
AP state |
AP state: · Up—The AP has established a CAPWAP tunnel with the AC. · Down—The AP has not established a CAPWAP tunnel with the AC. |
Radio state |
Radio state: · Up. · Down. |
display wlan ap radio-statistics
Use display wlan ap radio-statistics to display radio statistics.
Syntax
display wlan ap { all | name ap-name } radio-statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters.
Examples
# Display radio statistics for AP ap1.
<Sysname> display wlan ap name ap1 radio-statistics
Radio Statistics
--------------------------------------------------------------------------------
AP name: ap1 Radio ID: 1
--------------------------------------------------------------------------------
Transmitted frame statistics:
Total frames : 836532
Total frame bytes : 214040681
Unicast frames : 4
Unicast frame bytes : 900
Broadcast/Multicast frames : 836528
Broadcast/Multicast frame bytes : 214039781
Other frames : 0
Other frame bytes : 0
Discarded frames : 0
Failed RTS frames : 0
Retransmissions : 6
Successful RTS frames : 0
Retransmitted frames : 3
No-ACK frames : 1555
Authentication frames : 1
Association frames : 1
Packet statistics by size:
Smaller than or equal to 128 : 747
Between 128 and 512 (inclusive) : 85983
Between 512 and 1024 (inclusive) : 0
Larger than 1024 : 0
Packet statistics by rate:
1 Mbps : 0 2 Mbps : 0
5.5 Mbps : 0 6 Mbps : 0
9 Mbps : 0 11 Mbps : 0
12 Mbps : 0 18 Mbps : 0
24 Mbps : 880 36 Mbps : 0
48 Mbps : 0 54 Mbps : 0
Packet statistics by 802.11n rate:
6.5 Mbps : 0 7.2 Mbps : 0
13 Mbps : 0 13.5 Mbps : 0
14.4 Mbps : 0 15 Mbps : 0
19.5 Mbps : 0 21.7 Mbps : 0
26 Mbps : 0 27 Mbps : 0
28.9 Mbps : 0 29.3 Mbps : 0
30 Mbps : 0 32.5 Mbps : 0
39 Mbps : 0 40.5 Mbps : 0
43.3 Mbps : 0 45 Mbps : 0
52 Mbps : 0 54 Mbps : 0
57.8 Mbps : 0 58.5 Mbps : 0
60 Mbps : 0 65 Mbps : 0
72.2 Mbps : 0 78 Mbps : 1
81 Mbps : 0 86.7 Mbps : 0
87.8 Mbps : 0 90 Mbps : 0
97.5 Mbps : 0 104 Mbps : 3
108 Mbps : 0 115.6 Mbps : 0
117 Mbps : 0 120 Mbps : 0
121.5 Mbps : 0 130 Mbps : 0
135 Mbps : 0 144.4 Mbps : 0
150 Mbps : 0 156 Mbps : 0
162 Mbps : 0 173.3 Mbps : 0
175.5 Mbps : 0 180 Mbps : 0
195 Mbps : 0 200 Mbps : 0
216 Mbps : 0 216.7 Mbps : 0
234 Mbps : 0 240 Mbps : 0
243 Mbps : 0 260 Mbps : 0
263.3 Mbps : 0 270 Mbps : 0
288.9 Mbps : 0 292.5 Mbps : 0
300 Mbps : 0 324 Mbps : 0
325 Mbps : 0 351 Mbps : 0
360 Mbps : 0 364.5 Mbps : 0
390 Mbps : 0 400 Mbps : 0
405 Mbps : 0 433.3 Mbps : 0
450 Mbps : 0 468 Mbps : 0
486 Mbps : 0 520 Mbps : 0
526.5 Mbps : 0 540 Mbps : 0
585 Mbps : 0 600 Mbps : 0
650 Mbps : 0 702 Mbps : 0
780 Mbps : 0 866.7 Mbps : 0
877.5 Mbps : 0 975 Mbps : 0
1053 Mbps : 0 1170 Mbps : 0
1300 Mbps : 0
--------------------------------------------------------------------------------
Received frame statistics:
Total frames : 420815
Total frame bytes : 24112652
Unicast frames : 585
Unicast frame bytes : 15357
Broadcast/Multicast frames : 420230
Broadcast/Multicast frame bytes : 24097295
Fragmented frames : 0
Duplicate frames : 0
FCS failures : 474471639
Decryption errors : 0
Authentication frames : 1
Association frames : 1
Packet statistics by size:
Smaller than or equal to 128 : 420759
Between 128 and 512 (inclusive) : 54
Between 512 and 1024 (inclusive) : 0
Larger than 1024 : 0
Packet statistics by rate:
6 Mbps : 420115 9 Mbps : 0
12 Mbps : 0 18 Mbps : 0
24 Mbps : 0 36 Mbps : 1
48 Mbps : 0 54 Mbps : 2
Packet statistics by 802.11n rate:
6.5 Mbps : 0 7.2 Mbps : 0
13 Mbps : 0 13.5 Mbps : 0
14.4 Mbps : 0 15 Mbps : 0
19.5 Mbps : 0 21.7 Mbps : 0
26 Mbps : 0 27 Mbps : 0
28.9 Mbps : 0 29.3 Mbps : 0
30 Mbps : 0 32.5 Mbps : 0
39 Mbps : 0 40.5 Mbps : 0
43.3 Mbps : 0 45 Mbps : 0
52 Mbps : 1 54 Mbps : 2
57.8 Mbps : 0 58.5 Mbps : 17
60 Mbps : 0 65 Mbps : 10
72.2 Mbps : 0 78 Mbps : 48
81 Mbps : 0 86.7 Mbps : 70
87.8 Mbps : 0 90 Mbps : 0
97.5 Mbps : 0 104 Mbps : 87
108 Mbps : 0 115.6 Mbps : 170
117 Mbps : 130 120 Mbps : 0
121.5 Mbps : 0 130 Mbps : 140
135 Mbps : 0 144.4 Mbps : 22
150 Mbps : 0 156 Mbps : 0
162 Mbps : 0 173.3 Mbps : 0
175.5 Mbps : 0 180 Mbps : 0
195 Mbps : 0 200 Mbps : 0
216 Mbps : 0 216.7 Mbps : 0
234 Mbps : 0 240 Mbps : 0
243 Mbps : 0 260 Mbps : 0
263.3 Mbps : 0 270 Mbps : 0
288.9 Mbps : 0 292.5 Mbps : 0
300 Mbps : 0 324 Mbps : 0
325 Mbps : 0 351 Mbps : 0
360 Mbps : 0 364.5 Mbps : 0
390 Mbps : 0 400 Mbps : 0
405 Mbps : 0 433.3 Mbps : 0
450 Mbps : 0 468 Mbps : 0
486 Mbps : 0 520 Mbps : 0
526.5 Mbps : 0 540 Mbps : 0
585 Mbps : 0 600 Mbps : 0
650 Mbps : 0 702 Mbps : 0
780 Mbps : 0 866.7 Mbps : 0
877.5 Mbps : 0 975 Mbps : 0
1053 Mbps : 0 1170 Mbps : 0
1300 Mbps : 0
--------------------------------------------------------------------------------
Radio Statistics
--------------------------------------------------------------------------------
AP name: ap1 Radio ID: 2
--------------------------------------------------------------------------------
Transmitted frame statistics:
Total frames : 13134
Total frame bytes : 3259997
Unicast frames : 11
Unicast frame bytes : 3518
Broadcast/Multicast frames : 13123
Broadcast/Multicast frame bytes : 3256479
Other frames : 0
Other frame bytes : 0
Discarded frames : 0
Failed RTS frames : 0
Retransmissions : 58
Successful RTS frames : 0
Retransmitted frames : 11
No-ACK frames : 7541
Authentication frames : 14
Association frames : 8
Packet statistics by size:
Smaller than or equal to 128 : 1020
Between 128 and 512 (inclusive) : 11386
Between 512 and 1024 (inclusive) : 0
Larger than 1024 : 0
Packet statistics by rate:
1 Mbps : 0 2 Mbps : 0
5.5 Mbps : 0 6 Mbps : 0
9 Mbps : 0 11 Mbps : 1121
12 Mbps : 0 18 Mbps : 0
24 Mbps : 0 36 Mbps : 0
48 Mbps : 0 54 Mbps : 0
Packet statistics by 802.11n rate:
6.5 Mbps : 3 7.2 Mbps : 0
13 Mbps : 1 13.5 Mbps : 0
14.4 Mbps : 0 15 Mbps : 0
19.5 Mbps : 4 21.7 Mbps : 0
26 Mbps : 0 27 Mbps : 0
28.9 Mbps : 0 29.3 Mbps : 0
30 Mbps : 0 32.5 Mbps : 0
39 Mbps : 1 40.5 Mbps : 0
43.3 Mbps : 0 45 Mbps : 0
52 Mbps : 0 54 Mbps : 0
57.8 Mbps : 0 58.5 Mbps : 0
60 Mbps : 0 65 Mbps : 0
72.2 Mbps : 0 78 Mbps : 0
81 Mbps : 0 86.7 Mbps : 0
87.8 Mbps : 0 90 Mbps : 0
97.5 Mbps : 0 104 Mbps : 1
108 Mbps : 0 115.6 Mbps : 0
117 Mbps : 1 120 Mbps : 0
121.5 Mbps : 0 130 Mbps : 0
135 Mbps : 0 144.4 Mbps : 0
150 Mbps : 0 156 Mbps : 0
162 Mbps : 0 173.3 Mbps : 0
175.5 Mbps : 0 180 Mbps : 0
195 Mbps : 0 200 Mbps : 0
216 Mbps : 0 216.7 Mbps : 0
234 Mbps : 0 240 Mbps : 0
243 Mbps : 0 260 Mbps : 0
263.3 Mbps : 0 270 Mbps : 0
288.9 Mbps : 0 292.5 Mbps : 0
300 Mbps : 0 324 Mbps : 0
325 Mbps : 0 351 Mbps : 0
360 Mbps : 0 364.5 Mbps : 0
390 Mbps : 0 400 Mbps : 0
405 Mbps : 0 433.3 Mbps : 0
450 Mbps : 0 468 Mbps : 0
486 Mbps : 0 520 Mbps : 0
526.5 Mbps : 0 540 Mbps : 0
585 Mbps : 0 600 Mbps : 0
650 Mbps : 0 702 Mbps : 0
780 Mbps : 0 866.7 Mbps : 0
877.5 Mbps : 0 975 Mbps : 0
1053 Mbps : 0 1170 Mbps : 0
1300 Mbps : 0
--------------------------------------------------------------------------------
Received frame statistics:
Total frames : 32156
Total frame bytes : 3076192
Unicast frames : 1613
Unicast frame bytes : 102957
Broadcast/Multicast frames : 30543
Broadcast/Multicast frame bytes : 2973235
Fragmented frames : 0
Duplicate frames : 2
FCS failures : 9978084
Decryption errors : 0
Authentication frames : 14
Association frames : 8
Packet statistics by size:
Smaller than or equal to 128 : 25327
Between 128 and 512 (inclusive) : 6097
Between 512 and 1024 (inclusive) : 0
Larger than 1024 : 0
Packet statistics by rate:
1 Mbps : 28718 2 Mbps : 1895
5.5 Mbps : 284 6 Mbps : 29
9 Mbps : 12 11 Mbps : 0
12 Mbps : 10 18 Mbps : 24
24 Mbps : 11 36 Mbps : 5
48 Mbps : 4 54 Mbps : 0
Packet statistics by 802.11n rate:
6.5 Mbps : 45 7.2 Mbps : 0
13 Mbps : 53 13.5 Mbps : 0
14.4 Mbps : 0 15 Mbps : 0
19.5 Mbps : 120 21.7 Mbps : 0
26 Mbps : 136 27 Mbps : 0
28.9 Mbps : 0 29.3 Mbps : 0
30 Mbps : 0 32.5 Mbps : 0
39 Mbps : 59 40.5 Mbps : 0
43.3 Mbps : 0 45 Mbps : 0
52 Mbps : 17 54 Mbps : 0
57.8 Mbps : 0 58.5 Mbps : 20
60 Mbps : 0 65 Mbps : 4
72.2 Mbps : 0 78 Mbps : 0
81 Mbps : 0 86.7 Mbps : 0
87.8 Mbps : 0 90 Mbps : 0
97.5 Mbps : 0 104 Mbps : 0
108 Mbps : 0 115.6 Mbps : 0
117 Mbps : 0 120 Mbps : 0
121.5 Mbps : 0 130 Mbps : 0
135 Mbps : 0 144.4 Mbps : 0
150 Mbps : 0 156 Mbps : 0
162 Mbps : 0 173.3 Mbps : 0
175.5 Mbps : 0 180 Mbps : 0
195 Mbps : 0 200 Mbps : 0
216 Mbps : 0 216.7 Mbps : 0
234 Mbps : 0 240 Mbps : 0
243 Mbps : 0 260 Mbps : 0
263.3 Mbps : 0 270 Mbps : 0
288.9 Mbps : 0 292.5 Mbps : 0
300 Mbps : 0 324 Mbps : 0
325 Mbps : 0 351 Mbps : 0
360 Mbps : 0 364.5 Mbps : 0
390 Mbps : 0 400 Mbps : 0
405 Mbps : 0 433.3 Mbps : 0
450 Mbps : 0 468 Mbps : 0
486 Mbps : 0 520 Mbps : 0
526.5 Mbps : 0 540 Mbps : 0
585 Mbps : 0 600 Mbps : 0
650 Mbps : 0 702 Mbps : 0
780 Mbps : 0 866.7 Mbps : 0
877.5 Mbps : 0 975 Mbps : 0
1053 Mbps : 0 1170 Mbps : 0
1300 Mbps : 0
---------------------------------------------------------------------------------
Table 21 Command output
Field |
Description |
Transmitted frame statistics |
|
Total frames |
Total number of transmitted frames, including probe responses and beacon frames. |
Total frame bytes |
Total bytes of transmitted frames, including probe responses and beacon frames. |
Unicast frames |
Total number of transmitted unicast frames, excluding probe responses. |
Unicast frame bytes |
Total bytes of transmitted unicast frames, excluding probe responses. |
Broadcast/Multicast frames |
Total number of transmitted broadcast and multicast frames, excluding beacon frames. |
Broadcast/Multicast frame bytes |
Total bytes of transmitted broadcast and multicast frames, excluding beacon frames. |
Others frames |
Total number of other transmitted frames. |
Others frame bytes |
Total bytes of other transmitted frames. |
Packet statistics by rate |
Total number of packets classified by 802.11a/b/g rates. |
Packet statistics by 802.11n rate |
Total number of packets classified by 802.11n rates. This field is not available if the device does not support 802.11n. |
Received frame statistics |
|
Total frames |
Total number of received frames. |
Total frame bytes |
Total bytes of received frames. |
Unicast frames |
Total number of received unicast frames. |
Unicast frame bytes |
Total bytes of received unicast frames. |
Broadcast/Multicast frames |
Total number of received broadcast and multicast frames. |
Broadcast/Multicast frame bytes |
Total bytes of received broadcast and multicast frames. |
Total number of received fragmented frames. |
|
FCS failures |
Total number of received packets with FCS failures. |
Decryption errors |
Total number of received packets with decryption errors. |
distance
Use distance to set the maximum transmission distance.
Use undo distance to restore the default.
Syntax
distance distance
undo distance
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the maximum transmission distance is 1 km (0.62 miles).
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
distance: Specifies the maximum transmission distance in the range of 1 to 40 km (0.62 to 24.86 miles).
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum transmission distance to 5 km (3.11 miles) for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] distance 5
# Set the maximum transmission distance to 5 km (3.11 miles) for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] distance 5
dot11ac mandatory maximum-nss
Use dot11ac mandatory maximum-nss to set the maximum mandatory NSS.
Use undo dot11ac mandatory maximum-nss to restore the default.
Syntax
dot11ac mandatory maximum-nss nss-number
undo dot11ac mandatory maximum-nss
Default
In radio view, the default settings are as follows:
· If the maximum supported NSS is set, no maximum mandatory NSS is set.
· If the maximum supported NSS is not set, a radio uses the configuration in AP group radio view.
In AP group radio view, no maximum mandatory NSS is set.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
nss-number: Specifies the maximum mandatory NSS in the range of 1 to 8.
Usage guidelines
This command is applicable only to 802.11ac radios. Changing the radio mode to non-802.11ac modes invalidates the command.
The maximum mandatory NSS cannot be greater than the maximum supported NSS.
After you modify the maximum mandatory NSS, clients that are associated with the radio and that do not support the modified NSS will go offline.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum mandatory NSS to 7 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11ac
[Sysname-wlan-ap-ap1-radio-1] dot11ac mandatory maximum-nss 7
# Set the maximum mandatory NSS to 7 for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] type dot11ac
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] dot11ac mandatory maximum-nss 7
Related commands
dot11ac support maximum-nss
dot11ac multicast-nss
Use dot11ac multicast-nss to set the multicast NSS and specify a VHT-MCS index.
Use undo dot11ac multicast-nss to restore the default.
Syntax
dot11ac multicast-nss nss-number vht-mcs index
undo dot11ac multicast-nss
Default
In radio view, the default settings are as follows:
· If the maximum supported NSS or the maximum mandatory NSS is set, no multicast NSS is set.
· If neither the maximum supported NSS nor the maximum mandatory NSS is set, a radio uses the configuration in AP group radio view.
In AP group radio view, no multicast NSS is set.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
nss-number: Specifies the multicast NSS in the range of 1 to 8.
Index: Specifies a VHT-MCS index in the range of 0 to 9.
Usage guidelines
This command is applicable only to 802.11ac radios. Changing the radio mode to non-802.11ac modes invalidates the command.
Before configuring this command, you must configure the dot11ac mandatory maximum-nss command.
The multicast NSS cannot be greater than the maximum mandatory NSS.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum mandatory NSS, multicast NSS, and VHT-MCS index for AP ap1 to 2, 2, and 2, respectively.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11ac
[Sysname-wlan-ap-ap1-radio-1] dot11ac mandatory maximum-nss 2
[Sysname-wlan-ap-ap1-radio-1] dot11ac multicast-nss 2 vht-mcs 2
# Set the maximum mandatory NSS, multicast NSS, and VHT-MCS index for AP group 2 to 2, 2, and 6, respectively.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] dot11ac mandatory maximum-nss 2
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] dot11ac multicast-nss 2 vht-mcs 2
Related commands
dot11ac mandatory maximum-nss
dot11ac support maximum-nss
Use dot11ac support maximum-nss to set the maximum supported NSS.
Use undo dot11ac support maximum-nss to restore the default.
Syntax
dot11ac support maximum-nss nss-number
undo dot11ac support maximum-nss
Default
In radio view, the default settings are as follows:
· If the maximum mandatory NSS is set, the maximum supported NSS is 8.
· If the maximum mandatory NSS is not set, a radio uses the configuration in AP group radio view.
In AP group radio view, the maximum supported NSS is 8.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
nss-number: Specifies the maximum supported NSS in the range of 1 to 8.
Usage guidelines
This command is applicable only to 802.11ac radios. Changing the radio mode to non-802.11ac modes invalidates the command.
The maximum supported NSS cannot be smaller than the maximum mandatory NSS.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum supported NSS to 7 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11ac
[Sysname-wlan-ap-ap1-radio-1] dot11ac support maximum-nss 7
# Set the maximum supported NSS to 7 for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] type dot11ac
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] dot11ac support maximum-nss 7
Related commands
dot11ac mandatory maximum-nss
dot11g protection
Use dot11g protection enable to enable 802.11g protection.
Use dot11g protection disable to disable 802.11g protection.
Use undo dot11g protection to restore the default.
Syntax
dot11g protection { disable | enable }
undo dot11g protection
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, 802.11g protection is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11g and 802.11n (2.4 GHz) radios. If you change the mode of a radio to a mode other than the three modes, 802.11g protection configuration is removed.
802.11g and 802.11n devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11b signals are detected on the channel.
802.11g protection automatically takes effect when 802.11b clients associate with an 802.11g or 802.11n (2.4 GHz) radio.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable 802.11g protection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] type dot11gn
[Sysname-wlan-ap-ap1-radio-2] dot11g protection enable
# Enable 802.11g protection for the APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 2
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-2] type dot11gn
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-2] dot11g protection enable
Related commands
protection-mode
dot11n mandatory maximum-mcs
Use dot11n mandatory maximum-mcs to set the maximum mandatory MCS index.
Use undo dot11n mandatory maximum-mcs to restore the default.
Syntax
dot11n mandatory maximum-mcs index
undo dot11n mandatory maximum-mcs
Default
In radio view, the default settings are as follows:
· If the maximum supported MCS index is set, no maximum mandatory MCS index is set.
· If the maximum supported MCS index is not set, a radio uses the configuration in AP group radio view.
In AP group radio view, no maximum mandatory MCS index is set.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
index: Specifies the maximum mandatory MCS index in the range of 0 to 76.
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
Before configuring the dot11n multicast-mcs command, you must set the maximum mandatory MCS index.
After you modify the maximum mandatory MCS index, clients that are associated with the radio and that do not support the modified MCS index will go offline.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum mandatory MCS index to 14 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] dot11n mandatory maximum-mcs 14
# Set the maximum mandatory MCS index to 14 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n mandatory maximum-mcs 14
dot11n multicast-mcs
Use dot11n multicast-mcs to set the multicast MCS index.
Use undo dot11n multicast-mcs to restore the default.
Syntax
dot11n multicast-mcs index
undo dot11n multicast-mcs
Default
In radio view, the default settings are as follows:
· If the maximum mandatory MCS index or the maximum supported MCS index is set, no multicast MCS index is set.
· If neither the maximum mandatory MCS index nor the maximum supported MCS index is set, a radio uses the configuration in AP group radio view.
In AP group radio view, no multicast MCS index is set.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
index: Specifies the multicast MCS index in the range of 0 to 76.
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The multicast MCS index takes effect only when the radio associates only with 802.11n and 802.11ac clients.
If 802.11a/b/g clients exist, the AP and clients use the 802.11a/b/g multicast rate to multicast packets.
The multicast MCS index maps to a rate in 20 MHz bandwidth mode regardless of whether the bandwidth mode is 20 MHz or 40 MHz.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the multicast MCS index to 14 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] dot11n mandatory maximum-mcs 15
[Sysname-wlan-ap-ap1-radio-1] dot11n multicast-mcs 14
# Set the multicast MCS index to 14 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n mandatory maximum-mcs 14
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n multicast-mcs 14
dot11n protection
Use dot11n protection enable to enable 802.11n protection.
Use dot11n protection disable to disable 802.11n protection.
Use undo dot11n protection to restore the default.
Syntax
dot11n protection { disable | enable }
undo dot11n protection
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, 802.11n protection is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. If you change the mode of a radio to a mode other than the three modes, the 802.11n protection configuration is removed.
802.11n and 802.11ac devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11a/b/g signals are detected on the channel.
802.11n protection automatically takes effect when 802.11a/b/g clients associate with an 802.11n or 802.11ac radio.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable 802.11n protection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] dot11n protection enable
# Enable 802.11n protection for the APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n protection enable
Related commands
protection-mode
dot11n support maximum-mcs
Use dot11n support maximum-mcs to set the maximum supported MCS index.
Use undo dot11n support maximum-mcs to restore the default.
Syntax
dot11n support maximum-mcs index
undo dot11n support maximum-mcs
Default
In radio view, the default settings are as follows:
· If the maximum mandatory MCS index is set, the maximum supported MCS index is 76.
· If the maximum mandatory MCS index is not set, a radio uses the configuration in AP group radio view.
In AP group radio view, the maximum supported MCS index is 76.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
index: Specifies the maximum supported MCS index in the range of 0 to 76.
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The maximum supported MCS index cannot be smaller than the maximum mandatory MCS index.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum supported MCS index to 14 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] dot11n support maximum-mcs 14
# Set the maximum supported MCS index to 14 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n support maximum-mcs 14
dtim
Use dtim to set the Delivery Traffic Indication Map (DTIM) interval.
Use undo dtim to restore the default.
Syntax
dtim counter
undo dtim
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the DTIM interval is 1, and an AP sends buffered broadcast and multicast frames after every beacon frame.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
counter: Specifies the DTIM interval in the range of 1 to 31.
Usage guidelines
An AP periodically broadcasts a beacon compliant with the DTIM. After the AP broadcasts the beacon, it sends buffered broadcast and multicast frames based on the value of the DTIM interval. For example, if you set the DTIM interval to 5, the AP sends buffered broadcast and multicast frames every five beacon frames.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the DTIM interval to 5 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] dtim 5
# Set the DTIM interval to 5 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dtim 5
fragment-threshold
Use fragment-threshold to set the frame fragmentation threshold.
Use undo fragment-threshold to restore the default.
Syntax
fragment-threshold size
undo fragment-threshold
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the fragmentation threshold is 2346 bytes.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
size: Specifies the fragmentation threshold in the range of 256 to 2346 bytes. The value for this argument must be an even number.
Usage guidelines
Frames larger than the fragmentation threshold are fragmented before transmission. Frames smaller than the fragmentation threshold are transmitted without fragmentation.
In a WLAN with great interference, decrease the fragmentation threshold and set the MTU (ip mtu command) of packets sent over the radio to be lower than the fragmentation threshold. This improves the network throughput and efficiency.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the fragmentation threshold to 2048 bytes for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] fragment-threshold 2048
# Set the fragmentation threshold to 2048 bytes for the APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] fragment-threshold 2048
green-energy-management
Use green-energy-management enable to enable the energy-saving feature.
Use green-energy-management disable to disable the energy-saving feature.
Use undo green-energy-management to restore the default.
Syntax
green-energy-management { disable | enable }
undo green-energy-management
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the energy-saving feature is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
After you enable the energy-saving feature, the multiple-input and multiple-output (MIMO) mode of a radio automatically changes to 1x1 if no clients associate with the radio. This reduces power consumption.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable the energy-saving feature for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] green-energy-management enable
# Enable the energy-saving feature for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] green-energy-management enable
ldpc
Use ldpc enable to enable LDPC.
Use ldpc disable to disable LDPC.
Use undo ldpc to restore the default.
Syntax
ldpc { disable | enable }
undo ldpc
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, LDPC is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The device can receive but cannot send LDPC packets.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Disable LDPC for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] ldpc disable
# Disable LDPC for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] ldpc disable
long-retry threshold
Use long-retry threshold to set the hardware retransmission limit for large frames.
Use undo long-retry threshold to restore the default.
Syntax
long-retry threshold count
undo long-retry threshold
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the hardware retransmission limit is 4 for large frames.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
count: Specifies the hardware retransmission limit for large frames, in the range of 1 to 15.
Usage guidelines
Perform this task to set the hardware retransmission limit for frames larger than the RTS threshold.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the hardware retransmission limit for large frames to 5 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] long-retry threshold 5
# Set the hardware retransmission limit for large frames to 5 for the APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] long-retry threshold 5
Related commands
protection-threshold
short-retry threshold
max-power
Use max-power to set the maximum transmit power.
Use undo max-power to restore the default.
Syntax
max-power radio-power
undo max-power
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the AP uses the maximum supported transmit power.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
radio-power: Specifies the maximum transmit power. The value range for this argument varies by device model.
Usage guidelines
The transmit power range supported by a radio varies by country code, channel, AP model, radio mode, antenna type, and bandwidth mode. If you change these attributes for a radio after you set the maximum transmit power, the configured maximum transmit power might be out of the supported transmit power range. If this happens, the system automatically adjusts the maximum transmit power to a valid value.
If you enable power lock, the locked power becomes the maximum transmit power.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum transmit power to 15 dBm for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] max-power 15
# Set the maximum transmit power to 15 dBm for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] max-power 15
mimo
|
NOTE: Support for the parameters of this command depends on the device model. |
Use mimo to specify a MIMO mode for a radio.
Use undo mimo to restore the default.
Syntax
mimo { 1x1 | 2x2 | 3x3 | 4x4 }
undo mimo
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the default setting for this command varies by AP model.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
1x1: Sends and receives signals through one spatial stream.
2x2: Sends and receives signals through two spatial streams.
3x3: Sends and receives signals through three spatial streams.
4x4: Sends and receives signals through four spatial streams.
Usage guidelines
MIMO enables a radio to send and receive wireless signals through multiple spatial streams. This improves system capacity and spectrum usage without requiring higher bandwidth.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the MIMO mode to 2x2 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] mimo 2x2
# Set the MIMO mode to 2x2 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] mimo 2x2
mu-txbf
|
NOTE: Support for this command depends on the AP model. |
Use mu-txbf enable to enable multi-user transmit beamforming (TxBF).
Use mu-txbf disable to disable multi-user TxBF.
Use undo mu-txbf to restore the default.
Syntax
mu-txbf { disable | enable }
undo mu-txbf
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, multi-user TxBF is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.
TxBF enables an AP to adjust transmitting parameters based on the channel information to focus RF signals on intended clients. This feature improves the RF signal quality.
Multi-user TxBF is part of 802.11ac Wave2. Multi-user TxBF enables an AP to focus different RF signals on their intended clients to reduce interference and transmission delay. This improves traffic throughput and bandwidth usage. Multi-user TxBF is applicable to WLANs that have a large number of clients and require high bandwidth usage and low transmission delay.
Multi-user TxBF takes effect only when single-user TxBF is enabled.
As a best practice, do not modify the default MIMO settings for an AP enabled with multi-user TxBF.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable multi-user TxBF for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] su-txbf enable
[Sysname-wlan-ap-ap1-radio-1] mu-txbf enable
# Enable multi-user TxBF for APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] su-txbf enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] mu-txbf enable
Related commands
mimo
su-txbf
power-lock
Use power-lock enable to enable power lock.
Use power-lock disable to disable power lock.
Use undo power-lock to restore the default.
Syntax
power-lock { disable | enable }
undo power-lock
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, power lock is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
If you enable power lock, the current power is locked and becomes the maximum transmit power. The locked power still takes effect after the AC restarts.
If a radio enabled with power lock switches to a new channel that provides lower power than the locked power, the maximum power supported by the new channel takes effect.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable power lock for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] power-lock enable
# Enable power lock for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] power-lock enable
preamble
Use preamble to set the preamble type.
Use undo preamble to restore the default.
Syntax
preamble { long | short }
undo preamble
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the short preamble is used.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
long: Specifies a long preamble. A long preamble ensures compatibility with all wireless devices that use an earlier standard than 802.11n.
short: Specifies a short preamble. A short preamble can improve network performance.
Usage guidelines
This command is applicable only to 802.11b, 802.11g, and 802.11gn radios.
A preamble is a set of bits in a packet header to synchronize transmission signals between sender and receiver.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the preamble type to long for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] type dot11g
[Sysname-wlan-ap-ap1-radio-2] preamble long
# Set the preamble type to long for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 2
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11g
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] preamble long
protection-mode
Use protection-mode to specify a collision avoidance mode.
Use undo protection-mode to restore the default.
Syntax
protection-mode { cts-to-self | rts-cts }
undo protection-mode
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the CTS-to-self mode is used.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
cts-to-self: Specifies the CTS-to-self mode.
rts-cts: Specifies the RTS/CTS mode.
Usage guidelines
You can specify either of the following collision avoidance modes for an AP:
· RTS/CTS—An AP sends an RTS packet to a client before sending data to the client. After receiving the RTS packet, the client sends a CTS packet to the AP. The AP begins to send data after receiving the CTS packet, and other devices that detect the RTS or CTS packet do not send data within a specific time period.
· CTS-to-self—An AP sends a CTS packet with its own MAC address as the destination MAC address before sending data to a client. After receiving the CTS-to-self packet, the AP begins to send data, and other devices that detect the CTS-to-self packet do not send data within a specific time period.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Specify the RTS/CTS mode for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] protection-mode rts-cts
# Specify the RTS/CTS mode for the APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 2
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-2] protection-mode rts-cts
Related commands
dot11g protection
dot11n protection
protection-threshold
protection-threshold
Use protection-threshold to set the RTS threshold.
Use undo protection-threshold to restore the default.
Syntax
protection-threshold size
undo protection-threshold
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the RTS threshold is 2346 bytes.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
size: Specifies the RTS threshold in the range of 0 to 2346 bytes.
Usage guidelines
The system performs collision avoidance only for packets larger than the RTS threshold.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the RTS threshold to 2048 bytes for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] protection-threshold 2048
# Set the RTS threshold to 2048 bytes for the APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] protection-threshold 2048
Related commands
protection-mode
radio
Use radio to enter radio view.
Syntax
radio radio-id
Views
AP view
AP group AP model view
Predefined user roles
network-admin
Parameters
radio-id: Specifies a radio by its ID. The value range for this argument varies by device model.
Examples
# Enter radio view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1]
# Enter AP group radio view.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1]
radio
Use radio enable to enable a radio.
Use radio disable to disable a radio.
Use undo radio to restore the default.
Syntax
radio { disable | enable }
undo radio
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, a radio is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable radio 1 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] radio enable
# Enable radio 1 for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] radio enable
rate
Use rate to set the transmission rates for a radio.
Use undo rate to restore the default.
Syntax
rate { multicast { auto | rate-value } | { disabled | mandatory | supported } rate-value }
undo rate
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view:
· 802.11a/802.11an/802.11ac:
¡ Prohibited rates—None.
¡ Mandatory rates—6, 12, and 24.
¡ Multicast rate—Selected from the mandatory rates.
¡ Supported rates—9, 18, 36, 48, and 54.
· 802.11b:
¡ Prohibited rates—None.
¡ Mandatory rates—1 and 2.
¡ Multicast rate—Selected from the mandatory rates.
¡ Supported rates—5.5 and 11.
· 802.11g/802.11gn:
¡ Prohibited rates—None.
¡ Mandatory rates—1, 2, 5.5, and 11.
¡ Multicast rate—Selected from the mandatory rates.
¡ Supported rates—6, 9, 12, 18, 24, 36, 48, and 54.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
disabled: Specifies rates that cannot be used by an AP.
mandatory: Specifies rates that the clients must support to associate with an AP.
multicast: Specifies the rate at which an AP multicasts packets. The multicast rate must be selected from the mandatory rates.
supported: Specifies rates that an AP supports. After a client associates with an AP, the client can select a higher or lower rate from the supported rates to communicate with the AP.
auto: Automatically selects a mandatory rate as the multicast rate.
rate-value: Specifies the rate value in Mbps. You can set multiple rates and separate them by spaces. The available values for this argument are as follows:
· 802.11a/802.11an/802.11ac—6, 9, 12, 18, 24, 36, 48, and 54.
· 802.11b—1, 2, 5.5, and 11.
· 802.11g/802.11gn—1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54.
Usage guidelines
The mandatory rates and multicast rate cannot be null. When there is only one mandatory rate, you cannot specify the mandatory rate as a supported rate or prohibited rate.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rate mandatory 6 12 24
# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] rate mandatory 6 12 24
reset wlan ap radio-statistics
Use reset wlan ap radio-statistics to clear radio statistics.
Syntax
reset wlan ap { all | name ap-name } radio-statistics
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Clear radio statistics for AP ap1.
<Sysname> reset wlan ap name ap1 radio-statistics
short-gi
Use short-gi enable to enable short Guard Interval (GI).
Use short-gi disable to disable short GI.
Use undo short-gi to restore the default.
Syntax
short-gi { disable | enable }
undo short-gi
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, short GI is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Disable short GI for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] short-gi disable
# Disable short GI for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] short-gi disable
short-retry threshold
Use short-retry threshold to set the hardware retransmission limit for small frames.
Use undo short-retry threshold to restore the default.
Syntax
short-retry threshold count
undo short-retry threshold
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the hardware retransmission limit is 7 for small frames.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
count: Specifies the hardware retransmission limit for small frames, in the range of 1 to 15.
Usage guidelines
Perform this task to set the hardware retransmission limit for frames smaller than or equal to the RTS threshold.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the hardware retransmission limit for small frames to 10 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] short-retry threshold 10
# Set the hardware retransmission limit for small frames to 10 for the APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] short-retry threshold 10
Related commands
long-retry threshold
protection-threshold
smart-antenna
|
NOTE: Support for this command depends on the device model. |
Use smart-antenna enable to enable the smart antenna feature.
Use smart-antenna disable to disable the smart antenna feature.
Use undo smart-antenna to restore the default.
Syntax
smart-antenna { disable | enable }
undo smart-antenna
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the smart antenna feature is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable smart antenna for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] smart-antenna enable
# Enable smart antenna for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] smart-antenna enable
smart-antenna policy
|
NOTE: Support for this command depends on the device model. |
Use smart-antenna policy to specify a smart antenna mode.
Use undo smart-antenna policy to restore the default.
Syntax
smart-antenna policy { auto | high-availability | high-throughput }
undo smart-antenna policy
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the auto mode is used.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
auto: Specifies the auto mode. When this mode is enabled, high availability mode is used for audio and video packets, and high throughput mode is used for other packets.
high-availability: Specifies the high availability mode. This mode ensures guaranteed bandwidth for clients and is applicable to WLANs that require stable bandwidth.
high-throughput: Specifies the high throughput mode. This mode ensures as more associations as possible and is applicable to WLANs that require high performance.
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The smart antenna mode configuration takes effect only after you enable the smart antenna feature.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the smart antenna mode to high-availability for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] smart-antenna policy high-availability
# Set the smart antenna mode to high-availability for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] smart-antenna policy high-availability
stbc
Use stbc enable to enable Space-Time Block Coding (STBC).
Use stbc disable to disable STBC.
Use undo stbc to restore the default.
Syntax
stbc { disable | enable }
undo stbc
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, STBC is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable STBC for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
[Sysname-wlan-ap-ap1-radio-1] stbc enable
# Enable STBC for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] type dot11an
[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] stbc enable
su-txbf
|
NOTE: Support for this command depends on the AP model. |
Use su-txbf enable to enable single-user TxBF.
Use su-txbf disable to disable single-user TxBF.
Use undo su-txbf to restore the default.
Syntax
su-txbf { disable | enable }
undo su-txbf
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, single-user TxBF is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.
Single-user TxBF enables an AP to improve the signal to one intended client. Single-user TxBF is applicable to WLANs that have widely spread clients, poor network quality, and serious signal attenuation.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable single-user TxBF for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] su-txbf enable
# Enable single-user TxBF for APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] su-txbf enable
Related commands
mimo
mu-txbf
type
Use type to specify a radio mode.
Use undo type to restore the default.
Syntax
type { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gn }
undo type
Default
The default setting varies by device model.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
dot11a: Specifies the 802.11a radio mode.
dot11ac: Specifies the 802.11ac radio mode.
dot11an: Specifies the 802.11n (5 GHz) radio mode.
dot11b: Specifies the 802.11b radio mode.
dot11g: Specifies the 802.11g radio mode.
dot11gn: Specifies the 802.11n (2.4 GHz) radio mode.
Usage guidelines
CAUTION: Modifying the mode of an enabled radio logs off all associated clients. |
When you change the radio mode in AP group radio view, the default settings for the radio mode related commands are restored.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the radio mode to 802.11n (5 GHz) for radio 1 on AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] type dot11an
# Set the radio mode to 802.11n (5 GHz) for radio 1 in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an
wlan radio
Use wlan radio enable to enable all radios.
Use wlan radio disable to disable all radios.
Use undo wlan radio to restore the default.
Syntax
wlan radio { disable | enable }
undo wlan radio
Default
Radios are disabled unless they are already enabled in radio view or AP group radio view.
Views
System view
Predefined user roles
network-admin
Usage guidelines
CAUTION: This feature takes effect on all manual APs and online auto APs. |
If you execute both the wlan radio { disable | enable } command and the radio { disable | enable } command, the most recent configuration takes effect.
Examples
# Enable all radios.
<Sysname> system-view
[Sysname] wlan radio enable
Related commands
radio { disable | enable }
WLAN access commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
access-control acl
Use access-control acl to specify an ACL for ACL-based access control.
Use undo access-control acl to restore the default.
Syntax
access-control acl acl-number
undo access-control acl
Default
No ACL is specified.
Views
AP view
Service template view
Predefined user roles
network-admin
Parameters
acl-number: Specifies the number of a Layer 2 ACL, in the range of 4000 to 4999.
Usage guidelines
This feature controls client access by using the specified ACL rules. When the device receives an association request, it performs the following actions:
· Allows the client to access the WLAN if the MAC address of the client matches the MAC address attribute or MAC address OUI attribute in a rule and the rule action is permit. If multiple clients match the OUI attribute, all these clients are allowed to access the WLAN.
· Denies the client's access to the WLAN if no match is found or the matched rule has a deny statement.
When you configure this feature, follow these restrictions and guidelines:
· If the specified ACL contains a deny statement, configure a permit statement for the ACL to permit all clients. If you do not do so, no clients can come online.
· The ACL-based access control configuration takes precedence over the whitelist and blacklist configuration.
· You can specify only one ACL. If you execute this command multiple times, the most recent configuration takes effect.
· The configuration in AP view takes precedence over the configuration in service template view.
Examples
# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for service template service1.
<Sysname> system-view
[Sysname] acl mac 4000
[Sysname -acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff
[Sysname -acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000
[Sysname -acl-mac-4000] rule 2 deny
[Sysname -acl-mac-4000] quit
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] access-control acl 4000
# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for AP ap1.
<Sysname> system-view
[Sysname] acl mac 4000
[Sysname -acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff
[Sysname -acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000
[Sysname -acl-mac-4000] rule 2 deny
[Sysname -acl-mac-4000] quit
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] access-control acl 4000
beacon ssid-hide
Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames.
Use undo beacon ssid-hide to restore the default.
Syntax
beacon ssid-hide
undo beacon ssid-hide
Default
The SSID is advertised in beacon frames.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command disables a radio from carrying SSIDs in the beacon frames and responding to probe requests after the specified service template is bound to the radio.
Examples
# Disable advertising the SSID in beacon frames.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] beacon ssid-hide
broadcast-probe reply
Use broadcast-probe reply enable to enable an AP to respond to broadcast probe requests.
Use broadcast-probe reply disable to disable an AP from responding to broadcast probe requests.
Use undo broadcast-probe reply to restore the default.
Syntax
broadcast-probe reply { disable | enable }
undo broadcast-probe reply
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP responds to broadcast probe requests.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
Broadcast probe requests do not carry an SSID. Upon receiving a broadcast probe request, an AP responds with a probe response that carries service information for the AP. To ensure that clients that send unicast probe requests can associate with the AP, disable the AP from responding to broadcast probe requests.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Disable AP ap1 from responding to broadcast probe requests.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] broadcast-probe reply disable
# Disable APs in AP group group1 from responding to broadcast probe requests.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] broadcast-probe reply disable
classifier acl
Use classifier acl to configure a forwarding rule for a forwarding policy.
Use undo classifier acl to remove a forwarding rule.
Syntax
classifier acl { acl-number | ipv6 ipv6-acl-number }
undo classifier acl { acl-number | ipv6 ipv6-acl-number }
Default
No forwarding rules are configured.
Views
Forwarding policy view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an IPv4 or Layer 2 ACL number in the range of 2000 to 4999.
ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 2000 to 3999.
Usage guidelines
Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.
A forwarding rule takes effect immediately after it is created. You can configure a maximum of 1000 forwarding rules for a forwarding policy.
Examples
# Specify ACL 2000 as a forwarding rule for forwarding policy abc.
<sysname> system-view
[sysname] wlan forwarding-policy abc
[sysname-wlan-fp-abc] classifier acl 2000
client association-location
Use client association-location to enable client association at the AC or APs.
Use undo client association-location to restore the default.
Syntax
client association-location { ac | ap }
undo client association-location
Default
Client association is performed at the AC.
Views
Service template view
Predefined user roles
network-admin
Parameters
ac: Enables client association at the AC.
ap: Enables client association at APs.
Usage guidelines
Make sure the service template is disabled before you execute this command.
Examples
# Enable client association at the AC.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client association-location ac
client cache aging-time
Use client cache aging-time to set the aging time for the cache of clients.
Use undo client cache aging-time to restore the default.
Syntax
client cache aging-time aging-time
undo client cache aging-time
Default
The aging time for the cache of clients is 180 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the aging time for the cache of clients, in the range of 0 to 86400 seconds.
Usage guidelines
If you set the aging time to 0 seconds, the AC clears the client cache immediately when the clients go offline.
Make sure the service template is disabled before you execute this command.
Examples
# Set the aging time for the cache of clients to 100 seconds.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client cache aging-time 100
client forwarding-location
Use client forwarding-location to specify the client data traffic forwarder.
Use undo client forwarding-location to restore the default.
Syntax
client forwarding-location { ac | ap [ vlan { start-vlan [ to end-vlan ] } ] }
undo client forwarding-location
Default
The AC forwards client data traffic.
Views
Service template view
Predefined user roles
network-admin
Parameters
ac: Enables the AC to forward client data traffic.
ap: Enables APs to forward client data traffic.
vlan start-vlan to end-vlan: Specifies a VLAN ID range. The value range for the start-vlan and end-vlan arguments is 1 to 4094. If you do not specify this option, APs forward client data traffic from all VLANs.
Usage guidelines
Make sure the service template is disabled before you execute this command.
If APs forward client data traffic, you can specify a VLAN or a VLAN range for the APs to forward client data traffic from the specified VLANs. The AC forwards data traffic from other VLANs.
Make sure client traffic forwarding is enabled when the AC is configured as the client traffic forwarder.
Examples
# Configure APs to forward client data traffic from all VLANs.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] user-forward location ap
client forwarding-policy enable
Use client forwarding-policy enable to enable policy-based forwarding for a service template.
Use undo client forwarding-policy enable to disable policy-based forwarding for a service template.
Syntax
client forwarding-policy enable
undo client forwarding-policy enable
Default
Policy-based forwarding is disabled for a service template.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
Enable policy-based forwarding for a service template for the following forwarding policies to take effect:
· The forwarding policy applied to the service template.
· The forwarding policy applied to a user profile that uses the service template.
Examples
# Enable policy-based forwarding for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client forwarding-policy enable
Related commands
client-security authentication-location
client forwarding-policy-name
Use client forwarding-policy-name to apply a forwarding policy to a service template.
Use undo client forwarding-policy-name to restore the default.
Syntax
client forwarding-policy-name policy-name
undo client forwarding-policy-name
Default
No forwarding policy is applied to a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
Make sure the service template is disabled before you execute this command.
For the forwarding policy to take effect, you must enable policy-based forwarding and specify the AC to perform client authentication for the service template.
Make sure the AC and its associated APs are in different network segments.
Examples
# Apply forwarding policy strategy to service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client forwarding-policy-name strategy
Related commands
client forwarding-policy enable
client-security authentication-location
client frame-format
Use client frame-format to set the client data frame format.
Use undo client frame-format to restore the default.
Syntax
client frame-format { dot3 | dot11 }
undo client frame-format
Default
Client data frames are encapsulated in 802.3 format.
Views
Service template view
Predefined user roles
network-admin
Parameters
dot3: Specifies the 802.3 format.
dot11: Specifies the 802.11 format.
Usage guidelines
This command takes effect only in centralized forwarding mode.
Make sure the service template is disabled before you execute this command.
Examples
# Configure the client data frames to be encapsulated in 802.11 format.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client frame-format dot11
Related commands
client forwarding-location
client idle-timeout
Use client idle-timeout to set the client idle timeout timer.
Use undo client idle-timeout to restore the default.
Syntax
client idle-timeout timeout
undo client idle-timeout
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the client idle timeout timer is 3600 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
timeout: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.
Usage guidelines
If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the client idle timeout timer to 2000 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] client idle-timeout 2000
# Set the client idle timeout timer to 2000 seconds for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client idle-timeout 2000
client keep-alive
Use client keep-alive enable to enable client keepalive.
Use client keep-alive disable to disable client keepalive.
Use undo client keep-alive to restore the default.
Syntax
client keep-alive { disable | enable }
undo client keep-alive
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, client keepalive is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable client keepalive for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] client keep-alive enable
# Enable client keepalive for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client keep-alive enable
Related commands
client keep-alive interval
client keep-alive interval
Use client keep-alive interval to set the client keepalive interval.
Use undo client keep-alive interval to restore the default.
Syntax
client keep-alive interval interval
undo client keep-alive interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the client keepalive interval is 300 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.
Usage guidelines
Enable client keepalive before you execute this command.
This command enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the keepalive interval to 20 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] client keep-alive 20
# Set the keepalive interval to 20 seconds for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client keep-alive interval 20
Related commands
client keep-alive enable
client max-count
Use client max-count to set the maximum number of associated clients for a service template.
Use undo client max-count to restore the default.
Syntax
client max-count max-number
undo client max-count
Default
The number of associated clients for a service template is not limited.
Views
Service template view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of clients in the range of 1 to 2007.
Usage guidelines
When this feature is configured, new clients cannot access the WLAN when the maximum number is reached.
Examples
# Set the maximum number of associated clients to 38 for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client max-count 38
client preferred-vlan authorized
Use client preferred-vlan authorized to configure clients to prefer the authorization VLAN after roaming.
Use undo client preferred-vlan authorized to configure client VLANs to remain unchanged after client roaming.
Syntax
client preferred-vlan authorized
undo client preferred-vlan authorized
Default
Clients prefer the authorization VLAN after roaming.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This feature takes effect only on 802.1X and MAC authentication clients.
Typically, the VLAN of a client remains unchanged after client roaming. However, if the client triggers a security alert configured on IMC after roams to another AP, the issued authorization VLAN for user isolation takes effect.
Examples
# Configure clients to prefer the authorization VLAN after roaming.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client preferred-vlan authorized
client report-mandatory
Use client report-mandatory to allow locally authenticated clients to come online after successful client information reporting.
Use undo client report-mandatory to allow locally authenticated clients to come online immediately after successful local authentication.
Syntax
client report-mandatory
undo client report-mandatory
Default
Locally authenticated clients come online after successful client information reporting.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
By default, an AP reports information about locally authenticated clients that pass authentication to the AC, and the AC creates client entries and informs the AP to get the clients online. If the CAPWAP tunnel between the AC and the AP operates incorrectly, clients might fail to come online and perform reauthentication repeatedly. To avoid this problem, you can allow clients to come online immediately after successful local authentication so that the AP can forward client traffic when the AC cannot be reached. The AP synchronizes client information to the AC when the tunnel recovers.
Examples
# Allow locally authenticated clients to come online immediately after successful local authentication.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client report-mandatory
client vlan-alloc
Use client vlan-alloc to set the VLAN allocation method for clients.
Use undo client vlan-alloc to restore the default.
Syntax
client vlan-alloc { dynamic | static }
undo client vlan-alloc
Default
The VLAN allocation method for clients is dynamic.
Views
Service template view
Predefined user roles
network-admin
Parameters
dynamic: Specifies dynamic VLAN allocation.
static: Specifies static VLAN allocation.
Usage guidelines
When a client comes online for the first time, the radio assigns a random VLAN to it. When the client comes online again, the VLAN assigned to the client depends on the allocation method.
· Static allocation—The client inherits the VLAN that has been assigned to it. If the IP address lease has not expired, the client will use the same IP address. This method helps save IP addresses.
· Dynamic allocation—The radio re-assigns a VLAN to the client. This method balances clients in all VLANs.
Examples
# Set the VLAN allocation method for clients to dynamic.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client vlan-alloc dynamic
Related commands
service-template
client-statistics-report
Use client-statistics-report enable to enable client statistics reporting.
Use client-statistics-report disable to disable client statistics reporting.
Use undo client-statistics-report to restore the default.
Syntax
client-statistics-report { disable | enable [ interval interval ] }
undo client-statistics-report
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, client statistics reporting is enabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval interval: Specifies the interval at which client statistics are reported, in the range of 2 to 120 seconds. The interval is 50 seconds by default.
Usage guidelines
This feature enables an AP to report client statistics to the AC at the specified intervals for client entry update. The AC informs the AP to log off a client if the client's information does not exist in the saved entries.
To avoid frequent client re-associations, disable this feature when the network is in a bad condition.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable client statistics reporting and set the reporting interval to 20 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] client-statistics-report enable interval 20
# Enable client statistics reporting and set the reporting interval to 20 seconds for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client-statistics-report enable interval 20
customlog format wlan
Use customlog format wlan to enable the device to generate client logs in the specified format.
Use undo customlog format wlan to restore the default.
Syntax
customlog format wlan { normal | sangfor }
undo customlog format wlan
Default
The device generates client logs only in H3C format.
Views
System view
Predefined user roles
network-admin
Parameters
normal: Specifies normal format.
sangfor: Specifies sangfor format.
Usage guidelines
By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.
You can configure the device to generate client logs in one of the following formats:
· normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.
· sangfor—Logs AP MAC address, client IP address, and client MAC address.
This feature does not affect the generation of client logs in H3C format.
Examples
# Enable the device to generate client logs in sangfor format.
<Sysname> system-view
[Sysname] customlog format wlan sangfor
description
Use description to configure a description for a service template.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is configured for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 64 characters.
Examples
# Configure a description for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] description wlanst
display wlan ap all radio client-number
Use display wlan ap all radio client-number to display the number of online clients and channel information for each radio.
Syntax
display wlan ap all radio client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients and channel information for each radio.
<Sysname> display wlan ap all radio client-number
AP name RID Channel Clients
1 1 44 12
1 2 11 4
2 1 6 10
display wlan ap all client-number
Use display wlan ap all client-number to display the number of online clients at both the 2.4 GHz and 5 GHz bands.
Syntax
display wlan ap all client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients at both the 2.4 GHz and 5 GHz bands.
<System> display wlan ap all client-number
AP name Clients 2.4GHz 5GHz
ap1 3 2 1
ap2 5 1 4
Table 22 Command output
Field |
Description |
Clients |
Total number of online clients. |
2.4GHz |
Number of online clients at the 2.4 GHz band. |
5GHz |
Number of online clients at the 5 GHz band. |
display wlan ap-group all client-number
Use display wlan ap-group all client-number to display the number of online clients in each radio group.
Syntax
display wlan ap-group all client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients in each radio group.
<Sysname> display wlan ap-group all client-number
AP group name Group ID Clients 2.4GHz 5GHz
default-group 1 150 100 50
1 2 250 50 200
Table 23 Command output
Field |
Description |
2.4GHz |
Number of clients at the 2.4 GHz band. |
5GHz |
Number of clients at the 5 GHz band. |
display wlan blacklist
Use display wlan blacklist to display blacklist entries.
Syntax
display wlan blacklist { dynamic | static }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
dynamic: Specifies the dynamic blacklist.
static: Specifies the static blacklist.
Examples
# Display static blacklist entries.
<Sysname> display wlan blacklist static
Total number of clients: 3
MAC addresses:
000e-35b2-000e
0019-5b8e-b709
001c-f0bf-9c92
# Display dynamic blacklist entries.
<Sysname> display wlan blacklist dynamic
Total number of clients: 3
MAC address APID Lifetime (s) Duration (hh:mm:ss)
000f-e2cc-0001 1 300 00:02:11
000f-e2cc-0002 2 300 00:01:17
000f-e2cc-0003 3 300 00:02:08
Table 24 Command output
Field |
Description |
MAC address |
Client MAC address. |
APID |
ID of the AP that detects the rogue client. |
Lifetime (s) |
Lifetime of the entry in seconds. |
Duration (hh:mm:ss) |
Duration for the entry since the entry was added to the dynamic blacklist. |
display wlan bss
Use display wlan bss to display basic service set (BSS) information.
Syntax
display wlan bss { all | ap ap-name | bssid bssid } [ slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all BSSs.
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
bssid bssid: Specifies a BSS by its ID. The value is a 48-bit hexadecimal number in the format of H-H-H.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays client information on the master device.
verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.
Examples
# Display brief information about all BSSs.
<Sysname> display wlan bss all
Total number of BSSs: 4
AP name RID SSID BSSID
ap1 1 SSID1 001c-f08f-f804
ap1 2 SSID1 001c-f08f-f806
ap2 1 SSID1 001c-f0bf-9c92
ap2 2 SSID1 001c-f0bf-9c94
# Display detailed information about the BSS with ID 001c-f08f-f804.
<Sysname> display wlan bss bssid 001c-f08f-f804 verbose
AP name : ap1
BSSID : 001c-f08f-f804
Radio ID : 1
Service template name : servcie1
SSID : SSID1
VLAN ID : 1
AKM mode : Not configured
User authentication mode : Bypass
Table 25 Command output
Field |
Description |
AKM mode |
AKM mode: · 802.1X. · PSK. · Not configured. |
User authentication mode |
User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI. |
display wlan client
Use display wlan client to display client information.
Syntax
Centralized devices in standalone mode:
display wlan client [ ap ap-name [ radio radio-id ] | mac-address mac-address | service-template service-template-name | frequency-band { 2.4 | 5 } ] [ verbose ]
Centralized devices in IRF mode:
display wlan client distributed-sys [ slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Displays information about clients that are connected to the specified AP. The AP name is a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Displays information about clients that are connected to the specified radio. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays information about all clients that are connected to the specified AP.
mac-address mac-address: Specifies a client by its MAC address.
service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.
frequency-band: Displays information about clients working on the specified band.
2.4: Specifies the 2.4 GHz band.
5: Specifies the 5 GHz band.
distributed-sys: Specifies the IRF network.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays client information on the master device.
verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.
Examples
# Display brief information about all clients.
<Sysname> display wlan client
Total number of clients: 3
MAC address Username AP name RID IPv4 address VLAN
000f-e265-6400 N/A ap1 1 1.1.1.1 100
000f-e265-6401 user ap2 1 3.0.0.3 200
84db-ac14-dd08 N/A ap1 1 5.5.5.3 1
Table 26 Command output
Field |
Description |
MAC address |
Client MAC address. |
Username |
Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client. |
AP name |
Name of the AP that the client is associated with. |
RID |
ID of the radio that the client is associated with. |
IPv4 address |
IPv4 address of the client. |
VLAN ID |
ID of the VLAN to which the client belongs. |
# Display detailed information about all clients on the specified member device.
<Sysname> display wlan client distributed-sys slot 1 verbose
Total number of clients: 1
MAC address : 000f-e265-6400
IPv4 address : 10.1.1.114
IPv6 address : 2001::1234:5678:0102:0304
Username : N/A
AID : 1
AP ID : 1
AP name : ap1
Radio ID : 1
SSID : office
BSSID : 0026-3e08-1150
VLAN ID : 3
Sleep count : 3
Wireless mode : 802.11ac
Channel bandwidth : 80MHz
SM power save : Enabled
SM power save mode : Dynamic
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
Short GI for 80MHz : Supported
Short GI for 160/80+80MHz : Not supported
STBC RX capability : Not supported
STBC TX capability : Not supported
LDPC RX capability : Not supported
SU beamformee capability : Not supported
MU beamformee capability : Not supported
Beamformee STS capability : N/A
Block Ack : TID 0 In
Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8
NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8
Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,
8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20,
21, 22, 23
Supported rates : 6, 9, 12, 18, 24, 36,
48, 54 Mbps
QoS mode : WMM
Listen interval : 10
RSSI : 62
Rx/Tx rate : 130/195 Mpbs
Authentication method : Open system
Security mode : PRE-RSNA
AKM mode : Not configured
Cipher suite : N/A
User authentication mode : Bypass
Authorization ACL ID : 3001(Not effective)
Authorization user profile : N/A
Roam status : N/A
Key derivation : SHA1
PMF status : Enabled
Forward policy name : Not configured
Online time : 0days 0hours 1minutes 13seconds
FT status : Inactive
Table 27 Command output
Field |
Description |
MAC address |
Client MAC address. |
IPv4 address |
Client IPv4 address. |
IPv6 address |
Client IPv6 address. |
Username |
Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client. |
AID |
Association ID. |
AP ID |
ID of the AP that the client is associated with. |
AP name |
Name of the AP that the client is associated with. |
Radio ID |
ID of the radio that the client is associated with. |
SSID |
SSID with which the client is associated. |
VLAN ID |
ID of the VLAN to which the client belongs. |
Sleep count |
Client sleep times. |
Wireless mode |
Wireless mode: · 802.11a. · 802.11b. · 802.11g. · 802.11gn. · 802.11an. · 802.11ac. |
Channel bandwidth |
Channel bandwidth: · 20 MHz. · 40 MHz. · 80 MHz. · 160 MHz. |
SM Power Save |
SM Power Save status: · Enabled—Only one antenna of a client operates in active state, and others operate in sleep state to save power. · Disabled. |
SM power save mode |
Power saving mode: · Dynamic. · Static. |
Short GI for 20MHz |
Whether the client supports short GI when its channel bandwidth is 20 MHz: · Supported. · Not supported. |
Short GI for 40MHz |
Whether the client supports short GI when its channel bandwidth is 40 MHz: · Supported. · Not supported. |
Short GI for 80MHz |
Whether the client supports short GI when its channel bandwidth is 80 MHz: · Supported. · Not supported. |
Short GI for 160/80+80MHz |
Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz: · Supported. · Not supported. |
STBC Rx Capability |
Client STBC receive capability; · Not Supported. · Supported. |
STBC Tx Capability |
Client STBC transmission capability: · Not Supported. · Supported. |
LDPC Rx capability |
Client LDPC receive capability; · Not Supported. · Supported. |
SU beamformee capability |
Client SU beamformee capability: · Not Supported. · Supported. This field is supported only by 802.11ac radios. |
MU beamformee capability |
Client MU beamformee capability: · Not Supported. · Supported. This field is supported only by 802.11ac radios. |
Beamformee STS capability |
Client beamformee STS capability. This field displays N/A if the feature is not supported. |
Block Ack |
Negotiation result of Block ACK with TID: · TID 0 In—Sends Block ACK for inbound traffic. · TID 0 Out—Sends Block ACK for outbound traffic. · TID 0 Both—Sends Block ACK for both inbound and outbound traffic. · N/A—Does not send Block ACK for both inbound and outbound traffic. |
Supported VHT-MCS set |
VHT-MCS supported by the client. |
Supported HT MCS set |
HT-MCS supported by the client. |
QoS mode |
QoS mode: · N/A—WMM is not supported. · WMM—WMM is supported. WMM information negotiation is carried out between an AP and a client that both support WMM. |
Listen interval |
Interval at which the client wakes up to listen for beacon frames. It is counted by beacon interval. |
RSSI |
Received signal strength indication. This value indicates the client signal strength detected by the AP. |
Rx/Tx rate |
Sending and receiving rates of data, management, and control frames. |
Authentication method |
Authentication method: · Open system. · Shared key. |
Security mode |
Security mode: · RSN—Beacons and probe responses carry RSN IE. · WPA—Beacons and probe responses carry WPA IE. · PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE. |
AKM mode |
AKM mode: · 802.1X. · PSK. · Not configured. |
Cipher suite |
Cipher suite: · N/A. · WEP40. · WEP104. · WEP128. · CCMP. · TKIP. |
User authentication mode |
User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI. |
Authorization ACL ID |
Authorized ACL number: · This field displays the ACL number if the authorized ACL takes effect. · This field displays ACL number(Not effective) if the authorized ACL does not take effect. · This field displays N/A if the authentication server is configured without any authorized ACL. |
Authorization user profile |
Name of the authorized user profile: · This field displays the authorized user profile name if the authorized user profile takes effect. · This field displays authorized user profile name + Not effective if the authorized user profile does not take effect. · This field displays N/A if the authentication server is configured without any authorized user profile. |
Roam status |
Roam status: · Roaming in progress. · Inter-AC slow roaming. · Inter-AC fast roaming. · Intra-AC slow roaming. · Intra-AC fast roaming. · This field displays N/A if the client stays in one BSS after coming online. |
Key derivation |
Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · N/A—No key derivation algorithm is involved for the authentication type. |
PMF status |
PMF status: · Enabled—Management frame protection is enabled. · Disabled—Management frame protection is disabled. · N/A—Management frame protection is not involved. |
Forward policy name |
WLAN forwarding policy name: · Not configured. · Policy-name. |
Online time |
Client online duration. |
FT status |
Fast BSS transition (FT): · Active—FT is enabled. · Inactive—FT is disabled. |
display wlan client ipv6
Use display wlan client ipv6 to display information about client IPv6 addresses.
Syntax
display wlan client ipv6
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display brief status information about the specified client.
<Sysname> display wlan client ipv6
MAC address AP name RID IPv6 address VLAN
84db-ac14-dd08 ap1 1 1::2:0:0:3 300
Table 28 Command output
Field |
Description |
MAC address |
Client MAC address. |
RID |
Radio ID |
IPv6 address |
Client IPv6 address. |
display wlan client online-duration
Use display wlan client online-duration to display client online duration.
Syntax
display wlan client online-duration [ ap ap-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
Examples
# Display brief information about client online duration.
<Sysname> display wlan client online-duration
Total number of online clients: 2
MAC address IPv4 address Online duration
a4c1-5b79-fa5b-1d62 192.168.11.123 0days 0hours 2minutes 23seconds
22d3-c5b7-a4b5-96fa 192.168.11.234 0days 0hours 5minutes 34seconds
Table 29 Command output
Field |
Description |
MAC address |
Client MAC address. |
IPv4 address |
Client IPv4 address. |
Online duration |
Client online duration. |
display wlan client status
Use display wlan client status to display client status information.
Syntax
display wlan client status [ mac-address mac-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.
verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.
Examples
# Display brief status information about the specified client.
<Sysname> display wlan client status mac-address 001c-f08f-f804
Total number of clients: 1
MAC address Access time RSSI Rx/Tx rate Discard AP name RID
001c-f08f-f804 41ms 0 39/117Mbps 0.00 ap2 2
# Display brief status information about all clients.
<Sysname> display wlan client status
Total number of clients: 2
MAC address Access time RSSI Rx/Tx rate Discard AP name RID
000b-c002-9d09 41ms 65 39/117Mbps 0.00% ap2 2
000f-e265-6401 10ms 62 130/195Mbps 0.00% ap1 1
Table 30 Command output
Field |
Description |
MAC address |
Client MAC address. |
Access time |
Time the client took to associate with the WLAN. |
RSSI |
RSSI of the client. |
Rx/Tx rate |
Rates at which the client receives and sends data, management packets, and control packets. |
Discard |
Ratio of packets discarded by the client. |
AP name |
Name of the AP with which the client is associated. |
RID |
ID of the radio with which the client is associated. |
# Display detailed status information about the specified client.
<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose
Total number of clients: 1
MAC address : 001c-f08f-f804
AP name : ap2
Radio ID : 2
Access time : 41 ms
RSSI : 0
Rx/Tx rate : 39/117 Mbps
Received:
Retransmitted packets : 84
Retransmitted packet ratio : 64.12%
Sent:
Retransmitted packets : 0
Retransmitted packet ratio : 0.00%
Discarded:
Discarded packets : 0
Discarded packet ratio : 0.00%
Table 31 Command output
Field |
Description |
MAC address |
Client MAC address. |
AP name |
Name of the AP that the client is associated with. |
Radio ID |
ID of the radio that the client is associated with. |
Access time |
Time the client took to associate with the WLAN. |
RSSI |
RSSI of the client. |
Rx/Tx rate |
Rates at which the client receives and sends data, management packets, and control packets. |
Received |
Received packet statistics: · Retransmitted packets. · Retransmitted packet ratio. |
Sent |
Sent packet statistics: · Retransmitted packets. · Retransmitted packet ratio. |
Discarded |
Discarded packet statistics: · Discarded packets. · Discarded packet ratio. |
display wlan forwarding-policy
Use display wlan forwarding-policy to display WLAN forwarding policy information.
Syntax
display wlan forwarding-policy [ policy-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameter
policy-name: Specifies a WLAN forwarding policy by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all WLAN forwarding policies.
Examples
# Display information about all WLAN forwarding policies.
<Sysname> display wlan forwarding-policy
Total number of forwarding policies: 2
Forwarding policy name: fwd1
Classifier ACL 2000: Local
Classifier ACL 2004: Local
Classifier IPv6 ACL 2001: Remote
Classifier IPv6 ACL 2002: Remote
Forwarding policy name: fwd2
Classifier ACL 4021: Local
Classifier IPv6 ACL 2000: Remote
Classifier IPv6 ACL 3024: Remote
Table 32 Command output
Field |
Description |
IPv4 packet forwarding mode. The forwarding mode is Remote, indicating centralized forwarding. |
|
Classifier IPv6 ACL number |
IPv6 packet forwarding mode. The forwarding mode is Remote, indicating centralized forwarding. |
Related commands
wlan forwarding-policy
display wlan ap region-code
Use display wlan ap region-code to display region code information for all APs or the specified AP.
Syntax
display wlan ap { all | name ap-name } region-code
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Examples
# Display region code information for all APs.
<Sysname> display wlan ap all region-code
Region Code
AP name Region Code
ap1 CN CHINA
ap2 CN CHINA
ap3 CN CHINA
Table 33 Command output
Field |
Description |
Region Code |
Region code. For more information about region codes, see Table 36. |
display wlan service-template
Use display wlan service-template to display service template information.
Syntax
display wlan service-template [ service-template-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.
verbose: Displays detailed service template information.
Examples
# Display brief information about all service templates.
[Sysname] display wlan service-template
Total number of service templates: 2
Service template name SSID Status
1 2333 Enabled
2 3222 Enabled
# Display detailed information about all service templates.
<Sysname> display wlan service-template verbose
Service template name : service1
Description : Not configured
SSID : wuxianfuwu
SSID-hide : Disabled
User-isolation : Disabled
Service template status : Disabled
Maximum clients per BSS : 64
Frame format : Dot3
Seamless roam status : Disabled
Seamless roam RSSI threshold : 50
Seamless roam RSSI gap : 20
VLAN ID : 1
AKM mode : PSK
Security IE : RSN
Cipher suite : CCMP
WEP key ID : 1
TKIP countermeasure time : 100 sec
PTK lifetime : 43200 sec
GTK rekey : Enabled
GTK rekey method : Time-based
GTK rekey time : 86400 sec
GTK rekey client-offline : Enabled
User authentication mode : Bypass
Intrusion protection : Disabled
Intrusion protection mode : Temporary-block
Temporary block time : 180 sec
Temporary service stop time : 20 sec
Fail VLAN ID : 1
802.1X handshake : Enabled
802.1X handshake secure : Disabled
802.1X domain : my-domain
MAC-auth domain : Not configured
Max 802.1X users per BSS : 4096
Max MAC-auth users per BSS : 4096
802.1X re-authenticate : Enabled
Authorization fail mode : Online
Accounting fail mode : Online
Authorization : Permitted
Key derivation : SHA1
PMF status : Optional
Hotspot policy number : Not configured
Forwarding policy status : Disabled
Forward policy name : Not configured
Forwarder : AC
FT status : Enabled
FT method : over-the-air
FT reassociation deadline : 20 sec
QoS trust : Port
QoS priority : 0
Table 34 Command output
Field |
Description |
SSID |
SSID of the service template. |
SSID-hide |
Whether the SSID is hidden in beacons: · Disabled. · Enabled. |
User-isolation |
Use isolation: · Disabled. · Enabled. |
Service template status |
Service template status: · Disabled. · Enabled. |
Maximum clients per BSS |
Maximum number of clients that the BSS supports. |
Frame format |
Client data frame encapsulation format: · Dot3—802.3 format. · Dot11—802.11 format. |
Seamless roam status |
Seamless roaming status: · Disabled. · Enabled. |
Seamless roam RSSI threshold |
Seamless roaming RSSI threshold. |
Seamless roam RSSI gap |
Seamless roaming RSSI gap. |
VLAN ID |
ID of the VLAN to which clients belong after they come online through the service template. |
AKM mode |
AKM mode: · 802.1X. · PSK. |
Security IE |
Security IE: · RSN. · WPA. |
Cipher suite |
Cipher suite: · WEP40. · WEP104. · WEP128. · TKIP. · CCMP. |
TKIP countermeasure time |
TKIP countermeasure time. The value 0 indicates no countermeasures are taken. |
GTK rekey |
Whether GTK rekey is enabled: · Enabled. · Disabled. |
GTK rekey method |
GTK rekey method: · Time-based. · Packet-based. |
GTK rekey time |
GTK rekey interval. |
GTK rekey packets |
Number of packets that can be transmitted before the GTK is refreshed. |
GTK rekey client-offline |
Whether client-off GTK rekey is enabled: · Enabled. · Disabled. |
User authentication mode |
Authentication mode: · Bypass—No authentication. · MAC. · MAC-or-802.1X—MAC authentication is performed first. If MAC authentication fails, 802.1X authentication is performed. · 802.1X. · 802.1X-or-MAC—802.1X authentication is performed first. If 802.1X authentication fails, MAC authentication is performed. · OUI-or-802.1X—OUI authentication is performed first. If OUI authentication fails, 802.1X authentication is performed. |
Intrusion protection |
Whether intrusion protection is enabled: · Enabled. · Disabled. |
Intrusion protection mode |
Intrusion protection mode: · Temporary-block—Temporarily adds intruders to the block list. · Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets. · Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets. |
Temporary block time |
Temporary block time in seconds. |
Temporary service stop time |
Temporary service stop time in seconds. |
Fail VLAN ID |
ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured. |
Critical VLAN ID |
ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the critical VLAN ID is not configured. |
802.1X handshake |
Whether 802.1X handshake is enabled: · Enabled. · Disabled. |
802.1X handshake secure |
Whether secure 802.1X handshake is enabled: · Enabled. · Disabled. |
802.1X domain |
802.1X authentication domain. This field displays Not configured if the domain is not configured. |
MAC-auth domain |
MAC authentication domain. This field displays Not configured if the domain is not configured. |
Max 802.1X users per BSS |
Maximum number of supported 802.1X users in a BSS. |
Max MAC-auth users per BSS |
Maximum number of supported users that pass the MAC authentication in a BSS. |
802.1X re-authenticate |
Whether 802.1X reauthentication is enabled: · Enabled. · Disabled. |
Authorization fail mode |
Authorization fail mode: · Offline—Clients are logged off when authorization fails. · Online—Clients are not logged off when authorization fails. |
Accounting fail mode |
Accounting fail mode: · Offline—Clients are logged off when accounting fails. · Online—Clients are not logged off when accounting fails. |
Authorization |
Authorization information: · Permitted—Applies the authorization information issued by the RADIUS server or the local device. · Ignored—Ignores the authorization information issued by the RADIUS server or the local device. |
Key derivation |
Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm. |
PMF status |
PMF status: · Disabled—Management frame protection is disabled. · Optional—Management frame protection in optional mode is enabled. · Mandatory—Management frame protection in mandatory mode is enabled. |
Forwarding policy status |
WLAN forwarding policy status: · Disabled. · Enabled. |
Forward policy name |
WLAN forwarding policy name: · Not configured—No WLAN forwarding policy is configured. · policy-name. |
Forwarder |
Client traffic forwarder: · AC. · AP. |
FT status |
FT status: · Disabled. · Enabled. |
FT method |
FT method: · over-the-air. · over-the-ds. This field is not supported in the current software version. |
FT reassociation deadline |
FT reassociation timeout timer in seconds. This field is not supported in the current software version. |
QoS trust |
QoS priority trust mode: · Port—Port priority trust mode. · Dot11e—802.11e priority trust mode. |
QoS priority |
Port priority in the range of 0 to 7. |
display wlan statistics
Use display wlan statistics to display client statistics or service template statistics.
Syntax
display wlan statistics { ap { all | name ap-name } connect-history | client [ mac-address mac-address ] | service-template service-template-name [ connect-history ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap: Specifies APs.
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
connect-history: Displays the connection history.
client: Specifies client statistics.
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.
service-template service-template-name: Specifies a service template by its name. If you also specify the connect-history keyword, the command displays the connection history for the specified service template.
Examples
# Display statistics for all clients.
<Sysname> display wlan statistics client
MAC address : 0014-6c8a-43ff
AP name : ap1
Radio ID : 1
SSID : office
BSSID : 000f-e2ff-7700
RSSI : 31
Sent frames:
Back ground : 0/0 (frames/bytes)
Best effort : 9/1230 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 2/76 (frames/bytes)
Received frames:
Back ground : 0/0 (frames/bytes)
Best effort : 18/2437 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 7/468 (frames/bytes)
Discarded frames:
Back ground : 0/0 (frames/bytes)
Best effort : 0/0 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 5/389 (frames/bytes)
Table 35 Command output
Field |
Description |
SSID |
SSID of the service template. |
MAC address |
Client MAC address. |
Back ground |
AC-BK queue. |
Best effort |
AC-BE queue. |
Video |
AC-VI queue. |
Voice |
AC-VO queue. |
# Display statistics for service template 1.
<Sysname> display wlan statistics service-template 1
AP name : ap1
Radio ID : 1
Received:
Frame count : 1713
Frame bytes : 487061
Data frame count : 1683
Data frame bytes : 485761
Association request count : 2
Sent:
Frame count : 62113
Frame bytes : 25142076
Data frame count : 55978
Data frame bytes : 22626600
Association response count : 2
# Display the connection history for service template 1.
<Sysname> display wlan statistics service-template 1 connect-history
AP name : ap1
Radio ID : 1
Associations : 132
Association failures : 3
Reassociations : 30
Rejections : 12
Abnormal disassociations : 2
Current associations : 57
AP name : ap1
Radio ID : 2
Associations : 1004
Association failures : 35
Reassociations : 59
Rejections : 4
Abnormal disassociations : 22
Current associations : 300
# Display the connection history for AP ap1.
<Sysname> display wlan statistics ap name ap1 connect-history
AP name : ap1
Associations : 1
Reassociations : 0
Failures : 0
Rejections : 0
Abnormal disassociations : 0
Current associations : 1
display wlan whitelist
Use display wlan whitelist to display whitelist entries.
Syntax
display wlan whitelist
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display whitelist entries.
<Sysname> display wlan whitelist
Total number of clients: 3
MAC addresses:
000e-35b2-000e
0019-5b8e-b709
001c-f0bf-9c92
inherit exclude service-template
Use inherit exclude service-template to configure an AP to not inherit the specified service template from the AP group to which it belongs.
Use undo inherit exclude service-template to restore the default.
Syntax
inherit exclude service-template service-template-name
undo inherit exclude service-template service-template-name
Default
An AP inherits the service template bound to an AP group.
Views
Radio view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Examples
# Configure AP ap1 to not inherit service template st from an AP group.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-ap-ap1] radio 1
[Sysname-ap-ap1-radio-1] inherit exclude service-template st
map-configuration
Use map-configuration to deploy a configuration file to an AP.
Use undo map-configuration to restore the default.
Syntax
map-configuration filename
undo map-configuration
Default
No configuration file is deployed to an AP.
Views
AP view
AP group AP model view
Predefined user roles
network-admin
Parameters
filename: Specifies a configuration file by its name, a case-insensitive string of 1 to 63 characters. Make sure the configuration file is stored in the storage medium of the AC.
Usage guidelines
Contents in the configuration file must be complete commands.
The configuration file takes effect when the CAPWAP tunnel to the AC is in Run state. It does not survive an AP reboot.
An AP can only use its main IP address to establish a CAPWAP tunnel to the AC if the AP is configured by using a configuration file.
Examples
# Deploy configuration file downconfig.txt to AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] map-configuration downconfig.txt
# Deploy configuration file downconfig.txt to APs with model WA4320i-ACN in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] map-configuration downconfig.txt
nas-id
Use nas-id to set the network access server identifier (NAS ID).
Syntax
nas-id nas-id
undo nas-id
Default
In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, no NAS ID is specified.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
nas-id: Specifies a NAS ID, a case-sensitive string of 1 to 63 characters.
Usage guidelines
After coming online, a client sends a RADIUS request that carries the NAS ID to the RADIUS server to indicate its network access server.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order. You can also set the NAS ID when binding a service template to a radio. If you have specified a NAS ID when binding a service template to a radio, the AP uses the NAS ID specified for the service template.
Examples
# Set the NAS ID to abc123 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-AGN
[Sysname-wlan-ap-ap1] nas-id abc123
# Set the NAS ID to abc123 for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] nas-id abc123
# Set the global NAS ID to abc123.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] nas-id abc123
nas-port-id
Use nas-port-id to set the network access server port identifier (NAS port ID).
Use the undo nas-port-id to restore the default.
Syntax
nas-port-id nas-port-id
undo nas-port-id
Default
In AP view, an AP uses the configuration in AP group view. If no NAS ID is specified in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, no NAS port ID is specified.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
nas-port-id: Specifies a NAS port ID, a case-sensitive string of 1 to 63 characters.
Usage guidelines
After coming online, a client sends a RADIUS request that carries the NAS port ID to the RADIUS server to indicate its network access server.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order. You can also set the NAS port ID when binding a service template to a radio. If you have specified a NAS port ID when binding a service template to a radio, the AP uses the NAS port ID specified for the service template.
Examples
# Set the NAS port ID to abcd1234 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-AGN
[Sysname-wlan-ap-ap1] nas-port-id abcd1234
# Set the NAS port ID to abcd1234 for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] nas-port-id abcd1234
# Set the global NAS port ID to abcd1234.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] nas-port-id abcd1234
nas-vlan
Use nas-vlan to set the network access server VLAN identifier (NAS VLAN ID) and enable the AC to encapsulate the VLAN ID in RADIUS requests.
Use undo nas-vlan to restore the default.
Syntax
nas-vlan vlan-id
undo nas-vlan
Default
No NAS VLAN ID is set. Authentication requests sent to the RADIUS server do not contain the NAS VLAN ID field.
Views
AP view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a NAS VLAN ID in the range of 1 to 4096.
Usage guidelines
When the NAS VLAN ID is set, the AC encapsulates the VLAN ID in RADIUS requests sent to the RADIUS server to indicate clients' network access server.
Set the NAS VLAN ID when a third-party Security Accounting Management (SAM) server is used as the RADIUS server.
Examples
# Set the NAS VLAN ID to 1234 for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] nas-vlan 1234
quick-association enable
Use quick-association to enable quick association.
Use undo quick-association to disable quick association.
Syntax
quick-association enable
undo quick-association enable
Default
Quick association is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.
Examples
# Enable quick association for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1]quick-association enable
region-code
Use region-code to specify a region code.
Use undo region-code to restore the default.
Syntax
region-code code
undo region-code
Default
In AP view, an AP uses the configuration in AP group view. If no region code is specified in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, the region code is CN.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
code: Specifies a region code. For more information about region codes, see Table 36.
Table 36 Region code information
Country |
Code |
Country |
Code |
Andorra |
AD |
Korea, Republic of Korea |
KR |
United Arab Emirates |
AE |
Kenya |
KE |
Albania |
AL |
Kuwait |
KW |
Armenia |
AM |
Kazakhstan |
KZ |
Australia |
AU |
Lebanon |
LB |
Argentina |
AR |
Liechtenstein |
LI |
Australia |
AT |
Sri Lanka |
LK |
Azerbaijan |
AZ |
Lithuania |
LT |
Bosnia and Herzegovina |
BA |
Luxembourg |
LU |
Belgium |
BE |
Latvia |
LV |
Bulgaria |
BG |
Libyan |
LY |
Bahrain |
BH |
Morocco |
MA |
Brunei Darussalam |
BN |
Monaco |
MC |
Bolivia |
BO |
Moldova |
MD |
Brazil |
BR |
Macedonia |
MK |
Bahamas |
BS |
Macau |
MO |
Belarus |
BY |
Martinique |
MQ |
Belize |
BZ |
Malta |
MT |
Canada |
CA |
Mauritius |
MU |
Switzerland |
CH |
Mexico |
MX |
Cote d'ivoire |
CI |
Malay Archipelago |
MY |
Chile |
CL |
Namibia |
NA |
China |
CN |
Nigeria |
NG |
Colombia |
CO |
Nicaragua |
NI |
Costarica |
CR |
Netherlands |
NL |
Serbia |
RS |
Norway |
NO |
Cyprus |
CY |
New Zealand |
NZ |
Czech Republic |
CZ |
Oman |
OM |
Germany |
DE |
Panama |
PA |
Denmark |
DK |
Peru |
PE |
Dominica |
DO |
Poland |
PL |
Algeria |
DZ |
Philippines |
PH |
Ecuador |
EC |
Pakistan |
PK |
Estonia |
EE |
Puerto Rico |
PR |
Egypt |
EG |
Portugal |
PT |
Spain |
ES |
Paraguay |
PY |
Faroe Islands |
FO |
Qatar |
QA |
Finland |
FI |
Romania |
RO |
France |
FR |
Russian Federation |
RU |
Britain |
GB |
Saudi Arabia |
SA |
Georgia |
GE |
Sweden |
SE |
Gibraltar |
GI |
Singapore |
SG |
Greenland |
GL |
Slovenia |
SI |
Guadeloupe |
GP |
Slovak |
SK |
Greece |
GR |
San Marino |
SM |
Guatemala |
GT |
Salvador |
SV |
Guyana |
GY |
Syrian |
SY |
Honduras |
HN |
Thailand |
TH |
Hong Kong |
HK |
Tunisia |
TN |
Croatia |
HR |
Turkey |
TR |
Hungary |
HU |
Trinidad and Tobago |
TT |
Iceland |
IS |
, China |
TW |
India |
IN |
Ukraine |
UA |
Indonesia |
ID |
United States of America |
US |
Ireland |
IE |
Uruguay |
UY |
Israel |
IL |
Uzbekistan |
UZ |
Iraq |
IQ |
The Vatican City State |
VA |
Italy |
IT |
Venezuela |
VE |
Iran |
IR |
Virgin Islands |
VI |
Jamaica |
JM |
Vietnam |
VN |
Jordan |
JO |
Yemen |
YE |
Japan |
JP |
South Africa |
ZA |
Democratic People's Republic of Korea |
KP |
Zimbabwe |
ZW |
Usage guidelines
A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.
Examples
# Specify US as the region code for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] region-code US
# Specify US as the region code for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] region-code US
# Specify US as the global region code.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] region-code US
Related commands
region-code-lock
region-code-lock
Use region-code-lock enable to lock the region code.
Use region-code-lock disable to unlock the region code.
Use undo region-code-lock to restore the default.
Syntax
region-code-lock { disable | enable }
undo region-code-lock
Default
In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, an AP uses the configuration in global configuration view.
In global configuration view, the region code is not locked.
Views
AP view
AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
A locked region code cannot be changed.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.
The region-code-lock enable command does not take effect on an AP if you execute this command without specifying a region code first in AP view. The AP's region code is determined by the region code configuration for the AP group to which the AP belongs, or by the global configuration. The same rule applies to an AP group in the same situation.
Examples
# Lock the region code for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] region-code-lock enable
# Lock the region code for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] region-code-lock enable
# Lock the global region code.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] region-code-lock enable
Related commands
region-code
reset wlan client
Use reset wlan client to log off a client or all clients.
Syntax
reset wlan client { all | mac-address mac-address }
View
User view
Predefined user roles
network-admin
Parameters
all: Specifies all clients.
mac-address mac-address: Specifies a client by its MAC address.
Examples
# Log off all clients.
<Sysname> reset wlan client all
Related commands
display wlan client
reset wlan dynamic-blacklist
Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.
Syntax
reset wlan dynamic-blacklist [ mac-address mac-address ]
Views
User view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.
Examples
# Remove all clients from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist
# Remove the specified client from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69
Related commands
display wlan blacklist
reset wlan statistics client
Use reset wlan statistics client to clear client statistics.
Syntax
reset wlan statistics client { all | mac-address mac-address }
View
User view
Predefined user roles
network-admin
Parameters
all: Specifies all clients.
mac-address mac-address: Specifies a client by its MAC address.
Examples
# Clear statistics about all clients.
<Sysname> reset wlan statistics client all
Related commands
display wlan statistics
reset wlan statistics service-template
Use reset wlan statistics service-template to clear service template statistics.
Syntax
reset wlan statistics service-template service-template-name
View
User view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Examples
# Clear statistics about service template service1.
<Sysname> reset wlan statistics service-template service1
Related commands
display wlan statistics
service-template
Use service-template to bind a service template to a radio or a radio interface.
Use undo service-template to unbind a service template from a radio or a radio interface.
Syntax
service-template service-template-name [ nas-id nas-id | nas-port-id nas-port-id ] [ ssid-hide ] [ vlan vlan-id | vlan-group vlan-group-name ]
undo service-template service-template-name
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, no service template is bound to a radio.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
nas-id nas-id: Specifies a NAS ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.
nas-port-id nas-port-id: Specifies a NAS port ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.
ssid-hide: Hides SSIDs in beacon frames.
vlan vlan-id: Specifies a VLAN ID. The value range for this option varies by device model. If you do not specify this option, the radio uses the VLAN configured for the service template. If the specified VLAN does not exist, this command creates the VLAN when clients come online.
vlan-group vlan-group-name: Specifies a VLAN group name, a case-insensitive string of 1 to 31 characters. If you do not specify this option, the radio uses the VLAN configured for the service template. For more information about configuring VLAN groups, see VLAN commands in Layer 2—LAN Switching Command Reference.
Usage guidelines
Before you bind a service template to a radio or a radio interface, you must create the service template.
The VLAN ID or VLAN group configured using this command takes precedence over the VLAN ID configured for a service template.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radio.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-ap-ap1] radio 1
[Sysname-ap-ap1-radio-1] service-template service1 vlan-group vg1
# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radio in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] service-template service1 vlan-group vg1
service-template enable
Use service-template enable to enable a service template.
Use undo service-template enable to disable a service template.
Syntax
service-template enable
undo service-template enable
Default
A service template is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
If the number of BSSs on a device exceeds the limit, you cannot enable a new service template.
Examples
# Enable service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] service-template enable
snmp-agent trap enable wlan client
Use snmp-agent trap enable wlan client to enable SNMP notification for client access.
Use undo snmp-agent trap enable wlan client to disable SNMP notification for client access.
Syntax
snmp-agent trap enable wlan client
undo snmp-agent trap enable wlan client
Default
SNMP notification is disabled for client access.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notification for client access.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan client
snmp-agent trap enable wlan client-audit
Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.
Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.
Syntax
snmp-agent trap enable wlan client-audit
undo snmp-agent trap enable wlan client-audit
Default
SNMP notification is disabled for client audit.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notification for client audit.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan client-audit
ssid
Use ssid to set an SSID for a service template.
Use undo ssid to restore the default.
Syntax
ssid ssid-name
undo ssid
Default
No SSID is configured for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
Disable the service template before you execute this command.
Examples
# Set the SSID to lynn for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] ssid lynn
unknown-client
Use unknown-client to set the way that an AP processes traffic from unknown clients.
Use undo unknown-client to restore the default.
Syntax
unknown-client { deauthenticate | drop }
undo unknown-client
Default
An AP drops packets from unknown clients and deauthenticates these clients.
Views
Service template view
Predefined user roles
network-admin
Parameters
deauthenticate: Drops packets from unknown clients and deauthenticates these clients.
drop: Drops packets from unknown clients.
Examples
# Configure APs that use service template example to drop packets from unknown clients but not deauthenticate these clients.
<Sysname> system-view
[Sysname] wlan service-template example
[Sysname -wlan-st-example] unknown-client drop
vlan
Use vlan to assign clients coming online through a service template to the specified VLAN.
Use undo vlan to restore the default.
Syntax
vlan vlan-id
undo vlan
Default
Clients are assigned to VLAN 1 after coming online through a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094. If the specified VLAN does not exist, this command creates the VLAN when clients come online.
Usage guidelines
Disable the service template before you execute this command.
If the specified VLAN does not exist, this command creates the VLAN when clients come online.
Examples
# Assign clients coming online through service template service1 to VLAN 2.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] vlan 2
wlan client forwarding enable
Use wlan client forwarding enable to enable client traffic forwarding.
Use undo wlan client forwarding enable to disable client traffic forwarding.
Syntax
wlan client forwarding enable
undo wlan client forwarding enable
Default
Client traffic forwarding is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You must enable this feature if you configure the AC as the client traffic forwarder.
Examples
# Disable client traffic forwarding.
<Sysname> system-view
[Sysname] undo wlan client forwarding enable
Related commands
client forwarding-location
wlan client forwarding-policy-name
Use wlan client forwarding-policy-name to apply a forwarding policy to a user profile.
Use undo wlan client forwarding-policy-name to restore the default.
Syntax
wlan client forwarding-policy-name policy-name
undo wlan client forwarding-policy-name
Default
No forwarding policy is applied to a user profile.
Views
User profile view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
For the AC to perform policy-based forwarding for clients that use a user profile, apply a forwarding policy to the user profile. After a client passes authentication, the authentication server sends the user profile name specified for the client to the AC. The AC will forward traffic of the client based on the forwarding policy applied to the user profile.
For the forwarding policy applied to a user profile to take effect, perform the following tasks for the service template that the user profile uses:
· Enable policy-based forwarding.
· Specify the AC to perform client authentication.
If you modify or delete the applied forwarding policy, the change takes effect when the client comes online again.
The AC preferentially uses the forwarding policy applied to a user profile to direct client traffic forwarding. If the user profile of a client does not have a forwarding policy applied, the AC uses the forwarding policy applied to the service template.
Make sure the AC and its associated APs are in different network segments.
Examples
# Apply forwarding policy policyname to user profile profilename.
<Sysname> system-view
[Sysname] user-profile profilename
[Sysname-user-profile-profilename] wlan client forward-policy-name policyname
Related commands
client forwarding-policy enable
client-security authentication-location
wlan client reauthentication-period
Use wlan client reauthentication-period to set the idle period before client reauthentication.
Use undo wlan client reauthentication-period to restore the default.
Syntax
wlan client reauthentication-period [ period-value ]
undo wlan client reauthentication-period
Default
The idle period is not configured.
Views
System view
Predefined user roles
network-admin
Parameters
period-value: Specifies the idle period in the range of 1 to 3600 seconds. By default, the idle period is 10 seconds.
Usage guidelines
Set the idle period before client reauthentication to reduce reauthentication failures.
When URL redirection is enabled for WLAN MAC authentication clients, an AP logs off a client that has passed MAC authentication. At the next MAC authentication attempt, the client can pass MAC authentication and access the WLAN. With the idle period configured, the AP adds the client to the dynamic blacklist after logging off the client and the client entry ages out after the specified idle period.
Examples
# Set the idle period before client reauthentication to 100 seconds.
<Sysname> system-view
[Sysname] wlan client reauthentication-period 100
wlan dynamic-blacklist active-on-ap
Use wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on APs.
Use undo wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on the AC.
Syntax
wlan dynamic-blacklist active-on-ap
undo wlan dynamic-blacklist active-on-ap
Default
The dynamic blacklist takes effect on APs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If you configure the dynamic blacklist to take effect on the AC, all APs connected to the AC will reject the client in the dynamic blacklist. If you configure the dynamic blacklist to take effect on APs, the AP associated with the client in the dynamic blacklist will reject the client, but the client can still associate with other APs connected to the AC. As a best practice, configure the dynamic blacklist to take effect on the AC in high-density environments.
Examples
# Configure the dynamic blacklist to take effect on the AC.
<Sysname> system-view
[Sysname] undo wlan dynamic-blacklist active-on-ap
wlan dynamic-blacklist lifetime
Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries.
Use undo wlan dynamic-blacklist lifetime to restore the default.
Syntax
wlan dynamic-blacklist lifetime lifetime
undo wlan dynamic-blacklist lifetime
Default
The aging time is 300 seconds for dynamic blacklist entries.
Views
System view
Predefined user roles
network-admin
Parameters
lifetime: Specifies the aging time in the range of 1 to 3600 seconds.
Usage guidelines
The configured aging time takes effect only on entries added to the dynamic blacklist after this command is executed.
The aging time for dynamic blacklist entries only applies to rogue client entries.
Examples
# Set the aging time for dynamic blacklist entries to 3600 seconds.
<Sysname> system-view
[Sysname] wlan dynamic-blacklist lifetime 3600
wlan forwarding-policy
Use wlan forwarding-policy to create a forwarding policy and enter its view, or enter the view of an existing forwarding policy.
Use undo wlan forwarding-policy to delete a forwarding policy.
Syntax
wlan forwarding-policy policy-name
undo wlan forwarding-policy policy-name
Default
No forwarding policies are created.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.
You can create a maximum of 1000 forwarding policies.
Examples
# Create forwarding policy abc and enter its view.
<Sysname> system-view
[Sysname] wlan forwarding-policy abc
[Sysname-wlan-fp-abc]
wlan link-test
Use wlan link-test to test wireless link quality.
Syntax
wlan link-test mac-address
Views
Any view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the client MAC address in the H-H-H format.
Usage guidelines
Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.
The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.
Examples
# Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0.
<Sysname> wlan link-test 60a4-4cda-eff0
Testing link to 60a4-4cda-eff0. Press CTRL + C to break.
Link Status
-----------------------------------------------------------------------
MAC address: 60a4-4cda-eff0
-----------------------------------------------------------------------
VHT-MCS Rate(Mbps) TxCnt RxCnt RSSI Retries RTT(ms)
-----------------------------------------------------------------------
NSS = 1
-----------------------------------------------------------------------
0 32.5 5 5 54 0 0
1 65 5 5 51 0 0
2 97.5 5 5 49 0 0
3 130 5 5 47 0 0
4 195 5 5 45 0 0
5 260 5 5 45 0 0
6 292.5 5 5 44 0 0
7 325 5 5 44 0 0
8 390 5 5 44 0 0
9 433.3 5 5 43 0 0
-----------------------------------------------------------------------
NSS = 2
-----------------------------------------------------------------------
0 65 5 5 44 0 0
1 130 5 5 44 0 0
2 195 5 5 44 0 0
3 260 5 5 44 0 0
4 390 5 5 44 0 0
5 520 5 5 44 0 0
6 585 5 5 43 0 0
7 650 5 5 43 0 0
8 780 5 5 43 0 0
9 866.7 5 5 43 0 0
Table 37 Command output
Field |
Description |
No./MCS/VHT-MCS |
· No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients. · MCS—MCS index for link quality test on 802.11n clients. · VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients. |
Rate(Mbps) |
Rate at which the AP sends wireless link quality detection frames. |
TxCnt |
Number of wireless link quality detection frames sent by the AP. |
RxCnt |
Number of responses received by the AP. |
RSSI |
RSSI of the client detected by the AP. |
Retries |
Number of wireless link quality retransmission frames sent by the AP. |
RTT(ms) |
Round trip time for link quality test frames from the AP to the client. |
NSS |
Number of spatial streams for link quality test on 802.11n or 802.11ac clients. |
wlan permit-ap-group
Use wlan permit-ap-group to specify a permitted AP group for client association.
Use undo permit-ap-group to delete a permitted AP group.
Syntax
wlan permit-ap-group ap-group-name
undo wlan permit-ap-group [ ap-group-name ]
Default
No permitted AP group is specified for client association.
Views
User profile view
Predefined user roles
network-admin
Parameters
ap-group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
If no permitted AP group is specified for client association, client access is not restricted.
If you specify a permitted AP group for client association, clients can only associate with APs in the AP group.
The undo form of the command deletes all permitted AP groups if you do not specify the ap-group-name argument.
Examples
# Specify AP group group1 as the permitted AP group for client association.
<Sysname> system-view
[Sysname] user-profile profile1
[Sysname-user-profile-profile1] wlan permit-ap-group group1
wlan permit-ssid
Use wlan permit-ssid to specify a permitted SSID for client association.
Use undo permit-ssid to delete a permitted SSID.
Syntax
wlan permit-ssid ssid-name
undo wlan permit-ssid [ ssid-name ]
Default
No permitted SSID is specified for client association.
Views
User profile view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
If no permitted SSID is specified for client association, client association is not restricted.
If you specify a permitted SSID for client association, clients can only associate with WLANs through the SSID.
The undo form of the command deletes all permitted SSIDs if you do not specify the ssid-name argument.
Examples
# Specify SSID ssid1 as the permitted SSID for client access.
<Sysname> system-view
[Sysname] user-profile profile1
[Sysname-user-profile- profile1] wlan permit-ssid ssid1
wlan service-template
Use wlan service-template to create a service template and enter its view, or enter the view of an existing service template.
Use undo wlan service-template to delete a service template.
Syntax
wlan service-template service-template-name
undo wlan service-template service-template-name
Default
No service template exists.
Views
System view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
You cannot delete a service template that has been bound to a radio.
Examples
# Create service template service1 and enter its view.
<Sysname> system-view
[Sysname] wlan service-template service1
wlan static-blacklist mac-address
Use wlan static-blacklist mac-address to add a client to the static blacklist.
Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.
Syntax
wlan static-blacklist mac-address mac-address
undo wlan static-blacklist [ mac-address mac-address ]
Default
No clients exist in the static blacklist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.
Usage guidelines
If you add an online client to the static blacklist, the command logs off the client.
You cannot add a client to both the whitelist and the static blacklist.
The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.
Do not add multicast or broadcast MAC addresses to the static blacklist.
Examples
# Add MAC address 001c-f0bf-9c92 to the static blacklist.
<Sysname> system-view
[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92
Related commands
display wlan blacklist
wlan web-server api-path
Use wlan web-server api-path to specify the path of the Web server to which client information is reported.
Use undo wlan web-server api-path to restore the default.
Syntax
wlan web-server api-path path
undo wlan web-server api-path
Default
The path of the Web server is not specified.
Views
System view
Predefined user roles
network-admin
Parameters
path: Specifies a path, a case-sensitive string of 1 to 256 characters.
Usage guidelines
The Web server accepts client information only when the server's host name, port number, and path are specified.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the path of the Web server as /wlan/dev-cfg.
<Sysname> system-view
[Sysname] wlan web-server api-path /wlan/dev-cfg
Related commands
wlan web-server host
wlan web-server max-client-entry
wlan web-server host
Use wlan web-server host to specify the host name and port number of the Web server to which client information is reported.
Use undo wlan web-server host to restore the default.
Syntax
wlan web-server host host-name port port-number
undo wlan web-server host
Default
The host name and port number of the Web server are not specified.
Views
System view
Predefined user roles
network-admin
Parameters
host host-name: Specifies a host name, a case-insensitive string of 3 to 127 characters that can contain letters, digits, hyphens (-), underscores (_), and dots (.).
port port-number: Specifies a port number in the range of 1 to 65534.
Usage guidelines
The Web server accepts client information only when the server's host name, port number, and path are specified.
Client information changes are reported to the Web server in real time.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the host name and port number of the Web server as www.abc.com and 668, respectively.
<Sysname> system-view
[Sysname] wlan web-server host www.abc.com port 668
Related commands
wlan web-server api-path
wlan web-server max-client-entry
wlan web-server max-client-entry
Use wlan web-server max-client-entry to set the maximum number of client entries that can be reported at a time.
Use undo wlan web-server max-client-entry to restore the default.
Syntax
wlan web-server max-client-entry number
undo wlan web-server max-client-entry
Default
A maximum of ten client entries can be reported at a time.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies a maximum number of client entries that can be reported at a time, in the range of 1 to 25.
Examples
# Set the maximum of client entries that can be reported at a time to 12.
<Sysname> system-view
[Sysname] wlan web-server max-client-entry 12
Related commands
wlan web-server api-path
wlan web-server host
wlan whitelist mac-address
Use wlan whitelist mac-address to add a client to the whitelist.
Use undo wlan whitelist mac-address to remove a client from the whitelist.
Syntax
wlan whitelist mac-address mac-address
undo wlan whitelist [ mac-address mac-address ]
Default
No clients exist in the whitelist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.
Usage guidelines
When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.
If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.
You cannot add a client to both the whitelist and the static blacklist.
The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.
Do not add multicast or broadcast MAC addresses to the whitelist.
Examples
# Add MAC address 001c-f0bf-9c92 to the whitelist.
<Sysname> system-view
[Sysname] wlan whitelist mac-address 001c-f0bf-9c92
This command will disconnect all clients. Continue? [Y/N]:
Related commands
display wlan whitelist
WLAN security commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
akm mode
Use akm mode to set an authentication and key management (AKM) mode.
Use undo akm mode to restore the default.
Syntax
akm mode { dot1x | private-psk | psk | anonymous-dot1x }
undo akm mode
Default
No AKM mode is set.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
dot1x: Specifies 802.1X as the AKM mode.
private-psk: Specifies private PSK as the AKM mode.
psk: Specifies PSK as the AKM mode.
anonymous-dot1x: Specifies WiFi alliance anonymous 802.1X as the AKM mode.
Usage guidelines
You must set the AKM mode for 802.11i (RSNA) networks.
Each WLAN service template supports only one AKM mode. Set the AKM mode only when the WLAN service template is disabled.
Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.
Each of the following AKM modes must be used with a specific authentication mode:
· 802.1X AKM—802.1X authentication mode.
· Private PSK AKM—MAC authentication mode.
· PSK AKM—MAC or bypass authentication mode.
· WiFi alliance anonymous 802.1X AKM—802.1X authentication mode.
For more information about the authentication mode, see "Configuring WLAN user access authentication."
Examples
# Set the PSK AKM mode.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] akm mode psk
cipher-suite
security-ie
cipher-suite
Use cipher-suite to specify the cipher suite used for frame encryption.
Use undo cipher-suite to remove the cipher suite configuration.
Syntax
cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }
undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }
Default
No cipher suite is specified.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
ccmp: Specifies the AES-CCMP cipher suite.
tkip: Specifies the TKIP cipher suite.
wep40: Specifies the WEP40 cipher suite.
wep104: Specifies the WEP104 cipher suite.
wep128: Specifies the WEP128 cipher suite.
Usage guidelines
You must set the cipher suite for 802.11i networks. Set a cipher suite only when the WLAN service template is disabled.
Set the TKIP or CCMP cipher suite when you configure the RSN IE or WPA IE.
The WEP cipher suite includes three types, WEP40, WEP104, and WEP128. Each WLAN service template supports only one type of WEP cipher suite. After you set a type of WEP cipher suite, you must create and apply a key of the same type.
WEP128 cannot be set if the CCMP or TKIP cipher suite is configured.
Examples
# Set the TKIP cipher suite for frame encryption.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] cipher-suite tkip
security-ie
wep key
wep key-id
gtk-rekey client-offline enable
Use gtk-rekey client-offline enable to enable offline-triggered GTK update.
Use undo gtk-rekey client-offline to restore the default.
Syntax
gtk-rekey client-offline enable
undo gtk-rekey client-offline enable
Default
Offline-triggered GTK update is disabled.
Views
WLAN service template view
Predefined user roles
network-admin
Usage guidelines
Enable offline-triggered GTK update only when GTK update is enabled.
Examples
# Enable offline-triggered GTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] gtk-rekey client-offline enable
gtk-rekey enable
gtk-rekey enable
Use gtk-rekey enable to enable GTK update.
Use undo gtk-rekey enable to disable GTK update.
Syntax
gtk-rekey enable
undo gtk-rekey enable
Default
GTK update is enabled.
Views
WLAN service template view
Predefined user roles
network-admin
Examples
# Enable GTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] gtk-rekey enable
gtk-rekey method
Use gtk-rekey method to set a GTK update method.
Use undo gtk-rekey method to restore the default.
Syntax
gtk-rekey method { packet-based [ packet ] | time-based [ time ] }
undo gtk-rekey method
Default
The GTK is updated at an interval of 86400 seconds.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
packet-based packet: Specifies the number of packets (including multicasts and broadcasts) that are transmitted before the GTK is updated. The value range for the packet argument is 5000 to 4294967295 and the default is 10000000.
time-based time: Specifies the interval at which the GTK is updated. The value range for the time argument is 180 to 604800 seconds and the default is 86400 seconds.
Usage guidelines
Set the GTK update method only when GTK update is enabled.
The most recent configuration overwrites the previous one. For example, if you set the packet-based method and then set the time-based method, the time-based method takes effect.
If you set the GTK update method after the service template is enabled, the change takes effect when the following conditions exist:
· If you change the GTK update interval, the new interval takes effect when the old timer times out.
· If you change the packet number threshold, the new threshold takes effect immediately.
· If you change the GTK update method to packet-based, the new method takes effect when the timer is deleted and the packet number threshold is reached.
· If you change the GTK update method to time-based, the configuration takes effect immediately.
Examples
# Enable time-based GTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] gtk-rekey method time-based 3600
# Enable packet-based GTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] gtk-rekey method packet-based 600000
gtk-rekey enable
key-derivation
Use key-derivation to set the key derivation function (KDF).
Use undo key-derivation to restore the default.
Syntax
key-derivation { sha1 | sha1-and-sha256 | sha256 }
undo key-derivation
Default
The KDF is the HMAC-SHA1 algorithm.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
sha1: Specifies the HMAC-SHA1 algorithm as the KDF.
sha256: Specifies the HMAC-SHA256 algorithm as the KDF.
sha1-and-sha256: Specifies the HMAC-SHA1 algorithm and the HMAC-SHA256 algorithm as the KDFs.
Usage guidelines
KDFs take effect only for a network that uses the 802.11i mechanism.
The HMAC-SHA256 algorithm is recommended if mandatory management frame protection is enabled.
Examples
# Configure the HMAC-SHA256 algorithm as the KDF.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] key-derivation sha256
Related commands
akm mode
cipher-suite
security-ie
pmf
Use pmf to enable management frame protection.
Use undo pmf to restore the default.
Syntax
pmf { mandatory | optional }
undo pmf
Default
Management frame protection is disabled.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
mandatory: Specifies the mandatory mode. Only clients that support management frame protection can access the WLAN.
optional: Specifies the optional mode. All clients can access the WLAN.
Usage guidelines
Management frame protection takes effect only for a network that uses the 802.11i mechanism and is configured with the CCMP cipher suite and RSN security information element.
Examples
# Enable management frame protection in optional mode.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] pmf optional
Related commands
cipher-suite
security-ie
pmf association-comeback
Use pmf association-comeback to set the association comeback time.
Use undo pmf association-comeback to restore the default.
Syntax
pmf association-comeback time
undo pmf association-comeback
Default
The association comeback time is 1 second.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
time: Specifies the association comeback time in the range of 1 to 20 seconds.
Usage guidelines
If an AP rejects the current association or reassociation request from a client, it returns an association/reassociation response that carries the association comeback time. The AP starts to receive the association or reassociation request from the client when the association comeback time times out.
Examples
# Set the association comeback time to 2 seconds.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] pmf association-comeback 2
pmf saquery retrycount
Use pmf saquery retrycount to maximum retransmission attempts for SA query requests.
Use undo pmf saquery retrycount to restore the default.
Syntax
pmf saquery retrycount count
undo pmf saquery retrycount
Default
The maximum retransmission attempt number is 4 for SA query requests.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum retransmission attempts for SA query requests, in the range of 1 to 16.
Usage guidelines
If an AP does not receive an acknowledgment for the SA query request after retransmission attempts reach the maximum number, the AP determines that the client is offline.
Examples
# Set the number of maximum retransmission attempt to 3 for SA query requests.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] pmf saquery retrycount 3
Related commands
pmf
pmf saquery retrycount
pmf saquery retrytimeout
Use pmf saquery retrytimeout to set the interval for sending SA query requests.
Use undo pmf saquery retrytimeout to restore the default.
Syntax
pmf saquery retrytimeout timeout
undo pmf saquery retrytimeout
Default
The interval for sending SA query requests is 200 milliseconds.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
timeout: Specifies the interval for an AP to send SA query requests, in the range of 100 to 500 milliseconds.
Examples
# Set the interval for sending SA query requests to 300 milliseconds.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] pmf saquery retrytimeout 300
Related commands
pmf
pmf saquery retrytimeout
preshared-key
Use preshared-key to set the PSK.
Use undo preshared-key to restore the default.
Syntax
preshared-key { pass-phrase | raw-key } { cipher | simple } string
undo preshared-key
Default
No PSK is set.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
pass-phrase: Sets a PSK, a character string.
raw-key: Sets a PSK, a hexadecimal number.
cipher: Sets a key in encrypted form.
simple: Sets a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies a key string. This argument is case sensitive. Key length varies by key type:
· pass-phrase—Its plaintext form is 8 to 63 characters. Its encrypted form is 8 to 117 characters.
· raw-key—Its plaintext form is 64 hexadecimal digits. Its encrypted form is 8 to 117 characters.
Usage guidelines
Set the PSK only when the WLAN service template is disabled and the AKM mode is PSK. If you set the PSK when the AKM mode is 802.1X, the WLAN service template can be enabled but the PSK configuration does not take effect.
You can set only one PSK for a WLAN service template.
Examples
# Configure simple character string 12345678 as the PSK.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] akm mode psk
[Sysname-wlan-st-security] preshared-key pass-phrase simple 12345678
Related commands
akm mode
ptk-lifetime
Use ptk-lifetime to set the PTK lifetime.
Use undo ptk-lifetime to restore the default.
Syntax
ptk-lifetime time
undo ptk-lifetime
Default
The PTK lifetime is 43200 seconds.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
time: Specifies the lifetime of the PSK, in the range of 180 to 604800 seconds.
Usage guidelines
If you configure the PTK lifetime when the service template is enabled, the configuration takes effect after the old timer times out.
Examples
# Set the PTK lifetime to 200 seconds.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] ptk-lifetime 200
ptk-rekey enable
Use ptk-rekey enable to enable PTK update.
Use undo ptk-rekey enable to disable PTK update.
Syntax
ptk-rekey enable
undo ptk-rekey enable
Default
PTK update is enabled.
Views
WLAN service template view
Predefined user roles
network-admin
Usage guidelines
This feature enables the device to update the PTK after the PTK lifetime expires.
Examples
# Enable PTK update.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] ptk-rekey enable
Related commands
ptk-lifetime
security-ie
Use security-ie to enable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.
Use undo security-ie to disable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.
Syntax
security-ie { osen | rsn | wpa }
undo security-ie { osen | rsn | wpa }
Default
OSEN IE, RSN IE, and WPA IE are disabled.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
osen: Enables the OSEN IE in the beacon and probe response frames sent by the AP. The OSEN IE advertises the OSEN capabilities of the AP.
rsn: Enables the RSN IE in the beacon and probe response frames sent by the AP. The RSN IE advertises the RSN capabilities of the AP.
wpa: Enables the WPA IE in the beacon and probe response frames sent by the AP. The WPA IE advertises the WPA capabilities of the AP.
Usage guidelines
You must set the security IE for 802.11i networks. Set a security IE only when the WLAN service template is disabled and the CCMP or TKIP cipher suite is configured.
You can set both the WPA IE and RSN IE for the same WLAN service template. The WPA IE and RSN IE cannot be used together with the OSEN IE for a WLAN service template.
Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.
Examples
# Enable the RSN IE in beacon and probe responses.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] security-ie rsn
akm mode
cipher-suite
snmp-agent trap enable wlan usersec
Use snmp-agent trap enable wlan usersec to enable SNMP notifications for WLAN security.
Use undo snmp-agent trap enable wlan usersec to disable SNMP notifications for WLAN security.
Syntax
snmp-agent trap enable wlan usersec
undo snmp-agent trap enable wlan usersec
Default
SNMP notifications are disabled for WLAN security.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical WLAN security events to an NMS, enable SNMP notifications for WLAN security. For WLAN security event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.
Examples
# Enable SNMP notifications for WLAN security.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan usersec
tkip-cm-time
Use tkip-cm-time to set the TKIP MIC failure hold time.
Use undo tkip-cm-time to restore the default.
Syntax
tkip-cm-time time
undo tkip-cm-time
Default
The TKIP MIC failure hold time is 0 seconds. The AP does not take any countermeasures.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
time: Sets the TKIP MIC failure hold time in the range of 0 to 3600 seconds.
Usage guidelines
Set the TKIP MIC failure hold time only when the TKIP cipher suite is configured.
If you configure the MIC failure hold time when the service template is enabled, the configuration takes effect after the old timer times out.
If the AP detects two MIC failures within the MIC failure hold time, it disassociates all clients for 60 seconds.
Examples
# Set the TKIP MIC failure hold time to 180 seconds.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] tkip-cm-time 180
cipher-suite
wep key
Use wep key to set a WEP key.
Use undo wep key to delete the configured WEP key.
Syntax
wep key key-id { wep40 | wep104 | wep128 } { pass-phrase | raw-key } { cipher | simple } string
undo wep key key-id
Default
No WEP key is set.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
key-id: Sets the key ID in the range of 1 to 4.
wep40: Sets the WEP40 key.
wep104: Sets the WEP104 key.
wep128: Sets the WEP128 key.
pass-phrase: Sets a WEP key, a character string.
raw-key: Sets a WEP key, a hexadecimal number.
cipher: Sets a key in encrypted form.
simple: Sets a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
key: Specifies a key string. This argument is case sensitive. The cipher key length is in the range of 37 to 73 characters. The plaintext key length varies by key type:
· wep40 pass-phrase—Its plaintext form is 5 characters.
· wep104 pass-phrase—Its plaintext form is 13 characters.
· wep128 pass-phrase—Its plaintext form is 16 characters.
· wep40 raw-key—Its plaintext form is 10 hexadecimal digits.
· wep104 raw-key—Its plaintext form is 26 hexadecimal digits.
· wep128 raw-key—Its plaintext form is 32 hexadecimal digits.
Usage guidelines
Set a WEP key only when the WLAN service template is disabled and the cipher suite WEP is configured. You can set a maximum of four WEP keys.
Examples
# Configure the cipher suite WEP40 and configure plain text 12345 as WEP key 1.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] cipher-suite wep40
[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345
Related commands
cipher-suite
wep key-id
wep key-id
Use wep key-id to apply a WEP key.
Use undo wep key-id to restore the default.
Syntax
wep key-id { 1 | 2 | 3 | 4 }
undo wep key-id
Default
Key 1 is applied.
Views
WLAN service template view
Predefined user roles
network-admin
Parameters
1: Specifies the WEP key whose ID is 1.
2: Specifies the WEP key whose ID is 2.
3: Specifies the WEP key whose ID is 3.
4: Specifies the WEP key whose ID is 4.
Usage guidelines
Apply a WEP key only when the WLAN service template is disabled.
In the 802.11i mechanism, key 1 is the negotiated key. To apply a WEP key, specify a WEP key whose ID is not 1.
You can only apply an existing WEP key.
Examples
# Configure the cipher suite WEP40, configure plain text 12345 as WEP key 1, and apply WEP key 1.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] cipher-suite wep40
[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345
[Sysname-wlan-st-security] wep key-id 1
Related commands
wep key
wep mode dynamic
Use the wep mode dynamic command to enable the dynamic WEP mechanism.
Use the undo wep mode dynamic command to disable the dynamic WEP mechanism.
Syntax
wep mode dynamic
undo wep mode dynamic
Default
The dynamic WEP mechanism is disabled.
Views
WLAN service template view
Predefined user roles
network-admin
Usage guidelines
Enable the dynamic WEP mechanism only when the WLAN service template is disabled.
The dynamic WEP mechanism requires 802.1X authentication for user access authentication.
Do not apply WEP key 4 if the dynamic WEP mechanism is enabled.
Examples
# Enable the dynamic WEP mechanism.
<Sysname> system-view
[Sysname] wlan service-template security
[Sysname-wlan-st-security] wep mode dynamic
Related commands
cipher-suite
client-security authentication-mode
wep key
wep key-id
WLAN authentication commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
This chapter describes WLAN-specific authentication commands. For more information about 802.1X and MAC authentication commands, see Security Command Reference.
client url-redirect enable
Use client url-redirect enable to enable URL redirection for WLAN clients.
Use undo client url-redirect enable to disable URL redirection for WLAN clients.
Syntax
client url-redirect enable
undo client url-redirect enable
Default
URL redirection is disabled for WLAN clients
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
This command takes effect only on clients that use RADIUS-based MAC authentication.
A client is allowed to pass RADIUS-based MAC authentication only when its credential information (username and password) and MAC address are recorded on the RADIUS server.
This command facilitates MAC authentication for a client whose credential information and MAC address are not recorded on the RADIUS server. After this command is enabled, the client will perform Web authentication on the Web interface specified by the RADIUS server-assigned redirect URL. After the client passes Web authentication, the RADIUS server records the client's credential information and MAC address. At the same time, the server uses DM requests to log off the client. At the next MAC authentication attempt, the client can pass MAC authentication. For information about DMs, see AAA in Security Configuration Guide.
Examples
# Enable URL redirection for WLAN clients on service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client url-redirect enable
client-security accounting-delay time
Use client-security accounting-delay time to configure the accounting delay.
Use undo client-security accounting-delay time to restore the default.
Syntax
client-security accounting-delay time time [ no-ip-logoff ]
undo client-security accounting-delay time
Default
The device sends start-accounting requests for a client when the device learns the IP address of the client.
Views
Service template view
Predefined user roles
network-admin
Parameters
time: Specifies the accounting delay timer that starts after the client passes 802.1X or MAC authentication. The value range for the time argument is 1 to 60 seconds.
no-ip-logoff: Logs off a client if the device fails to obtain the client IP address within the delay timer. If you do not specify this keyword, the device sends start-accounting requests when the delay timer expires.
Usage guidelines
The device takes a predefined action on a client if it does not learn an IP address of the specified type for the client within the delay time. To specify the type of IP addresses that have the accounting-start qualification, use the client-security accounting-start trigger command. When the IP address type is set to none, the accounting delay feature does not take effect.
As a best practice, consider the time the device takes to obtain an IP address when you set the accounting delay timer. Increase the delay timer in a low-performance network.
If you execute this command on a service template that has been enabled, the command takes effect only on subsequent clients. It does not affect clients that have been online since before this command is executed.
Examples
# On service template service1, set the accounting delay timer to 15 seconds. Configure the device to log off a client if it fails to learn the required client IP address within the delay timer.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security accounting-delay time 15 no-ip-logoff
Related commands
client-security accounting-start trigger
client-security accounting-start trigger
Use client-security accounting-start trigger to specify an IP address type to have the accounting-start qualification.
Use undo client-security accounting-start trigger to restore the default.
Syntax
client-security accounting-start trigger { ipv4 | ipv4-ipv6 | ipv6 | none }
undo client-security accounting-start trigger
Default
The IP address type is IPv4.
Views
Service template view
Predefined user roles
network-admin
Parameters
ipv4: Specifies the IPv4 address type.
ipv4-ipv6: Specifies the IPv4 or IPv6 address type.
ipv6: Specifies the IPv6 address type.
none: Configures the device to send start-accounting requests for a client when the client passes authentication.
Usage guidelines
This command allows the device to send start-accounting requests to the accounting server only for clients that use a specific type of IP addresses. The command takes effect on clients that have passed 802.1X or MAC authentication. For more information about accounting, see AAA in Security Configuration Guide.
To configure an IP address type to have the accounting-start qualification, you must enable learning for IP addresses of that type. For information about wireless client IP address learning, see WLAN IP snooping in WLAN Configuration Guide.
The IP address type setting configured by using this command must meet the protocol requirements of the accounting server.
If you execute this command on a service template that has been enabled, the command takes effect only on subsequent clients. It does not affect clients that have been online since before this command is executed.
Examples
# On service template service1, allow the device to send start-accounting requests only for clients that use IPv6 addresses.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security accounting-start trigger ipv6
Related commands
client ipv4-snooping arp-learning enable
client ipv4-snooping dhcp-learning enable
client ipv6-snooping dhcpv6-learning enable
client ipv6-snooping nd-learning enable
client ipv6-snooping snmp-nd-report enable
client-security accounting-delay time
client-security accounting-update trigger
client-security accounting-update trigger
Use client-security accounting-update trigger to specify an IP address type to have the accounting-update qualification.
Use undo client-security accounting-update trigger to restore the default.
Syntax
client-security accounting-update trigger { ipv4 | ipv4-ipv6 | ipv6 }
undo client-security accounting-update trigger
Default
The device sends update-accounting requests to the accounting server at the server-assigned or user-defined realtime accounting interval.
Views
Service template view
Predefined user roles
network-admin
Parameters
ipv4: Specifies the IPv4 address type, which indicates that the device triggers accounting update for a client only when the learned IP address of the client changes to an IPv4 address.
ipv4-ipv6: Specifies the IPv4 or IPv6 address type, which indicates that the device triggers accounting update for a client whenever the learned IP address of the client changes.
ipv6: Specifies the IPv6 address type, which indicates that the device triggers accounting update for a client only when the learned IP address of the client changes to an IPv6 address.
Usage guidelines
This command takes effect only when the client-security accounting-start trigger command takes effect.
This command is independent of the periodic realtime-accounting feature. For example, if you configure the accounting-update trigger as client IP addresses changing to IPv6 addresses and set the realtime accounting interval to 12 minutes, both settings take effect. For a client that uses the settings, the device sends update-accounting requests every 12 minutes and triggers accounting update whenever the client IP address changes to an IPv6 address.
To set the realtime accounting interval, use the timer realtime-accounting command.
If you execute this command on a service template that has been enabled, the command takes effect only on subsequent clients. It does not affect clients that have been online since before this command is executed.
Examples
# On service template service1, configure the device to trigger accounting update for a client whenever the client IP address changes to an IPv6 address.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security accounting-update trigger ipv6
Related commands
client-security accounting-start trigger
timer realtime-accounting (Security Command Reference)
client-security authentication critical-vlan
Use client-security authentication critical-vlan to configure a critical VLAN for a service template.
Use undo client-security authentication critical-vlan to restore the default.
Syntax
client-security authentication critical-vlan vlan-id
undo client-security authentication critical-vlan
Default
No critical VLAN exists for a service template.
Views
Service template view
Predefined user roles
Parameters
vlan-id: Specifies the ID of the critical VLAN, in the range of 1 to 4094.
Usage guidelines
The WLAN critical VLAN accommodates clients that have failed WLAN authentication because all RADIUS servers in their ISP domains are unreachable. Clients in the critical VLAN can access a limited set of network resources depending on the configuration.
The authenticator reauthenticates a client in the critical VLAN at the interval of 30 seconds.
· If the client passes the reauthentication, the authenticator assigns the client to the authorization VLAN. If no authorization VLAN is configured, the client is assigned to the initial VLAN.
· If the client fails the reauthentication because all the RADIUS servers are unreachable, the client is still in the critical VLAN.
· If the client fails the reauthentication for any reason other than unreachable servers, the device assigns the client to the Auth-Fail VLAN. If no Auth-Fail VLAN is configured, the device handles the client depending on the intrusion protection setting. If the intrusion protection feature is not configured, the device logs off the client.
The critical VLAN feature does not take effect on clients that use RSNA. When these clients fail authentication because all the RADIUS servers are unreachable, the authenticator directly logs off the clients.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Configure VLAN 10 as the critical VLAN on service template 1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security authentication critical-vlan 10
client-security authentication fail-vlan
Use client-security authentication fail-vlan to configure an Auth-Fail VLAN for a service template.
Use undo client-security authentication fail-vlan to restore the default.
Syntax
client-security authentication fail-vlan vlan-id
undo client-security authentication fail-vlan
Default
No Auth-Fail VLAN exists for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies the ID of the Auth-Fail VLAN, in the range of 1 to 4094. Make sure the VLAN has been created.
Usage guidelines
The WLAN Auth-Fail VLAN accommodates clients that have failed WLAN authentication because of the failure to comply with the organization security strategy. For example, the VLAN accommodates clients that have entered invalid passwords. The Auth-Fail VLAN does not accommodate WLAN clients that have failed authentication for authentication timeouts or network connection problems.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Configure VLAN 10 as the Auth-Fail VLAN on service template 1.
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] client-security authentication fail-vlan 10
client-security authentication-location
Use client-security authentication-location to specify the authenticator for WLAN clients.
Use undo client-security authentication-location to restore the default.
Syntax
client-security authentication-location { ac | ap }
undo client-security authentication-location
Default
The AC acts as the authenticator to authenticate WLAN clients.
Views
Service template view
Predefined user roles
network-admin
Parameters
ac: Specifies the AC as the authenticator.
ap: Specifies the AP as the authenticator.
Usage guidelines
You cannot specify the AP as the authenticator if the AC is configured to forward client data traffic (by using the client forwarding-location command). For information about the client forwarding-location command, see "WLAN access commands."
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Configure the AC as the authenticator for WLAN clients on service template s1.
[Sysname] wlan service-template s1
[Sysname-wlan-st-s1] client-security authentication-location ac
Related commands
client forwarding-location
client-security authentication-mode
Use client-security authentication-mode to set the authentication mode for WLAN clients.
Use undo client-security authentication-mode to restore the default.
Syntax
undo client-security authentication-mode
Default
The WLAN authentication mode is Bypass. The device does not perform authentication for WLAN clients.
Views
Service template view
Predefined user roles
network-admin
Parameters
dot1x: Performs 802.1X authentication only.
dot1x-then-mac: Performs 802.1X authentication first, and then MAC authentication. If the client passes 802.1X authentication, MAC authentication is not performed.
mac: Performs MAC authentication only.
mac-then-dot1x: Performs MAC authentication first, and then 802.1X authentication. If the client passes MAC authentication, 802.1X authentication is not performed.
oui-then-dot1x: Performs OUI authentication first, and then 802.1X authentication. If the client passes OUI authentication, 802.1X authentication is not performed.
Usage guidelines
A service template allows access of multiple authenticated clients in any authentication mode. To set the maximum number of 802.1X clients, use the dot1x max-user command. To set the maximum number of MAC authentication clients, use the mac-authentication max-user command.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Set the authentication mode to mac for WLAN clients on service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security authentication-mode mac
client-security authorization-fail offline
Use client-security authorization-fail offline to enable the authorization-fail-offline feature.
Use undo client-security authorization-fail offline to disable the authorization-fail-offline feature.
Syntax
client-security authorization-fail offline
undo client-security authorization-fail offline
Default
The authorization-fail-offline feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
The authorization-fail-offline feature logs off WLAN clients that fail ACL or user profile authorization.
A WLAN client fails ACL or user profile authorization in the following situations:
· The device or server fails to authorize the specified ACL or user profile to the client.
· The authorized ACL or user profile does not exist.
If this feature is disabled, the device does not log off WLAN clients that fail ACL or user profile authorization. However, the device outputs logs to report the failure.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Enable the authorization-fail-offline feature for service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security authorization-fail offline
client-security ignore-authentication
Use client-security ignore-authentication to configure the device to ignore the 802.1X or MAC authentication failures.
Use undo client-security ignore-authentication to restore the default.
Syntax
client-security ignore-authentication
undo client-security ignore-authentication
Default
The device does not ignore the authentication failures for wireless clients that use 802.1X authentication or RADIUS-based MAC authentication.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command applies to the following clients:
· Clients that use 802.1X authentication.
This command enables the device to ignore the 802.1X authentication failures and allow clients that have failed 802.1X authentication to come online.
· Clients that use both RADIUS-based MAC authentication and portal authentication.
Typically, a client must pass MAC authentication and portal authentication in turn to access network resources. The client provides username and password each time portal authentication is performed.
This command simplifies the authentication process for a client as follows:
¡ If the RADIUS server already records the client's MAC authentication information, the client passes MAC authentication. The device allows the client to access network resources without performing portal authentication.
¡ If the RADIUS server does not record the client's MAC authentication information, the client fails MAC authentication. The device ignores the MAC authentication failure and performs portal authentication for the client. If the client passes portal authentication, it can access network resources. The MAC address of the portal authenticated client will be recorded as MAC authentication information on the RADIUS server.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
For 802.1X clients that use RSN to roam to a new AP, do not use this command.
Examples
# Configure the device to ignore 802.1X or MAC authentication failures on service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security ignore-authentication
client-security ignore-authorization
Use client-security ignore-authorization to configure the device to ignore the authorization information received from the authentication server (a RADIUS server or the local device).
Use undo client-security ignore-authorization to restore the default.
Syntax
client-security ignore-authorization
undo client-security ignore-authorization
Default
The device uses the authorization information from the server.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
After a client passes RADIUS or local authentication, the server performs authorization based on the authorization attributes configured for the user account. For example, the server can assign a VLAN. If you do not want the device to use these authorization attributes for clients, configure this command to ignore the authorization information from the server.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Configure the device to ignore the authorization information from the authentication server for service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security ignore-authorization
client-security intrusion-protection action
Use client-security intrusion-protection action to configure the intrusion protection action that the device takes when intrusion protection detects illegal frames.
Use undo client-security intrusion-protection action to restore the default.
Syntax
undo client-security intrusion-protection action
Default
The intrusion protection action is temporary-block.
Views
Service template view
Predefined user roles
network-admin
Parameters
service-stop: Stops the BSS where an illegal frame is received until the BSS is enabled manually on the radio interface.
temporary-block: Adds the source MAC address of an illegal frame to the blocked MAC address list for a period. To set the period, use the client-security intrusion-protection timer temporary-block command.
temporary-service-stop: Stops the BSS where an illegal frame is received for a period. To set the period, use the client-security intrusion-protection timer temporary-service-stop command.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
For this command to take effect, you must also use the client-security intrusion-protection enable command to enable the intrusion protection feature.
Examples
# Configure the device to stop the BSS where intrusion protection detects illegal frames for service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security intrusion-protection enable
[Sysname-wlan-st-service1] client-security intrusion-protection action service-stop
Related commands
client-security intrusion-protection enable
client-security intrusion-protection timer temporary-block
client-security intrusion-protection timer temporary-service-stop
client-security intrusion-protection enable
Use client-security intrusion-protection enable to enable the intrusion protection feature.
Use undo client-security intrusion-protection enable to disable the intrusion protection feature.
Syntax
client-security intrusion-protection enable
undo client-security intrusion-protection enable
Default
The intrusion protection feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
When the device receives an association request from an illegal client, the device takes the predefined protection action on the BSS where the request is received. A client is illegal if its MAC address fails WLAN authentication. To set the protection action, use the client-security intrusion-protection action command.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Enable the intrusion protection feature for service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security intrusion-protection enable
Related commands
client-security intrusion-protection action
client-security intrusion-protection timer temporary-block
Use client-security intrusion-protection timer temporary-block to set the period during which a MAC address is blocked by intrusion protection.
Use undo client-security intrusion-protection timer temporary-block to restore the default.
Syntax
client-security intrusion-protection timer temporary-block time
undo client-security intrusion-protection timer temporary-block
Default
An illegal MAC address is blocked for 180 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
time: Specifies the period during which a MAC address is blocked. The value range is 60 to 300 seconds.
Usage guidelines
This command takes effect only when the intrusion protection action is temporary-block.
If you change the blocking period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.
Examples
# Configure service template service1 to block illegal MAC addresses for 120 seconds.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security intrusion-protection enable
[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-block
[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-block 120
Related commands
client-security intrusion-protection action
client-security intrusion-protection enable
client-security intrusion-protection timer temporary-service-stop
Use client-security intrusion-protection timer temporary-service-stop to set the BSS silence period for intrusion protection.
Use undo client-security intrusion-protection timer temporary-service-stop to restore the default.
Syntax
client-security intrusion-protection timer temporary-service-stop time
undo client-security intrusion-protection timer temporary-service-stop
Default
The BSS silence period for intrusion protection is 20 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
time: Specifies the period during which a BSS is disabled. The value range is 10 to 300 seconds.
Usage guidelines
This command takes effect only when the intrusion protection action is temporary-service-stop.
If you change the BSS silence period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.
Examples
# Set the BSS silence period to 30 seconds for intrusion protection on service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security intrusion-protection enable
[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-service-stop
[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-service-stop 30
Related commands
client-security intrusion-protection action
client-security intrusion-protection enable
display wlan client-security block-mac
Use display wlan client-security block-mac to display blocked MAC address information for WLAN clients.
Syntax
display wlan client-security block-mac [ ap ap-name [ radio radio-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and minus signs (-). If you do not specify this option, the command displays information about all blocked MAC addresses.
radio radio-id: Specifies a radio by its ID. The value range for the radio-id argument varies by AP model. If you do not specify this option, the command displays blocked MAC address information for all radios on the specified AP.
Usage guidelines
A MAC address that fails authentication is added to the blocked MAC address list when the intrusion protection action is temporary-block.
Examples
# Display information about all blocked MAC addresses.
<Sysname> display wlan client-security block-mac
MAC address AP ID RADIO ID BSSID
0002-0002-0002 1 1 00ab-0de1-0001
000d-88f8-0577 1 1 0ef1-0001-02c1
Total entries: 2
Table 38 Command output
Field |
Description |
MAC address |
Blocked MAC address, in the format of H-H-H. |
AP ID |
AP ID of the blocked MAC address. |
RADIO ID |
Radio ID of the blocked MAC address. |
BSSID |
BSS ID of the blocked MAC address, in the format of H-H-H. |
Number of blocked MAC addresses. |
Related commands:
client-security intrusion-protection action
client-security intrusion-protection timer temporary-block
dot1x domain
Use dot1x domain to specify an authentication domain for 802.1X clients on a service template.
Use undo dot1x domain to restore the default.
Syntax
Default
No authentication domain is specified for 802.1X clients on a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
802.1X chooses an authentication domain for WLAN clients in the following order:
1. Authentication domain specified on the service template.
2. Domain specified by username.
3. Default authentication domain.
Examples
# Specify ISP domain my-domain as the authentication domain for 802.1X clients on service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x domain my-domain
dot1x eap
Use dot1x eap to specify the EAP mode for 802.1X authentication.
Use undo dot1x eap to restore the default.
Syntax
dot1x eap { extended | standard }
undo dot1x eap
Default
The EAP mode is standard for 802.1X authentication.
Views
Service template view
Predefined user roles
network-admin
Parameters
extended: Specifies the extended EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the proprietary EAP protocol.
standard: Specifies the standard EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the standard EAP protocol.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
When you configure this command, specify the extended keyword for iNode clients and the standard keyword for other clients.
This command is required only when an IMC server is used as the RADIUS server.
Examples
# Set the EAP mode to extended for service template 1.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] dot1x eap extended
dot1x handshake enable
Use dot1x handshake enable to enable the 802.1X online user handshake feature.
Use undo dot1x handshake enable to disable the 802.1X online user handshake feature.
Syntax
Default
The 802.1X online user handshake feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
The online user handshake feature checks the connection status of online 802.1X clients by periodically sending handshake messages to the clients. The device sets a client to the offline state if it does not receive responses from the client after making the maximum handshake attempts within the handshake timer. To set the handshake timer, use the dot1x timer handshake-period command. To set the maximum handshake attempts, use the dot1x retry command.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Enable the online user handshake feature for 802.1X clients on service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x handshake enable
Related commands
dot1x handshake secure enable
dot1x retry (Security Command Reference)
dot1x timer handshake-period (Security Command Reference)
dot1x handshake secure enable
Use dot1x handshake secure enable to enable the 802.1X online user handshake security feature.
Use undo dot1x handshake secure enable to disable the 802.1X online user handshake security feature.
Syntax
undo dot1x handshake secure enable
Default
The 802.1X online user handshake security feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
For the 802.1X online user handshake security feature to take effect, you must enable the 802.1X online user handshake feature.
The online user handshake security feature protects only authenticated online 802.1X clients.
Examples
# Enable the 802.1X online user handshake security feature on service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x handshake enable
[Sysname-wlan-st-service1] dot1x handshake secure enable
Related commands
dot1x max-user
Use dot1x max-user to set the maximum number of concurrent 802.1X clients on a service template.
Use undo dot1x max-user to restore the default.
Syntax
Default
A maximum of 4096 concurrent 802.1X clients are allowed on a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum number of concurrent 802.1X clients. The value range is 1 to 4096.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
When the maximum number is reached, the service template denies subsequent 802.1X clients.
Examples
# Set the maximum number of concurrent 802.1X clients to 32 on service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x max-user 500
dot1x re-authenticate enable
Use dot1x re-authenticate enable to enable the 802.1X periodic online user reauthentication feature.
Use undo dot1x re-authenticate enable to disable the 802.1X periodic online user reauthentication feature.
Syntax
undo dot1x re-authenticate enable
Default
The 802.1X periodic online user reauthentication feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
Periodic reauthentication enables the device to periodically authenticate online 802.1X clients on a service template. This feature checks the connection status of online clients and updates the authorization attributes assigned by the server, such as the ACL, VLAN, and user profile.
You can use the dot1x timer reauth-period command to configure the interval for reauthentication.
The server-assigned session timeout timer (Session-Timeout attribute) and termination action (Termination-Action attribute) can affect the periodic online user reauthentication feature. To display the server-assigned Session-Timeout and Termination-Action attributes, use the display dot1x connection command (see Security Command Reference).
· If the termination action is Default (logoff), periodic online user reauthentication on the template takes effect only when the periodic reauthentication timer is shorter than the session timeout timer.
· If the termination action is Radius-request, the periodic online user reauthentication configuration on the template does not take effect. The device reauthenticates the online 802.1X clients after the session timeout timer expires.
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
Examples
# Enable the 802.1X periodic online user reauthentication feature on service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] dot1x re-authenticate enable
Related commands
dot1x timer (Security Command Reference)
mac-authentication domain
Use mac-authentication domain to specify an authentication domain for MAC authentication clients on a service template.
Use undo mac-authentication domain to restore the default.
Syntax
mac-authentication domain domain-name
undo mac-authentication domain
Default
No authentication domain is specified for MAC authentication clients on a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
MAC authentication chooses an authentication domain for WLAN clients in the following order:
1. Authentication domain specified on the service template.
2. Global authentication domain specified in system view.
3. Default authentication domain.
Examples
# Specify ISP domain my-domain as the authentication domain for MAC authentication clients on service template service1.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] mac-authentication domain my-domain
mac-authentication max-user
Use mac-authentication max-user to set the maximum number of concurrent MAC authentication clients on a service template.
Use undo mac-authentication max-user to restore the default.
Syntax
mac-authentication max-user count
undo mac-authentication max-user
Default
A maximum of 4096 concurrent MAC authentication clients are allowed on a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum number of concurrent MAC authentication clients. The value range for this argument is 1 to 4096.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.
When the maximum number is reached, the service template denies subsequent MAC authentication clients.
Examples
# Configure service template service1 to support a maximum of 32 concurrent MAC authentication clients.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] mac-authentication max-user 32
WIPS commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
access-scan enable
Use access-scan enable to configure APs to perform WIPS scanning while providing access services.
Use undo access-scan enable to disable APs from performing WIPS scanning while providing access services.
Syntax
Default
APs do not perform WIPS scanning while they are providing access services.
Views
WIPS view
Predefined user roles
network-admin
Usage guidelines
This command enhances the WIPS detection and protection capabilities but decreases the access service capability.
Examples
# Configure APs to perform WIPS scanning while providing access services.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] access-scan enable
ap-channel-change
Use ap-channel-change to configure channel change detection.
Use undo ap-channel-change to disable channel change detection.
Syntax
ap-channel-change [ quiet quiet-value ]
undo ap-channel-change
Default
Channel change detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a channel change. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a channel change within the quiet time.
Examples
# Configure channel change detection.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-channel-change quiet 5
ap-classification rule
Use ap-classification rule to create an AP classification rule and enter its view, or enter the view of an existing AP classification rule.
Use undo ap-classification rule to remove an AP classification rule.
Syntax
ap-classification rule rule-id
undo ap-classification rule rule-id
Default
No AP classification rules exist.
Views
WIPS view
Predefined user roles
network-admin
Parameters
rule-id: Specifies an AP classification rule ID in the range of 1 to 65535.
Examples
# Create AP classification rule 1 and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
ap-flood
Use ap-flood to configure AP flood attack detection.
Use undo ap-flood to disable AP flood attack detection.
Syntax
ap-flood [ apnum apnum-value | exceed exceed-value | quiet quiet-value ] *
undo ap-flood
Default
AP flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
apnum apnum-value: Specifies the AP number threshold in the range of 10 to 200. The default AP number threshold is 80.
exceed exceed-value: Specifies the maximum number of excessive APs allowed. The value range for the exceed-value argument is 10 to 200 and the default value is 80. If the number of APs exceeds the sum of the AP number threshold and the maximum number of excessive APs allowed, WIPS triggers an AP flood attack alarm.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP flood attack within the quiet time.
Examples
# Enable AP flood attack detection, and set the apnum-value, exceed-value, and quiet-value arguments to 50, 50, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-flood apnum 50 exceed 50 quiet 100
ap-impersonation
Use ap-impersonation to configure AP impersonation attack detection.
Use undo ap-impersonation to disable AP impersonation attack detection.
Syntax
ap-impersonation [ quiet quiet-value ]
undo ap-impersonation
Default
AP impersonation attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP impersonation attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP impersonation attack within the quiet time.
Examples
# Enable AP impersonation attack detection, and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-impersonation quiet 360
apply ap-classification rule
Use apply ap-classification rule to bind an AP classification rule to a classification policy.
Use undo apply ap-classification rule to cancel the configuration.
Syntax
apply ap-classification rule rule-id { authorized-ap | { { external-ap | misconfigured-ap | rogue-ap } [ severity-level level ] } }
undo apply ap-classification rule rule-id
Default
No AP classification rule is bound to a classification policy.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
rule-id: Specifies an AP classification rule by its ID in the range of 1 to 65535.
authorized-ap: Specifies APs that match the AP classification rule as authorized APs.
external-ap: Specifies APs that match the AP classification rule as external APs.
misconfigured-ap: Specifies APs that match the AP classification rule as misconfigured APs.
rogue-ap: Specifies APs that match the AP classification rule as rogue APs.
level: Specifies a severity level for the AP that matches the AP classification rule, in the range of 1 to 100. The default severity level is 50.
Examples
# Bind AP classification rule 1 to classification policy home, specify APs that match AP classification rule 1 as rogue APs, and set the severity level to 80.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] apply ap-classification rule 1 rogue-ap severity-level 80
Related commands
ap-classification rule
apply classification policy
Use apply classification policy to apply a classification policy to a virtual security domain (VSD).
Use undo apply classification policy to remove a classification policy from a VSD.
Syntax
apply classification policy policy-name
undo apply classification policy policy-name
Default
No classification policy is applied to a VSD.
Views
VSD view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a classification policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply classification policy policy1 to VSD home.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain home
[Sysname-wips-vsd-home] apply classification policy policy1
apply countermeasure policy
Use apply countermeasure policy to apply a countermeasure policy to a VSD.
Use undo apply countermeasure policy to remove a countermeasure policy from a VSD.
Syntax
apply countermeasure policy policy-name
undo apply countermeasure policy policy-name
Default
No countermeasure policy is applied to a VSD.
Views
VSD view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a countermeasure policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply countermeasure policy policy2 to VSD home.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain home
[Sysname-wips-vsd-home] apply countermeasure policy policy2
apply detect policy
Use apply detect policy to apply an attack detection policy to a VSD.
Use undo apply detect policy to remove an attack detection policy from a VSD.
Syntax
apply detect policy policy-name
undo apply detect policy policy-name
Default
No attack detection policy is applied to a VSD.
Views
VSD view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an attack detection policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply attack detection policy policy2 to VSD home.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain home
[Sysname-wips-vsd-home] apply detect policy policy2
apply signature policy
Use apply signature policy to apply a signature policy to a VSD.
Use undo apply signature policy to remove a signature policy from a VSD.
Syntax
apply signature policy policy-name
undo apply signature policy policy-name
Default
No signature policy is applied to a VSD.
Views
VSD view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a signature policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Apply signature policy policy1 to VSD home.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain home
[Sysname-wips-vsd-home] apply signature policy policy1
apply signature rule
Use apply signature rule to bind a signature to a signature policy.
Use undo apply signature rule to unbind a signature from a signature policy.
Syntax
apply signature rule rule-id
undo apply signature rule rule-id
Default
No signature is bound to a signature policy.
Views
Signature policy view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a signature by its ID in the range of 1 to 65535.
Examples
# Bind signature 1 to signature policy office.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature policy office
[Sysname-wips-sig-office] apply signature rule 1
ap-rate-limit
Use ap-rate-limit to rate limit AP entry learning.
Use undo ap-rate-limit to restore the default.
Syntax
ap-rate-limit [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo ap-rate-limit
Default
The statistics collection interval for learned AP entries is 60 seconds, the quiet time is 1200 seconds, and the AP entry threshold is 64.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for learned AP entries, in the range of 1 to 3600 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP entry attack. The value range for the quiet-value argument is 1200 to 3600 seconds. WIPS stops learning new entries and does not trigger an alarm even if it detects an AP entry attack within the quiet time.
threshold threshold-value: Specifies the number of AP entries that triggers an AP entry attack alarm. The value range for the threshold-value argument is 1 to 4096.
Examples
# Rate limit AP entry learning, and set the interval-value, quiet-value, and threshold-value arguments to 60, 1600, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-rate-limit interval 60 quiet 1600 threshold 100
ap-spoofing
Use ap-spoofing to enable AP spoofing attack detection.
Use undo ap-spoofing to disable AP spoofing attack detection.
Syntax
ap-spoofing [ quiet quiet-value ]
undo ap-spoofing
Default
AP spoofing attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP spoofing attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP spoofing attack within the quiet time.
Examples
# Enable AP spoofing attack detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-spoofing quiet 360
ap-timer
Use ap-timer to set an AP entry timer.
Use undo ap-timer to restore the default.
Syntax
ap-timer inactive inactive-value aging aging-value
undo ap-timer
Default
The inactive time is 300 seconds, and the aging time is 600 seconds.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
inactive inactive-value: Specifies the inactive time in the range of 60 to 1200 seconds. When an AP does not receive or send frames within the specified inactive time, WIPS sets the AP to inactive state.
aging aging-value: Specifies the aging time for an AP entry, in the range of 120 to 86400 seconds. When an AP does not receive or send frames within the specified aging time, WIPS deletes the entry. The aging time must be greater than the inactive time.
Examples
# Set the inactive time to 120 seconds and the aging time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ap-timer inactive 120 aging 360
association-table-overflow
Use association-table-overflow to configure association/reassociation DoS attack detection.
Use undo association-table-overflow to disable association/reassociation DoS attack detection.
Syntax
association-table-overflow [ quiet quiet-value ]
undo association-table-overflow
Default
Association/reassociation DoS attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an association/reassociation DoS attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an association/reassociation DoS attack within the quiet time.
Examples
# Enable association/reassociation DoS attack detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] association-table-overflow quiet 100
authentication
Use authentication to configure an AP classification rule to match APs by authentication mode.
Use undo authentication to restore the default.
Syntax
authentication { equal | include } { 802.1x | none | other | psk }
undo authentication
Default
An AP classification rule does not match APs by authentication mode.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
equal: Matches authentication modes equal to the specified authentication mode.
include: Matches authentication modes that include the specified authentication mode.
802.1x: Specifies the 802.1X authentication mode.
none: Specifies no authentication.
other: Specifies an authentication mode other than 802.1X and PSK.
psk: Specifies the PSK authentication mode.
Examples
# Configure AP classification rule 1 to match APs that use the PSK authentication mode.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] authentication equal psk
block mac-address
Use block mac-address to add the MAC address of an AP or client to the static prohibited device list.
Use undo block mac-address to remove one or all MAC addresses from the static prohibited device list.
Syntax
block mac-address mac-address
undo block mac-address { mac-address | all }
Default
No MAC address is added to the static prohibited device list.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
mac-address: Specifies an AP or client by its MAC address, in the H-H-H format.
all: Specifies all MAC addresses.
Examples
# Add MAC address 78AC-C0AF-944F to the static prohibited device list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] block mac-address 78AC-C0AF-944F
classification policy
Use classification policy to create a classification policy and enter its view, or enter the view of an existing classification policy.
Use undo classification policy to remove a classification policy.
Syntax
classification policy policy-name
undo classification policy policy-name
Default
No classification policies exist.
Views
WIPS view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a classification policy name, a case-sensitive string of 1 to 63 characters.
Examples
# Create classification policy home and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home]
client-online
Use client-online to configure an AP classification rule to match APs by number of associated clients.
Use undo client-online to restore the default.
Syntax
client-online value1 [ to value2 ]
undo client-online
Default
An AP classification rule does not match APs by number of associated clients.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
value1 to value2: Specifies a value range for the number of associated clients for APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 128 for both the value1 and value2 arguments, and value2 must be greater than value1.
Examples
# Configure AP classification rule 1 to match APs with 20 to 40 associated clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] client-online 20 to 40
client-rate-limit
Use client-rate-limit to rate limit client entry learning.
Use undo client -rate-limit to restore the default.
Syntax
client-rate-limit [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo client-rate-limit
Default
The statistics collection interval for learned client entries is 60 seconds, the quiet time is 1200 seconds, and the client entry threshold is 512.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for learned client entries, in the range of 1 to 3600 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a client entry attack. The value range for the quiet-value argument is 1200 to 3600 seconds. WIPS stops learning new entries and does not trigger an alarm even if it detects a client entry attack within the quiet time.
threshold threshold-value: Specifies the number of client entries that triggers a client entry attack alarm. The value range for the threshold-value argument is 1 to 4096.
Examples
# Rate limit client entry learning, and set the interval-value, quiet-value, and threshold-value arguments to 80, 1600, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] client-rate-limit interval 80 threshold 100 quiet 1600
client-spoofing
Use client-spoofing to enable client spoofing attack detection.
Use undo client-spoofing to disable client spoofing attack detection.
Syntax
client-spoofing [ quiet quiet-value ]
undo client-spoofing
Default
Client spoofing attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a client spoofing attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a client spoofing attack within the quiet time.
Examples
# Enable client spoofing attack detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] client-spoofing quiet 360
client-timer
Use client-timer to set a client entry timer.
Use undo client-timer to restore the default.
Syntax
client-timer inactive inactive-value aging aging-value
undo client-timer
Default
The inactive time is 300 seconds, and the aging time is 600 seconds.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
inactive inactive-value: Specifies the inactive time in the range of 60 to 1200 seconds. When a client does not receive or send frames within the specified inactive time, WIPS sets the client to inactive state.
aging aging-value: Specifies the aging time for a client entry, in the range of 120 to 86400 seconds. When a client does not receive or send frames within the specified aging time, WIPS deletes the entry. The aging time must be greater than the inactive time.
Examples
# Set the inactive time to 120 seconds, and set the aging time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] client-timer inactive 120 aging 360
countermeasure adhoc
Use countermeasure adhoc to enable WIPS to take countermeasures against Ad hoc devices.
Use undo countermeasure adhoc to restore the default.
Syntax
countermeasure adhoc
undo countermeasure adhoc
Default
WIPS does not take countermeasures against Ad hoc devices.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against Ad hoc devices.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure adhoc
countermeasure attack all
Use countermeasure attack all to enable WIPS to take countermeasures against all attackers.
Use undo countermeasure attack all to restore the default.
Syntax
countermeasure attack all
undo countermeasure attack all
Default
WIPS does not take countermeasures against all attackers.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against all attackers.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack all
countermeasure attack deauth-broadcast
Use countermeasure attack deauth-broadcast to enable WIPS to take countermeasures against devices that launch broadcast deauthentication attacks.
Use undo countermeasure deauth-broadcast to restore the default.
Syntax
countermeasure attack deauth-broadcast
undo countermeasure attack deauth-broadcast
Default
WIPS does not take countermeasures against devices that launch broadcast deauthentication attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch broadcast deauthentication attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack deauth-broadcast
countermeasure attack disassoc-broadcast
Use countermeasure attack disassoc-broadcast to enable WIPS to take countermeasures against devices that launch broadcast disassociation attacks.
Use undo countermeasure attack disassoc-broadcast to restore the default.
Syntax
countermeasure attack disassoc-broadcast
undo countermeasure attack disassoc-broadcast
Default
WIPS does not take countermeasures against devices that launch broadcast disassociation attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch broadcast disassociation attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack disassoc-broadcast
countermeasure attack honeypot-ap
Use countermeasure attack honeypot-ap to enable WIPS to take countermeasures against honeypot APs.
Use undo countermeasure attack honeypot-ap to restore the default.
Syntax
countermeasure attack honeypot-ap
undo countermeasure attack honeypot-ap
Default
WIPS does not take countermeasures against honeypot APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against honeypot APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack honeypot-ap
countermeasure attack hotspot-attack
Use countermeasure attack hotspot-attack to enable WIPS to take countermeasures against devices that launch hotspot attacks.
Use undo countermeasure attack hotspot-attack to restore the default.
Syntax
countermeasure attack hotspot-attack
undo countermeasure attack hotspot-attack
Default
WIPS does not take countermeasures against devices that launch hotspot attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch hotspot attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack hotspot-attack
countermeasure attack ht-40-mhz-intolerance
Use countermeasure attack ht-40-mhz-intolerance to enable WIPS to take countermeasures against devices with the 40 MHz bandwidth mode disabled.
Use undo countermeasure attack ht-40-mhz-intolerance to restore the default.
Syntax
countermeasure attack ht-40-mhz-intolerance
undo countermeasure attack ht-40-mhz-intolerance
Default
WIPS does not take countermeasures against devices with the 40 MHz bandwidth mode disabled.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices with the 40 MHz bandwidth mode disabled.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack ht-40-mhz-intolerance
countermeasure attack malformed-packet
Use countermeasure attack malformed-packet to enable WIPS to take countermeasures against devices that send malformed packets.
Use undo countermeasure attack malformed-packet to restore the default.
Syntax
countermeasure attack malformed-packet
undo countermeasure attack malformed-packet
Default
WIPS does not take countermeasures against devices that send malformed packets.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that send malformed packets.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack malformed-packet
countermeasure attack man-in-the-middle
Use countermeasure attack man-in-the-middle to enable WIPS to take countermeasures against devices that launch MITM attacks.
Use undo countermeasure attack man-in-the-middle to restore the default.
Syntax
countermeasure attack man-in-the-middle
undo countermeasure attack man-in-the-middle
Default
WIPS does not take countermeasures against devices that launch MITM attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch MITM attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack man-in-the-middle
countermeasure attack omerta
Use countermeasure attack omerta to enable WIPS to take countermeasures against devices that launch Omerta attacks.
Use undo countermeasure attack omerta to restore the default.
Syntax
countermeasure attack omerta
undo countermeasure attack omerta
Default
WIPS does not take countermeasures against devices that launch Omerta attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch Omerta attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack omerta
countermeasure attack power-save
Use countermeasure attack power-save to enable WIPS to take countermeasures against devices that launch power save attacks.
Use undo countermeasure attack power-save to restore the default.
Syntax
countermeasure attack power-save
undo countermeasure attack power-save
Default
WIPS does not take countermeasures against devices that launch power save attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch power save attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack power-save
countermeasure attack soft-ap
Use countermeasure attack soft-ap to enable WIPS to take countermeasures against soft APs.
Use undo countermeasure attack soft-ap to restore the default.
Syntax
countermeasure attack soft-ap
undo countermeasure attack soft-ap
Default
WIPS does not take countermeasures against soft APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against soft APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack soft-ap
countermeasure attack unencrypted-trust-client
Use countermeasure attack unencrypted-trust-client to enable WIPS to take countermeasures against unencrypted authorized clients.
Use undo countermeasure attack unencrypted-trust-client to restore the default.
Syntax
countermeasure attack unencrypted-trust-client
undo countermeasure attack unencrypted-trust-client
Default
WIPS does not take countermeasures against unencrypted authorized clients.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against unencrypted authorized clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack unencrypted-trust-client
countermeasure attack weak-iv
Use countermeasure attack weak-iv to enable WIPS to take countermeasures against devices that use weak IVs.
Use undo countermeasure weak-iv to restore the default.
Syntax
countermeasure attack weak-iv
undo countermeasure attack weak-iv
Default
WIPS does not take countermeasures against devices that use weak IVs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that use weak IVs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack weak-iv
countermeasure attack windows-bridge
Use countermeasure attack windows-bridge to enable WIPS to take countermeasures against devices that launch Windows bridge attacks.
Use undo countermeasure attack windows-bridge to restore the default.
Syntax
countermeasure attack windows-bridge
undo countermeasure attack windows-bridge
Default
WIPS does not take countermeasures against devices that launch Windows bridge attacks.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against devices that launch Windows bridge attacks.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure attack windows-bridge
countermeasure external-ap
Use countermeasure external-ap to enable WIPS to take countermeasures against external APs.
Use undo countermeasure external-ap to restore the default.
Syntax
countermeasure external-ap
undo countermeasure external-ap
Default
WIPS does not take countermeasures against external APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against external APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure external-ap
countermeasure mac-address
Use countermeasure mac-address to enable WIPS to take countermeasures against the device with the specified MAC address.
Use undo countermeasure mac-address to remove the configuration.
Syntax
countermeasure mac-address mac-address
undo countermeasure mac-address { mac-address | all }
Default
WIPS does not take countermeasures against detected devices.
Views
Countermeasure policy view
Predefined user roles
network-admin
Parameters
mac-address: Specifies an AP or a client by its MAC address in the H-H-H format.
all: Specifies all APs and clients.
Usage guidelines
You can configure this command multiple times to enable WIPS to take countermeasures against multiple devices.
Examples
# Enable WIPS to take countermeasures against the device with MAC address 2a11-1fa1-141f.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure mac-address 2a11-1fa1-141f
countermeasure misassociation-client
Use countermeasure misassociation-client to enable WIPS to take countermeasures against misassociated clients.
Use undo countermeasure misassociation-client to restore the default.
Syntax
countermeasure misassociation-client
undo countermeasure misassociation-client
Default
WIPS does not take countermeasures against misassociated clients.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against misassociated clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure misassociation-client
countermeasure misconfigured-ap
Use countermeasure misconfigured-ap to enable WIPS to take countermeasures against misconfigured APs.
Use undo countermeasure misconfigured-ap to restore the default.
Syntax
countermeasure misconfigured-ap
undo countermeasure misconfigured-ap
Default
WIPS does not take countermeasures against misconfigured APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against misconfigured APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure misconfigured-ap
countermeasure policy
Use countermeasure policy to create a countermeasure policy and enter its view, or enter the view of an existing countermeasure policy.
Use undo countermeasure policy to remove a countermeasure policy.
Syntax
countermeasure policy policy-name
undo countermeasure policy policy-name
Default
No countermeasure policies exist.
Views
WIPS view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a countermeasure policy by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Create countermeasure policy home and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home]
countermeasure potential-authorized-ap
Use countermeasure potential-authorized-ap to enable WIPS to take countermeasures against potential-authorized APs.
Use undo countermeasure potential-authorized-ap to restore the default.
Syntax
countermeasure potential-authorized-ap
undo countermeasure potential-authorized-ap
Default
WIPS does not take countermeasures against potential-authorized APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against potential-authorized APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure potential-authorized-ap
countermeasure potential-external-ap
Use countermeasure potential-external-ap to enable WIPS to take countermeasures against potential-external APs.
Use undo countermeasure potential-external-ap to restore the default.
Syntax
countermeasure potential-external-ap
undo countermeasure potential-external-ap
Default
WIPS does not take countermeasures against potential-external APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against potential-external APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure potential-external-ap
countermeasure potential-rogue-ap
Use countermeasure potential-rogue-ap to enable WIPS to take countermeasures against potential-rogue APs.
Use undo countermeasure potential-rogue-ap to restore the default.
Syntax
countermeasure potential-rogue-ap
undo countermeasure potential-rogue-ap
Default
WIPS does not take countermeasures against potential-rogue APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against potential-rogue APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure potential-rogue-ap
countermeasure rogue-ap
Use countermeasure rogue-ap to enable WIPS to take countermeasures against rogue APs.
Use undo countermeasure rogue-ap to restore the default.
Syntax
countermeasure rogue-ap
undo countermeasure rogue-ap
Default
WIPS does not take countermeasures against rogue APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against rogue APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure rogue-ap
countermeasure unauthorized-client
Use countermeasure unauthorized-client to enable WIPS to take countermeasures against unauthorized clients.
Use undo countermeasure unauthorized-client to restore the default.
Syntax
countermeasure unauthorized-client
undo countermeasure unauthorized-client
Default
WIPS does not take countermeasures against unauthorized clients.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against unauthorized clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure unauthorized-client
countermeasure uncategorized-ap
Use countermeasure uncategorized-ap to enable WIPS to take countermeasures against uncategorized APs.
Use undo countermeasure uncategorized-ap to restore the default.
Syntax
countermeasure uncategorized-ap
undo countermeasure uncategorized-ap
Default
WIPS does not take countermeasures against uncategorized APs.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against uncategorized APs.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure uncategorized-ap
countermeasure uncategorized-client
Use countermeasure uncategorized-client to enable WIPS to take countermeasures against uncategorized clients.
Use undo countermeasure uncategorized-client to restore the default.
Syntax
countermeasure uncategorized-client
undo countermeasure uncategorized-client
Default
WIPS does not take countermeasures against uncategorized clients.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable WIPS to take countermeasures against uncategorized clients.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-cms-home] countermeasure uncategorized-client
deauthentication-broadcast
Use deauthentication-broadcast to configure broadcast deauthentication attack detection.
Use undo deauthentication-broadcast to disable broadcast deauthentication attack detection.
Syntax
deauthentication-broadcast [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo deauthentication-broadcast
Default
Broadcast deauthentication attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for broadcast deauthentication frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a broadcast deauthentication attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a broadcast deauthentication attack within the quiet time.
threshold threshold-value: Specifies the number of broadcast deauthentication frames that triggers a broadcast deauthentication attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable broadcast deauthentication attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] deauthentication-broadcast interval 100 threshold 100 quiet 360
deauth-spoofing
Use deauth-spoofing to configure spoof deauthentication frame detection.
Use undo deauth-spoofing to disable spoof deauthentication frame detection.
Syntax
deauth-spoofing [ quiet quiet ]
undo deauth-spoofing
Default
Spoof deauthentication frame detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet: Specifies the quiet time after WIPS triggers an alarm upon a spoof deauthentication frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects spoof deauthentication frames within the quiet time.
Examples
# Enable spoof deauthentication frame detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] deauth-spoofing quiet 100
detect policy
Use detect policy to create an attack detection policy and enter its view, or enter the view of an existing attack detection policy.
Use undo detect policy to remove an attack detection policy.
Syntax
detect policy policy-name
undo detect policy policy-name
Default
No attack detection policies exist.
Views
WIPS view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an attack detection policy name, a case-sensitive string of 1 to 63 characters.
Examples
# Create attack detection policy home and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home]
detect signature
Use detect signature to enable signature-based attack detection.
Use undo detect signature to disable signature-based attack detection.
Syntax
detect signature [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo detect
Default
Signature-based attack detection is enabled.
Views
Signature policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for packets that match a signature. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an attack within the quiet time.
threshold threshold-value: Specifies the number of packets matching a signature that triggers an user-attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable WIPS to detect packets that match a signature, and set the interval-value, threshold-value, and quiet-value arguments to 60, 100, and 360, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature policy home
[Sysname-wips-sig-home] detect signature interval 60 threshold 100 quiet 360
disassociation-broadcast
Use disassociation-broadcast to configure broadcast disassociation attack detection.
Use undo disassociation-broadcast to disable broadcast disassociation attack detection.
Syntax
disassociation-broadcast [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo disassociation-broadcast
Default
Broadcast disassociation attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for broadcast disassociation frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a broadcast disassociation attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a broadcast disassociation attack within the quiet time.
threshold threshold-value: Specifies the number of broadcast disassociation frames that triggers a broadcast disassociation attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable broadcast disassociation attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] disassociation-broadcast interval 100 threshold 100 quiet 360
discovered-ap
Use discovered-ap to configure an AP classification rule to match APs by number of sensors that detect the APs.
Use undo discovered-ap to restore the default.
Syntax
discovered-ap value1 [ to value2 ]
undo discovered-ap
Default
An AP classification rule does not match APs by number of sensors that detect the APs.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
value1 to value2: Specifies a value range for the number of sensors that detect an AP. The value 1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 1 to 128 for both the value1 and value2 arguments, and value2 must be greater than value1.
Examples
# Configure AP classification rule 1 to match APs that are detected by 10 to 128 sensors.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] discovered-ap 10 to 128
display wips sensor
Use display wips sensor to display information about all sensors.
Syntax
display wips sensor
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about all sensors.
<Sysname> display wips sensor
Total number of sensors: 1
Sensor ID Sensor name VSD name Radio ID Status
3 ap1 aaa 1 Active
Table 39 Command output
Field |
Description |
VSD name |
Name of the VSD to which the AP belongs. |
Radio ID |
ID of the radio enabled with WIPS. |
Status |
Status of the sensor: · Active—The sensor is enabled with WIPS. · Inactive—The sensor is not enabled with WIPS. |
display wips statistics
Use display wips statistics to display attack detection statistics information collected from sensors.
Syntax
display wips statistics [ receive | virtual-security-domain vsd-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
receive: Displays attack detection statistics information that the AC receives from sensors in all VSDs.
virtual-security-domain vsd-name: Displays attack detection statistics information that the AC receives from sensors in the specified VSD.
Examples
# Display attack detection statistics information collected from sensors in all VSDs.
<Sysname> display wips statistics receive
Information from sensor 3
Information about attack statistics:
Detected association-request flood messages: 0
Detected authentication flood messages: 0
Detected beacon flood messages: 0
Detected block-ack flood messages: 0
Detected cts flood messages: 0
Detected deauthentication flood messages: 0
Detected disassociation flood messages: 0
Detected eapol-start flood messages: 0
Detected null-data flood messages: 0
Detected probe-request flood messages: 0
Detected reassociation-request flood messages: 0
Detected rts flood messages: 0
Detected eapol-logoff flood messages: 0
Detected eap-failure flood messages: 0
Detected eap-success flood messages: 0
Detected duplicated-ie messages: 0
Detected fata-jack messages: 0
Detected illegal-ibss-ess messages: 0
Detected invalid-address-combination messages: 0
Detected invalid-assoc-req messages: 0
Detected invalid-auth messages: 0
Detected invalid-deauth-code messages: 0
Detected invalid-disassoc-code messages: 0
Detected invalid-ht-ie messages: 0
Detected invalid-ie-length messages: 0
Detected invalid-pkt-length messages: 0
Detected large-duration messages: 0
Detected null-probe-resp messages: 0
Detected overflow-eapol-key messages: 0
Detected overflow-ssid messages: 0
Detected redundant-ie messages: 0
Detected AP spoof AP messages: 0
Detected AP spoof client messages: 0
Detected AP spoof ad-hoc messages: 0
Detected ad-hoc spoof AP messages: 0
Detected client spoof AP messages: 0
Detected weak IV messages: 0
Detected excess AP messages: 0
Detected excess client messages: 0
Detected signature rule messages: 0
Detected 40MHZ messages: 0
Detected power save messages: 0
Detected omerta messages: 0
Detected windows bridge messages: 0
Detected soft AP messages: 0
Detected broadcast disassociation messages: 0
Detected broadcast deauthentication messages: 0
Detected AP impersonate messages: 0
Detected illegal channel 9 messages: 1
Table 40 Command output
Field |
Description |
Information from sensor n |
Information collected from sensor n, where n represents the ID of the sensor. |
Detected association-request flood messages |
Number of detected messages for association request flood attacks. |
Detected authentication flood messages |
Number of detected messages for authentication request flood attacks. |
Detected beacon flood messages |
Number of detected messages for beacon flood attacks. |
Detected block-ack flood messages |
Number of detected messages for Block Ack flood attacks. |
Detected cts flood messages |
Number of detected messages for CTS flood attacks. |
Detected deauthentication flood messages |
Number of detected messages for deauthentication flood attacks. |
Detected disassociation flood messages |
Number of detected messages for disassociation flood attacks. |
Detected eapol-start flood messages |
Number of detected messages for EAPOL-start flood attacks. |
Detected null-data flood messages |
Number of detected messages for null data flood attacks. |
Detected probe-request flood messages |
Number of detected messages for probe request flood attacks. |
Detected reassociation-request flood messages |
Number of detected messages for reassociation request flood attacks. |
Detected rts flood messages |
Number of detected messages for RTS flood attacks. |
Detected eapol-logoff flood messages |
Number of detected messages for EAPOL-logoff flood attacks. |
Detected eap-failure flood messages |
Number of detected messages for EAP-failure flood attacks. |
Detected eap-success flood messages |
Number of detected messages for EAP-success flood attacks. |
Detected duplicated-ie messages |
Number of detected messages for malformed packets with duplicated IE. |
Detected fata-jack messages |
Number of detected messages for FATA-Jack malformed packets. |
Detected illegal-ibss-ess messages |
Number of detected messages for malformed packets with abnormal IBSS and ESS setting. |
Detected invalid-address-combination messages |
Number of detected messages for malformed packets with invalid source address. |
Detected invalid-assoc-req messages |
Number of detected messages for malformed association request frames. |
Detected invalid-auth messages |
Number of detected messages for malformed authentication request frames. |
Detected invalid-deauth-code messages |
Number of detected messages for malformed packets with invalid deauthentication code. |
Detected invalid-disassoc-code messages |
Number of detected messages for malformed packets with invalid disassociation code. |
Detected invalid-ht-ie messages |
Number of detected messages for malformed packets with malformed HT IE. |
Detected invalid-ie-length messages |
Number of detected messages for malformed packets with invalid IE length. |
Detected invalid-pkt-length messages |
Number of detected messages for malformed packets with invalid packet length. |
Detected large-duration messages |
Number of detected messages for malformed packets with oversized duration. |
Detected null-probe-resp messages |
Number of detected messages for malformed probe response frames. |
Detected overflow-eapol-key messages |
Number of detected messages for malformed packets with oversized EAPOL key. |
Detected overflow-ssid messages |
Number of detected messages for malformed packets with oversized SSID. |
Detected redundant-ie messages |
Number of detected messages for malformed packets with redundant IE. |
Detected AP spoof AP messages |
Number of detected messages for AP spoofing (AP spoofs AP) attacks. |
Detected AP spoof client messages |
Number of detected messages for client spoofing (AP spoofs client) attacks. |
Detected AP spoof ad-hoc messages |
Number of detected messages for Ad hoc spoofing (AP spoofs Ad hoc) attacks. |
Detected ad-hoc spoof AP messages |
Number of detected messages for AP spoofing (Ad hoc spoofs AP) attacks. |
Detected client spoof AP messages |
Number of detected messages for AP spoofing (client spoofs AP) attacks. |
Detected weak IV messages |
Number of detected messages for weak IVs. |
Detected excess AP messages |
Number of detected messages for AP entry attacks. |
Detected excess client messages |
Number of detected messages for client entry attacks. |
Detected 40MHZ messages |
Number of detected messages for clients disabled with the 40 MHz bandwidth mode. |
Detected power save messages |
Number of detected messages for power saving attacks. |
Detected omerta messages |
Number of detected messages for Omerta attacks. |
Detected windows bridge messages |
Number of detected messages for Windows bridge. |
Detected soft AP messages |
Number of detected messages for soft APs. |
Detected broadcast disassociation messages |
Number of detected messages for broadcast disassociation attacks. |
Detected broadcast deauthentication messages |
Number of detected messages for broadcast deauthentication attacks. |
Detected AP impersonate messages |
Number of detected messages for AP impersonation attacks. |
Detected illegal channel n messages: |
Number of detected messages for prohibited channels. n represents the channel number. |
Related commands
reset wips statistics
display wips virtual-security-domain countermeasure record
Use display wips virtual-security-domain countermeasure record to display information about countermeasures that WIPS has taken against rogue devices.
Syntax
display wips virtual-security-domain vsd-name countermeasure record
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Display information about countermeasures that WIPS has taken against rogue devices for VSD office.
<Sysname> display wips virtual-security-domain office countermeasure record
Total 3 times countermeasure, current 3 countermeasure record in virtual-security-domain office
Reason: Att - attack; Ass - associated; Black - blacklist;
Class - classification; Manu - manual;
MAC address Type Reason Countermeasure AP Radio ID Time
1000-0000-00e3 AP Manu ap1 1 2016-05-03/09:32:01
1000-0000-00e4 AP Manu ap2 1 2016-05-03/09:32:11
2000-0000-f282 Client Black ap3 1 2016-05-03/09:31:56
Table 41 Command output
Field |
Description |
Total 3 times countermeasure, current 3 countermeasure record in virtual-security-domain office |
Number of successful countermeasures. This field can display up to 1024 countermeasure records. |
MAC Address |
MAC address of the wireless device against which WIPS has taken countermeasures. |
Type |
Type of the wireless device: AP or Client. |
Reason |
Reason why WIPS takes countermeasures against the wireless device: · Att—WIPS takes countermeasures against the device because it is an attacker. · Ass—WIPS takes countermeasures against the device because WIPS has taken countermeasures against its associated AP. · Black—After WIPS takes countermeasures against the client, the client is added to the blacklist when it associates with an AP. · Class—WIPS takes countermeasures against the device based on its device type. · Manu—WIPS takes countermeasures against the device based on its MAC address. |
Countermeasure AP |
Name of the sensor that takes countermeasures against the wireless device. |
Radio ID |
Radio ID of the sensor that takes countermeasures against the wireless device. |
Time |
Time when the AC informs the sensor of taking countermeasures against the wireless device. |
Related commands
reset wips virtual-security-domain countermeasure record
display wips virtual-security-domain device
Use display wips virtual-security-domain device to display information about wireless devices detected in a VSD.
Syntax
display wips virtual-security-domain vsd-name device [ ap [ ad-hoc | authorized | external | mesh | misconfigured | potential-authorized | potential-external | potential-rogue | rogue | uncategorized ] | client [ [ dissociative-client ] | [ authorized | misassociation | unauthorized | uncategorized ] ] | mac-address mac-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
device: Specifies wireless devices.
ap: Specifies APs.
ad-hoc: Specifies APs operating in Ad hoc mode.
authorized: Specifies authorized APs.
external: Specifies external APs.
mesh: Specifies MPs.
misconfigured: Specifies misconfigured APs.
potential-authorized: Specifies potential-authorized APs.
potential-rogue: Specifies potential-rogue APs.
potential-external: Specifies potential-external APs.
rogue: Specifies rogue APs.
uncategorized: Specifies uncategorized APs.
client: Specifies clients.
dissociative-client: Specifies unassociated clients.
authorized: Specifies authorized clients.
misassociation: Specifies misassociated clients.
unauthorized: Specifies unauthorized clients.
uncategorized: Specifies uncategorized clients.
mac-address mac-address: Specifies a wireless device by its MAC address in the H-H-H format.
verbose: Displays detailed device information.
Examples
# Display information about wireless devices detected in VSD office.
<Sysname> display wips virtual-security-domain office device
Total 3 detected devices in virtual-security-domain office
Class: Auth - authorization; Ext - external; Mis - mistake;
Unauth - unauthorized; Uncate - uncategorized;
(A) - associate; (C) - config; (P) - potential;
Ad-hoc; Mesh
MAC address Type Class Duration Sensors Channel Status
1000-0000-0000 AP Ext(P) 00h 10m 46s 1 11 Active
1000-0000-0001 AP Ext(P) 00h 10m 46s 1 6 Active
1000-0000-0002 AP Ext(P) 00h 10m 46s 1 1 Active
Table 42 Command output
Field |
Description |
Type |
Wireless device type: AP, Client, or Mesh. |
Class |
Category of the wireless device. |
Duration |
Duration since the wireless device entered the current state. |
Sensors |
Number of sensors that have detected the wireless device. |
Channel |
Channel on which the wireless device was most recently detected. |
Status |
Status of the AP or client: · Active—The AP or client is active. · Inactive—The AP or client is inactive. |
# Display detailed information about wireless devices detected in VSD a.
<Sysname> display wips virtual-security-domain a device verbose
Total 2 detected devices in virtual-security-domain a
AP: 1000-0000-0000
Mesh Neighbor: None
Classification: Mis(C)
Severity level: 0
Classify way: Auto
Status: Active
Status duration: 00h 27m 57s
Vendor: Not found
SSID: service
Radio type: 802.11g
Countermeasuring: No
Security: None
Encryption method: None
Authentication method: None
Broadcast SSID: Yes
QoS supported: No
Ad-hoc: No
Beacon interval: 100 TU
Up duration: 00h 27m 57s
Channel band-width supported: 20MHZ
Hotspot AP: No
Soft AP: No
Honeypot AP: No
Total number of reported sensors: 1
Sensor 1:
Sensor ID: 3
Sensor name: 1
Radio ID: 1
RSSI: 15
Channel: 149
First reported time: 2014-06-03/09:05:51
Last reported time: 2014-06-03/09:05:51
Total number of associated clients: 1
01: 2000-0000-0000
Client: 2000-0000-0000
Last reported associated AP: 1000-0000-0000
Classification: Uncate
Severity level: 0
Classify way: Auto
Dissociative status: No
Status: Active
Status duration: 00h 00m 02s
Vendor: Not found
Radio type: 802.11a
40MHz intolerance: No
Countermeasuring: No
Man in the middle: No
Total number of reported sensors: 1
Sensor 1:
Sensor ID: 2
Sensor name: 1
Radio ID: 1
RSSI: 50
Channel: 149
First reported time: 2014-06-03/14:52:56
Last reported time: 2014-06-03/14:52:56
Reported associated AP: 1000-0000-0000
Table 43 Command output
Field |
Description |
AP |
MAC address of the AP. |
Mesh Neighbor |
MAC address of the mesh AP's neighbor. |
Client |
MAC address of the client. |
Last reported associated AP |
MAC address of the associated AP that the client most recently reports. |
Classification |
Category of the AP or client: · AP category: ¡ ad_hoc. ¡ authorized. ¡ rogue. ¡ misconfigured. ¡ external. ¡ potential-authorized. ¡ potential-rogue. ¡ potential-external. ¡ uncategorized. · Client category: ¡ authorized. ¡ unauthorized. ¡ misassociated. ¡ uncategorized. |
Severity level |
Severity level of the device. |
Classify way |
AP or client classification method: · Manual—Manual classification. · Invalid OUI—Added to the invalid OUI list. · Block List—Added to the prohibited device list. · Associated—APs that are connected to the AC. · Trust List—Added to the permitted device list. · User Define—User-defined classification. · Auto—Automatic classification. |
Dissociative status |
Whether the client is an unassociated client. |
Status |
Status of the AP or client: · Active—The AP or client is active. · Inactive—The AP or client is inactive. |
Status duration |
Duration since the wireless device entered the current state. |
Vendor |
OUI of the device. This field displays the device OUI if the OUI matches an imported OUI. This field displays Not found if no OUI is configured for the device or the OUI does not match any imported OUIs. |
SSID |
SSID of the wireless service provided by the AP. |
Radio Type |
Radio mode of the wireless device. |
40MHz intolerance |
Whether the client supports 40 MHz bandwidth mode. |
Countermeasuring |
Whether WIPS is taking countermeasures against the wireless device: · No. · Yes. |
Man in the middle |
Whether an MITM attack is detected. |
Security |
Security method: · None. · WEP. · WPA. · WPA2. |
Encryption method |
Data encryption method: · TKIP. · CCMP. · WEP. · None. |
Authentication method |
Authentication method: · None. · PSK. · 802.1X. · Others—Authentication methods except for PSK authentication and 802.1X authentication. |
Broadcast SSID |
Whether the AP broadcasts the SSID. This field displays nothing if the AP does not broadcast the SSID. |
QoS supported |
Whether the wireless device supports QoS. |
Ad-hoc |
Whether the wireless device is in Ad hoc mode. |
Beacon interval |
Beacon interval in TUs. One TU is equal to 1024 microseconds. |
Channel band-width supported |
Supported channel bandwidth mode: · 20/40/80MHZ. · 20/40MHZ. · 20MHZ. |
Hotspot AP |
Whether the AP is a hotspot attack AP. |
Soft AP |
Whether the AP is a soft AP. |
Honeypot AP |
Whether the AP is a honeypot AP. |
Sensor n |
Sensor that detected the wireless device. n represents the ID assigned by the system. |
Channel |
Channel on which the sensor most recently detected the wireless device. |
First reported time |
Time when the sensor first detected the wireless device. |
Last reported time |
Time when the sensor most recently detected the wireless device. |
n: H-H-H |
MAC address of the client associated with the AP. n represents the number assigned by the system. |
Reported associated AP |
MAC address of the associated AP that the sensor reports. |
Related commands
reset wips virtual-security-domain device
display wlan nat-detect
Use display wlan nat-detect to display information about clients with NAT configured.
Syntax
display wlan nat-detect [ mac-address mac-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all detected NAT-configured clients.
Examples
# Display information about all detected NAT-configured clients.
<Sysname> display wlan nat-detect
Total 1 detected clients with NAT configured
MAC address Last report First report Duration
0a98-2044-0000 2015-08-24/11:05:23 2015-08-24/10:05:23 01h 15m 00s
Table 44 Command output
Field |
Description |
Total number detected clients with NAT configured |
Number of detected NAT-configured clients. |
MAC address |
MAC address of the detected client. |
Last report |
Time when the client was most recently detected. |
First report |
Time when the client was detected for the first time. |
Duration |
Duration since the client is configured with NAT. |
Related commands
reset wlan nat-detect
export oui
Use export oui to export all OUIs in the OUI library to an OUI configuration file.
Syntax
export oui file-name
Views
WIPS view
Predefined user roles
network-admin
Parameters
file-name: Specifies a configuration file by its name, a case-insensitive string of 1 to 32 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).
Usage guidelines
This command exports all OUIs including embedded OUIs and imported OUIs.
The OUIs are exported in the following format:
000FE2 (base 16) New H3C Technologies Co., Ltd..
Examples
# Export all OUIs in the OUI library to configuration file OUIInfo.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] export oui OUIInfo
Related commands
import oui
reset wips embedded-oui
flood association-request
Use flood association-request to configure association request flood attack detection.
Use undo flood association-request to disable association request flood attack detection.
Syntax
flood association-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood association-request
Default
Association request flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for association request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an association request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an association request flood attack within the quiet time.
threshold threshold-value: Specifies the number of association request frames that triggers an association request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable association request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood association-request interval 100 threshold 100 quiet 360
flood authentication
Use flood authentication to configure authentication request flood attack detection.
Use undo flood authentication to disable authentication request flood attack detection.
Syntax
flood authentication [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood authentication
Default
Authentication request flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for authentication request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an authentication request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an authentication request flood attack within the quiet time.
threshold threshold-value: Specifies the number of authentication request frames that triggers an authentication request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable authentication request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood authentication interval 100 threshold 100 quiet 360
flood beacon
Use flood beacon to configure beacon flood attack detection.
Use undo flood beacon to disable beacon flood attack detection.
Syntax
flood beacon [ interval interval-value | quiet quiet-value | threshold threshold-value] *
undo flood beacon
Default
Beacon flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for beacon frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a beacon flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a beacon flood attack within the quiet time.
threshold threshold-value: Specifies the number of beacon frames that triggers a beacon flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable beacon flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood beacon interval 100 threshold 100 quiet 360
flood block-ack
Use flood block-ack to configure Block Ack flood attack detection.
Use undo flood block-ack to disable Block Ack flood attack detection.
Syntax
flood block-ack [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood block-ack
Default
Block Ack flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for Block Ack frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a Block Ack flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a Block Ack flood attack within the quiet time.
threshold threshold-value: Specifies the number of Block Ack frames that triggers a Block Ack flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable Block Ack flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood block-ack interval 100 threshold 100 quiet 360
flood cts
Use flood cts to configure CTS flood attack detection.
Use undo flood cts to disable CTS flood attack detection.
Syntax
flood cts [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood cts
Default
CTS flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for CTS frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a CTS flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a CTS flood attack within the quiet time.
threshold threshold-value: Specifies the number of CTS frames that triggers a CTS flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable CTS flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood cts interval 100 threshold 100 quiet 360
flood deauthentication
Use flood deauthentication to configure deauthentication flood attack detection.
Use undo flood deauthentication to disable deauthentication flood attack detection.
Syntax
flood deauthentication [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood deauthentication
Default
Deauthentication flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for deauthentication frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a deauthentication flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a deauthentication flood attack within the quiet time.
threshold threshold-value: Specifies the number of deauthentication frames that triggers a deauthentication flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable deauthentication flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood deauthentication interval 100 threshold 100 quiet 360
flood disassociation
Use flood disassociation to configure disassociation flood attack detection.
Use undo flood disassociation to disable disassociation flood attack detection.
Syntax
flood disassociation [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood disassociation
Default
Disassociation flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for disassociation frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a disassociation flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a disassociation flood attack within the quiet time.
threshold threshold-value: Specifies the number of disassociation frames that triggers a disassociation flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable disassociation flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood disassociation interval 100 threshold 100 quiet 360
flood eap-failure
Use flood eap-failure to configure EAP-failure flood attack detection.
Use undo flood eap-failure to disable EAP-failure flood attack detection.
Syntax
flood eap-failure [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood eap-failure
Default
EAP-failure flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for EAP-failure frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAP-failure flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAP-failure flood attack within the quiet time.
threshold threshold-value: Specifies the number of EAP-failure frames that triggers an EAP-failure flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable EAP-failure flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood eap-failure interval 100 threshold 100 quiet 360
flood eapol-logoff
Use flood eapol-logoff to configure EAPOL-logoff flood attack detection.
Use undo flood eapol-logoff to disable EAPOL-logoff flood attack detection.
Syntax
flood eapol-logoff [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood eapol-logoff
Default
EAPOL-logoff flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for EAPOL-logoff frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAPOL-logoff flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAPOL-logoff flood attack within the quiet time.
threshold threshold-value: Specifies the number of EAPOL-logoff frames that triggers an EAPOL-logoff flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable EAPOL-logoff flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood eapol-logoff interval 100 threshold 100 quiet 360
flood eapol-start
Use flood eapol-start to configure EAPOL-start flood attack detection.
Use undo flood eapol-start to disable EAPOL-start flood attack detection.
Syntax
flood eapol-start [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood eapol-start
Default
EAPOL-start flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for EAPOL-start frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAPOL-start flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAPOL-start flood attack within the quiet time.
threshold threshold-value: Specifies the number of EAPOL-start frames that triggers an EAPOL-start flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable EAPOL-start flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood eapol-start interval 100 threshold 100 quiet 360
flood eap-success
Use flood eap-success to configure EAP-success flood attack detection.
Use undo flood eap-success to disable EAP-success flood attack detection.
Syntax
flood eap-success [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood eap-success
Default
EAP-success flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for EAP-success frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAP-success flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAP-success flood attack within the quiet time.
threshold threshold-value: Specifies the number of EAP-success frames that triggers an EAP-success flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable EAP-success flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood eap-success interval 100 threshold 100 quiet 360
flood null-data
Use flood null-data to configure null data flood attack detection.
Use undo flood null-data to disable null data flood attack detection.
Syntax
flood null-data [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood null-data
Default
Null data flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for null data frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a null data flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a null data flood attack within the quiet time.
threshold threshold-value: Specifies the number of null data frames that triggers a null data flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable null data flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood null-data interval 100 threshold 100 quiet 360
flood probe-request
Use flood probe-request to configure probe request flood attack detection.
Use undo flood probe-request to disable probe request flood attack detection.
Syntax
flood probe-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood probe-request
Default
Probe request flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for probe request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a probe request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a probe request flood attack within the quiet time.
threshold threshold-value: Specifies the number of probe request frames that triggers a probe request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable probe request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood probe-request interval 100 threshold 100 quiet 360
flood reassociation-request
Use flood reassociation-request to configure reassociation request flood attack detection.
Use undo flood reassociation-request to disable reassociation request flood attack detection.
Syntax
flood reassociation-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood reassociation-request
Default
Reassociation request flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for reassociation request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a reassociation request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a reassociation request flood attack within the quiet time.
threshold threshold-value: Specifies the number of reassociation request frames that triggers a reassociation request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable reassociation request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood reassociation-request interval 100 threshold 100 quiet 360
flood rts
Use flood rts to configure RTS flood attack detection.
Use undo flood rts to disable RTS flood attack detection.
Syntax
flood rts [ interval interval-value | quiet quiet-value | threshold threshold-value ] *
undo flood rts
Default
RTS flood attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for RTS frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an RTS flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an RTS flood attack within the quiet time.
threshold threshold-value: Specifies the number of RTS frames that triggers an RTS flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.
Examples
# Enable RTS flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] flood rts interval 100 threshold 100 quiet 360
frame-type
Use frame-type to configure a subsignature to match frame types.
Use undo frame-type to restore the default.
Syntax
frame-type { control | data | management [ frame-subtype { association-request | association-response | authentication | beacon | deauthentication | disassociation | probe-request } ] }
undo frame-type
Default
No subsignature is configured to match frame types.
Views
Signature view
Predefined user roles
network-admin
Parameters
control: Matches control frames.
data: Matches data frames.
management: Matches management frames.
frame-subtype: Specifies a frame subtype.
association-request: Matches association request frames.
association-response: Matches association response frames.
authentication: Matches authentication frames.
beacon: Matches beacon frames.
deauthentication: Matches deauthentication frames.
disassociation: Matches disassociation frames.
probe-request: Matches probe request frames.
Examples
# Configure a subsignature to match data frames for signature 1.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[wips-sig-rule-1] frame-type data
honeypot-ap
Use honeypot-ap to configure honeypot AP detection.
Use undo honeypot-ap to disable honeypot AP detection.
Syntax
honeypot-ap [ similarity similarity-value | quiet quiet-value ] *
undo honeypot-ap
Default
Honeypot AP detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
similarity similarity-value: Specifies the similarity threshold that triggers a honeypot AP alarm, in the range of 70 to 100 in percentage. The default value is 80%. An AP is determined as a honeypot AP if the similarity between the SSID of the AP and the SSID of a legitimate AP reaches the threshold.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a honeypot AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a honeypot AP within the quiet time.
Examples
# Enable honeypot AP detection, and set the similarity threshold and quiet time to 90% and 10 seconds, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] honeypot-ap similarity 90 quiet 10
hotspot-attack
Use hotspot-attack to configure hotspot attack detection.
Use undo hotspot-attack to disable hotspot attack detection.
Syntax
hotspot-attack [ quiet quiet-value ]
undo hotspot-attack
Default
Hotspot attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a hotspot attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a hotspot attack within the quiet time.
Examples
# Enable hotspot attack detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] hotspot-attack quiet 100
ht-40mhz-intolerance
Use ht-40mhz-intolerance to configure detection on clients with the 40 MHz bandwidth mode disabled.
Use undo ht-40mhz-intolerance to disable detection on clients with the 40 MHz bandwidth mode disabled.
Syntax
ht-40mhz-intolerance [ quiet quiet-value ]
undo ht-40mhz-intolerance
Default
Detection on clients with the 40 MHz bandwidth mode disabled is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a client with the 40 MHz bandwidth mode disabled. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a client with the 40 MHz bandwidth mode disabled within the quiet time.
Examples
# Enable detection on clients with the 40 MHz bandwidth mode disabled and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ht-40mhz-intolerance quiet 100
ht-greenfield
Use ht-greenfield to configure HT-greenfield AP detection.
Use undo ht-greenfield to disable HT-greenfield AP detection.
Syntax
ht-greenfield [ quiet quiet-value ]
undo ht-greenfield
Default
HT-greenfield AP detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an HT-greenfield AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an HT-greenfield AP within the quiet time.
Examples
# Enable HT-greenfield AP detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] ht-greenfield quiet 100
ignorelist
Use ignorelist to add a MAC address to the alarm-ignored device list.
Use undo ignorelist to remove a specific or all MAC addresses from the alarm-ignored device list.
Syntax
ignorelist mac-address mac-address
undo ignorelist mac-address { mac-address | all }
Default
No MAC address is added to the alarm-ignored device list.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in the H-H-H format.
all: Specifies all MAC addresses in the alarm-ignored device list.
Usage guidelines
For wireless devices in the alarm-ignored device list, WIPS does not generate any alarms.
Examples
# Add MAC address 2a11-1fa1-1311 to the alarm-ignored device list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ignorelist mac-address 2a11-1fa1-1311
import hotspot
Use import hotspot to import hotspots from a configuration file.
Use undo import hotspot to remove the configuration.
Syntax
import hotspot file-name
undo import hotspot
Default
No hotspots are imported.
Views
WIPS view
Predefined user roles
network-admin
Parameters
file-name: Specifies a configuration file by its name, a case-insensitive string of 1 to 255 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).
Usage guidelines
You can import hotspots from only one configuration file.
Examples
# Import hotspots from configuration file hotspot_cfg.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] import hotspot hotspot_cfg
import oui
Use import oui to import OUIs from a configuration file.
Use undo import oui to restore the default.
Syntax
import oui file-name
undo import oui
Default
No OUIs are imported.
Views
WIPS view
Predefined user roles
network-admin
Parameters
oui: Specifies a configuration file by its name, a case-insensitive string of 1 to 255 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).
Usage guidelines
You can download the configuration file from the IEEE website.
You can import OUIs from only one configuration file.
Examples
# Import OUIs from configuration file oui_import_cfg.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] import oui oui_import_cfg
Related commands
invalid-oui-classify illegal
invalid-oui-classify illegal
Use invalid-oui-classify illegal to configure WIPS to classify devices with invalid OUIs as rogue devices.
Use undo invalid-oui-classify to restore the default.
Syntax
invalid-oui-classify illegal
undo invalid-oui-classify
Default
WIPS does not classify devices with invalid OUIs as rogue devices.
Views
Classification policy view
Predefined user roles
network-admin
Examples
# Configure WIPS to classify devices with invalid OUIs as rogue devices.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] invalid-oui-classify illegal
Related commands
import oui
mac-address
Use mac-address to configure a subsignature to match frames by MAC address.
Use undo mac-address to restore the default.
Syntax
mac-address { bssid | destination | source } mac-address
undo mac-address
Default
No subsignature is configured to match frames by MAC address.
Views
Signature view
Predefined user roles
network-admin
Parameters
bssid: Matches a BSSID.
destination: Matches a destination MAC address.
source: Matches a source MAC address.
mac-address: Specifies a MAC address in the H-H-H format.
Examples
# Configure a subsignature to match frames with source MAC address 000f-e201-0101 for signature 1.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[Sysname-wips-sig-rule-1] mac-address source 000f-e201-0101
malformed duplicated-ie
Use malformed duplicated-ie to enable duplicated IE detection.
Use undo malformed duplicated-ie to disable duplicated IE detection.
Syntax
malformed duplicated-ie [ quiet quiet-value ]
undo malformed duplicated-ie
Default
Duplicated IE detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a duplicated IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a duplicated IE within the quiet time.
Usage guidelines
This feature is applicable to all management frames. WIPS determines that a packet is malformed if the packet has an duplicated IE. This feature does not take effect on frames with vendor-defined IEs.
Examples
# Enable duplicated IE detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed duplicated-ie quiet 360
malformed fata-jack
Use malformed fata-jack to enable FATA-Jack detection.
Use undo malformed fata-jack to disable FATA-Jack detection.
Syntax
malformed fata-jack [ quiet quiet-value ]
undo malformed fata-jack
Default
FATA-Jack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a FATA-Jack malformed packet. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a FATA-Jack malformed packet within the quiet time.
Usage guidelines
This feature is applicable to authentication frames. WIPS determines that an authentication frame is malformed if the value of the authentication algorithm number is 2.
Examples
# Enable FATA-Jack detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed fata-jack quiet 360
malformed illegal-ibss-ess
Use malformed illegal-ibss-ess to enable abnormal IBSS or ESS setting detection.
Use undo malformed illegal-ibss-ess to disable abnormal IBSS or ESS setting detection.
Syntax
malformed illegal-ibss-ess [ quiet quiet-value ]
undo malformed illegal-ibss-ess
Default
Abnormal IBSS or ESS setting detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an abnormal IBSS and ESS setting. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an abnormal IBSS and ESS setting within the quiet time.
Usage guidelines
This feature is applicable to beacon frames and probe response frames. WIPS determines that a frame is malformed if both the IBSS and ESS are set to 1 in the frame.
Examples
# Enable abnormal IBSS or ESS setting detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed illegal-ibss-ess quiet 360
malformed invalid-address-combination
Use malformed invalid-address-combination to enable invalid source address detection.
Use undo malformed invalid-address-combination to disable invalid source address detection.
Syntax
malformed invalid-address-combination [ quiet quiet-value ]
undo malformed invalid-address-combination
Default
Invalid source address detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid source address. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid source address within the quiet time.
Usage guidelines
This feature is applicable to all management frames. WIPS determines that a frame is malformed when the following conditions are met:
· The TO DS of the frame is 1, indicating that the frame is sent to the AP by a client.
· The source MAC address of the frame is a multicast or broadcast address.
Examples
# Enable invalid source address detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-address-combination quiet 360
malformed invalid-assoc-req
Use malformed invalid-assoc-req to enable malformed association request frame detection.
Use undo malformed invalid-assoc-req to disable malformed association request frame detection.
Syntax
malformed invalid-assoc-req [ quiet quiet-value ]
undo malformed invalid-assoc-req
Default
Malformed association request frame detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed association request frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed association request frame within the quiet time.
Usage guidelines
This feature is applicable to association request frames. WIPS determines that a frame is malformed if the SSID length in the frame is 0.
Examples
# Enable malformed association request frame detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-assoc-req quiet 360
malformed invalid-auth
Use malformed invalid-auth to enable malformed authentication request frame detection.
Use undo malformed invalid-auth to disable malformed authentication request frame detection.
Syntax
malformed invalid-auth [ quiet quiet-value ]
undo malformed invalid-auth
Default
Malformed authentication request frame detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed authentication request frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed authentication request frame within the quiet time.
Usage guidelines
This feature is applicable to authentication request frames. WIPS determines that a frame is malformed when the following conditions are met:
· The authentication algorithm number does not conform to the 802.11 protocol and is larger than 3.
· The authentication transaction sequence number, indicating the authentication process between the client and the AP, is 1 and the status code is not 0.
· The authentication transaction sequence number is larger than 4.
Examples
# Enable malformed authentication request frame detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-auth quiet 360
malformed invalid-deauth-code
Use malformed invalid-deauth-code to enable invalid deauthentication code detection.
Use undo malformed invalid-deauth-code to disable invalid deauthentication code detection.
Syntax
malformed invalid-deauth-code [ quiet quiet-value ]
undo malformed invalid-deauth-code
Default
Invalid deauthentication code detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid deauthentication code. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid deauthentication code within the quiet time.
Usage guidelines
This feature is applicable to deauthentication frames. WIPS determines that a frame is malformed if the reason code in the frame is 0 or in the range of 67 to 65535.
Examples
# Enable invalid deauthentication code detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-deauth-code quiet 360
malformed invalid-disassoc-code
Use malformed invalid-disassoc-code to enable invalid disassociation code detection.
Use undo malformed invalid-disassoc-code to disable invalid disassociation code detection.
Syntax
malformed invalid-disassoc-code [ quiet quiet-value ]
undo malformed invalid-disassoc-code
Default
Invalid disassociation code detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid disassociation code. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid disassociation code within the quiet time.
Usage guidelines
This feature is applicable to disassociation frames. WIPS determines that a frame is malformed if the reason code in the frame is 0 or in the range of 67 to 65535.
Examples
# Enable invalid disassociation code detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-disassoc-code quiet 360
malformed invalid-ht-ie
Use malformed invalid-ht-ie to enable malformed HT IE detection.
Use undo malformed invalid-ht-ie to disable malformed HT IE detection.
Syntax
malformed invalid-ht-ie [ quiet quiet-value ]
undo malformed invalid-ht-ie
Default
Malformed HT IE detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed HT IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed HT IE within the quiet time.
Usage guidelines
This feature is applicable to beacon, probe response, association response, and reassociation response frames. WIPS determines that a frame is malformed when the following conditions are met:
· The SM power save value of the HT capabilities IE is 2.
· The secondary channel offset value of the HT operation IE is 2.
Examples
# Enable malformed HT IE detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-ht-ie quiet 360
malformed invalid-ie-length
Use malformed invalid-ie-length to enable invalid IE length detection.
Use undo malformed invalid-ie-length to disable invalid IE length detection.
Syntax
malformed invalid-ie-length [ quiet quiet-value ]
undo malformed invalid-ie-length
Default
Invalid IE length detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid IE length. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid IE length within the quiet time.
Usage guidelines
This feature is applicable to all management frames. WIPS determines that a frame is malformed if the length of an IE in the frame does not conform to the 802.11 protocol.
Examples
# Enable invalid IE length detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-ie-length quiet 360
malformed invalid-pkt-length
Use malformed invalid-pkt-length to enable invalid packet length detection.
Use undo malformed invalid-pkt-length to disable invalid packet length detection.
Syntax
malformed invalid-pkt-length [ quiet quiet-value ]
undo malformed invalid-pkt-length
Default
Invalid packet length detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid packet length. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid packet length within the quiet time.
Usage guidelines
This feature is applicable to all management frames. WIPS determines that a frame is malformed if the remaining length of the IE is not zero after the packet payload is resolved.
Examples
# Enable invalid packet length detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed invalid-pkt-length quiet 360
malformed large-duration
Use malformed large-duration to enable oversized duration detection.
Use undo malformed large-duration to disable oversized duration detection.
Syntax
malformed large-duration [ quiet quiet-value | threshold value ]
undo malformed large-duration
Default
Oversized duration detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized duration. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized duration within the quiet time.
threshold value: Specifies the duration size that triggers WIPS to determine an oversized duration and trigger an alarm. The value range for the value argument is 1 to 32767 and the default value is 5000.
Usage guidelines
This feature is applicable to unicast management frames, unicast data frames, RTS, CTS, and ACK frames. WIPS determines that a frame is malformed if the duration value in the frame is larger than the specified threshold.
Examples
# Enable oversized duration detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed large-duration quiet 360
malformed null-probe-resp
Use malformed null-probe-resp to enable malformed probe response frame detection.
Use undo malformed null-probe-resp to disable malformed probe response frame detection.
Syntax
malformed null-probe-resp [ quiet quiet-value ]
undo malformed null-probe-resp
Default
Malformed probe response frame detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed probe response frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed probe response frame within the quiet time.
Usage guidelines
This feature is applicable to probe response frames. WIPS determines that a frame is malformed if the frame is not a mesh frame and its SSID length is 0.
Examples
# Enable malformed probe response frame detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed null-probe-resp quiet 360
malformed overflow-eapol-key
Use malformed overflow-eapol-key to enable oversized EAPOL key detection.
Use undo malformed overflow-eapol-key to disable oversized EAPOL key detection.
Syntax
malformed overflow-eapol-key [ quiet quiet-value ]
undo malformed overflow-eapol-key
Default
Oversized EAPOL key detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized EAPOL key. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized EAPOL key within the quiet time.
Usage guidelines
This feature is applicable to EAPOL-Key frames. WIPS determines that a frame is malformed if the TO DS is 1 and the key length is larger than 0 in the frame. A malicious EAPOL-Key frame might result in DOS attacks.
Examples
# Enable oversized EAPOL key detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed overflow-eapol-key quiet 360
malformed overflow-ssid
Use malformed overflow-ssid to enable oversized SSID detection.
Use undo malformed overflow-ssid to disable oversized SSID detection.
Syntax
malformed overflow-ssid [ quiet quiet-value ]
undo malformed overflow-ssid
Default
Oversized SSID detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized SSID. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized SSID within the quiet time.
Usage guidelines
This feature is applicable to beacon, probe request, probe response, and association request frames. WIPS determines that a frame is malformed if the SSID length in the frame is larger than 32, which does not conform to the 802.11 protocol.
Examples
# Enable oversized SSID detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed overflow-ssid quiet 360
malformed redundant-ie
Use malformed redundant-ie to enable redundant IE detection.
Use undo malformed redundant-ie to disable redundant IE detection.
Syntax
malformed redundant-ie [ quiet quiet-value ]
undo malformed redundant-ie
Default
Redundant IE detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a redundant IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a redundant IE within the quiet time.
Usage guidelines
This feature is applicable to all management frames. WIPS determines that a frame is malformed if an IE in the frame is neither a necessary IE to the frame nor a reserved IE.
Examples
# Enable redundant IE detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] malformed redundant-ie quiet 360
man-in-the-middle
Use man-in-the-middle to configure man-in-the-middle (MITM) attack detection.
Use undo man-in-the-middle to disable MITM attack detection.
Syntax
man-in-the-middle [ quiet quiet-value ]
undo man-in-the-middle
Default
MITM attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an MITM attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an MITM attack within the quiet time.
Usage guidelines
WIPS can detect MITM attacks only when you enable both honeypot AP detection and MITM attack detection.
Examples
# Enable MITM attack detection.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] honeypot-ap
[Sysname-wips-dtc-home] man-in-the-middle
manual-classify mac-address
Use manual-classify mac-address to classify APs by MAC address.
Use undo manual-classify mac-address to restore the default.
Syntax
manual-classify mac-address mac-address { authorized-ap | external-ap | misconfigured-ap | rogue-ap }
undo manual-classify mac-address { mac-address | all }
Default
APs are not classified by MAC address.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
mac-address: Specifies an AP by its MAC address, in the H-H-H format.
authorized-ap: Specifies the AP as an authorized AP.
external-ap: Specifies the AP as an external AP.
misconfigured-ap: Specifies the AP as a misconfigured AP.
rogue-ap: Specifies the AP as a rogue AP.
all: Specifies all APs.
Examples
# Classify the AP whose MAC address is 000f-00e2-0001 as an authorized AP.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] manual-classify mac-address 000f-00e2-0001 authorized-ap
match all (AP classification rule view)
Use match all to configure the AP classification rule criteria to be in logical AND relationship.
Use undo match all to restore the default.
Syntax
Default
The AP classification rule criteria are in logical OR relationship. An AP matches an AP classification rule if it matches any of the criteria of the AP classification rule.
Views
AP classification rule view
Predefined user roles
network-admin
Examples
# Configure the criteria of AP classification rule 1 to be in logical AND relationship.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] match all
match all (signature view)
Use match all to configure the subsignatures to be in logical AND relationship.
Use undo match all to restore the default.
Syntax
match all
undo match all
Default
The subsignatures are in logical OR relationship. A packet matches a signature if it matches any of the subsignatures of the signature.
Views
Signature view
Predefined user roles
network-admin
Examples
# Configure the subsignatures of signature 1 to be in logical AND relationship.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[wips-sig-rule-1] match all
omerta
Use omerta to configure Omerta attack detection.
Use undo omerta to disable Omerta attack detection.
Syntax
omerta [ quiet quiet-value ]
undo omerta
Default
Omerta attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an Omerta attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an Omerta attack within the quiet time.
Examples
# Enable Omerta attack detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] omerta quiet 100
oui
Use oui to configure an AP classification rule to match APs by OUI information.
Use undo oui to restore the default.
Syntax
oui oui-info
undo oui
Default
An AP classification rule does not match APs by OUI information.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
oui-info: Specifies the OUI information in the XXXXXX format, a case-insensitive hexadecimal string.
Examples
# Configure AP classification rule 1 to match APs with OUI 000fe4.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] oui 000fe4
pattern
Use pattern to configure a subsignature to match frames by specified bits.
Use undo pattern to restore the default.
Syntax
pattern pattern-number offset offset-value mask mask value1 [ to value2 ] [ from-payload ]
undo pattern { pattern-number | all }
Default
No subsignature is configured to match frames by specified bits.
Views
Signature view
Predefined user roles
network-admin
Parameters
pattern-number: Specifies a number for a subsignature that matches the specified bits of a frame, in the range of 0 to 65535.
offset offset-value: Specifies the offset from the specified bit to the reference bit. The value range for the offset-value argument is 0 to 2346 bits. The reference bit can be the first bit of the frame head (default) or the frame payload.
mask mask: Specifies a two-byte mask that is used for the AND operation with the specified bits. The mask is in hexadecimal format and the value range for the mask is 0 to ffff.
value1 [ to value2 ]: Specifies a value range for the specified bits. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 65535 for both the value1 and value2 arguments, and value2 cannot be smaller than value1.
from-payload: Specifies the first bit of the frame payload as the reference bit. If you do not specify this keyword, the first bit of the frame head is the reference bit.
Examples
# Configure a subsignature to match the second and third bits from the frame head of a frame. If the values of the second and third bytes of a frame are within the range of 0x0015 to 0x0020, the frame matches the subsignature.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[Sysname-wips-sig-rule-1] pattern 1 offset 8 mask ffff 15 to 20
permit-channel
Use permit-channel to add one or multiple channels to the permitted channel list.
Use undo permit-channel to remove the specified or all channels from the permitted channel list.
Syntax
permit-channel channel-id-list
undo permit-channel { channel-id-list | all }
Default
No channels are added to the permitted channel list.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
channel-id-list: Specifies a space-separated list of up to 10 permitted channel items. Each item specifies a channel number or a range of channel numbers in the form of value1 to value2. The value range for channel numbers is 1 to 224. The value for the value2 argument must be equal to or greater than the value for the value1 argument.
all: Specifies all permitted channels.
Usage guidelines
To prevent WIPS from taking all channels as prohibited channels, use this command to configure a permitted channel list before you configure prohibited channel detection.
Examples
# Add channel 1 to the permitted channel list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] permit-channel 1
Related commands
prohibited-channel
power-save
Use power-save to configure power saving attack detection.
Use undo power-save to disable power saving attack detection.
Syntax
power-save [ interval interval-value | minoffpacket packet-value | onoffpercent percent-value | quiet quiet-value ] *
undo power-save
Default
Power saving attack detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the statistics collection interval for power save frames. The value range for the interval-value argument is 1 to 3600 seconds, and the default value is 10 seconds.
minoffpacket packet-value: Specifies the threshold for the number of power save off frames that triggers power save attack analysis. If the number of off frames from a client reaches the threshold, WIPS analyzes the power save frames to determine whether a power save attack occurs. The value range for the argument is 10 to 150, and the default is 50.
onoffpercent percent-value: Specifies the threshold for the ratio between the power save on frames and off frames from a client. WIPS triggers an alarm for a power save attack when the threshold is reached. The value range for this argument is 0 to 100, and the default is 80.
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a power saving attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a power saving attack within the quiet time.
Examples
# Enable power saving attack detection, and set the interval-value, packet-value, percent-value, and quiet-value arguments to 20, 20, 90, and 100, respectively.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] power-save interval 20 minoffpacket 20 onoffpercent 90 quiet 100
prohibited-channel
Use prohibited-channel to configure prohibited channel detection.
Use undo prohibited-channel to disable prohibited channel detection.
Syntax
prohibited-channel [ quiet quiet-value ]
undo prohibited-channel
Default
Prohibited channel detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a prohibited channel. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a prohibited channel within the quiet time.
Usage guidelines
To prevent WIPS from taking all channels as prohibited channels, use the permit-channel command to configure a permitted channel list before you configure prohibited channel detection.
Examples
# Enable prohibited channel detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] prohibited-channel quiet 100
Related commands
permit-channel
random-mac-scan enable
Use random-mac-scan enable to configure WIPS to not trigger alarms for devices that use a random MAC address.
Use undo random-mac-scan enable to restore the default.
Syntax
random-mac-scan enable
undo random-mac-scan enable
Default
WIPS triggers alarms for devices that use a random MAC address.
Views
Attack detection policy view
Predefined user roles
network-admin
Examples
# Configure WIPS to not trigger alarms for devices that use a random MAC address.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] random-mac-scan enable
reset wips embedded-oui
Use reset wips embedded-oui to delete all embedded OUIs in the OUI library.
Syntax
reset wips embedded-oui
Views
User view
Predefined user roles
network-admin
Examples
# Delete all embedded OUIs in the OUI library.
<Sysname> reset wips embedded-oui
reset wips statistics
Use reset wips statistics to clear information collected by all sensors.
Syntax
reset wips statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear information collected by all sensors.
<Sysname> reset wips statistics
Related commands
display wips statistics receive
reset wips virtual-security-domain
Use reset wips virtual-security-domain to clear AP or client entries in a VSD.
Syntax
reset wips virtual-security-domain vsd-name device { ap { all | mac-address mac-address } | client { all | mac-address mac-address } | all }
Views
User view
Predefined user roles
network-admin
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
device: Specifies device entries.
ap: Specifies AP entries.
all: Specifies all AP entries.
mac-address mac-address: Specifies an AP by its MAC address.
client: Specifies client entries.
all: Specifies all client entries.
mac-address mac-address: Specifies a client by its MAC address.
all: Specifies all APs and client entries.
Examples
# Clear all AP and client entries in VSD aaa.
<Sysname> reset wips virtual-security-domain aaa device all
Related commands
display wips virtual-security-domain device
reset wips virtual-security-domain countermeasure record
Use reset wips virtual-security-domain countermeasure record to clear information about countermeasures that WIPS has taken against rogue devices.
Syntax
reset wips virtual-security-domain vsd-name countermeasure record
Views
User view
Predefined user roles
network-admin
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Clear information about countermeasures that WIPS has taken against rogue devices for VSD aaa.
<Sysname> reset wips virtual-security-domain aaa countermeasure record
Related commands
display wips virtual-security-domain countermeasure record
reset wlan nat-detect
Use reset wlan nat-detect to clear information about clients with NAT configured.
Syntax
reset wlan nat-detect
Views
User view
Predefined user roles
network-admin
network-operator
Examples
# Clear information about clients with NAT configured.
<Sysname> reset wlan nat-detect
Related commands
display wlan nat-detect
rssi
Use rssi to configure an AP classification rule to match APs by RSSI.
Use undo rssi to restore the default.
Syntax
rssi value1 [ to value2 ]
undo rssi
Default
An AP classification rule does not match APs by RSSI.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
value1 [ to value2 ]: Specifies a value range for the RSSI of APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 100 for both the value1 and value2 arguments, and value2 cannot be smaller than value1.
Examples
# Configure AP classification rule 1 to match APs with an RSSI of 20 to 40.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] rssi 20 to 40
security
Use security to configure an AP classification rule to match APs by security mode.
Use undo security to restore the default.
Syntax
security { equal | include } { clear | wep | wpa | wpa2 }
undo security
Default
No AP classification rule is configured to match APs by security mode.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
equal: Matches security modes equal to the specified security mode.
include: Matches security modes that include the specified security mode.
clear: Specifies the clear security mode.
wep: Specifies the WEP security mode.
wpa: Specifies the WPA security mode.
wpa2: Specifies the WPA2 security mode.
Examples
# Configure AP classification rule 1 to match APs that use the WEP security mode.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] security equal wep
select sensor all
Use select sensor all to enable all sensors that detect an attacker to take countermeasures against the attacker.
Use undo select sensor all to remove the configuration.
Syntax
select sensor all
undo select sensor all
Default
Only the sensor that most recently detects an attacker takes countermeasures against the attacker.
Views
Countermeasure policy view
Predefined user roles
network-admin
Examples
# Enable all sensors that detect an attacker to take countermeasures against the attacker.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] countermeasure policy home
[Sysname-wips-ctm-home] select sensor all
seq-number
Use seq-number to configure a subsignature to match frames by sequence number.
Use undo seq-number to restore the default.
Syntax
seq-number seq-value1 [ to seq-value2 ]
undo seq-number
Default
No subsignature is configured to match frames by sequence number.
Views
Signature view
Predefined user roles
network-admin
Parameters
seq-value1 [ to seq-value2 ]: Specifies a value range for the sequence number of a frame. The seq-value1 and seq-value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 4095 for both the seq-value1 and seq-value2 arguments, and seq-value2 cannot be smaller than seq-value1.
Examples
# Configure a subsignature to match frames with the sequence number 100.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[wips-sig-rule-1] seq-number 100
signature policy
Use signature policy to create a signature policy and enter its view, or enter the view of an existing signature policy.
Use undo signature policy to remove a signature policy.
Syntax
signature policy policy-name
undo signature policy policy-name
Default
No signature policies exist.
Views
WIPS view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a signature policy name, a case-sensitive string of 1 to 63 characters.
Examples
# Create a signature policy named home and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature policy home
signature rule
Use signature rule to create a signature and enter its view, or enter the view of an existing signature.
Use undo signature rule to remove a signature.
Syntax
signature rule rule-id
undo signature rule rule-id
Default
No signatures exist.
Views
WIPS view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a signature ID in the range of 1 to 65535.
Examples
# Create signature 1 and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
soft-ap
Use soft-ap to configure soft AP detection.
Use undo soft-ap to disable soft AP detection.
Syntax
soft-ap [ convert-time time-value ]
undo soft-ap
Default
Soft AP detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
convert-time time-value: Specifies the interval at which a soft AP switches between its role of client and AP. The value range for the time-value argument is 5 to 600 seconds, and the default is 10 seconds.
Examples
# Enable soft AP detection and set the time-value argument to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] soft-ap convert-time 100
ssid (AP classification rule view)
Use ssid to configure an AP classification rule to match APs by SSID.
Use undo ssid to restore the default.
Syntax
ssid [ case-sensitive ] [ not ] { equal | include } ssid-string
undo ssid
Default
An AP classification rule does not match APs by SSID.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
case-sensitive: Concerns the case of the SSID.
not: Matches SSIDs that are not equal to or do not include the specified SSID.
equal: Matches SSIDs equal to the specified SSID.
include: Matches SSIDs that include the specified SSID.
ssid-string: Specifies an SSID, a case-sensitive string of 1 to 32 characters.
Examples
# Configure AP classification rule 1 to match APs using SSID abc.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] ssid equal abc
ssid (signature view)
Use ssid to configure a subsignature to match frames by SSID.
Use undo ssid to restore the default.
Syntax
ssid [ case-sensitive ] [ not ] { equal | include } string
undo ssid
Default
No subsignature is configured to match frames by SSID.
Views
Signature view
Predefined user roles
network-admin
Parameters
case-sensitive: Concerns the case of the SSID.
not: Matches SSIDs that are not equal to or do not include the specified SSID.
equal: Matches SSIDs equal to the specified SSID.
include: Matches SSIDs that include the specified SSID.
string: Specifies an SSID, a case-sensitive string of 1 to 32 characters.
Examples
# Configure a subsignature to match frames with SSID office for signature 1.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[Sysname-wips-sig-rule-1] ssid equal office
ssid-length
Use ssid-length to configure a subsignature to match frames by SSID length.
Use undo ssid-length to restore the default.
Syntax
ssid-length length-value1 [ to length-value2 ]
undo ssid-length
Default
No subsignature is configured to match frames by SSID length.
Views
Signature rule
Predefined user roles
network-admin
Parameters
length-value1 [ to length-value2 ]: Specifies the value range for the SSID length. The length-value1 and length-value2 arguments specify the start value and end value for the value range, respectively. The value range is 1 to 32 for both the length-value1 and length-value2 arguments, and length-value2 cannot be smaller than length-value1.
Examples
# Configure a subsignature to match frames in which the SSID length is 10.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] signature rule 1
[Sysname-wips-sig-1] ssid-length 10
trust mac-address
Use trust mac-address to add the MAC address of an AP or client to the permitted device list.
Use undo trust mac-address to remove one or all MAC addresses from the permitted device list.
Syntax
trust mac-address mac-address
undo trust mac-address { mac-address | all }
Default
No MAC addresses exist in the permitted device list.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address.
all: Specifies all MAC addresses.
Examples
# Add MAC address 78AC-C0AF-944F to the permitted device list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] trust mac-address 78AC-C0AF-944F
trust oui
Use trust oui to add an OUI to the trusted OUI list.
Use undo trust oui to remove one or all OUIs from the trusted OUI list.
Syntax
trust oui oui
undo trust oui { oui | all }
Default
No OUIs exist in the trusted OUI list.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
oui: Specifies an OUI by its name, a case-insensitive string of 6 characters.
all: Specifies all OUIs.
Examples
# Add OUIs 000fe4 and 000fe5 to the trusted OUI list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] trust oui 000fe4
[Sysname-wips-cls-home] trust oui 000fe5
trust ssid
Use trust ssid to add an SSID to the trusted SSID list.
Use undo trust ssid to remove one or all SSIDs from the trusted SSID list.
Syntax
trust ssid ssid-name
undo trust ssid { ssid-name | all }
Default
No SSIDs exist in the trusted SSID list.
Views
Classification policy view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.
all: Specifies all SSIDs.
Examples
# Add SSID flood1 to the trusted SSID list.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] classification policy home
[Sysname-wips-cls-home] trust ssid flood1
unencrypted-authorized-ap
Use unencrypted-authorized-ap to configure unencrypted authorized AP detection.
Use undo unencrypted-authorized-ap to disable unencrypted authorized AP detection.
Syntax
unencrypted-authorized-ap [ quiet quiet-value ]
undo unencrypted-authorized-ap
Default
Unencrypted authorized AP detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an unencrypted authorized AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an unencrypted authorized AP within the quiet time.
Examples
# Enable unencrypted authorized AP detection and set the quiet time to 10 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] unencrypted-authorized-ap quiet 10
unencrypted-trust-client
Use unencrypted-trust-client to configure unencrypted authorized client detection.
Use undo unencrypted-trust-client to disable unencrypted authorized client detection.
Syntax
unencrypted-trust-client [ quiet quiet-value ]
undo unencrypted-trust-client
Default
Unencrypted authorized client detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an unencrypted authorized client. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an unencrypted authorized client within the quiet time.
Examples
# Enable unencrypted authorized client detection and set the quiet time to 10 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] unencrypted-trust-client quiet 10
up-duration
Use up-duration to configure an AP classification rule to match APs by running time.
Use undo up-duration to restore the default.
Syntax
up-duration value1 [ to value2 ]
undo up-duration
Default
An AP classification rule does not match APs by running time.
Views
AP classification rule view
Predefined user roles
network-admin
Parameters
value1 [ to value2 ]: Specifies the value range for the running time of APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 2592000 seconds for both the value1 and value2 arguments, and value2 must be greater than value1.
Examples
# Configure AP classification rule 1 to match APs with a running time of 2000 to 40000 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] ap-classification rule 1
[Sysname-wips-cls-rule-1] up-duration 2000 to 40000
virtual-security-domain
Use virtual-security-domain to create a VSD and enter its view, or enter the view of an existing VSD.
Use undo virtual-security-domain to remove a VSD.
Syntax
virtual-security-domain vsd-name
undo virtual-security-domain vsd-name
Default
No VSDs exist.
Views
WIPS view
Predefined user roles
network-admin
Parameters
vsd-name: Specifies a VSD name, a case-sensitive string of 1 to 63 characters.
Examples
# Create VSD office and enter its view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] virtual-security-domain office
[Sysname-wips-vsd-office]
weak-iv
Use weak-iv to configure weak IV detection.
Use undo weak-iv to disable weak IV detection.
Syntax
weak-iv [ quiet quiet-value ]
undo weak-iv
Default
Weak IV detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a weak IV. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a weak IV within the quiet time.
Examples
# Enable weak IV detection.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] weak-iv
windows-bridge
Use windows-bridge to configure Windows bridge detection.
Use undo windows-bridge to disable Windows bridge detection.
Syntax
windows-bridge [ quiet quiet-value ]
undo windows-bridge
Default
Windows bridge detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a Windows bridge. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a Windows bridge within the quiet time.
Examples
# Enable Windows bridge detection and set the quiet time to 360 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] windows-bridge quiet 360
wips (system view)
Use wips to enter WIPS view.
Use undo wips to clear all configurations in WIPS view.
Syntax
wips
undo wips
Default
No WIPS view is configured.
Views
System view
Predefined user roles
network-admin
Examples
# Enter WIPS view.
<Sysname> system-view
[Sysname] wips
[Sysname-wips]
wips (radio view)
Use wips enable to enable WIPS.
Use wips disable to disable WIPS.
Use undo wips to restore the default.
Syntax
wips { disable | enable }
undo wips
Default
In radio view, a radio uses the configuration in AP group view.
In AP group radio view, WIPS is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Examples
# Enable WIPS for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] wips enable
# Enable WIPS for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] wips enable
wips virtual-security-domain
Use wips virtual-security-domain to add an AP to a VSD.
Use undo wips virtual-security-domain to remove an AP from the VSD.
Syntax
wips virtual-security-domain vsd-name
undo wips virtual-security-domain
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP group is not added to any VSD.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.
Examples
# Add AP ap1 to VSD office.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-AGN
[Sysname-wlan-ap-ap1] wips virtual-security-domain office
# Add AP group apgroup1 to VSD office.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] wips virtual-security-domain office
wireless-bridge
Use wireless-bridge to configure wireless bridge detection.
Use undo wireless-bridge to disable wireless bridge detection.
Syntax
wireless-bridge [ quiet quiet-value ]
undo wireless-bridge
Default
Wireless bridge detection is disabled.
Views
Attack detection policy view
Predefined user roles
network-admin
Parameters
quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a wireless bridge. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a wireless bridge within the quiet time.
Examples
# Enable wireless bridge detection and set the quiet time to 100 seconds.
<Sysname> system-view
[Sysname] wips
[Sysname-wips] detect policy home
[Sysname-wips-dtc-home] wireless-bridge quiet 100
wlan nat-detect
Use wlan nat-detect enable to enable detection on clients with NAT configured.
Use wlan nat-detect disable to disable detection on clients with NAT configured.
Use undo wlan nat-detect to restore the default.
Syntax
wlan nat-detect { disable | enable }
undo wlan nat-detect
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, detection on clients with NAT configured is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
The device generates an alarm when it detects a client configured with NAT. To view information about detected NAT-configured clients, use the display wlan nat-detect command.
Examples
# Enable detection on clients with NAT configured for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] wlan nat-detect enable
# Enable detection on clients with NAT configured for APs in AP group aaa.
<Sysname> system-view
[Sysname] wlan ap-group aaa
[Sysname-wlan-ap-group-aaa] wlan nat-detect enable
WLAN QoS commands
Only the following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC/3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
bandwidth-guarantee
Use bandwidth-guarantee enable to enable bandwidth guaranteeing.
Use bandwidth-guarantee disable to disable bandwidth guaranteeing.
Use undo bandwidth-guarantee to restore the default.
Syntax
bandwidth-guarantee { disable | enable }
undo bandwidth-guarantee
Default
In radio view:
· If the service template setting in AP group view is used, an AP uses the configuration in AP group radio view.
· If a service template is manually bound to a radio, bandwidth guaranteeing is disabled.
In AP group radio view, bandwidth guaranteeing is disabled.
Views
Radio view
AP group radio view
Predefined user roles
Usage guidelines
This command enables clients that are associated with the same radio to get the guaranteed bandwidth when the network is congested. To set the guaranteed bandwidth, use the bandwidth-guarantee service-template command.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable bandwidth guaranteeing for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] service-template 1
[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee enable
# Enable bandwidth guaranteeing for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] bandwidth-guarantee enable
Related commands
bandwidth-guarantee service-template
bandwidth-guarantee service-template
Use bandwidth-guarantee service-template to set a guaranteed bandwidth percentage for the specified service template.
Use undo bandwidth-guarantee service-template to cancel the guaranteed bandwidth percentage configuration for the specified service template.
Syntax
bandwidth-guarantee service-template service-template-name percent percent
undo bandwidth-guarantee { all | service-template service-template-name }
Default
In radio view:
· If the service template setting in AP group view is used, an AP uses the configuration in AP group radio view.
· If a service template is manually bound to a radio, no guaranteed bandwidth percentage is set for the service template.
In AP group radio view, a service template does not have a guaranteed bandwidth.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
service-template service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. Make sure the specified service template has been bound to the radio.
percent percent: Specifies the percentage of the guaranteed bandwidth to the total bandwidth. The value range for the percent argument is 1 to 100. The total bandwidth represents the maximum bandwidth of the radio. The guaranteed bandwidth represents the minimum bandwidth for the BSS corresponding to the service template.
all: Specifies all service templates.
Usage guidelines
For this command to take effect, make sure the bandwidth guaranteeing feature is enabled.
For all service templates bound to the same radio, the sum of the guaranteed bandwidth percentages cannot exceed 100%.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the guaranteed bandwidth percentage to 30% for service template 1 in radio view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] service-template 1
[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee service-template 1 percent 30
[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee enable
# Set the guaranteed bandwidth percentage to 30% for service template 1 in AP group radio view.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] bandwidth-guarantee enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] service-template 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] bandwidth-guarantee service-template 1 percent 30
Related commands
bandwidth-guarantee
wlan max-bandwidth
cac policy
Use cac policy to configure a Connect Admission Control (CAC) policy.
Use undo cac policy to restore the default.
Syntax
cac policy { channelutilization [ channelutilization-value ] | client [ client-number ] }
undo cac policy
Default
In radio view, an AP uses the configuration in AP group radio view.
In AP group radio view, the client-based admission policy is used, and the maximum number of admitted clients is 20.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
channelutilization: Specifies the channel usage-based admission policy.
channelutilization-value: Specifies the maximum channel usage in percentage, in the range of 0 to 100. The maximum channel usage refers to the medium time of the accepted AC-VO and AC-VI traffic to the valid time within a certain time. The valid time refers to the time available for transmitting and receiving data. By default, the maximum channel usage is 65%.
client: Specifies the client-based admission policy.
client-number: Specifies the maximum number of clients allowed to be connected, in the range of 0 to 124. A client is counted as one client if it is using both the AC-VO and AC-VI queues.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
The CAC policy takes effect only on the AC-VO and the AC-VI queues.
Examples
# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70%.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] cac policy channelutilization 70
# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70% for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] cac policy channelutilization 70
client-rate-limit (radio view/AP group radio view)
Use client-rate-limit to configure radio-based client rate limiting.
Use undo client-rate-limit to restore the default.
Syntax
client-rate-limit { inbound | outbound } mode { dynamic | static } cir cir
undo client-rate-limit { inbound | outbound }
Default
In radio view, an AP uses the configuration in AP group radio view.
In AP group radio view, radio-based client rate is not limited.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
inbound: Limits the rate of incoming traffic.
outbound: Limits the rate of outgoing traffic.
dynamic: Specifies the dynamic rate limit mode. In this mode, the maximum rate for each client is the total maximum rate divided by the number of clients.
static: Specifies the static rate limit mode. The maximum rate for each client is fixed.
cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000. This option sets the maximum rate for each client in static rate limit mode and sets the total maximum rate for all clients in dynamic rate limit mode.
Usage guidelines
For this command to take effect, make sure radio-based client rate limiting is enabled.
The configuration in radio view takes precedence over the configuration in AP group radio view.
You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic.
Examples
# Configure client rate limiting for radio 1 in radio view: set the CIR to 567 Kbps for incoming traffic of each client and set the CIR to 89 Kbps for outgoing traffic of all clients.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-1] client-rate-limit enable
[Sysname-wlan-ap-ap1-1] client-rate-limit inbound mode static cir 567
[Sysname-wlan-ap-ap1-1] client-rate-limit outbound mode dynamic cir 89
# Configure client rate limiting for radio 1 in AP group radio view: set the CIR to 567 Kbps for incoming traffic of each client and set the CIR to 89 Kbps for outgoing traffic of all clients.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client-rate-limit enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client-rate-limit inbound mode static cir 567
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client-rate-limit outbound mode dynamic cir 89
Related commands
client-rate-limit enable { disable | enable }
client-rate-limit (service template view)
Use client-rate-limit to configure service-template-based client rate limiting.
Use undo client-rate-limit to restore the default.
Syntax
client-rate-limit { inbound | outbound } mode { dynamic | static } cir cir
undo client-rate-limit { inbound | outbound }
Default
Service-template-based client rate is not limited.
Views
Service template view
Predefined user roles
network-admin
Parameters
inbound: Limits the rate of incoming traffic.
outbound: Limits the rate of outgoing traffic.
dynamic: Specifies the dynamic rate limit mode. In this mode, the maximum rate for each client is the total maximum rate divided by the number of clients.
static: Specifies the static rate limit mode. The maximum rate for each client is fixed.
cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000. This option sets the maximum rate for each client in static rate limit mode and sets the total maximum rate for all clients in dynamic rate limit mode.
Usage guidelines
For this command to take effect, make sure service-template-based client rate limiting is enabled.
You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic.
Examples
# Configure rate limiting for service template 1: set the CIR to 567 Kbps for each client's incoming traffic.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] client-rate-limit enable
[Sysname-wlan-st-1] client-rate-limit inbound mode static cir 567
Related commands
client-rate-limit enable
client-rate-limit { disable | enable }
Use client-rate-limit enable to enable radio-based client rate limiting.
Use client-rate-limit disable to disable radio-based client rate limiting.
Use undo client-rate-limit to restore the default.
Syntax
client-rate-limit { disable | enable }
undo client-rate-limit
Default
In radio view, an AP uses the configuration in AP group radio view.
In AP group radio view, radio-based client rate limiting is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command limits the traffic rate of the WLAN clients associated with a radio. To set the rate limit direction and rate limit rate, use the client-rate-limit command.
You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable client rate limiting for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] client-rate-limit enable
# Enable client rate limiting for radio 1 of AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client-rate-limit enable
Related commands
client-rate-limit (radio view/AP group radio view)
client-rate-limit enable
Use client-rate-limit enable to enable service-template-based client rate limiting.
Use undo client-rate-limit enable to restore the default.
Syntax
client-rate-limit enable
undo client-rate-limit enable
Default
Service-template-based client rate limiting is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command limits the traffic rate of the WLAN clients associated with a service template. To set the rate limit direction and rate limit rate, use the client-rate-limit command.
You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.
Examples
# Enable client rate limiting for service template 1.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] client-rate-limit enable
Related commands
client-rate-limit (service template view)
display wlan wmm
Use display wlan wmm to display WMM statistics.
Syntax
display wlan wmm { client [ ap ap-name | mac-address mac-address ] | radio [ ap ap-name ] }
Views
Any view
Predefined user roles
Parameters
radio: Displays WMM statistics for radios. If you use this keyword without the ap ap-name option, this command displays WMM statistics for all radios.
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.
Examples
# Display WMM statistics for all radios.
<Sysname> display wlan wmm radio
AP ID : 4 AP name : test
Radio : 1
Client EDCA updates : 0
QoS mode : WMM
WMM status : Enabled
Radio max AIFSN : 15 Radio max ECWmin : 10
Radio max TXOPLimit : 32767 Radio max ECWmax : 10
CAC information
Clients accepted : 0
Voice : 0
Video : 0
Total request medium time(µs) : 0
Voice(µs) : 0
Video(µs) : 0
Calls rejected due to insufficient resources : 0
Calls rejected due to invalid parameters : 0
Calls rejected due to invalid medium time : 0
Calls rejected due to invalid delay bound : 0
Radio : 2
Client EDCA updates : 0
QoS mode : WMM
WMM status: Disabled
Radio max AIFSN : 15 Radio max ECWmin : 10
Radio max TXOPLimit : 32767 Radio max ECWmax : 10
CAC information
Client accepted : 0
Voice : 0
Video : 0
Total request medium time(µs) : 0
Voice(µs) : 0
Video(µs) : 0
Calls rejected due to insufficient resources : 0
Calls rejected due to invalid parameters : 0
Calls rejected due to invalid medium time : 0
Calls rejected due to invalid delay bound : 0
Table 45 Command output
Description |
|
Times that client EDCA parameters have been updated. |
|
WMM. If this field displays N/A, the QoS mode is not available. |
|
· Enabled. · Disabled. |
|
Maximum AIFSN that the radio supports. |
|
Maximum ECWmin that the radio supports. |
|
Radio max TXOPLimit |
Maximum TXOPLimit that the radio supports. |
Maximum ECWmax that the radio supports. |
|
Total request medium time for AC-VO and AC-VI queues, in microseconds. |
# Display WMM statistics for all clients.
<Sysname> display wlan wmm client
MAC address : 000f-e23c-0001 SSID : service
QoS mode : WMM
APSD information :
Max SP length : 7
L: Legacy T: Trigger D: Delivery
AC AC-BK AC-BE AC-VI AC-VO
Assoc State T|D L T|D T|D
Statistics information :
Uplink packets : 0 Downlink packets : 0
Uplink bytes : 0 Downlink bytes : 0
Downgrade packets : 0 Discarded packets : 0
Downgrade bytes : 0 Discarded bytes : 0
TS information:
AC : AC-VO User priority : 7
TID : 1 Direction : Bidirectional
PSB : 0 Surplus bandwidth allowance : 1.0000
Medium time (µs) : 39 MSDU size (bytes) : 1500
Mean data rate (Kbps) : 10.000 Minimum PHY rate (Mbps) : 11.000
TS creation time : 0h:0m:5s
TS updating time : 0h:0m:5s
Uplink TS packets : 0 Downlink TS packets : 0
Uplink TS bytes : 0 Downlink TS bytes : 0
Table 46 Command output
Field |
Description |
QoS mode |
· WMM. · -NA-. |
Maximum service period (SP) length. |
|
· AC-VO. · AC-VI. · AC-BE. · AC-BK. |
|
Assoc state |
APSD attribute for an AC queue: · T—The AC queue is trigger-enabled. · D—The AC queue is delivery-enabled. · T | D—The AC queue is both trigger-enabled and delivery-enabled. · L—The AC queue is of legacy attributes. |
User priority for packets from wired networks. |
|
Traffic identifier, in the range of 0 to 15. |
|
Traffic direction: · Uplink. · Downlink. · Bidirectional. |
|
PSB |
Power save behavior: · 1—U-APSD power saving mode. · 0—Traditional power saving mode. |
Surplus bandwidth allowance |
Surplus bandwidth allowance in percentage. |
Permitted medium time in microseconds. |
|
MSDU size |
Average MSDU size in bytes. |
Average data transmission rate in Kbps. |
|
Minimum physical transmission rate in Mbps. |
Related commands
edca client (ac-be and ac-bk)
Use edca client to set EDCA parameters of AC-BE or AC-BK queues for clients.
Use undo edca client to restore the default.
Syntax
edca client { ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *
undo edca client { ac-be | ac-bk }
Default
In radio view, an AP uses the configuration in AP group radio view.
In AP group radio view, the default EDCA parameter values of AC-BE or AC-BK queues for clients are shown in Table 47.
Table 47 Default EDCA parameter values of AC-BE or AC-BK queues for clients
AC |
AIFSN |
ECWmin |
ECWmax |
TXOP Limit |
AC-BK |
7 |
4 |
10 |
0 |
AC-BE |
3 |
4 |
10 |
0 |
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
ac-be: Specifies the AC-BE (best-effort traffic) queue.
ac-bk: Specifies the AC-BK (background traffic) queue.
aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.
ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.
ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.
txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value, in the range of 0 to 65535 (in units of 32 microseconds). If the value is 0, a client can send only one packet each time it holds the channel.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
As a best practice, set the TXOP Limit value to 0 for both the AC-BE and AC-BK queues if all the clients are 802.11b clients.
As a best practice, use the default TXOPLimit values for both the AC-BK and AC-BE queues if both 802.11b and 802.11g clients exist in the WLAN.
Examples
# Set the AIFSN to 5 for the AC-BE queue.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] edca client ac-be aifsn 5
# Set the AIFSN to 5 for the AC-BE queue for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] edca client ac-be aifsn 5
edca client (ac-vi and ac-vo)
Use edca client to set EDCA parameters of AC-VI or AC-VO queues for clients.
Use undo edca client to restore the default.
Syntax
edca client { ac-vi | ac-vo } { aifsn aifsn-value | cac { disable | enable } | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *
undo edca client { ac-vi | ac-vo }
Default
In radio view, an AP uses the configuration in AP group radio view.
In AP group radio view, the default EDCA parameter values of AC-VI or AC-VO queues for clients are shown in Table 48.
Table 48 Default EDCA parameter values of AC-VI or AC-VO queues for clients
AC |
AIFSN |
ECWmin |
ECWmax |
TXOP Limit |
AC-VI |
2 |
3 |
4 |
94 |
AC-VO |
2 |
2 |
3 |
47 |
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
ac-vi: Specifies the AC-VI (video traffic) queue.
ac-vo: Specifies the AC-VO (voice traffic) queue.
aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.
cac: Specifies CAC. The AC-VO and AC-VI queues support CAC. CAC is disabled by default.
disable: Disables CAC.
enable: Enables CAC.
ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.
ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.
txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value, in the range of 0 to 65535 (in units of 32 microseconds). If the value is 0, a client can send only one packet each time it holds the channel.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
As a best practice, set the TXOPLimit value to 188 and 102 for the AC-VI and AC-VO queues, respectively when all the clients are 802.11b clients.
As a best practice, use the default TXOPLimit values for both the AC-VI and AC-VO queues if both 802.11b and 802.11g clients exist in the WLAN.
Examples
# Set the AIFSN to 3 for the AC-VO queue.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] edca client ac-vo aifsn 3
# Set the AIFSN to 3 for the AC-VO queue for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] edca client ac-vo aifsn 3
edca radio
Use edca radio to set EDCA parameters.
Use undo edca radio to restore the default.
Syntax
edca radio { ac-be | ac-bk | ac-vi | ac-vo } { ack-policy { noack | normalack } | aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | noack | txoplimit txoplimit-value } *
undo edca radio { ac-be | ac-bk | ac-vi | ac-vo }
Default
In radio view, the AP uses the configuration in AP group radio view.
In AP group radio view, the default EDCA parameter values are shown in Table 49.
Table 49 Default EDCA parameter values
AC |
AIFSN |
ECWmin |
ECWmax |
TXOP Limit |
AC-BK |
7 |
4 |
10 |
0 |
AC-BE |
3 |
4 |
6 |
0 |
AC-VI |
1 |
3 |
4 |
94 |
AC-VO |
1 |
2 |
3 |
47 |
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
ac-be: Specifies the AC-BE (best-effort traffic) queue.
ac-bk: Specifies the AC-BK (background traffic) queue.
ac-vi: Specifies the AC-VI (video traffic) queue.
ac-vo: Specifies the AC-VO (voice traffic) queue.
ack-policy: Specifies the ACK policy for the AC queue.
noack: Specifies the No ACK policy.
normalack: Specifies the Normal ACK policy (the default).
aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.
ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin). The value range for the ecwmin-value argument is 0 to 10.
ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax). The value range for the ecwmax-value argument is 0 to 10. The value of ECWmax cannot be smaller than the value of ECWmin.
txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value in units of 32 microseconds. The value range for the txoplimit-value argument is 0 to 32767. If the value is 0, a client can send only one packet each time it holds the channel.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
As a best practice, set TXOP Limit values for AC-BK, AC-BE, AC-VI, and AC-VO queues to 0, 0, 188, and 102, respectively for 802.11b radios.
Examples
# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] edca radio ac-vo aifsn 2
# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2 for AP group apgroup1.
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] edca radio ac-vo aifsn 2
qos priority
Use qos priority to set the port priority.
Use undo qos priority to restore the default.
Syntax
Default
The port priority is 0.
Views
Service template view
Predefined user roles
Parameters
priority-value: Specifies the port priority in the range of 0 to 7. A larger value represents a higher priority.
Usage guidelines
When the port trust mode is enabled, an AP assigns the port priority to all packets for the service template.
This command does not take effect when the packet trust mode is enabled.
Examples
# Set the port priority to 2 for service template 1.
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] qos priority 2
Related commands
qos trust
Use qos trust to configure the trusted packet priority type.
Use undo qos trust to restore the default.
Syntax
Default
The port priority is trusted.
Views
Service template view
Predefined user roles
Parameters
dot11e: Uses the 802.1e priority carried in packets for priority mapping.
dscp: Uses the DSCP priority carried in packets for priority mapping.
Usage guidelines
This feature takes effect only on uplink packets.
Examples
# Configure service template 1 to use the 802.1e priority carried in packets for priority mapping.
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] qos trust dot11e
Related commands
reset wlan wmm
Use reset wlan wmm to clear WMM statistics.
Syntax
reset wlan wmm { client [ ap ap-name | mac-address mac-address ] | radio [ ap ap-name ] }
Views
User view
Predefined user roles
network-admin
Parameters
client: Clears WMM statistics for clients. If you use this keyword without the ap ap-name or mac-address mac-address option, this command clears WMM statistics for all clients.
radio: Clears WMM statistics for radios. If you use this keyword without the ap ap-name option, this command clears WMM statistics for all radios.
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.
Examples
# Clear WMM statistics for all radios.
<Sysname> reset wlan wmm radio
Related commands
svp map-ac
Use svp map-ac to map SVP packets to the specified AC queue.
Use svp map-ac disable to disable SVP mapping.
Use undo svp map-ac to restore the default.
Syntax
svp map-ac { ac-vi | ac-vo }
svp map-ac disable
undo svp map-ac
Default
In radio view, an AP uses the configuration in AP group radio view.
In AP group radio view, SVP mapping is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
ac-vi: Specifies the AC-VI (video traffic) queue.
ac-vo: Specifies the AC-VO (voice traffic) queue.
Usage guidelines
SVP mapping takes effect only on non-WMM clients.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Map SVP packets to the AC-VO queue.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] svp map-ac ac-vo
# Map SVP packets to the AC-VO queue for AP group apgroup1.
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] svp map-ac ac-vo
wlan client-rate-limit
Use wlan client-rate-limit to configure client-type-based client rate limiting.
Use undo wlan client-rate-limit to remove the configuration.
Syntax
wlan client-rate-limit { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } { inbound | outbound } cir cir [ cbs cbs ]
undo wlan client-rate-limit [ { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } [ inbound | outbound ] ]
Default
Client-type-based client rate is not limited.
Views
System view
Predefined user roles
network-admin
Parameters
dot11a: Specifies 802.11a clients.
dot11ac: Specifies 802.11ac clients.
dot11an: Specifies 802.11an clients.
dot11b: Specifies 802.11b clients.
dot11g: Specifies 802.11g clients.
dot11gac: Specifies 802.11gac clients.
dot11gn: Specifies 802.11gn clients.
inbound: Limits the rate of incoming traffic.
outbound: Limits the rate of outgoing traffic.
cir cir: Specifies the CIR in Kbps for each client. The value range for the cir argument is 1 to 2097152.
cbs byte: Specifies the CBS in bytes for each client. The value range for the byte argument is 1 to 268435456. If you do not specify this option, the value of CBS is automatically calculated from the value of CIR.
Usage guidelines
You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.
Examples
# Set the rate limit to 20480 Kbps for incoming traffic of 802.11an clients.
<Sysname> system-view
[Sysname] wlan client-rate-limit dot11an inbound cir 20480
wlan max-bandwidth
Use wlan max-bandwidth to set the maximum bandwidth for a radio mode.
Use undo wlan max-bandwidth to restore the default setting for one radio mode or for all radio modes.
Syntax
wlan max-bandwidth { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } bandwidth
undo wlan max-bandwidth [ dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn ]
Default
The following maximum bandwidth settings apply:
· 30000 Kbps for dot11a and dot11g.
· 250000 Kbps for dot11an, dot11gn, and dot11gac.
· 500000 Kbps for dot11ac.
· 7000 Kbps for dot11b.
Views
System view
Predefined user roles
network-admin
Parameters
dot11a: Specifies the 802.11a radio mode.
dot11ac: Specifies the 802.11ac radio mode.
dot11an: Specifies the 802.11an radio mode.
dot11b: Specifies the 802.11b radio mode.
dot11g: Specifies the 802.11g radio mode.
dot11gac: Specifies the 802.11gac radio mode.
dot11gn: Specifies the 802.11gn radio mode.
bandwidth: Specifies the maximum bandwidth in Kbps. The value range varies as follows depending on radio modes:
· 16 to 30000 for dot11a and dot11g.
· 16 to 250000 for dot11an, dot11gn, and dot11gac.
· 16 to 500000 for dot11ac.
· 16 to 7000 for dot11b.
Usage guidelines
The maximum bandwidth is used to calculate the guaranteed bandwidth.
Examples
# Set the maximum bandwidth to 2000 Kbps for 802.11ac.
<Sysname> system-view
[Sysname] wlan max-bandwidth dot11ac 2000
wmm
Use wmm enable to enable WMM.
Use wmm disable to disable WMM.
Use undo wmm to restore the default.
Syntax
wmm { disable | enable }
undo wmm
Default
In radio view, an AP uses the configuration in AP group radio view.
In AP group radio view, WMM is enabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
All 802.11n clients must support WLAN QoS. For 802.11n clients to communicate with the associated AP, enable WMM when the radio operates in 802.11an or 802.11gn mode.
Examples
# Disable WMM.
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] wmm disable
# Disable WMM for AP group apgroup1.
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] wmm disable
WLAN roaming commands
Only the following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC/3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
display wlan mobility roam-track mac-address
Use display wlan mobility roam-track mac-address to display roaming information for a client on the AC.
Syntax
display wlan mobility roam-track mac-address mac-address
Views
Any view
Predefined user roles
Parameters
mac-address mac-address: Specifies a client by its MAC address, in the form of H-H-H.
Usage guidelines
Roaming information is displayed in sequence. The most recent roam-track information is displayed the first.
Examples
# Display roaming information for the specified client on the Home AC.
<Sysname> display wlan mobility roam-track mac-address 5250-0012-0411
Total entries: 2
BSSID Created at Online time AC IP address RID AP name
3ce5-a68d-2280 2016-06-14 11:12:28 00hr 48min 46sec 192.168.0.2 2 ap1
0026-3e08-1150 2016-06-14 11:12:05 00hr 40min 46sec 127.0.0.1 2 ap2
Table 50 Command output
Field |
Description |
BSSID |
BSSID of the AP with which the client is associated. |
Created at |
Time when a roam-track entry was created for the client. |
Online time |
Online time of the client. |
AC IP address |
IP address of the AC with which the client is associated. |
RID |
ID of the radio with which the client is associated. |
AP name |
Name of the AP with which the client is associated. |
snmp-agent trap enable wlan mobility
Use snmp-agent trap enable wlan mobility to enable SNMP notifications for WLAN roaming.
Use undo snmp-agent trap enable wlan mobility to disable SNMP notifications for WLAN roaming.
Syntax
snmp-agent trap enable wlan mobility
undo snmp-agent trap enable wlan mobility
Default
SNMP notifications are disabled for WLAN roaming.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical WLAN roaming events to an NMS, enable SNMP notifications for WLAN roaming. For WLAN roaming event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.
Examples
# Enable SNMP notifications for WLAN roaming.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan mobility
WLAN radio resource measurement commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
display wlan measure-report
Use display wlan measure-report to display measurement reports for clients.
Syntax
display wlan measure-report ap ap-name radio radio-id [ client mac-address mac-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Specifies a radio by its number. The value range varies by device model.
client mac-address mac-address: Specifies a client by its MAC address. If you do not specify a client, this command displays measurement reports for all clients.
Examples
# Display measurement reports for clients associated with radio 2 of AP ap1.
<Sysname> display wlan measure-report ap ap1 radio 2
Total number of clients: 1
Client MAC address : 0aef-e760-3587
Link measurement:
Link margin : 2 dBm
RCPI : -85 dBm
RSNI : 53 dBm
Noise histogram:
Antenna ID : 3
ANPI : -56 dBm
IPI0 to IPI10 density : 5 12 16 13 8 5 5 15 17 1 3
Spectrum measurement:
Transmit power : 20 dBm
BSS : Detected
OFDM preamble : Detected
Radar : Detected
Unidentified signal : Undetected
CCA busy fraction : 60
RPI0 to RPI7 density : 3 7 11 19 15 23 15 7
Frame report entry:
BSSID : a072-2351-e253
PHY type : fhss
Average RCPI : -10 dBm
Last RSNI : 2 dBm
Last RCPI : -20 dBm
Frames : 1
Dot11BSSAverageAccessDelay group:
Average access delay : 32 ms
BestEffort average access delay : 1 ms
Background average access delay : 1 ms
Video average access delay : 1 ms
Voice average access delay : 1 ms
Clients : 32
Channel utilization rate : 11
Transmit stream:
Traffic ID : 0
Sent MSDUs : 60
Discarded MSDUs : 5
Failed MSDUs : 3
MSDUs resent multiple times : 3
Lost QoS CF-Polls : 2
Average queue delay : 2 ms
Average transmit delay : 1 ms
Bin0 range : 0 to 10 ms
Bin0 to Bin5 : 5 10 10 5 10 10
Table 51 Command output
Field |
Description |
Gap between the received RSSI and the lowest available RSSI. |
|
RCPI |
Received Channel Power Indicator. |
RSNI |
Received Signal to Noise Indicator. |
ANPI |
Average Noise Power Indicator during the measurement. |
IPI0 to IPI10 density |
Percentage of time for different IPI ranges to the total measurement period. IPIn represents an IPI range. The value for n is in the range of 1 to 10: · 0: IPI <= –92 dBm. · 1: –92 dBm < IPI <= –89 dBm. · 2: –89 dBm < IPI <= –86 dBm. · 3: –86 dBm < IPI <= –83 dBm. · 4: –83 dBm < IPI <= –80 dBm. · 5: –80 dBm < IPI <= –75 dBm · 6: –75 dBm < IPI <= –70 dBm. · 7: –70 dBm < IPI <= –65 dBm. · 8: –65 dBm < IPI <= –60 dBm. · 9: –60 dBm < IPI <= –55 dBm. · 10: –55 dBm < IPI. |
Transmit power |
Transmission power of the client. |
BSS |
Whether the client has detected wireless packets from other BSSs. |
OFDM preamble |
Whether the client has detected OFDM preambles. |
Radar |
Whether the client has detected radar signals. |
Unidentified signal |
Whether the client has detected unknown signals. |
CCA busy fraction |
CCA utilization is expressed as a percentage of time that the channel is busy (during the measurement period). |
RPI0 to RPI7 density |
Percentage of time that each RPI was used during the measurement period. RPIn represents a RPI range. The value for n is in the range of 1 to 7: · 0: RPI <= –87 dBm. · 1: –87 dBm < RPI <= –82 dBm. · 2: –82 dBm < RPI <= –77 dBm. · 3: –77 dBm < RPI <= –72 dBm. · 4: –72 dBm < RPI <= –67 dBm. · 5: –67 dBm < RPI <= –62 dBm. · 6: –62 dBm < RPI <= –57 dBm. · 7: –57 dBm < RPI. |
PHY type |
Physical media type: · fhss. · dsss. · irbaseband. · ofdm. · hrdsss. · erp. |
Frames |
Number of frames from the same MAC address and BSSID during the measurement. |
Bin0 range |
Value range for Bin0. |
Bin0 to Bin5 |
Number of successfully sent MSDUs for each average delay range. Binx represents an average delay range. The value for x is in the range of 0 to 5: · Bin0: Delay< 10 ms. · Bin1: 10 ms <= Delay < 20 ms. · Bin2: 20 ms <= Delay < 40 ms. · Bin3: 40 ms <= Delay < 80 ms. · Bin4: 80 ms <= Delay < 160 ms. · Bin5: 160 ms <= Delay. |
measure
Use measure enable to enable the specified measurement feature or all measurement features.
Use measure disable to disable the specified measurement feature or all measurement features.
Use undo measure to restore the default.
Syntax
measure { all | link | neighbor | radio | spectrum | tpc } { disable | enable }
undo measure
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, measurement is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
all: Specifies all measurement features.
link: Specifies link measurement. Link measurement measures RCPI, RSNI, and link redundancy for the requested link.
neighbor: Specifies neighbor measurement. Neighbor measurement measures the channel and BSSID of neighbor APs.
radio: Specifies radio measurement. Radio measurement measures channel load, noise histogram, beacons, frames, station statistics, locations, and transmit streams.
spectrum: Specifies spectrum measurement, which includes basic measurement, Clear Channel Assessment (CCA) measurement, and Receive Power Indication (RPI) measurement.
tpc: Specifies TPC measurement. TPC measurement measures link redundancy and transmission power for clients.
Usage guidelines
You must enable radio resource measurement if you enable link, neighbor, or radio measurement.
You must enable spectrum management if you enable spectrum or TPC measurement. For more information about spectrum management, see WLAN Configuration Guide (AC).
The spectrum and tpc keywords are available only for 5 GHz radios.
Examples
# Enable spectrum measurement for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] measure spectrum enable
# Enable spectrum measurement for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] measure spectrum enable
Related commands
measure-duration
measure-interval
resource-measure
spectrum-management
measure-duration
Use measure-duration to set the measurement duration.
Use undo measure-duration to restore the default.
Syntax
measure-duration time
undo measure-duration
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, the measurement duration is 500 TUs.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
time: Specifies the measurement duration in the range of 1 to 10000 TUs. One TU is equal to 1024 microseconds.
Usage guidelines
When measurement is enabled on an AP, the AP adds the measurement duration in the measurement requests sent to clients.
Examples
# Set the measurement duration to 512 TUs for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] measure-duration 512
# Set the measurement duration to 512 TUs for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] measure-duration 512
Related commands
measure
measure-interval
measure-interval
Use measure-interval to set the measurement interval for an AP to send measurement requests to clients.
Use undo measure-interval to restore the default.
Syntax
measure-interval interval
undo measure-interval
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, the measurement interval is 30 seconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
interval: Specifies the measurement interval in the range of 10 to 60 seconds.
Examples
# Set the measurement interval to 35 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] measure-interval 35
# Set the measurement interval to 35 seconds for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] measure-interval 35
Related commands
measure
measure-duration
resource-measure
Use resource-measure enable to enable radio resource measurement.
Use resource-measure disable to disable radio resource measurement.
Use undo resource-measure to restore the default.
Syntax
resource-measure { disable | enable }
undo resource-measure
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, radio resource measurement is disabled.
Views
Radio view
AP group view
Predefined user roles
network-admin
Usage guidelines
When radio measurement is enabled on an AP, the AP sets the Radio Measurement field to 1 in beacons, probe responses, association responses, or reassociation responses. It notifies the clients that they can send measurement requests. These frames also carry measurement capabilities of the AP to inform clients of measurement types that the AP supports.
The AP periodically sends Measurement Pilot frames to help clients fast discover the AP. Measurement Pilot frames are sent more frequently than beacons and carry less information.
Examples
# Enable radio resource measurement for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] resource-measure enable
# Enable radio resource measurement for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] resource-measure enable
rm-capability mode
Use rm-capability mode to set the match mode for client radio resource measurement capabilities.
Use undo rm-capability mode to restore the default.
Syntax
rm-capability mode { all | none | partial }
undo rm-capability mode
Default
In radio view, an AP uses the configuration in AP group view.
In AP group radio view, the match mode is none for client radio resource measurement capabilities.
Views
Radio view
AP group view
Predefined user roles
network-admin
Parameters
all: Specifies the all mode. A client is allowed to associate with an AP only when all its radio resource measurement capabilities match the AP's radio resource measurement capabilities.
none: Specifies the none mode. The AP does not check client radio resource measurement capabilities.
partial: Specifies the partial mode. A client is allowed to associate with an AP as long as one of its radio resource measurement capabilities matches any of the AP's radio resource measurement capabilities.
Usage guidelines
The configuration takes effect only when radio resource measurement is enabled.
Examples
# Set the match mode to partial for client radio resource measurement capabilities for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] resource-measure enable
[Sysname-wlan-ap-ap1-radio-2] rm-capability mode partial
# Set the match mode to partial for client radio resource measurement capabilities for AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] rm-capability mode partial
Related commands
resource-measure
Channel scanning commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
scan channel blacklist
Use scan channel blacklist to configure the channel scanning blacklist.
Use undo scan channel blacklist to remove the specified channels from the channel scanning blacklist.
Syntax
scan channel blacklist channel-list
undo scan channel blacklist { channel-list | all }
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, no channel scanning blacklist exists.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
channel-list: Specifies channels by their channel numbers in the range of 1 to 165.
all: Specifies all channels in the channel scanning blacklist.
Usage guidelines
After you configure the channel scanning blacklist for an AP, the AP will not scan non-working channels in the blacklist. You cannot configure both the channel scanning blacklist and whitelist for the same AP. Before configuring the channel scanning blacklist, remove all channels in the channel scanning whitelist.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Add channels 1 and 6 to the channel scanning blacklist for AP 1.
<Sysname> system-view
[Sysname] wlan ap 1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] scan channel blacklist 1 6
# Add channels 1 and 6 to the channel scanning blacklist for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 2
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-2] scan channel blacklist 1 6
scan channel whitelist
Use scan channel whitelist to configure the channel scanning whitelist.
Use undo scan channel whitelist to remove the specified channels from the channel scanning whitelist.
Syntax
scan channel whitelist channel-list
undo scan channel whitelist { channel-list | all }
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, no channel scanning whitelist exists.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
channel-list: Specifies channels by their channel numbers in the range of 1 to 165.
all: Specifies all channels in the channel scanning whitelist.
Usage guidelines
After you configure the channel scanning whitelist for an AP, the AP will scan only channels in the whitelist and the working channel. You cannot configure both the channel scanning blacklist and whitelist for the same AP. Before configuring the channel scanning whitelist, remove all channels in the channel scanning blacklist.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Add channels 1 and 6 to the channel scanning whitelist for AP 1.
<Sysname> system-view
[Sysname] wlan ap 1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] scan channel whitelist 1 6
# Add channels 1 and 6 to the channel scanning whitelist for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 2
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-2] scan channel whitelist 1 6
scan idle-time
Use scan idle-time to set the service idle timeout timer.
Use undo scan idle-time to restore the default.
Syntax
scan idle-time idle-time
undo scan idle-time
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the service idle timeout timer is 100 milliseconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
idle-time: Specifies the service idle timeout timer in the range of 60 to 5000 milliseconds. The service idle timeout timer cannot be greater than the maximum service period.
Usage guidelines
During a service period, an AP does not begin a new scanning period until the current service period exceeds the scanning period even if the specified service idle timeout expires.
The service idle timeout timer must be a multiple of the beacon interval. The value of the beacon interval is used as the service idle timeout timer if the service idle timeout timer is smaller than the beacon interval.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the service idle timeout timer to 500 milliseconds for AP 1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] scan idle-time 500
# Set the service idle timeout timer to 500 milliseconds for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-1] scan idle-time 500
Related commands
beacon interval
scan max-service-time
Use scan max-service-time to set the maximum service period.
Use undo scan max-service-time to restore the default.
Syntax
scan max-service-time { max-service-time | no-limit }
undo scan max-service-time
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the maximum service period is 5000 milliseconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
max-service-time: Specifies the maximum service period in the range of 100 to 5000 milliseconds.
no-limit: Configures the radio to not limit the service period. Specify this keyword to ensure wireless service quality. The AP does not start a scanning period unless the service idle timeout expires.
Usage guidelines
When the maximum service period for an AP is reached, the AP begins a scanning period regardless of whether it has traffic to forward.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the maximum service period to 3000 milliseconds for AP 1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] scan max-service-time 3000
# Set the maximum service period to 3000 milliseconds for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-1] scan max-service-time 3000
scan mode all
Use scan mode all enable to enable an AP to scan all channels.
Use scan mode all disable to disable an AP from scanning all channels.
Use undo scan mode to restore the default.
Syntax
scan mode all { disable | enable }
undo scan mode
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, a radio does not scan all channels.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
This command is applicable only to dual-band radios.
After you configure this command for an AP, the AP alternatively scans 2.4 GHz channels and 5 GHz channels at the specified interval.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable AP ap1 to scan all channels.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4330-ACN
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] scan mode all enable
This operation will affect WLAN access and RRM. Are you sure you want to perform
this operation?[Y/N]:Y
# Enable APs with model WA4330-ACN in AP group 10 to scan all channels.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA4330-ACN
[Sysname-wlan-ap-group-10-ap-model-WA4330-ACN] radio 2
[Sysname-wlan-ap-group-10-ap-model-WA4330-ACN-radio-2] scan mode all enable
This operation will affect WLAN access and RRM. Are you sure you want to perform
this operation?[Y/N]:Y
scan mode all interval
Use scan mode all interval to set the interval for an AP to scan all channels.
Use undo scan mode interval to restore the default.
Syntax
scan mode all interval interval-value
undo scan mode all interval
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the interval for an AP to alternatively scan 2.4 GHz channels and 5 GHz channels is 3000 milliseconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the interval for an AP to alternatively scan 2.4 GHz channels and 5 GHz channels, in the range of 2000 to 10000 milliseconds.
Examples
# Set the interval for an AP to alternatively scan 2.4 GHz channels and 5 GHz channels to 5000 milliseconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4330-ACN
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] scan mode all interval 5000
# Set the interval for an AP to alternatively scan 2.4 GHz channels and 5 GHz channels to 5000 milliseconds for APs with model WA4330-ACN in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA4330-ACN
[Sysname-wlan-ap-group-1-WA4330-ACN] radio 2
[Sysname-wlan-ap-group-1-WA4330-ACN-radio-2] scan mode all interval 5000
scan scan-time
Use scan scan-time to set the scanning period.
Use undo scan scan-time to restore the default.
Syntax
scan scan-time scan-time
undo scan scan-time
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, the scanning period is 100 milliseconds.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
scan-time: Specifies the scanning period in the range of 100 to 5000 milliseconds. The scanning period cannot be greater than the maximum service period.
Usage guidelines
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the scanning period to 500 milliseconds for AP 1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] scan scan-time 500
# Set the scanning period to 500 milliseconds for APs with model WA4320i-ACN in AP group 10.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-1] scan scan-time 500
Band navigation commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
band-navigation
Use band-navigation enable to enable band navigation for an AP or AP group.
Use band-navigation disable to disable band navigation for an AP or AP group.
Use undo band-navigation to restore the default.
Syntax
band-navigation { disable | enable }
undo band-navigation
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, band navigation is enabled for an AP group.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
Band navigation takes effect on an AP only after you enable band navigation both globally and for the AP.
Examples
# Enable band navigation for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] band-navigation enable
# Enable band navigation for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] band-navigation enable
Related commands
wlan band-navigation enable
wlan band-navigation aging-time
Use wlan band-navigation aging-time to set the client information aging time.
Use undo wlan band-navigation aging-time to restore the default.
Syntax
wlan band-navigation aging-time aging-time
undo wlan band-navigation aging-time
Default
The client information aging time is 180 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the client information aging time in the range of 10 to 600 seconds.
Usage guidelines
When an AP receives an association request from a client, the AP records the client's information and starts the client information aging timer. If the AP receives a probe request or association request from the client before the aging timer expires, the AP refreshes the client information and resets the client information aging timer. If the AP does not receive any probe requests or association requests from the client before the aging timer expires, the AP deletes the client's information.
Configure an appropriate client information aging time to ensure both client association and system resource efficiency.
Examples
# Set the client information aging time to 50 seconds.
<Sysname> system-view
[Sysname] wlan band-navigation aging-time 50
wlan band-navigation balance access-denial
Use wlan band-navigation balance access-denial to set the maximum number of denials for 5 GHz association requests.
Use undo wlan band-navigation balance access-denial to restore the default.
Syntax
wlan band-navigation balance access-denial access-denial
undo wlan band-navigation balance access-denial
Default
The maximum number of denials is 1 for 5 GHz association requests.
Views
System view
Predefined user roles
network-admin
Parameters
access-denial: Specifies the maximum number of denials for 5 GHz association requests, in the range of 1 to 10.
Usage guidelines
If the number of times that a 5 GHz radio rejects a client reaches the specified maximum number, the radio accepts the association request of the client.
Examples
# Set the maximum number of denials to 5 for 5 GHz association requests.
<Sysname> system-view
[Sysname] wlan band-navigation balance access-denial 5
wlan band-navigation balance session
Use wlan band-navigation balance session to configure load balancing for band navigation.
Use undo wlan band-navigation balance session to restore the default.
Syntax
wlan band-navigation balance session session [ gap gap ]
undo wlan band-navigation balance session
Default
Load balancing is disabled for band navigation.
Views
System view
Predefined user roles
network-admin
Parameters
session: Specifies the client number threshold for the 5 GHz radio, in the range of 2 to 40.
gap: Specifies the threshold for the client number gap between the 5 GHz radio and the radio that has the fewest clients. The value range for this argument is 1 to 8 and the default value is 4.
Usage guidelines
If you enable band navigation but do not enable load balancing, the AC directs dual-band clients to the 5 GHz radio.
The AP rejects the 5 GHz association request of a client when the following conditions are met:
· The number of clients on the 5 GHz radio reaches the specified threshold.
· The client number gap between the 5 GHz radio and the radio that has the fewest clients reaches the specified threshold.
Examples
# Enable load balancing for band navigation, and set the client number threshold and session gap threshold to 10 and 5, respectively.
<Sysname> system-view
[Sysname] wlan band-navigation balance session 10 gap 5
wlan band-navigation enable
Use wlan band-navigation enable to enable band navigation globally.
Use undo wlan band-navigation enable to restore the default.
Syntax
wlan band-navigation enable
undo wlan band-navigation enable
Default
Band navigation is disabled globally.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For band navigation to take effect, make sure fast association is disabled for the wireless service that the clients use.
Band navigation takes effect on an AP only when you enable band navigation both globally and for the AP.
Examples
# Enable band navigation globally.
<Sysname> system-view
[Sysname] wlan band-navigation enable
Related commands
band-navigation
quick-association enable
wlan band-navigation rssi-threshold
Use wlan band-navigation rssi-threshold to set the received signal strength indicator (RSSI) threshold for band navigation.
Use undo wlan band-navigation rssi-threshold to restore the default.
Syntax
wlan band-navigation rssi-threshold rssi-threshold
undo wlan band-navigation rssi-threshold
Default
The RSSI threshold for band navigation is 15.
Views
System view
Predefined user roles
network-admin
Parameters
rssi-threshold: Specifies the RSSI threshold for band navigation, in the range of 5 to 100.
Usage guidelines
A client might be detected by multiple radios. A 5 GHz radio rejects the association request of a client if the client's RSSI is lower than the band navigation RSSI threshold.
Examples
# Set the RSSI threshold for band navigation to 40.
<Sysname> system-view
[Sysname] wlan band-navigation rssi-threshold 40
WLAN multicast optimization commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
display wlan ipv6 multicast-optimization entry
Use display wlan ipv6 multicast-optimization entry to display IPv6 multicast optimization entry information.
Syntax
display wlan ipv6 multicast-optimization entry [ client mac-address [ group group-ip [ source source-ip ] ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
client mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries.
group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries for the specified client.
source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries for the specified multicast group to which the specified client belongs.
Examples
# Display information about all IPv6 multicast optimization entries.
<Sysname> display wlan ipv6 multicast-optimization entry
Total 2 clients reported
Client: 0000-0000-0001
Reported from AP 1 on radio 1
Total number of groups: 1
Group: FF25::1
Version: MLDv2
Mode: Include
Duration: 00h 02m 03s
Sources: 3
Source: 1::1
Duration: 00h 02m 03s
Source: 1::2
Duration: 00h 02m 15s
Source: 1::3
Duration: 00h 02m 45s
Client: 0000-0000-0002
Reported from AP 1 on radio 1
Total number of groups: 1
Group: FF25::2
Version: MLDv2
Mode: Include
Duration: 00h 01m 09s
Sources: 3
Source: 1::1
Duration: 00h 01m 11s
Source: 1::2
Duration: 00h 01m 09s
Source: 1::3
Duration: 00h 01m 45s
Table 52 Command output
Field |
Description |
Total 2 clients reported |
Number of clients in the multicast optimization entry table. |
Client |
MAC address of the client. |
Group |
Multicast group address. |
Version |
Version of the multicast group: · MLDv1. · MLDv2. |
Mode |
WLAN multicast optimization mode of the multicast group: · Include—Multicast packets destined to the multicast group are converted to unicast packets if the multicast source address exists in the source address list obtained from MLDv2 reports. · Exclude—Multicast packets destined to the multicast group are not converted to unicast packets if the multicast source address does not exist in the source address list obtained from MLDv2 reports. This field always displays Exclude for MLDv1 multicast groups. |
Duration |
Lifetime of the multicast optimization entry for the multicast group or multicast source. |
Source |
Multicast source address. |
display wlan multicast-optimization entry
Use display wlan multicast-optimization entry to display IPv4 multicast optimization entry information.
Syntax
display wlan multicast-optimization entry [ client mac-address [ group group-ip [ source source-ip ] ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
client mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries.
group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries for the specified client.
source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries for the specified multicast group to which the specified client belongs.
Examples
# Display information about all IPv4 multicast optimization entries.
<Sysname> display wlan multicast-optimization entry
Total 2 clients reported
Client: 0000-0000-0001
Reported from AP 1 on radio 1
Total number of groups: 1
Group: 226.0.0.1
Version: IGMPv3
Mode: Include
Duration: 00h 03m 03s
Sources: 3
Source: 27.0.0.1
Duration: 00h 03m 32s
Source: 27.0.0.2
Duration: 00h 03m 15s
Source: 27.0.0.3
Duration: 00h 03m 03s
Client: 0000-0000-0002
Reported from AP 1 on radio 1
Total number of groups: 2
Group: 226.0.0.1
Version: IGMPv3
Mode: Include
Duration: 00h 02m 15s
Sources: 3
Source: 27.0.0.1
Duration: 00h 02m 32s
Source: 27.0.0.2
Duration: 00h 02m 15s
Source: 27.0.0.3
Duration: 00h 02m 23s
Group: 226.0.0.2
Version: IGMPv3
Mode: Include
Duration: 00h 01m 11s
Sources: 2
Source: 27.0.0.1
Duration: 00h 01m 12s
Source: 27.0.0.2
Duration: 00h 01m 11s
Table 53 Command output
Field |
Description |
Total 2 clients reported |
Number of clients in the multicast optimization entry table. |
Client |
MAC address of the client. |
Group |
Multicast group address. |
Version |
Version of the multicast group: · IGMPv1v2—IGMPv1 or IGMPv2. · IGMPv3. |
Mode |
WLAN multicast optimization mode of the multicast group: · Include—Multicast packets destined to the multicast group are converted to unicast packets if the multicast source address exists in the source address list obtained from IGMPv3 reports. · Exclude—Multicast packets destined to the multicast group are not converted to unicast packets if the multicast source address does not exist in the source address list obtained from IGMPv3 reports. This field always displays Exclude for IGMPv1 or IGMPv2 multicast groups. |
Duration |
Lifetime of the multicast optimization entry for the multicast group or multicast source. |
Source |
Multicast source address. |
ipv6 multicast-optimization enable
Use ipv6 multicast-optimization enable to enable IPv6 WLAN multicast optimization.
Use undo ipv6 multicast-optimization enable to disable IPv6 WLAN multicast optimization.
Syntax
ipv6 multicast-optimization enable
undo ipv6 multicast-optimization enable
Default
IPv6 WLAN multicast optimization is disabled.
Views
Service template view
Predefined user roles
network-admin
Examples
# Enable IPv6 WLAN multicast optimization for service template 1.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] ipv6 multicast-optimization enable
multicast-optimization enable
Use multicast-optimization enable to enable IPv4 WLAN multicast optimization.
Use undo multicast-optimization enable to disable IPv4 WLAN multicast optimization.
Syntax
multicast-optimization enable
undo multicast-optimization enable
Default
IPv4 WLAN multicast optimization is disabled.
Views
Service template view
Predefined user roles
network-admin
Examples
# Enable IPv4 WLAN multicast optimization for service template 1.
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] multicast-optimization enable
reset wlan ipv6 multicast-optimization entry
Use reset wlan ipv6 multicast-optimization entry to clear IPv6 multicast optimization entries.
Syntax
reset wlan ipv6 multicast-optimization entry { all | client mac-address [ group group-ip [ source source-ip ] ] }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all IPv6 multicast optimization entries.
client mac-address: Specifies a client by its MAC address.
group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified client.
source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified multicast group to which the specified client belongs.
Examples
# Clear all IPv6 multicast optimization entries for the client with MAC address 1011-2222-3334.
<Sysname> reset wlan ipv6 multicast-optimization entry client 1011-2222-3334
Related commands
display wlan ipv6 multicast-optimization entry
reset wlan ipv6 multicast-optimization entry group
Use reset wlan ipv6 multicast-optimization entry group to clear IPv6 multicast optimization entries for the specified multicast group.
Syntax
reset wlan ipv6 multicast-optimization entry group group-ip [ source source-ip ]
Views
User view
Predefined user roles
network-admin
Parameters
group-ip: Specifies a multicast group by its IP address.
source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified multicast group.
Examples
# Clear IPv6 multicast optimization entries for the multicast group with IPv6 address FF28::1.
<Sysname> reset wlan ipv6 multicast-optimization entry group FF28::1
reset wlan multicast-optimization entry
Use reset wlan multicast-optimization entry to clear IPv4 multicast optimization entries.
Syntax
reset wlan multicast-optimization entry { all | client mac-address [ group group-ip [ source source-ip ] ] }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all IPv4 multicast optimization entries.
client mac-address: Specifies a client by its MAC address.
group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified client.
source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified multicast group to which the specified client belongs.
Examples
# Clear all IPv4 multicast optimization entries for the client with MAC address 1011-2222-3334.
<Sysname> reset wlan multicast-optimization entry client 1011-2222-3334
Related commands
display wlan multicast-optimization entry
reset wlan multicast-optimization entry group
Use reset wlan multicast-optimization entry group to clear IPv4 multicast optimization entries for the specified multicast group.
Syntax
reset wlan multicast-optimization entry group group-ip [ source source-ip ]
Views
User view
Predefined user roles
network-admin
Parameters
group-ip: Specifies a multicast group by its address.
source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified multicast group.
Examples
# Clear IPv4 multicast optimization entries for the multicast group with address 235.1.1.1.
<Sysname> reset wlan multicast-optimization entry group 235.1.1.1
wlan ipv6 multicast-optimization aging-time
Use wlan ipv6 multicast-optimization aging-time to set the aging time for IPv6 multicast optimization entries.
Use undo wlan ipv6 multicast-optimization aging-time to restore the default.
Syntax
wlan ipv6 multicast-optimization aging-time aging-value
undo wlan ipv6 multicast-optimization aging-time
Default
The aging time is 260 seconds for IPv6 multicast optimization entries.
Views
System view
Predefined user roles
network-admin
Parameters
aging-value: Specifies the aging time for IPv6 multicast optimization entries, in the range of 60 to 3600 seconds.
Examples
# Set the aging time to 600 seconds for IPv6 multicast optimization entries.
<Sysname> system-view
[Sysname] wlan ipv6 multicast-optimization aging-time 600
wlan ipv6 multicast-optimization client entry-limit
Use wlan ipv6 multicast-optimization client entry-limit to set the limit for IPv6 multicast optimization entries per client.
Use undo wlan ipv6 multicast-optimization client entry-limit to restore the default.
Syntax
wlan ipv6 multicast-optimization client entry-limit [ limit-value ]
undo wlan ipv6 multicast-optimization client entry-limit
Default
No limit is set for IPv6 multicast optimization entries per client.
Views
System view
Predefined user roles
network-admin
Parameters
limit-value: Specifies the limit for IPv6 multicast optimization entries per client, in the range of 8 to 1024. The default value is 256.
Usage guidelines
Configure this command to limit the number of multicast optimization entries that an AP maintains for each client to prevent a client from occupying excessive system resources.
Examples
# Set the limit to 64 for IPv6 multicast optimization entries per client.
<Sysname> system-view
[Sysname] wlan ipv6 multicast-optimization client entry-limit 64
wlan ipv6 multicast-optimization entry client-limit
Use wlan ipv6 multicast-optimization entry client-limit to configure an IPv6 multicast optimization policy.
Use undo wlan ipv6 multicast-optimization entry client-limit to restore the default.
Syntax
wlan ipv6 multicast-optimization entry client-limit [ limit-value ] [ drop | multicast | unicast ]
undo wlan ipv6 multicast-optimization entry client-limit
Default
No IPv6 multicast optimization policies exist and an AP performs WLAN multicast optimization for all clients.
Views
System view
Predefined user roles
network-admin
Parameters
limit-value: Specifies the threshold for the number of clients that WLAN multicast optimization supports, in the range of 1 to 256. The default value is 8.
drop: Configures an AP to drop a multicast packet when the number of clients to receive the packet exceeds the threshold.
multicast: Configures an AP to forward a multicast packet to all clients when the number of clients to receive the packet exceeds the threshold.
unicast: Configures an AP to process a multicast packet as follows when the number of clients to receive the packet exceeds the threshold:
· Convert the multicast packet to unicast packets.
· Send the unicast packets to only n (n equal to the specified threshold) clients that are randomly selected.
Usage guidelines
Use this command to configure the maximum number of clients that WLAN multicast optimization supports and define the action an AP takes when the limit is reached.
If you do not specify an action, an AP performs unicast forwarding.
Examples
# Set the threshold for the number of clients that WLAN multicast optimization supports to 32, and specify the unicast forwarding mode.
<Sysname> system-view
[Sysname] wlan ipv6 multicast-optimization entry client-limit 32 unicast
wlan ipv6 multicast-optimization global entry-limit
Use wlan ipv6 multicast-optimization global entry-limit to set the limit for IPv6 multicast optimization entries.
Use undo wlan ipv6 multicast-optimization global entry-limit to restore the default.
Syntax
wlan ipv6 multicast-optimization global entry-limit [ limit-value ]
undo wlan ipv6 multicast-optimization global entry-limit
Default
No limit is set for IPv6 multicast optimization entries.
Views
System view
Predefined user roles
network-admin
Parameters
limit-value: Specifies the limit for IPv6 multicast optimization entries, in the range of 8 to 8192. The default value is 1024.
Usage guidelines
When the number of multicast optimization entries reaches the limit, the AP stops creating new entries until the number falls below the limit. This action saves system resources.
Examples
# Set the limit for IPv6 multicast optimization entries to 512.
<Sysname> system-view
[Sysname] wlan ipv6 multicast-optimization global entry-limit 512
wlan ipv6 multicast-optimization packet-rate-limit
Use wlan ipv6 multicast-optimization packet-rate-limit to set the maximum number of MLD packets that can be received from clients within the specified period.
Use undo wlan ipv6 multicast-optimization packet-rate-limit to restore the default.
Syntax
wlan ipv6 multicast-optimization packet-rate-limit [ interval interval-value | threshold threshold-value ] *
undo wlan ipv6 multicast-optimization packet-rate-limit
Default
No limit is set for the number of MLD packets that can be received from clients.
Views
System view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the interval for calculating the incoming MLD packet rate. The value range is 60 to 3600 seconds. The default setting is 60 seconds.
threshold threshold-value: Specifies the threshold on the number of incoming MLD packets over the specified interval. The value range is 1 to 100000. The default threshold is 100.
Usage guidelines
If the number of MLD packets received from clients reaches the threshold within the specified interval, the AP stops receiving MLD packets from clients until the next period.
Examples
# Configure an AP to receive a maximum of 240 MLD packets every 120 seconds.
<Sysname> system-view
[Sysname] wlan ipv6 multicast-optimization packet-rate-limit interval 120 threshold 240
wlan multicast-optimization aging-time
Use wlan multicast-optimization aging-time to set the aging time for IPv4 multicast optimization entries.
Use undo wlan multicast-optimization aging-time to restore the default.
Syntax
wlan multicast-optimization aging-time aging-value
undo wlan multicast-optimization aging-time
Default
The aging time is 260 seconds for IPv4 multicast optimization entries.
Views
System view
Predefined user roles
network-admin
Parameters
aging-value: Specifies the aging time for IPv4 multicast optimization entries, in the range of 60 to 3600 seconds.
Examples
# Set the aging time to 600 seconds for IPv4 multicast optimization entries.
<Sysname> system-view
[Sysname] wlan multicast-optimization aging-time 600
wlan multicast-optimization client entry-limit
Use wlan multicast-optimization client entry-limit to set the limit for IPv4 multicast optimization entries per client.
Use undo wlan multicast-optimization client entry-limit to restore the default.
Syntax
wlan multicast-optimization client entry-limit [ limit-value ]
undo wlan multicast-optimization client entry-limit
Default
No limit is set for IPv4 multicast optimization entries per client.
Views
System view
Predefined user roles
network-admin
Parameters
limit-value: Specifies the limit for IPv4 multicast optimization entries per client, in the range of 8 to 1024. The default value is 256.
Usage guidelines
Configure this command to limit the number of multicast optimization entries that an AP maintains for each client to prevent a client from occupying excessive system resources.
Examples
# Set the limit to 64 for IPv4 multicast optimization entries per client.
<Sysname> system-view
[Sysname] wlan multicast-optimization client entry-limit 64
wlan multicast-optimization entry client-limit
Use wlan multicast-optimization entry client-limit to configure an IPv4 multicast optimization policy.
Use undo wlan multicast-optimization entry client-limit to restore the default.
Syntax
wlan multicast-optimization entry client-limit [ limit-value ] [ drop | multicast | unicast ]
undo wlan multicast-optimization entry client-limit
Default
No IPv4 multicast optimization policies exist and an AP performs WLAN multicast optimization for all clients.
Views
System view
Predefined user roles
network-admin
Parameters
limit-value: Specifies the threshold for the number of clients that WLAN multicast optimization supports, in the range of 1 to 256. The default value is 8.
drop: Configures an AP to drop a multicast packet when the number of clients to receive the packet exceeds the threshold.
multicast: Configures an AP to forward a multicast packet to all clients when the number of clients to receive the packet exceeds the threshold.
unicast: Configures an AP to process a multicast packet as follows when the number of clients to receive the packet exceeds the threshold:
· Convert the multicast packet to unicast packets.
· Send the unicast packets to only n (n equal to the specified threshold) clients that are randomly selected.
Usage guidelines
Use this command to configure the maximum number of clients that WLAN multicast optimization supports and define the action an AP takes when the limit is reached. If you do not specify an action, the AP performs unicast forwarding.
Examples
# Set the threshold for the number of clients that WLAN multicast optimization supports to 32, and specify the unicast forwarding mode.
<Sysname> system-view
[Sysname] wlan multicast-optimization entry client-limit 32 unicast
wlan multicast-optimization global entry-limit
Use wlan multicast-optimization global entry-limit to set the limit for IPv4 multicast optimization entries.
Use undo wlan multicast-optimization global entry-limit to restore the default.
Syntax
wlan multicast-optimization global entry-limit [ limit-value ]
undo wlan multicast-optimization global entry-limit
Default
No limit is set for IPv4 multicast optimization entries.
Views
System view
Predefined user roles
network-admin
Parameters
limit-value: Specifies the limit for IPv4 multicast optimization entries, in the range of 8 to 8192. The default value is 1024.
Usage guidelines
When the number of multicast optimization entries reaches the limit, the AP stops creating new entries until the number falls below the limit. This action saves system resources.
Examples
# Set the limit for IPv4 multicast optimization entries to 512.
<Sysname> system-view
[Sysname] wlan multicast-optimization global entry-limit 512
wlan multicast-optimization packet-rate-limit
Use wlan multicast-optimization packet-rate-limit to set the maximum number of IGMP packets that can be received from clients within the specified period.
Use undo wlan multicast-optimization packet-rate-limit to restore the default.
Syntax
wlan multicast-optimization packet-rate-limit [ interval interval-value | threshold threshold-value ] *
undo wlan multicast-optimization packet-rate-limit
Default
No limit is set for the number of IGMP packets that can be received from clients within the specified period.
Views
System view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the interval for calculating the incoming IGMP packet rate. The value range is 60 to 3600 seconds. The default setting is 60 seconds.
threshold threshold-value: Specifies the threshold on the number of incoming IGMP packets over the specified interval. The value range is 1 to 100000. The default threshold is 100.
Usage guidelines
If the number of IGMP packets received from clients reaches the threshold within the specified interval, the AP stops receiving IGMP packets from clients until the next period.
Examples
# Configure an AP to receive a maximum of 240 IGMP packets from clients every 120 seconds.
<Sysname> system-view
[Sysname] wlan multicast-optimization packet-rate-limit interval 120 threshold 240
Cloud connection commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
cloud-management keepalive
Use cloud-management keepalive to set the keepalive interval for the local device to send keepalive packets to the H3C Oasis server.
Use undo cloud-management keepalive to restore the default.
Syntax
cloud-management keepalive interval
undo cloud-management keepalive
Default
The keepalive interval is 180 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the keepalive interval in the range of 10 to 600 seconds.
Usage guidelines
If the device does not receive a response from the H3C Oasis server within three keepalive intervals, the device sends a registration request to re-establish the cloud connection.
Examples
# Set the keepalive interval to 360 seconds.
<Sysname> system-view
[Sysname] cloud-management keepalive 360
cloud-management server domain
Use cloud-management server domain to configure the domain name of the H3C Oasis server.
Use undo cloud-management server domain to restore the default.
Syntax
cloud-management server domain domain-name
undo cloud-management server domain
Default
The domain name of the H3C Oasis server is not configured.
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the domain name of the H3C Oasis server, a case-sensitive string of 1 to 253 characters.
Usage guidelines
Before you configure the domain name of the H3C Oasis server, make sure a DNS server is configured to translate the domain name.
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Configure the domain name of the H3C Oasis server as lvzhouv3.h3c.com.
<Sysname> system-view
[Sysname] cloud-management server domain lvzhouv3.h3c.com
cloud-management ping
Use cloud-management ping to set the interval at which the local device sends ping packets to the H3C Oasis server.
Use undo cloud-management ping to restore the default.
Syntax
cloud-management ping interval
undo cloud-management ping
Default
The local device sends ping packets to the H3C Oasis server at intervals of 60 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval at which the local device sends ping packets to the H3C Oasis server, in the range of 10 to 600 seconds.
Usage guidelines
After the connection to the H3C Oasis server is established, the local device sends ping packets to the server periodically to prevent NAT entry aging. Reduce the interval value if the network condition is poor or the NAT entry aging time is short.
The H3C Oasis server does not respond to ping packets.
Examples
# Configure the local device to send ping packets to the H3C Oasis server at intervals of 120 seconds.
<Sysname> system-view
[Sysname] cloud-management ping 120
display cloud-management state
Use display cloud-management state to display cloud connection state information.
Syntax
display cloud-management state
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display cloud connection state information.
<Sysname> display cloud-management state
Cloud connection state : Established
Device state : Request_success
Cloud server address : 10.1.1.1
Cloud server domain name : lvzhouv3.h3c.com
Local port : 443
Connected at : Wed Jan 27 14:18:40 2016
Duration : 00d 00h 02m 01s
Process state : DNS not parsed
Failure reason : DNS parse failed
Table 54 Command output
Field |
Description |
Cloud connection state |
Cloud connection state: Unconnected, Request, and Established. |
Device state |
Local device state: · Idle—In idle state. · Connecting—Connecting to the H3C Oasis server. · Request_CAS_url—Sent a central authentication service (CAS) URL request. · Request_CAS_url_success—Requesting CAS URL succeeded. · Request_CAS_TGT—Sent a ticket granting ticket (TGT) request. · Request_CAS_TGT_success—Requesting TGT succeeded. · Request_CAS_ST—Sent a service ticket (ST) request. · Request_CAS_ST_success—Requesting ST succeeded. · Request_cloud_auth—Sent an authentication request. · Request_cloud_auth_success—Authentication succeeded. · Register—Sent a registration request. · Register_success—Registration succeeded. · Request—Sent a handshake request. · Request_success—Handshake succeeded. |
Cloud server address |
IP address of the H3C Oasis server. |
Cloud server domain name |
Domain name of the H3C Oasis server. |
Local port |
TCP port number used to establish cloud connections. |
Connected at |
Time when the cloud connection was established. |
Duration |
Duration since the establishment of the cloud connection. |
Process state |
Cloud connection processing state: · DNS not parsed. · DNS parsed. · Message not sent. · Message sent. · Message not received. · Message received. |
Failure reason |
Cloud connection failure reason: · DNS parse failed. · Socket connection failed. · SSL creation failed. · Sending CAS url request failed. · Sending CAS TGT failed. · Sending CAS ST failed. · Sending cloud auth failed. · Sending register failed. · Processing CAS url response failed. · Processing CAS TGT response failed. · Processing CAS ST response failed. · Processing cloud auth response failed. · Processing register response failed. · Sending handshake request failed. · Processing handshake failed. · Sending websocket request failed. · Processing websocket packet failed. |
WLAN RRM commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
adjacency-factor
Use adjacency-factor to set the adjacency factor.
Use undo adjacency-factor to restore the default.
Syntax
adjacency-factor neighbor
undo adjacency-factor
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the adjacency factor is 3.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
neighbor: Specifies the adjacency factor in the range of 1 to 16.
Usage guidelines
The adjacency factor defines the quantity of manageable detected radios that trigger TPC and the ranking of the RSSI used for comparison with the power adjustment threshold. An AC can manage only radios associated with it.
For example, if the adjacency factor is 3, the AC performs TPC for a radio when the radio detects 3 other manageable radios. After ranking the radio's RSSIs detected by other manageable radios in descending order, the AC selects the third largest RSSI to compare with the power adjustment threshold.
Examples
# Set the adjacency factor to 7 for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] adjacency-factor 7
# Set the adjacency factor to 7 for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] adjacency-factor 7
adjacency-factor radio-selection
Use adjacency-factor radio-selection to specify the type of radios to participate in TPC calculation.
Use undo adjacency-factor radio-selection to restore the default.
Syntax
adjacency-factor radio-selection { all-channel | overlapping-channel }
undo adjacency-factor radio-selection
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, all-channel radios participate in TPC calculation.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
all-channel: Specifies radios detected on all channels.
overlapping-channel: Specifies radios detected on overlapping channels.
Usage guidelines
Radios that can participate in the TPC calculation for a radio include the following types:
· All-channel radios—Include all radios that detect the radio and are managed by the same AC as the radio. TPC based on all-channel radios can better control the signal coverage.
· Overlapping-channel radios—Include radios that detect the radio on a channel overlapping with the radio's transmit channel and are managed by the same AC as the radio. TPC based on overlapping-channel radios can expand signal coverage without increasing interference.
Examples
# Specify the type of radios to participate in TPC calculation as overlapping-channel for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] adjacency-factor radio-selection overlapping-channel
# Specify the type of radios to participate in TPC calculation as overlapping-channel for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] adjacency-factor radio-selection overlapping-channel
ap name
Use ap name to add a radio to an RRM holddown group.
Use undo ap name to remove one or all radios from an RRM holddown group.
Syntax
ap name ap-name radio radio-id
undo ap { name ap-name [ radio radio-id ] | all }
Default
No radios exist in an RRM holddown group.
Views
RRM holddown group view
Predefined user roles
network-admin
Parameters
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can contain letters, numbers, underlines (_), left brackets ([), right brackets (]), slashes (/), and hyphens (-). The specified AP must already exist.
radio-id: Specifies a radio by its ID. The value range for this argument varies by device model.
all: Specifies all radios.
Usage guidelines
A radio can belong to only one RRM holddown group. Adding a radio to a new RRM holddown group removes the radio from the old RRM holddown group.
Examples
# Add radio 2 of AP ap1 to RRM holddown group 10.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10] ap name ap1 radio 2
calibrate-channel mode
Use calibrate-channel mode to set the auto-DFS mode.
Use undo calibrate-channel mode to restore the default.
Syntax
calibrate-channel mode { periodic | scheduled }
undo calibrate-channel mode
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the auto-DFS mode is periodic.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
periodic: Specifies periodic auto-DFS.
scheduled: Specifies scheduled auto-DFS.
Usage guidelines
In periodic auto-DFS mode, the AC automatically performs DFS for a radio at the channel calibration interval.
In scheduled auto-DFS mode, the AC performs DFS at the specified time in a time range. Use this mode when interference is severe to avoid affecting ongoing wireless services.
Examples
# Set the auto-DFS mode to scheduled for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel mode scheduled
# Set the auto-DFS mode to scheduled for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel self-decisive enable
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel mode scheduled
Related commands
calibrate-channel monitoring time-range
calibrate-channel pronto
wlan rrm calibration-channel interval
calibrate-channel monitoring time-range
Use calibrate-channel monitoring time-range to specify a time range for channel monitoring.
Use undo calibrate-channel monitoring time-range to delete the specified time range for channel monitoring.
Syntax
calibrate-channel monitoring time-range time-range-name
undo calibrate-channel monitoring time-range
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, no time range is specified for channel monitoring.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
time-range-name: Specifies the name of a time range, a case-insensitive string of 1 to 32 characters. The string must start with a letter and cannot be all.
Usage guidelines
In scheduled auto-DFS, the AC collects statistics in the specified time range to generate channel reports and neighbor reports.
Examples
# Specify a time range for channel monitoring for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel monitoring time-range time1
# Specify a time range for channel monitoring for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel monitoring time-range time1
Related commands
time-range
calibrate-channel pronto
Use calibrate-channel pronto to execute scheduled auto-DFS.
Syntax
calibrate-channel pronto
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Examples
# Create a job and assign commands to the job for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] scheduler job calibration1
[Sysname-job-calibration1] command 1 system-view
[Sysname-job-calibration1] command 2 wlan ap ap1
[Sysname-job-calibration1] command 3 radio 1
[Sysname-job-calibration1] command 4 rrm
[Sysname-job-calibration1] command 5 calibrate-channel pronto
# Create a job and assign commands to the job for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] scheduler job calibration2
[Sysname-job-calibration2] command 1 system-view
[Sysname-job-calibration2] command 2 wlan ap-group g1
[Sysname-job-calibration2] command 3 ap-model WA2620-WiNet
[Sysname-job-calibration2] command 4 radio 1
[Sysname-job-calibration2] command 5 rrm
[Sysname-job-calibration2] command 6 calibrate-channel pronto
calibrate-channel self-decisive
Use calibrate-channel self-decisive enable to enable auto-DFS.
Use calibrate-channel self-decisive disable to disable auto-DFS.
Use undo calibrate-channel self-decisive to restore the default.
Syntax
calibrate-channel self-decisive { disable | enable }
undo calibrate-channel self-decisive
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, auto-DFS is disabled.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Examples
# Enable auto-DFS for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable
# Enable auto-DFS for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel self-decisive enable
Related commands
calibrate-channel mode
calibrate-power min
Use calibrate-power min to set the minimum transmit power for a radio after TPC is performed.
Use undo calibrate-power min to restore the default.
Syntax
calibrate-power min tx-power
undo calibrate-power min
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the minimum transmit power of a radio is 1 dBm after TPC is performed.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
tx-power: Specifies the minimum transmit power for a radio, in the range of 1 to 20 dBm.
Usage guidelines
This command ensures that the transmit power of a radio can still meet network requirements after TPC is performed.
Examples
# Set the minimum transmit power to 10 dBm for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power min 10
# Set the minimum transmit power to 10 dBm for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-power min 10
calibrate-power mode
Use calibrate-power mode to set the TPC mode.
Use undo calibrate-power mode to restore the default.
Syntax
calibrate-power mode { coverage | custom | density }
undo calibrate-power mode
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the TPC mode is custom.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
coverage: Specifies the coverage mode.
custom: Specifies the custom mode.
density: Specifies the density mode.
Usage guidelines
To avoid interference among APs, use the density mode. To increase signal coverage performance, use the coverage mode. If these two modes cannot meet your network requirements, use the custom mode to customize power adjustment settings.
In either density or coverage mode, power adjustment settings are defined by the system and cannot be changed.
Examples
# Set the TPC mode to coverage for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power mode coverage
# Set the TPC mode to density for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-power mode density
calibrate-power self-decisive
Use calibrate-power self-decisive enable to enable periodic auto-TPC for the AC to perform TPC at the power calibration interval.
Use calibrate-power self-decisive disable to disable periodic auto-TPC.
Use undo calibrate-power self-decisive to restore the default.
Syntax
calibrate-power self-decisive { disable | enable }
undo calibrate-power self-decisive
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, periodic auto-TPC is disabled.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Examples
# Enable periodic auto-TPC for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power self-decisive enable
# Enable periodic auto-TPC for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-power self-decisive enable
Related commands
wlan rrm calibration-power interval
calibrate-channel self-decisive sensitivity
Use calibrate-channel self-decisive sensitivity to set the DFS sensitivity mode.
Use calibrate-channel self-decisive sensitivity to restore the default.
Syntax
calibrate-channel self-decisive sensitivity { custom | high | low | medium }
undo calibrate-channel self-decisive sensitivity
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the DFS sensitivity mode is custom.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
custom: Specifies the custom sensitivity mode.
high: Specifies the high sensitivity mode.
low: Specifies the low sensitivity mode.
medium: Specifies the medium sensitivity mode.
Usage guidelines
DFS configured with a higher sensitivity can be triggered more easily.
DFS trigger parameters will be restored to the default if you change the sensitivity mode. The default settings vary by sensitivity mode. Record the configured DFS trigger parameters if necessary before you change the sensitivity mode from custom to low, medium, or high.
You can configure DFS trigger parameters only when the sensitivity mode is custom.
Examples
# Set the DFS sensitivity mode to low for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive sensitivity low
# Set the DFS sensitivity mode to high for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel self-decisive sensitivity high
Related commands
crc-error-threshold
interference-threshold
tolerance-level
calibrate-channel suppression
Use calibrate-channel suppression enable to enable DFS suppression.
Use calibrate-channel suppression disable to disable DFS suppression.
Use undo calibrate-channel suppression to restore the default.
Syntax
calibrate-channel suppression { disable | enable [ client-number number ] }
undo calibrate-channel suppression
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, DFS suppression is disabled.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
client-number number: Specifies the online client threshold in the range of 1 to 124. The value is 124 by default.
Usage guidelines
This feature takes effect only when periodic auto-DFS is configured.
For wireless service stability, you can configure DFS suppression to suppress periodic auto-DFS when the online client quantity reaches the specified threshold.
Examples
# Enable DFS suppression for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel mode periodic
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel suppression enable
# Disable DFS suppression for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel self-decisive enable
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel mode periodic
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel suppression disable
calibrate-power threshold
Use calibrate-power threshold to set the power adjustment threshold.
Use undo calibrate-power threshold to restore the default.
Syntax
calibrate-power threshold value
undo calibrate-power threshold
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the power adjustment threshold is 65.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
value: Specifies the power adjustment threshold in the range of 50 to 90. The value range indicates that the power of the radio is in the range of –90 dBm to –50 dBm.
Usage guidelines
As a best practice to avoid interference among radios, set the power adjustment threshold to –80 dBm for high-density WLANs.
Examples
# Set the power adjustment threshold to 70 for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power threshold 70
# Set the power adjustment threshold to 70 for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-power threshold 70
channel holddown-time
Use channel holddown-time to set the channel holddown time.
Use undo channel holddown-time to restore the default.
Syntax
channel holddown-time minutes
undo channel holddown-time
Default
The channel holddown time is 720 minutes.
Views
RRM holddown group view
Predefined user roles
network-admin
Parameters
minutes: Specifies the channel holddown time in the range of 10 to 1440 minutes.
Usage guidelines
Each time the channel of a radio in the RRM holddown group changes, the system starts the channel holddown timer for the radio. The channel for every radio in the RRM holddown group remains unchanged during the specified channel holddown time.
Examples
# Set the channel holddown time to 600 minutes for RRM holddown group 10.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10] channel holddown-time 600
channel-capability mode
Use channel-capability mode to set the client channel capability match mode.
Use undo channel-capability mode to restore the default.
Syntax
channel-capability mode { all | none | partial }
undo channel-capability mode
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, client channel capabilities are not checked.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
all: Specifies the all mode. A client is allowed to associate with a radio only when all its supported channels match the radio's supported channels.
none: Specifies the none mode. Client channel capabilities are not checked.
partial: Specifies the partial mode. A client is allowed to associate with a radio as long as one of its supported channels matches any one of the radio's supported channels.
Usage guidelines
The following matrices show the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-LM/810-10-PoE/810-LM-HK |
Yes |
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
This command is available only for 5 GHz radios.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the client channel capability match mode to all for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
[Sysname-wlan-ap-ap1-radio-1] channel-capability mode all
# Set the client channel capability match mode to all for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel-capability mode all
Related commands
spectrum-management
channel-switch mode
Use channel-switch mode to set the channel switch mode.
Use undo channel-switch mode to restore the default.
Syntax
channel-switch mode { continuous | suspend }
undo channel-switch mode
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, all online clients stop sending frames during channel switch.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
continuous: Configures the online clients to continue sending frames during channel switch.
suspend: Configures the online clients to stop sending frames during channel switch until channel switch is complete.
Usage guidelines
The following matrices show the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-LM/810-10-PoE/810-LM-HK |
Yes |
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
This command takes effect on a radio only when the radio operates in 5 GHz mode and is enabled with spectrum management.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the channel switch mode to continuous for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
[Sysname-wlan-ap-ap1-radio-1] channel-switch mode continuous
# Set the channel switch mode to continuous for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel-switch mode continuous
Related commands
spectrum-management
crc-error-threshold
Use crc-error-threshold to set the CRC error threshold.
Use undo crc-error-threshold to restore the default.
Syntax
crc-error-threshold percent
undo crc-error-threshold
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the CRC error threshold is 20%.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
percent: Specifies the CRC error threshold in the range of 1% to 100%.
Usage guidelines
When the AC detects that the proportion of CRC-error packets in all 802.11 packets reaches the CRC error threshold on a radio, it performs DFS for the radio.
Examples
# Set the CRC error threshold to 50% for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] crc-error-threshold 50
# Set the CRC error threshold to 50% for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] crc-error-threshold 50
description
Use description to set a description for an RRM holddown group.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is set for an RRM holddown group.
Views
RRM holddown group view
Predefined user roles
network-admin
Parameters
text: Specifies the RRM holddown group description, a case-sensitive string of 1 to 64 characters.
Examples
# Set the description for RRM holddown group 10 to office.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10] description office
display wlan rrm baseline
Use display wlan rrm baseline to display radio baseline information.
Syntax
display wlan rrm baseline { all | name baseline-name } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all radio baselines.
name baseline-name: Specifies a radio baseline by its name, a case-insensitive string of 1 to 32 characters.
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief radio baseline information.
Usage guidelines
You cannot display information about a radio baseline if you do not have the right to manage radios with the location identifier in the radio baseline.
Examples
# Display brief radio baseline information.
<Sysname> display wlan rrm baseline all
Baseline name : apbaseline
Radio range : AP
Created at : 2015-06-22 19:56:31
Baseline name : groupbaseline
Radio range : AP group
Created at : 2015-06-22 19:56:12
Baseline name : globalbaseline
Radio range : Global
Created at : 2015-06-22 19:55:12
Table 55 Command output
Field |
Description |
Radio range |
Range of radios saved in the baseline: · AP—Radios on an AP. · AP group—Radios on APs in an AP group. · Global—Radios on all APs associated with the AC. |
Created at |
Time and date when the baseline was created. |
# Display detailed radio baseline information.
<Sysname> display wlan rrm baseline all verbose
--------------------------------------------------------------------------------
Baseline name : apbaseline
Radio range : AP
Created at : 2015-06-22 19:56:31
--------------------------------------------------------------------------------
APName RadioID RadioType Bandwidth Channel Power RegionCode
--------------------------------------------------------------------------------
ap1 2 dot11gn 20 13 20 CN
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Baseline name : groupbaseline
Radio range : AP group
Created at : 2015-06-22 19:56:12
--------------------------------------------------------------------------------
APName RadioID RadioType Bandwidth Channel Power RegionCode
--------------------------------------------------------------------------------
ap1 1 dot11an 40 157 20 CN
ap2 1 dot11an 40 149 20 CN
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Baseline name : globalbaseline
Radio range : Global
Created at : 2015-06-22 19:55:12
--------------------------------------------------------------------------------
APName RadioID RadioType Bandwidth Channel Power RegionCode
--------------------------------------------------------------------------------
ap1 1 dot11an 40 149 20 CN
ap1 2 dot11gn 20 13 20 CN
ap2 1 dot11an 40 149 20 CN
ap2 2 dot11gn 20 1 20 CN
--------------------------------------------------------------------------------
Table 56 Command output
Field |
Description |
Radio range |
Range of radios saved in the baseline: · AP—Radios on an AP. · AP group—Radios on all APs in an AP group. · Global—Radios on all APs associated with the AC. |
Created at |
Time and date when the baseline was created. |
Power |
Transmit power of the radio in dBm. |
RegionCode |
Region code of the AP. |
display wlan rrm baseline apply-history
Use display wlan rrm baseline apply-history to display the history records of radio baseline application.
Syntax
display wlan rrm baseline apply-history [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
Usage guidelines
This command displays information about the most recent ten baseline applications.
Examples
# Display the brief history records of radio baseline application.
<Sysname> display wlan rrm baseline apply-history
Name : global1
Applied at : 2016-01-23 12:19:50
Applied to : global
# Display the detailed history records of radio baseline application.
<Sysname> display wlan rrm baseline apply-history verbose
Name : global1
Applied at : 2016-01-23 12:19:50
Applied to : global
Radios : 6
Success : 4
Failure : 2
Failure reason
Radio doesn't exist : 0
Radio is down : 0
Mismatching radio type : 0
Mismatching region code : 1
Ineffective service template : 0
Illegal channel : 0
Mismatching bandwidth : 1
Channel locked : 0
Channel fixed : 0
Within channel holddown time : 0
Mismatching channel gap policy: 0
Power locked : 0
Within power holddown time : 0
Power lower than min. power : 0
Power greater than max. power : 0
Table 57 Command output
Field |
Description |
Name |
Radio baseline name. |
Applied at |
Time at which the radio baseline was applied. |
Applied to |
Radio baseline application range: · ap—Applied to an AP. · apgroup—Applied to an AP group. · global—Applied to all APs. |
Radio count |
Number of radios in the radio baseline. |
Success |
Number of successful applications. |
Failure |
Number of failed applications. |
Mismatching radio type |
The radio mode saved in the baseline does not match the actual radio mode. |
Mismatching region code |
The region code saved in the baseline does not match the actual region code of the AP. |
Ineffective service template |
No service template is bound to a radio in the baseline or the bound service template is disabled. |
Mismatching channel gap policy |
The channel in the baseline does not match the specified channel gap. |
Power lower than min. power |
The transmit power in the baseline is lower than the specified minimum transmit power for the radio. |
Power greater than max. power |
The transmit power in the baseline is higher than the specified maximum transmit power for the radio. |
Related commands
wlan rrm baseline apply
display wlan rrm-calibration-group
Use display wlan rrm-calibration-group to display RRM holddown group information.
Syntax
display wlan rrm-calibration-group { all | group-id }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all RRM holddown groups.
group-id: Specifies an RRM holddown group by its ID, in the range of 1 to 128.
Examples
# Display information about RRM holddown group 10.
<Sysname> display wlan rrm-calibration-group 10
RRM Calibration Group Information
--------------------------------------------------------------------------------
Group ID : 10
Description : office
Channel holddown time : 720 minutes
Power holddown time : 60 minutes
Location name : default-location
Group members : ap4-radio2, ap3-radio2
--------------------------------------------------------------------------------
Table 58 Command output
Field |
Description |
Group ID |
ID of the RRM holddown group. |
Description |
Description for the RRM holddown group. |
Channel holddown time |
Channel holddown time. |
Power holddown time |
Power holddown time. |
Location name |
Name of the location identifier assigned to the RRM holddown group. |
Group members |
Radios in the RRM holddown group. |
display wlan rrm-history ap
Use display wlan rrm-history ap to display historical channel and power adjustment information.
Syntax
display wlan rrm-history ap { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), left brackets ([), right brackets (]), slashes (/), and minus signs (-).
Usage guidelines
You can use this command to display detailed information about the most recent three channel and power adjustments. The detailed information includes adjustment time, cause, power, and interference.
Examples
# Display historical channel and power adjustment information for radios of AP ap1.
<Sysname> display wlan rrm-history ap name ap1
AP RRM History
--------------------------------------------------------------------------
Flags : I - Interference, P - Packets discarded, F - Retransmission,
R - Radar, C - Coverage, O - Others
--------------------------------------------------------------------------
AP RRM History : ap1
--------------------------------------------------------------------------
Radio : 1 Basic BSSID : 000f-e2ff-7700
--------------------------------------------------------------------------
Ch Power Load Util Intf PER Retry Reason Date Time
(dBm) (%) (%) (%) (%) (%) (yyyy-mm-dd) (hh:mm:ss)
--------------------------------------------------------------------------
Before 6 20 24 2 21 11 18 -P---- 2014-07-07 17:31:50
After 1 20 9 0 8 0 27 - - -
--------------------------------------------------------------------------
Before 1 20 54 1 53 11 15 IP---- 2014-07-08 12:19:50
After 6 20 10 0 10 3 29 - - -
--------------------------------------------------------------------------
Before 6 20 29 1 28 21 20 -P---- 2014-07-08 12:59:50
After 1 20 30 0 29 2 24 - - -
--------------------------------------------------------------------------
Table 59 Command output
Field |
Description |
Radio |
Radio ID. |
Basic BSSID |
Basic service set identifier. |
Ch |
Working channel of the radio. |
Power |
Transmit power of the radio. |
Load |
Channel load in percentage. |
Util |
Channel usage in percentage. |
Intf |
Interference detected on the channel, in percentage. |
PER |
Bit error rate detected on the channel, in percentage. |
Retry |
Retransmission rate detected on the channel, in percentage. |
Reason |
Channel or power adjustment reason. |
Date |
Channel or power adjustment date. |
Time |
Channel or power adjustment time. |
display wlan rrm-status ap
Use display wlan rrm-status ap to display detailed RRM information.
Syntax
display wlan rrm-status ap { all | name ap-name }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), left brackets ([), right brackets (]), slashes (/), and minus signs (-).
Usage guidelines
If both channel adjustment and power adjustment are disabled, this command displays only the working channel and power level for radios on the AP.
Examples
# Display detailed information about channel and power adjustments for radios of AP ap1.
<Sysname> display wlan rrm-status ap name ap1
AP RRM Profile : ap1
--------------------------------------------------------------------------------
Radio : 1 Basic BSSID : 70f9-6d31-2fe0
Channel : 157 Tx Power (dBm) : 18
--------------------------------------------------------------------------------
Ch Nbrs Load Util Intf PER Retry Radar
(%) (%) (%) (%) (%)
--------------------------------------------------------------------------------
36 0 0 - 0 0 - -
40 0 0 - 0 0 - -
44 0 0 - 0 0 - -
48 0 0 - 0 0 - -
52 0 0 - 0 0 - -
56 0 0 - 0 0 - -
60 0 0 - 0 0 - -
64 0 0 - 0 0 - -
100 0 0 - 0 0 - -
104 0 0 - 0 0 - -
108 0 0 - 0 0 - -
112 0 0 - 0 0 - -
116 0 0 - 0 0 - -
132 0 0 - 0 0 - -
136 0 0 - 0 0 - -
140 0 0 - 0 0 - -
149 1 0 - 0 0 - -
153 4 0 - 0 0 - -
157 0 0 0 0 0 0 -
161 2 0 - 0 0 - -
165 0 0 - 0 0 - -
--------------------------------------------------------------------------------
Nbr-MACAddress Ch Intf SignalStrength Type
(%) (dBm)
--------------------------------------------------------------------------------
000f-e212-ff01 161 0 -60 Unmanaged
5866-ba74-e461 153 0 -72 Unmanaged
70f9-6d30-9020 153 0 -40 Managed
70f9-6d31-3080 149 0 -54 Managed
70f9-6d31-34e0 161 0 -59 Managed
7425-8a86-bbe0 153 0 -48 Unmanaged
7425-8a86-c720 153 0 -63 Unmanaged
--------------------------------------------------------------------------------
Radio : 2 Basic BSSID : 70f9-6d31-2ff0
Channel : 1 Tx Power (dBm) : 19
--------------------------------------------------------------------------------
Ch Nbrs Load Util Intf PER Retry Radar
(%) (%) (%) (%) (%)
--------------------------------------------------------------------------------
1 6 4 0 4 0 0 -
6 4 2 - 2 0 - -
11 6 2 - 2 0 - -
--------------------------------------------------------------------------------
Nbr-MACAddress Ch Intf SignalStrength Type
(%) (dBm)
--------------------------------------------------------------------------------
000f-e212-ff11 1 49 -77 Unmanaged
0023-89e1-ed00 11 0 -87 Unmanaged
006a-55f6-ae10 1 57 -88 Unmanaged
5866-ba64-aa31 1 10 -60 Unmanaged
5866-ba74-e471 6 0 -76 Unmanaged
5866-baa9-a610 11 0 -62 Unmanaged
70f9-6d30-9030 6 0 -63 Managed
70f9-6d31-3090 1 51 -86 Managed
70f9-6d31-34f0 6 0 -85 Managed
7425-8a86-bbf0 6 0 -73 Unmanaged
7425-8a86-c731 11 0 -93 Unmanaged
80f6-2ec0-3330 11 0 -76 Unmanaged
80f6-2ec0-3331 11 0 -73 Unmanaged
80f6-2edd-d2d0 1 40 -60 Unmanaged
80f6-2edd-d2d1 1 44 -68 Unmanaged
80f6-2ede-0b30 11 0 -74 Unmanaged
Table 60 Command output
Field |
Description |
Radio |
Radio ID. |
Basic BSSID |
Basic service set identifier. |
Channel |
Working channel of the radio. |
Tx Power |
Transmit power of the radio. |
Ch |
Channels supported by the radio. |
Nbrs |
Number of detected radios. |
Load |
Load detected on the channel, in percentage. Channel load refers to the ratio between the outbound packets and the inbound packets as well as the interferences. Interferences refer to the error packets that are received by the radio. |
Util |
Channel usage in percentage. Channel usage refers to the ratio between the outbound packets and the inbound packets. |
Intf |
Interference detected on the channel, in percentage. |
PER |
Bit error rate detected on the channel, in percentage. |
Retry |
Retransmission rate detected on the channel, in percentage. |
Radar |
Radar detection status: · –: No radar signals are detected on the channel. · Detected: Radar signals have been detected on the channel. |
Nbr-MACAddress |
MAC address of the detected radio. |
SignalStrength |
Signal strength of the radio, in dBm. |
Type |
Type of the radio: · Unmanaged—Radios that can be detected by the radio but are not managed by the same AC. · Managed—Radios that can be detected by the radio and are managed by the same AC. |
interference-threshold
Use interference-threshold to set the channel interference threshold.
Use undo interference-threshold to restore the default.
Syntax
interference-threshold percent
undo interference-threshold
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the channel interference threshold is 50%.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
percent: Specifies the channel interference threshold in the range of 1% to 100%.
Usage guidelines
When the AC detects that the proportion of interference packets in all data packets reaches the interference threshold on a radio, it performs DFS for the radio. Interference packets are packets sent to other radios.
Examples
# Set the channel interference threshold to 60% for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] interference-threshold 60
# Set the channel interference threshold to 60% for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] interference-threshold 60
power holddown-time
Use power holddown-time to set the power holddown time.
Use undo power holddown-time to restore the default.
Syntax
power holddown-time minutes
undo power holddown-time
Default
The power holddown time is 60 minutes.
Views
RRM holddown group view
Predefined user roles
network-admin
Parameters
minutes: Specifies the power holddown time in the range of 10 to 1440 minutes.
Usage guidelines
Each time the power of a radio in the RRM holddown group changes, the system starts the power holddown timer for the radio. The power for every radio in the RRM holddown group remains unchanged during the specified power holddown time.
Examples
# Set the power holddown time to 600 minutes for RRM holddown group 10.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10] power holddown-time 600
power-capability mode
Use power-capability mode to set the transmit power capability match mode.
Use undo power-capability mode to restore the default.
Syntax
power-capability mode { all | none | partial }
undo power-capability mode
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, client transmit power capabilities are not checked.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
all: Specifies the all mode. A client is allowed to associate with a radio only when all its transmit power capabilities match the radio's transmit power capabilities.
none: Specifies the none mode. Client transmit power capabilities are not checked.
partial: Specifies the partial mode. A client is allowed to associate with a radio as long as one of its transmit power capabilities matches the radio's transmit power capabilities.
Usage guidelines
The following matrices show the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-LM/810-10-PoE/810-LM-HK |
Yes |
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
This command takes effect only when you enable spectrum management or radio resource measurement. For more information about radio resource measurement, see WLAN Configuration Guide (AC).
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the client power capability match mode to all for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
[Sysname-wlan-ap-ap1-radio-1] power-capability mode all
# Set the client power capability match mode to all for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] power-capability mode all
Related commands
resource-measure
spectrum-management
power-constraint mode
Use power-constraint mode to set the power constraint mode.
Use undo power-constraint mode to restore the default.
Syntax
power-constraint mode { auto [ anpi-interval anpi-interval-value ] | manual power-constraint }
undo power-constraint mode
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, the power constraint mode is auto.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Parameters
auto: Specifies the auto mode.
anpi-interval anpi-interval-value: Adds a value to the average noise power indicator (ANPI) for the device to calculate the power constraint value, in the range of 0 to 30 in dBm. The default value is 10 dBm.
manual power-constraint: Specifies the power constraint value in the range of 0 to 30 dBm.
Usage guidelines
The following matrices show the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-LM/810-10-PoE/810-LM-HK |
Yes |
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
This command is available only for 5 GHz radios.
If you specify the auto mode, the device calculates the power constraint value by using this formula: power-constraint = Received Channel Power Indicator (RCPI) minus (ANPI + anpi-interval-value).
This command takes effect only when you enable spectrum management or radio resource measurement. For more information about radio resource measurement, see WLAN Configuration Guide (AC).
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Set the power constraint mode to manual and set the power constraint value to 5 dBm for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
[Sysname-wlan-ap-ap1-radio-1] power-constraint mode manual 5
# Set the power constraint mode to manual and set the power constraint value to 5 dBm for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] power-constraint mode manual 5
Related commands
resource-measure
spectrum-management
rrm
Use rrm to enter Radio Resource Management (RRM) view.
Syntax
rrm
Default
No RRM view exists.
Views
Radio view
Predefined user roles
network-admin
Examples
# Enter RRM view.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
scan-only
Use scan-only enable to enable radio scanning.
Use scan-only disable to disable radio scanning.
Use undo scan-only to restore the default.
Syntax
scan-only { disable | enable }
undo scan-only
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, radio scanning is disabled.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Usage guidelines
This feature enables APs to scan the WLAN environment and report collected statistics to the AC at the specified interval. The AC uses the statistics to generate channel reports and neighbor reports.
To view the channel reports and neighbor reports, use the display wlan rrm-status ap command.
If you have configured periodic auto-DFS, scheduled auto-DFS, or periodic auto-TPC, you do not need to enable this feature.
Examples
# Enable radio scanning for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] scan-only enable
# Enable radio scanning for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] scan-only enable
Related commands
display wlan rrm-status ap
snmp-agent trap enable wlan rrm
Use snmp-agent trap enable wlan rrm to enable SNMP notifications for WLAN RRM.
Use undo snmp-agent trap enable wlan rrm to disable SNMP notifications for WLAN RRM..
Syntax
snmp-agent trap enable wlan rrm
undo snmp-agent trap enable wlan rrm
Default
SNMP notifications are disabled for WLAN RRM.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical WLAN RRM events to an NMS, enable SNMP notifications for WLAN RRM. For WLAN RRM event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notifications for WLAN RRM.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan rrm
spectrum-management
Use spectrum-management enable to enable spectrum management.
Use spectrum-management disable to disable spectrum management.
Use undo spectrum-management to restore the default.
Syntax
spectrum-management { disable | enable }
undo spectrum-management
Default
In radio view, the configuration in AP group view is used.
In AP group radio view, spectrum management is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Usage guidelines
The following matrices show the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-LM/810-10-PoE/810-LM-HK |
Yes |
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
This command is available only for 5 GHz radios.
The configuration in radio view takes precedence over the configuration in AP group radio view.
Examples
# Enable spectrum management for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable
# Enable spectrum management for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable
tolerance-level
Use tolerance-level to set the tolerance level.
Use undo tolerance-level to restore the default.
Syntax
tolerance-level percent
undo tolerance-level
Default
In RRM view, the configuration in AP group view is used.
In AP group RRM view, the tolerance level is 20%.
Views
RRM view
AP group RRM view
Predefined user roles
network-admin
Parameters
percent: Specifies the tolerance level in the range of 1% to 45%.
Usage guidelines
The AC selects an optimal channel for a radio when the CRC error threshold, interference threshold, or retransmission threshold is reached on the current channel. The AC does not apply the optimal channel to the radio until the quality gap between the optimal channel and the current channel exceeds the tolerance level.
Examples
# Set the tolerance level to 25% for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620-WiNet
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrm
[Sysname-wlan-ap-ap1-radio-1-rrm] tolerance-level 25
# Set the tolerance level to 25% for radio 1 of APs with model WA2620-WiNet in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm
[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] tolerance-level 25
wlan calibrate-channel pronto ap all
IMPORTANT: This command consumes system resources. Use it with caution. |
Use wlan calibrate-channel pronto ap all to execute on-demand DFS for radios of all APs.
Syntax
wlan calibrate-channel pronto ap all
Default
RRM does not execute on-demand DFS for radios.
Views
System view
Predefined user roles
network-admin
Examples
# Execute on-demand DFS for radios of all APs.
<Sysname> system-view
[Sysname] wlan calibrate-channel pronto ap all
wlan calibrate-power pronto ap all
IMPORTANT: This command consumes system resources. Use it with caution. |
Use wlan calibrate-power pronto ap all to execute on-demand TPC for radios of all APs.
Syntax
wlan calibrate-power pronto ap all
Default
RRM does not execute on-demand TPC for radios.
Views
System view
Predefined user roles
network-admin
Examples
# Execute on-demand TPC for radios of all APs.
<Sysname> system-view
[Sysname] wlan calibrate-power pronto ap all
wlan rrm baseline apply
Use wlan rrm baseline apply to apply a radio baseline.
Syntax
wlan rrm baseline apply name baseline-name
Views
System view
Predefined user roles
network-admin
Parameters
name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
You cannot apply a radio baseline when one of the following conditions is met:
· You do not have the right to manage radios with the location identifier in the radio baseline.
· The name of the radio baseline is start_config_baseline.csv.
Examples
# Apply radio baseline bl.
<Sysname> system-view
[Sysname] wlan rrm baseline apply name bl
Related commands
display wlan rrm baseline apply-history
wlan rrm baseline save
wlan rrm baseline remove
Use wlan rrm baseline remove to delete a radio baseline.
Syntax
wlan rrm baseline remove name baseline-name
Views
System view
Predefined user roles
network-admin
Parameters
name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
You cannot delete a radio baseline if you do not have the right to manage radios with the location identifier in the radio baseline.
Examples
# Delete radio baseline bl.
<Sysname> system-view
[Sysname] wlan rrm baseline remove name bl
Related commands
wlan rrm baseline save
wlan rrm baseline save
Use wlan rrm baseline save to create a radio baseline by saving the current radio settings.
Syntax
wlan rrm baseline save name baseline-name { ap ap-name [ radio radio-id ] | ap-group group-name [ ap-model ap-model ] [ radio radio-id ] | global }
Views
System view
Predefined user roles
network-admin
Parameters
name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.
ap ap-name: Specifies an AP name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-). Make sure the AP is online.
radio radio-id: Specifies a radio ID. If you do not specify this option, the command saves the current settings of all radios on the specified AP or on APs in the specified AP group.
ap-group group-name: Specifies an AP group name, a case-insensitive string of 1 to 31 characters. Make sure the AP group already exists.
ap-model ap-model: Specifies an AP model. If you do not specify this option, the command saves the current settings of radios on all APs in the specified AP group.
global: Specifies all radios.
Usage guidelines
A radio baseline saves the working channel, transmit rate, and other radio attributes for a radio or several radios. You can create a radio baseline by saving the current radio settings and apply the baseline to use these settings.
A radio baseline is saved in a .csv file in the file system on the AC.
Examples
# Save the settings of radio 1 on AP ap1 and create radio baseline ap1-1.
<Sysname> system-view
[Sysname] wlan rrm baseline save name ap1-1 ap ap1 radio 1
# Save the settings of radio 1 of APs with model WA2620-WiNet in AP group group1 and create radio baseline ap1g1-1.
<Sysname> system-view
[Sysname] wlan rrm baseline save name ap1g1-1 ap-group group1 ap-model WA2620-WiNet radio 1
# Save the settings of all radios and create radio baseline global.
<Sysname> system-view
[Sysname] wlan rrm baseline save name global global
wlan rrm calibration-channel interval
Use wlan rrm calibration-channel interval to set the channel calibration interval.
Use undo wlan rrm calibration-channel interval to restore the default.
Syntax
wlan rrm calibration-channel interval minutes
undo wlan rrm calibration-channel interval
Default
The channel calibration interval is 8 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Specifies the channel calibration interval, in the range of 3 to 1440 minutes.
Examples
# Set the channel calibration interval to 10 minutes.
<Sysname> system-view
[Sysname] wlan rrm calibration-channel interval 10
Related commands
calibrate-channel self-decisive
wlan rrm-calibration-group
Use wlan rrm-calibration-group to create an RRM holddown group and enter its view, or enter the view of an existing RRM holddown group.
Use undo wlan rrm-calibration-group to remove an RRM holddown group.
Syntax
wlan rrm-calibration-group group-id
undo wlan rrm-calibration-group { all | group-id }
Default
No RRM holddown groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
all: Specifies all RRM holddown groups.
group-id: Specifies an RRM holddown group ID in the range of 1 to 128.
Examples
# Create RRM holddown group 10.
<Sysname> system-view
[Sysname] wlan rrm-calibration-group 10
[Sysname-wlan-rrm-calibration-group-10]
wlan rrm calibration-power interval
Use wlan rrm calibration-power interval to set the power calibration interval.
Use undo wlan rrm calibration-power interval to restore the default.
Syntax
wlan rrm calibration-power interval minutes
undo wlan rrm calibration-power interval
Default
The power calibration interval is 8 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Specifies the power calibration interval, in the range of 3 to 180 minutes.
Examples
# Set the power calibration interval to 10 minutes.
<Sysname> system-view
[Sysname] wlan rrm calibration-power interval 10
Related commands
calibrate-power self-decisive
WLAN IP snooping commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
client ip-snooping http-learning enable
Use client ip-snooping http-learning enable to enable snooping HTTP requests redirected to the portal server.
Use undo client ip-snooping http-learning enable to disable snooping HTTP requests redirected to the portal server.
Syntax
client ip-snooping http-learning enable
undo client ip-snooping http-learning enable
Default
Snooping HTTP requests is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
An AC can use this method to learn IP addresses of clients performing portal authentication. For more information about portal authentication, see Security Configuration Guides.
The priorities for learning IP addresses through snooping DHCP packets, ARP or ND packets, and HTTP requests are in descending order.
Make sure the service template is disabled when you execute this command.
Examples
# Enable snooping HTTP requests.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client ip-snooping http-learning enable
client ipv4-snooping arp-learning enable
Use client ipv4-snooping arp-learning enable to enable snooping ARP packets.
Use undo client ipv4-snooping arp-learning enable to disable snooping ARP packets.
Syntax
client ipv4-snooping arp-learning enable
undo client ipv4-snooping arp-learning enable
Default
Snooping ARP packets is enabled.
Views
Service template view
Predefined user roles
network-admin
Examples
# Disable snooping ARP packets.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client ipv4-snooping arp-learning enable
client ipv4-snooping dhcp-learning enable
Use client ipv4-snooping dhcp-learning enable to enable snooping DHCPv4 packets.
Use undo client ipv4-snooping dhcp-learning enable to disable snooping DHCPv4 packets.
Syntax
client ipv4-snooping dhcp-learning enable
undo client ipv4-snooping dhcp-learning enable
Default
Snooping DHCPv4 packets is enabled.
Views
Service template view
Predefined user roles
network-admin
Examples
# Disable snooping DHCPv4 packets.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client ipv4-snooping dhcp-learning enable
client ipv6-snooping dhcpv6-learning enable
Use client ipv6-snooping dhcpv6-learning enable to enable snooping DHCPv6 packets.
Use undo client ipv6-snooping dhcpv6-learning enable to disable snooping DHCPv6 packets.
Syntax
client ipv6-snooping dhcpv6-learning enable
undo client ipv6-snooping dhcpv6-learning enable
Default
Snooping DHCPv6 packets is disabled.
Views
Service template view
Predefined user roles
network-admin
Examples
# Disable snooping DHCPv6 packets.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client ipv6-snooping dhcpv6-learning enable
client ipv6-snooping nd-learning enable
Use client ipv6-snooping nd-learning enable to enable snooping ND packets.
Use undo client ipv6-snooping nd-learning enable to disable snooping ND packets.
Syntax
client ipv6-snooping nd-learning enable
undo client ipv6-snooping nd-learning enable
Default
Snooping ND packets is disabled.
Views
Service template view
Predefined user roles
network-admin
Examples
# Disable snooping ND packets.
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client ipv6-snooping nd-learning enable
client ipv6-snooping snmp-nd-report enable
Use client ipv6-snooping snmp-nd-report enable to enable SNMP to obtain client IPv6 addresses learned from ND packets.
Use undo client ipv6-snooping snmp-nd-report enable to disable SNMP from obtaining client IPv6 addresses learned from ND packets.
Syntax
client ipv6-snooping snmp-nd-report enable
undo client ipv6-snooping snmp-nd-report enable
Default
SNMP obtains client IPv6 addresses learned from both DHCPv6 and ND packets.
Views
Service template view
Predefined user roles
Usage guidelines
Make sure the service template is disabled when you execute this command.
Examples
# Disable SNMP from obtaining client IPv6 addresses learned from ND packets.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client ipv6-snooping snmp-nd-report enable
WLAN load balancing commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
ap radio
Use ap radio to add a radio to a load balancing group.
Use undo ap to remove one or all radios from a load balancing group.
Syntax
ap name ap-name radio radio-id
undo ap { name ap-name [ radio radio-id ] | all }
Default
No radio exists in a load balancing group.
Views
Load balancing group view
Predefined user roles
network-admin
Parameters
ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), left brackets ([), right brackets (]), slashes (/), and minus signs (-). The AP must already exist.
radio-id: Specifies a radio by its ID. The value range for this argument varies by device model.
all: Specifies all radios.
Usage guidelines
You can add a radio to only one load balancing group.
If you do not specify a radio in the undo ap command, the command removes all radios on the specified AP from the load balancing group.
Examples
# Add radio 2 of AP ap1 to load balancing group 10.
<Sysname> system-view
[Sysname] wlan load-balance group 10
[Sysname-wlan-lb-group-10] ap name ap1 radio 2
description
Use description to set a description for a load balancing group.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is set for a load balancing group.
Views
Load balancing group view
Predefined user roles
network-admin
Parameters
text: Specifies a description for a load balancing group, a case-sensitive string of 1 to 64 characters.
Examples
# Set the description for load balancing group 10 to marketing.
<Sysname> system-view
[Sysname] wlan load-balance group 10
[Sysname-wlan-lb-group10] description marketing
display wlan load-balance group
Use display wlan load-balance group to display load balancing group information.
Syntax
display wlan load-balance group { group-id | all }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies a load balancing group by its ID. The value range for this argument is 1 to 65535.
all: Specifies all load balancing groups.
Examples
# Display information about load balancing group 1.
<Sysname> display wlan load-balance group 1
WLAN load balance group information
--------------------------------------------------------------------------------
Group ID : 1
Description :
Group members : ap3-radio2,
ap2-radio1,
ap1-radio1,
--------------------------------------------------------------------------------
# Display information about all load balancing groups.
<Sysname> display wlan load-balance group all
WLAN load balance group information
--------------------------------------------------------------------------------
Group ID : 1
Description :
Group members : ap3-radio2,
ap2-radio1,
ap1-radio1,
--------------------------------------------------------------------------------
Group ID : 2
Description : marketing
Group members : ap3-radio1,
--------------------------------------------------------------------------------
Table 61 Command output
Field |
Description |
Group members |
List of radios in the load balancing group. |
display wlan load-balance status service-template
Use display wlan load-balance status service-template to display load balancing information for radios that are bound to a service template.
Syntax
display wlan load-balance status service-template template-name { client mac-address | group group-id }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
group-id: Displays information about radios in a load balancing group. The group-id argument represents the ID of the load balancing group. The value range for this argument is 1 to 65535.
mac-address: Displays information about radios that have detected a client. The mac-address argument represents the MAC address of the client and is in H-H-H format.
Examples
# Display load balancing information for radios that are bound to service template st1 and are in load balancing group 1.
<Sysname> display wlan load-balance status service-template st1 group 1
Current load balancing mode (threshold/gap): session (2/1)
Total radios: 4
APID/RID Group ID Session Bandwidth(Mbps) Traffic(%) Balance(Y/N)
----------------------------------------------------------------------------------------
1/1 1 2 100 5 Y
1/2 1 10 50 10 N
2/1 1 2 10 1 Y
2/2 1 2 0 0 Y
# Display load balancing information for radios that are bound to service template st1 and that detect the client with MAC address 702d-2249-33bf.
<Sysname> display wlan load-balance status service-template st1 client 702d-2249-33bf
Current load balancing mode (threshold/gap): session (2/1)
Load balancing group exist: Yes
Total radios: 4
APID/RID Group ID Session Bandwidth(Mbps) Traffic(%) Balance(Y/N)
----------------------------------------------------------------------------------------
3/1 0 2 100 5 Y
1/2 1 10 50 10 N
4/1 1 2 10 1 Y
4/2 0 2 0 0 Y
Table 62 Command output
Field |
Description |
Load-balance group exist |
Whether load balancing groups exist: Yes or No. |
Group ID |
Load balancing group ID. The value of 0 indicates that the radio is not in a load balancing group. |
Session |
Number of clients associated with the radio. |
Bandwidth(Mbps) |
Bandwidth of the radio in Mbps. |
Traffic(%) |
Percentage of the traffic on the radio to the maximum bandwidth of the radio. |
Balance(Y/N) |
Load balancing status: · Y—The radio has been load balanced. · N—The radio has not been load balanced. |
snmp-agent trap enable wlan load-balance
Use snmp-agent trap enable wlan load-balance to enable SNMP notifications for WLAN load balancing.
Use undo snmp-agent trap enable wlan load-balance to disable SNMP notifications for WLAN load balancing.
Syntax
snmp-agent trap enable wlan load-balance
undo snmp-agent trap enable wlan load-balance
Default
SNMP notifications for WLAN load balancing are disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To report critical WLAN load balancing events to an NMS, enable SNMP notifications for WLAN load balancing. For WLAN load balancing event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.
Examples
# Enable SNMP notifications for WLAN load balancing.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan load-balance
wlan load-balance access-denial
Use wlan load-balance access-denial to set the maximum number of denials for association requests.
Use undo wlan load-balance access-denial to restore the default.
Syntax
wlan load-balance access-denial access-denial
undo wlan load-balance access-denial
Default
The maximum number of denials is 10 for association requests.
Views
System view
Predefined user roles
network-admin
Parameters
access-denial: Specifies the maximum number of denials for association requests, in the range of 2 to 10.
Usage guidelines
If the number of times that an AP rejects a client reaches the maximum number of denials for association requests, the AP accepts the association request from the client.
Examples
# Set the maximum number of denials to 4 for association requests.
<Sysname> system-view
[Sysname] wlan load-balance access-denial 4
wlan load-balance enable
Use wlan load-balance enable to enable WLAN load balancing.
Use undo wlan load-balance enable to disable WLAN load balancing.
Syntax
wlan load-balance enable
undo wlan load-balance enable
Default
WLAN load balancing is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable WLAN load balancing.
<Sysname> system-view
[Sysname] wlan load-balance enable
wlan load-balance group
Use wlan load-balance group to create a load balancing group and enter its view, or enter the view of an existing load balancing group.
Use undo wlan load-balance group to remove one or all load balancing groups.
Syntax
wlan load-balance group group-id
undo wlan load-balance group { group-id | all }
Default
No load balancing group exists.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a load balancing group by its ID. The value range for this argument is 1 to 65535.
all: Specifies all load balancing groups.
Usage guidelines
To perform load balancing among specific APs, you can add the radios of these APs to a load balancing group. The AC does not perform load balancing on radios that do not belong to the load balancing group.
Examples
# Create load balancing group 10 and enter its view.
<Sysname> system-view
[Sysname] wlan load-balance group 10
[Sysname-wlan-lb-group-10]
Related commands
ap radio
wlan load-balance mode bandwidth
Use wlan load-balance mode bandwidth to configure bandwidth-mode load balancing.
Use undo wlan load-balance mode to restore the default.
Syntax
wlan load-balance mode bandwidth value [ gap gap-value ]
undo wlan load-balance mode
Views
System view
Default
Session-mode load balancing is used.
Predefined user roles
network-admin
Parameters
value: Specifies the bandwidth threshold in the range of 1 to 500 Mbps.
gap gap-value: Specifies the bandwidth gap threshold in the range of 1 to 200 Mbps. The default bandwidth gap threshold is 20 Mbps.
Usage guidelines
The AC performs bandwidth-mode load balancing when the following conditions are met:
· The bandwidth of an AP reaches the bandwidth threshold.
· The bandwidth gap between the AP and the AP that has the smallest bandwidth reaches the bandwidth gap threshold.
Examples
# Set the load balancing mode to bandwidth mode, and set the bandwidth threshold and bandwidth gap threshold to 100 Mbps and 20 Mbps, respectively.
<Sysname> system-view
[Sysname] wlan load-balance mode bandwidth 100 gap 20
wlan load-balance mode session
Use wlan load-balance mode session to configure session-mode load balancing.
Use undo wlan load-balance mode to restore the default.
Syntax
wlan load-balance mode session value [ gap gap-value ]
undo wlan load-balance mode
Default
Session-mode load balancing is used and the session threshold is 20.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the session threshold in the range of 1 to 60.
gap gap-value: Specifies the session gap threshold in the range of 1 to 12. The default session gap threshold is 4.
Usage guidelines
The AC performs session-mode load balancing when the following conditions are met:
· The number of clients associated with an AP reaches the session threshold.
· The session gap between the AP and the AP that has the fewest clients reaches the session gap threshold.
Examples
# Set the load balancing mode to session mode, and set the session threshold and session gap threshold to 7 and 5, respectively.
<Sysname> system-view
[Sysname] wlan load-balance mode session 7 gap 5
wlan load-balance mode traffic
Use wlan load-balance mode traffic to configure traffic-mode load balancing.
Use undo wlan load-balance mode to restore the default.
Syntax
wlan load-balance mode traffic value [ gap gap-value ]
undo wlan load-balance mode
Default
Session-mode load balancing is used.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the traffic threshold in the ratio between the traffic and the maximum bandwidth of an AP. The value range for this argument is 1% to 80%.
gap gap-value: Specifies the traffic gap threshold in the ratio between the traffic gap and the maximum bandwidth of an AP. The value range for this argument is 10% and 40%. The default traffic gap threshold is 20%.
Usage guidelines
The AC performs traffic-mode load balancing when the following conditions are met:
· The traffic of an AP reaches the traffic threshold.
· The traffic gap between the AP and the AP that has the least traffic reaches the traffic gap threshold.
Examples
# Set the load balancing mode to traffic mode, and set the traffic threshold and traffic gap threshold to 25% and 20%, respectively.
<Sysname> system-view
[Sysname] wlan load-balance mode traffic 25 gap 20
wlan load-balance rssi-threshold
Use wlan load-balance rssi-threshold to set the received signal strength indicator (RSSI) threshold.
Use undo wlan load-balance rssi-threshold to restore the default.
Syntax
wlan load-balance rssi-threshold rssi-threshold
undo wlan load-balance rssi-threshold
Default
The RSSI threshold is 25.
Views
System view
Predefined user roles
network-admin
Parameters
rssi-threshold: Specifies the RSSI threshold in the range of 5 to 100.
Usage guidelines
An AP determines that a client not detected if the client's RSSI is lower than the load balancing RSSI threshold. If only one AP can detect the client, the AP increases the access probability for the client by decreasing the maximum number of denials to 1 for the client.
Examples
# Set the RSSI threshold to 40.
<Sysname> system-view
[Sysname] wlan load-balance rssi-threshold 40
WLAN probe commands
The following routers can function as ACs:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
The term "AC" in this document refers to MSR routers that can function as ACs.
client-proximity-sensor
Use client-proximity-sensor enable to enable WLAN probe.
Use client-proximity-sensor disable to disable WLAN probe.
Use undo client-proximity-sensor to restore the default.
Syntax
client-proximity-sensor { disable | enable }
undo client-proximity-sensor
Default
In radio view, a radio uses the configuration in AP group radio view.
In AP group radio view, WLAN probe is disabled.
Views
Radio view
AP group radio view
Predefined user roles
network-admin
Examples
# Enable WLAN probe for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] client-proximity-sensor enable
# Enable WLAN probe for radio 1 of APs with model WA4320i-ACN in AP group aaa.
<Sysname> system-view
[Sysname] wlan ap-group aaa
[Sysname-wlan-ap-group-aaa] ap-model WA4320i-ACN
[Sysname -wlan-ap-group-aaa-ap-model-WA4320i-ACN] radio 1
[Sysname -wlan-ap-group-aaa-ap-model-WA4320i-ACN-radio-1] client-proximity-sensor enable
client-proximity-sensor ap-timer
Use client-proximity-sensor ap-timer to set the AP entry timers.
Use undo client-proximity-sensor ap-timer to restore the default.
Syntax
client-proximity-sensor ap-timer inactive inactive-value aging aging-value
undo client-proximity-sensor ap-timer
Default
The inactivity timer and aging timer for AP entries are 300 seconds and 600 seconds, respectively.
Views
System view
Predefined user roles
network-admin
Parameters
inactive inactive-value: Specifies the inactivity timer for AP entries, in the range of 60 to 1200 seconds.
aging aging-value: Specifies the aging timer for AP entries, in the range of 120 to 86400 seconds.
Examples
# Set the inactivity timer and aging timer for AP entries to 120 seconds and 360 seconds, respectively.
<Sysname> system-view
[Sysname] client-proximity-sensor ap-timer inactive 120 aging 360
client-proximity-sensor ap-udp-server
Use client-proximity-sensor ap-udp-server to specify a UDP server to receive wireless device information.
Use undo client-proximity-sensor udp-server to restore the default.
Syntax
client-proximity-sensor ap-udp-server ip-address port port-number [ interval interval | preshared-key [ cipher | simple ] key-string ] *
undo client-proximity-sensor ap-udp-server
Default
No UDP server is specified.
Views
AP view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IPv4 address of the UDP server.
port port-number: Specifies the port number of the UDP server, in the range of 1 to 65534.
interval interval: Specifies the interval at which the sensor sends device information to the UDP server, in the range of 1 to 600 seconds. The default interval is 30 seconds.
preshared-key: Specifies a preshared key.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form.
key-string: Specifies the key. Its plaintext form is a case-sensitive string of 8 to 63 characters. Its encrypted form is a case-sensitive string of 41 to 117 characters.
Examples
# Specify the UDP server with IP address 10.152.3.209 and port number 443 to receive wireless device information.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-ap-ap1] client-proximity-sensor ap-udp-server 10.152.3.209 port 443
client-proximity-sensor client-timer
Use client-proximity-sensor client-timer to set the client entry timers.
Use undo client-proximity-sensor client-timer to restore the default.
Syntax
client-proximity-sensor client-timer inactive inactive-value aging aging-value
undo client-proximity-sensor client-timer
Default
The inactivity timer and aging timer for client entries are 300 seconds and 600 seconds, respectively.
Views
System view
Predefined user roles
network-admin
Parameters
inactive inactive-value: Specifies the inactivity timer for client entries, in the range of 60 to 1200 seconds.
aging aging-value: Specifies the aging timer for client entries, in the range of 120 to 86400 seconds.
Examples
# Set the inactivity timer and aging timer for client entries to 120 seconds and 360 seconds, respectively.
<Sysname> system-view
[Sysname] client-proximity-sensor client-timer inactive 120 aging 360
client-proximity-sensor coordinates
Use client-proximity-sensor coordinates to set the longitude and latitude of a sensor.
Use undo client-proximity-sensor coordinates to remove the configuration.
Syntax
client-proximity-sensor coordinates longitude longitude-value latitude latitude-value
undo client-proximity-sensor coordinates
Default
The longitude and latitude are not set for a sensor.
Views
AP view
Predefined user roles
network-admin
Parameters
longitude longitude-value: Specifies the longitude of the sensor, in XXX-XX-XX.X format. The value ranges for XXX and XX are 0 to 180 and 0 to 60, respectively. The value of X can be e or w and is case insensitive.
latitude latitude-value: Specifies the latitude of the sensor, in XXX-XX-XX.X format. The value ranges for XXX and XX are 0 to 90 and 0 to 60, respectively. The value of X can be s or n and is case insensitive.
Usage guidelines
After you configure this command for a sensor, the longitude and latitude information for the sensor is reported together with the information about wireless devices detected by the sensor.
Examples
# Set the longitude and latitude for sensor ap1 to 123-40-40.e and 80-30-30.n, respectively.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-ap-ap1] client-proximity-sensor coordinates longitude 123-40-40.e latitude 80-30-30.n
client-proximity-sensor filter-list
Use client-proximity-sensor filter-list to configure the MAC address filtering list. The AC does not report information about devices with MAC addresses in the list.
Use undo client-proximity-sensor filter-list to remove the configuration.
Syntax
client-proximity-sensor filter-list list
undo client-proximity-sensor filter-list { list | all }
Default
No MAC address filtering list is configured.
Views
System view
Predefined user roles
network-admin
Parameters
list: Specifies a MAC address or a class of MAC addresses in H-H-H format. For example, if you specify 0400-0000-0000, you specify MAC addresses whose third bit in the first byte is 1.
all: Specifies all MAC addresses.
Examples
# Add MAC addresses whose third bit in the first byte is 1 to the MAC address filtering list.
<Sysname> system-view
[Sysname] client-proximity-sensor filter-list 0400-0000-0000
client-proximity-sensor random-mac-report enable
Use client-proximity-sensor random-mac-report enable to enable reporting of information about Apple terminals that use a random MAC address.
Use undo client-proximity-sensor random-mac-report enable to disable reporting of information about Apple terminals that use a random MAC address
Syntax
client-proximity-sensor random-mac-report enable
undo client-proximity-sensor random-mac-report enable
Default
Information about Apple terminals that use a random MAC address is not reported.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Apple terminals send probe requests by using a random MAC address whose second bit in the first byte is 1 and cause sensors to detect non-existent wireless devices. Enable or disable this command as appropriate.
Examples
# Enable reporting of information about Apple terminals that use a random MAC address.
<Sysname> system-view
[Sysname] client-proximity-sensor random-mac-report enable
client-proximity-sensor report-ac enable
Use client-proximity-sensor report-ac enable to enable sensors to report information about detected devices to the AC.
Use undo client-proximity-sensor report-ac enable to disable sensors from reporting information about detected devices to the AC.
Syntax
client-proximity-sensor report-ac enable
undo client-proximity-sensor report-ac enable
Default
Sensors do not report information about detected devices to the AC.
Views
System view
Predefined user roles
network-admin
Examples
# Enable sensors to report information about detected devices to the AC.
<Sysname> system-view
[Sysname] client-proximity-sensor report-ac enable
client-proximity-sensor report-ac-interval
Use client-proximity-sensor report-ac-interval to set the interval at which sensors report information about detected devices to the AC.
Use undo client-proximity-sensor report-ac interval to restore the default.
Syntax
client-proximity-sensor report-ac interval interval
undo client-proximity-sensor report-ac interval
Default
Sensors report information about detected devices to the AC every 3000 milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval at which sensors report information about detected devices to the AC, in the range of 100 to 60000 milliseconds.
Examples
# Configure sensors to report information about detected devices to the AC every 2000 milliseconds.
<Sysname> system-view
[Sysname] client-proximity-sensor report-ac interval 2000
client-proximity-sensor report-ap enable
Use client-proximity-sensor report-ap enable to enable reporting of AP information to the UDP server.
Use undo client-proximity-sensor report-ap enable to disable reporting of AP information to the UDP server.
Syntax
client-proximity-sensor report-ap enable
undo client-proximity-sensor report-ap enable
Default
AP information is not reported to the UDP server.
Views
System view
Predefined user roles
network-admin
Examples
# Enable reporting of AP information to the UDP server.
<Sysname> system-view
[Sysname] client-proximity-sensor report-ap enable
client-proximity-sensor report-oasis client
Use client-proximity-sensor report-oasis client to set the report interval and the number of client entries that the AC sends to the Oasis platform in each report.
Use undo client-proximity-sensor report-oasis to restore the default.
Syntax
client-proximity-sensor report-oasis client interval interval number number
undo client-proximity-sensor report-oasis client
Default
The AC reports 10 client entries to the Oasis platform every 1000 milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval interval: Specifies the interval at which the AC reports client information to the Oasis platform, in the range of 100 to 60000 milliseconds.
number number: Specifies the number of client entries that the AC sends to the Oasis platform in each report, in the range of 1 to 100.
Examples
# Configure the AC to report 50 client entries to the Oasis platform every 500 milliseconds.
<Sysname> system-view
[Sysname] client-proximity-sensor report-oasis client interval 500 number 50
client-proximity-sensor report-oasis disable
Use client-proximity-sensor report-oasis disable to disable the AC from reporting wireless device information to the Oasis platform.
Use undo client-proximity-sensor report-oasis disable to restore the default.
Syntax
client-proximity-sensor report-oasis disable
undo client-proximity-sensor report-oasis disable
Default
The AC reports wireless device information to the Oasis platform.
Views
System view
Predefined user roles
network-admin
Examples
# Disable the AC from reporting wireless device information to the Oasis platform.
<Sysname> system-view
[Sysname] client-proximity-sensor report-oasis disable
client-proximity-sensor report-oasis rssi-change-threshold
Use client-proximity-sensor report-oasis rssi-change-threshold to set the RSSI difference threshold for reporting client information to the Oasis platform.
Use undo client-proximity-sensor report-oasis rssi-change-threshold to restore the default.
Syntax
client-proximity-sensor report-oasis rssi-change-threshold threshold-value
undo client-proximity-sensor report-oasis rssi-change-threshold
Default
The RSSI difference threshold is 100.
Views
System view
Predefined user roles
network-admin
Parameters
rssi-change-threshold threshold-value: Specifies the RSSI difference threshold for reporting client information to the Oasis platform, in the range of 1 to 100.
Usage guidelines
The AC does not report the client information received from a sensor to the Oasis platform when the following conditions are met:
· The client has already been detected before.
· The RSSI difference of the client between the most recent two reports does not reach the specified threshold.
Examples
# Set the RSSI difference threshold to 50 for reporting client information to the Oasis platform.
<Sysname> system-view
[Sysname] client-proximity-sensor report-oasis rssi-change-threshold 50
client-proximity-sensor rssi-threshold
Use client-proximity-sensor rssi-threshold to set the RSSI threshold for clients or APs.
Use undo client-proximity-sensor rssi-threshold to restore the default.
Syntax
client-proximity-sensor rssi-threshold { ap ap-rssi-value | client client-rssi-value }
undo client-proximity-sensor rssi-threshold { ap | client }
Default
The RSSI thresholds for clients and APs are not set.
Views
System view
Predefined user roles
network-admin
Parameters
ap ap-rssi-value: Specifies the RSSI threshold for APs, in the range of 1 to 100.
client client-rssi-value: Specifies the RSSI threshold for clients, in the range of 1 to 100.
Usage guidelines
Sensors do not ignore any wireless devices by default. After you configure this command, sensors will ignore wireless devices with an RSSI lower than the specified RSSI threshold.
Examples
# Configure sensors to ignore APs with an RSSI lower than 30.
<Sysname> system-view
[Sysname] client-proximity-sensor rssi-threshold ap 30
client-proximity-sensor rt-report enable
Use client-proximity-sensor rt-report enable to enable real-time reporting of wireless device information to the UDP server.
Use undo client-proximity-sensor rt-report enable to disable real-time reporting of wireless device information to the UDP server.
Syntax
client-proximity-sensor rt-report enable
undo client-proximity-sensor rt-report enable
Default
Information about wireless devices is reported to the UDP server at the specified interval.
Views
System view
Predefined user roles
network-admin
Examples
# Enable real-time reporting of wireless device information to the UDP server.
<Sysname> system-view
[Sysname] client-proximity-sensor rt-report enable
client-proximity-sensor server
Use client-proximity-sensor server to specify an HTTPS server to receive wireless device information.
Use undo client-proximity-sensor server to restore the default.
Syntax
client-proximity-sensor server string [ window-time window-time-value | partner partner-value ] *
undo client-proximity-sensor server
Default
No HTTPS server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
string: Specifies an HTTPS server by its address, a case-sensitive string of 8 to 127 characters. The address must start with https://.
window-time window-time-value: Specifies the window time in the range of 10 to 60 seconds. The default window time is 30 seconds.
partner partner-value: Specifies the partner flag value. The default partner flag value is 11.
Examples
# Specify the HTTPS server with address https://10.152.3.209:443/xxx/yy to receive wireless device information.
[Sysname] client-proximity-sensor server https://10.152.3.209:443/xxx/yy
client-proximity-sensor timezone-offset
Use client-proximity-sensor timezone-offset to set the timezone offset between the AC and a sensor.
Use undo client-proximity-sensor timezone-offset to restore the default.
Syntax
client-proximity-sensor timezone-offset { add | minus } timevalue
undo client-proximity-sensor timezone-offset
Default
The timezone offset between the AC and a sensor is not set.
Views
AP view
Predefined user roles
network-admin
Parameters
add: Configures a positive timezone offset between the sensor and the AC.
minus: Configures a negative timezone offset between the sensor and the AC.
timevalue: Specifies the timezone offset between the sensor and the AC in hh: mm: ss format.
Examples
# Configure a positive timezone offset of 11 hours between sensor ap1 and the AC, which means that the time of sensor ap1 is the AC' s time plus 11 hours.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-ap-ap1] client-proximity-sensor timezone-offset add 11:00:00
client-proximity-sensor udp-server
Use client-proximity-sensor udp-server to specify a UDP server to receive wireless device information.
Use undo client-proximity-sensor udp-server to restore the default.
Syntax
client-proximity-sensor udp-server ip-address port port-number [ interval interval | preshared-key [ cipher | simple ] key-string ] *
undo client-proximity-sensor udp-server
Default
No UDP server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IPv4 address of the UDP server.
port port-number: Specifies the port number of the UDP server, in the range of 1 to 65534.
interval interval: Specifies the interval at which the AC sends device information to the UDP server, in the range of 1 to 600 seconds. The default interval is 30 seconds.
preshared-key: Specifies a preshared key.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form.
key-string: Specifies the key. Its plaintext form is a case-sensitive string of 8 to 63 characters. Its encrypted form is a case-sensitive string of 41 to 117 characters.
Examples
# Specify the UDP server with IP address 10.152.3.209 and port number 443 to receive wireless device information.
<Sysname> system-view
[Sysname] client-proximity-sensor udp-server 10.152.3.209 port 443
display client-proximity-sensor device
Use display client-proximity-sensor device to display information about wireless devices detected by sensors.
Syntax
display client-proximity-sensor device [ ap | client | mac-address mac-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap: Displays information about detected APs.
client: Displays information about detected clients.
mac-address mac-address: Displays information about the wireless device with the specified MAC address. The mac-address argument is in H-H-H format.
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
Examples
# Display brief information about wireless devices detected by sensors.
<Sysname> display client-proximity-sensor device
Total 3 detected devices
MAC address Type Duration Sensors Channel Status
0AFB-423B-893C AP 00h 10m 46s 1 11 Active
0AFB-423B-893D AP 00h 10m 46s 1 6 Active
0AFB-423B-893E AP 00h 10m 46s 1 1 Active
Table 63 Command output
Field |
Description |
MAC address |
MAC address of the wireless device. |
Type |
Wireless device type: · AP. · Client. |
Duration |
Time elapsed since the wireless device entered the current status. |
Sensors |
Number of sensors that detected the wireless device. |
Channel |
Channel on which the wireless device was most recently detected. |
Status |
Wireless device status: · Active. · Inactive. |
# Display detailed information about wireless devices detected by sensors.
<Sysname> display client-proximity-sensor device verbose
Total 2 detected devices
AP: 0AFB-423B-893C
Status: Active
Status duration: 00h 27m 57s
Vendor: Not found
SSID: service
Radio type: 802.11ac
Security: None
Encryption method: None
Authentication method: None
Broadcast SSID: Yes
QoS supported: No
Beacon interval: 100 TU
Up duration: 00h 27m 57s
Channel bandwidth supported: 20/40/80MHz
Total number of reported APs: 1
AP 1:
AP ID: 3
AP name: 1
Radio ID: 1
RSSI: 15
Channel: 419
First reported time: 2016-04-03/09:05:51
Last reported time: 2016-04-03/09:05:51
Total number of associated clients: 1
01: 80EA-9656-AAAB
Client: 80EA-9656-AAAB
Last detected associated AP: 0AFB-423B-893C
Last associated AP (not detected): None
Status: Active
Status duration: 00h 00m 02s
Vendor: Not found
Radio type: 802.11a
Total number of reported APs: 1
AP 1:
AP ID: 2
AP name: 1
Radio ID: 1
RSSI: 50
Channel: 116
First reported time: 2016-04-03/14:52:56
Last reported time: 2016-04-03/14:52:56
Reported associated AP: 0AFB-423B-893C
Table 64 Command output
Field |
Description |
Total number detected devices |
Number of detected wireless devices. |
AP |
MAC address of the detected AP. |
Client |
MAC address of the detected client. |
Last detected associated AP |
MAC address of the AP with which the client most recently associated. The MAC address is the BSSID of the AP. |
Last associated AP (not detected) |
MAC address of the AP with which the client most recently communicated. This AP has not been detected, and the MAC address of the AP is obtained from packets exchanged between the client and the AP. |
Status |
Wireless device status: · Active. · Inactive. |
Status duration |
Time elapsed since the wireless device entered the current status. |
Vendor |
OUI of the wireless device. This field displays Not found if no OUIs are imported or the OUI of the device does not match any of the imported OUIs. |
Security |
Security method: · WEP. · WPA. · WPA2. · None. |
Encryption method |
Encryption method: · TKIP. · CCMP. · WEP. · None. |
Authentication method |
Authentication method: · PSK. · 802.1X. · Others—Authentication methods except for PSK authentication and 802.1X authentication. · None. |
Broadcast SSID |
Whether the AP broadcasts SSIDs. If the AP does not broadcast SSIDs, the SSID field in the output is null. |
Beacon interval |
Beacon interval in TU. One TU is equal to 1024 microseconds. |
Up duration |
Time elapsed since the AP started. |
Total number of reported APs |
Number of sensors that detected the client. |
AP n |
Sensor that detected the wireless device. n represents the number of the sensor and is automatically assigned by the system. |
AP ID |
AP ID of the sensor. |
AP name |
Name of the sensor that detected the wireless device. |
Radio ID |
ID of the radio that detected the wireless device. |
RSSI |
RSSI of the sensor. |
Channel |
Channel on which the sensor most recently detected the wireless device. |
First reported time |
Time when the sensor detected the wireless device for the first time. |
Last reported time |
Time when the sensor most recently detected the wireless device. |
Total number of associated clients |
Number of clients that are associated with the AP. |
n:H-H-H |
MAC address of the wireless client associated with the AP. n is the number of the wireless client and is automatically assigned by the system. |
Reported associated AP |
AP with which the wireless client is associated. |
display client-proximity-sensor sensor
Use display client-proximity-sensor sensor to display information about sensors.
Syntax
display client-proximity-sensor sensor
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about sensors.
<Sysname> display client-proximity-sensor sensor
Total number of sensors: 1
Sensor ID Sensor name Radio ID
3 ap1 1
display client-proximity-sensor statistics receive
Use display client-proximity-sensor statistics receive to display statistics received from sensors.
Syntax
display client-proximity-sensor statistics receive
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display statistics received from sensors
<Sysname> display client-proximity-sensor statistics receive
Information from sensor 1
Statistics information for received messages:
Detected AP updated messages: 7
Detected client updated messages: 5
Detected AP deleted messages: 3
Detected client deleted messages: 0
Detected all device deleted messages: 0
Information from sensor 2
Statistics information for received messages:
Detected AP updated messages: 6
Detected client updated messages: 5
Detected AP deleted messages: 3
Detected client deleted messages: 2
Detected all device deleted messages: 0
Table 65 Command output
Field |
Description |
Information from sensor n |
Information collected from sensor n, where n represents the ID of the sensor. |
Detected AP updated messages |
Number of AP update messages. |
Detected client updated messages |
Number of client update messages. |
Detected AP deleted messages |
Number of AP delete messages. |
Detected client deleted messages |
Number of client delete messages. |
Detected all device deleted messages |
Number of device delete messages |
Related commands
reset client-proximity-sensor statistics
reset client-proximity-sensor device
Use reset client-proximity-sensor device to clear wireless device information.
Syntax
reset client-proximity-sensor device { ap | client | mac-address mac-address | all }
Views
User view
Predefined user roles
network-admin
Parameters
ap: Specifies detected APs.
client: Specifies detected clients.
mac-address mac-address: Specifies a wireless device by its MAC address, in H-H-H format.
all: Specifies all detected devices.
Examples
# Clear information about detected clients.
<Sysname> reset client-proximity-sensor device client
# Clear information about the wireless device with MAC address 0023-1212-2323.
<Sysname> reset client-proximity-sensor device mac-address 0023-1212-2323
Related commands
display client-proximity-sensor entry
reset client-proximity-sensor statistics
Use reset client-proximity-sensor statistics to clear statistics received from sensors.
Syntax
reset client-proximity-sensor statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear statistics received from sensors.
<Sysname> reset client-proximity-sensor statistics
Related commands
display client-proximity-sensor statistics receive
ac,1
access-control acl,156
access-scan enable,253
adjacency-factor,407
adjacency-factor radio-selection,408
akm mode,218
a-mpdu,99
a-msdu,100
ani,101
antenna type,101
ap,2
ap name,409
ap radio,448
ap-channel-change,253
ap-classification rule,254
ap-flood,254
ap-impersonation,255
ap-model,3
apply ap-classification rule,256
apply classification policy,257
apply countermeasure policy,257
apply detect policy,258
apply signature policy,258
apply signature rule,259
ap-rate-limit,259
ap-spoofing,260
ap-timer,261
association-table-overflow,261
authentication,262
band-navigation,384
bandwidth-guarantee,347
bandwidth-guarantee service-template,348
beacon ssid-hide,157
beacon-interval,102
block mac-address,262
broadcast-probe reply,158
cac policy,349
calibrate-channel mode,409
calibrate-channel monitoring time-range,410
calibrate-channel pronto,411
calibrate-channel self-decisive,412
calibrate-channel self-decisive sensitivity,416
calibrate-channel suppression,417
calibrate-power min,413
calibrate-power mode,414
calibrate-power self-decisive,415
calibrate-power threshold,418
channel,103
channel auto-select,104
channel band-width,105
channel holddown-time,419
channel-capability mode,419
channel-switch mode,420
channel-usage measure,107
cipher-suite,219
classification policy,263
classifier acl,158
client association-location,159
client cache aging-time,160
client dot11ac-only,108
client dot11b-forbidden,109
client dot11n-only,110
client forwarding-location,160
client forwarding-policy enable,161
client forwarding-policy-name,162
client frame-format,162
client idle-timeout,163
client ip-snooping http-learning enable,444
client ipv4-snooping arp-learning enable,444
client ipv4-snooping dhcp-learning enable,445
client ipv6-snooping dhcpv6-learning enable,445
client ipv6-snooping nd-learning enable,446
client ipv6-snooping snmp-nd-report enable,446
client keep-alive,164
client keep-alive interval,164
client max-count,110
client max-count,165
client preferred-vlan authorized,166
client report-mandatory,167
client url-redirect enable,233
client vlan-alloc,167
client-online,264
client-proximity-sensor,457
client-proximity-sensor ap-timer,458
client-proximity-sensor ap-udp-server,458
client-proximity-sensor client-timer,459
client-proximity-sensor coordinates,459
client-proximity-sensor filter-list,460
client-proximity-sensor random-mac-report enable,461
client-proximity-sensor report-ac enable,461
client-proximity-sensor report-ac-interval,462
client-proximity-sensor report-ap enable,462
client-proximity-sensor report-oasis client,463
client-proximity-sensor report-oasis disable,463
client-proximity-sensor report-oasis rssi-change-threshold,464
client-proximity-sensor rssi-threshold,464
client-proximity-sensor rt-report enable,465
client-proximity-sensor server,466
client-proximity-sensor timezone-offset,466
client-proximity-sensor udp-server,467
client-rate-limit,264
client-rate-limit (radio view/AP group radio view),350
client-rate-limit (service template view),351
client-rate-limit { disable | enable },352
client-rate-limit enable,353
client-security accounting-delay time,234
client-security accounting-start trigger,234
client-security accounting-update trigger,236
client-security authentication critical-vlan,237
client-security authentication fail-vlan,237
client-security authentication-location,238
client-security authentication-mode,239
client-security authorization-fail offline,240
client-security ignore-authentication,240
client-security ignore-authorization,241
client-security intrusion-protection action,242
client-security intrusion-protection enable,243
client-security intrusion-protection timer temporary-block,244
client-security intrusion-protection timer temporary-service-stop,244
client-spoofing,265
client-statistics-report,168
client-timer,265
cloud-management keepalive,403
cloud-management ping,404
cloud-management server domain,403
continuous-mode,111
control-address,3
control-address enable,4
countermeasure adhoc,266
countermeasure attack all,267
countermeasure attack deauth-broadcast,267
countermeasure attack disassoc-broadcast,268
countermeasure attack honeypot-ap,268
countermeasure attack hotspot-attack,269
countermeasure attack ht-40-mhz-intolerance,269
countermeasure attack malformed-packet,270
countermeasure attack man-in-the-middle,270
countermeasure attack omerta,271
countermeasure attack power-save,271
countermeasure attack soft-ap,272
countermeasure attack unencrypted-trust-client,272
countermeasure attack weak-iv,273
countermeasure attack windows-bridge,273
countermeasure external-ap,274
countermeasure mac-address,274
countermeasure misassociation-client,275
countermeasure misconfigured-ap,275
countermeasure policy,276
countermeasure potential-authorized-ap,276
countermeasure potential-external-ap,277
countermeasure potential-rogue-ap,277
countermeasure rogue-ap,278
countermeasure unauthorized-client,278
countermeasure uncategorized-ap,279
countermeasure uncategorized-client,279
crc-error-threshold,421
custom-antenna gain,112
customlog format wlan,169
data-tunnel encryption,5
deauthentication-broadcast,280
deauth-spoofing,280
delete file,6
description,169
description,449
description,422
description (AP group view),7
description (AP view),7
description (AP's VLAN view),8
detect policy,281
detect signature,282
disassociation-broadcast,282
discovered-ap,283
discovery-response,9
display client-proximity-sensor device,467
display client-proximity-sensor sensor,471
display client-proximity-sensor statistics receive,471
display cloud-management state,405
display wips sensor,284
display wips statistics,284
display wips virtual-security-domain countermeasure record,288
display wips virtual-security-domain device,289
display wlan ap,10
display wlan ap address,20
display wlan ap all client-number,170
display wlan ap all radio client-number,170
display wlan ap association-failure-record,21
display wlan ap connection-record,22
display wlan ap continuous-mode,113
display wlan ap files,23
display wlan ap gps,23
display wlan ap group,24
display wlan ap online-time,26
display wlan ap radio,114
display wlan ap radio channel,115
display wlan ap radio type,116
display wlan ap radio-statistics,117
display wlan ap reboot-log,26
display wlan ap region-code,183
display wlan ap running-configuration,27
display wlan ap tunnel latency,29
display wlan ap tunnel-down-record,30
display wlan ap unauthenticated,31
display wlan ap-distribution,40
display wlan ap-distribution ap-name,41
display wlan ap-group,42
display wlan ap-group all client-number,171
display wlan ap-model,43
display wlan blacklist,172
display wlan bss,172
display wlan client,174
display wlan client ipv6,179
display wlan client online-duration,180
display wlan client status,181
display wlan client-security block-mac,245
display wlan forwarding-policy,182
display wlan ipv6 multicast-optimization entry,389
display wlan license,45
display wlan load-balance group,449
display wlan load-balance status service-template,450
display wlan measure-report,369
display wlan mobility roam-track mac-address,367
display wlan multicast-optimization entry,390
display wlan nat-detect,294
display wlan rrm baseline,423
display wlan rrm baseline apply-history,425
display wlan rrm-calibration-group,426
display wlan rrm-history ap,427
display wlan rrm-status ap,428
display wlan service-template,184
display wlan statistics,189
display wlan whitelist,191
display wlan wmm,354
distance,124
dns domain,45
dns server,46
dot11ac mandatory maximum-nss,125
dot11ac multicast-nss,126
dot11ac support maximum-nss,127
dot11g protection,128
dot11n mandatory maximum-mcs,129
dot11n multicast-mcs,130
dot11n protection,131
dot11n support maximum-mcs,132
dot1x domain,246
dot1x eap,247
dot1x handshake enable,248
dot1x handshake secure enable,248
dot1x max-user,249
dot1x re-authenticate enable,250
download file,47
dtim,133
echo-interval,48
edca client (ac-be and ac-bk),357
edca client (ac-vi and ac-vo),358
edca radio,359
export oui,294
firmware-upgrade,48
flood association-request,295
flood authentication,296
flood beacon,296
flood block-ack,297
flood cts,298
flood deauthentication,299
flood disassociation,299
flood eap-failure,300
flood eapol-logoff,301
flood eapol-start,302
flood eap-success,302
flood null-data,303
flood probe-request,304
flood reassociation-request,304
flood rts,305
fragment-size,50
fragment-threshold,134
frame-type,306
gateway,50
gigabitethernet,51
green-energy-management,135
gtk-rekey client-offline enable,220
gtk-rekey enable,220
gtk-rekey method,221
honeypot-ap,307
hotspot-attack,307
ht-40mhz-intolerance,308
ht-greenfield,309
hybrid-remote-ap,52
if-match ip,53
if-match ipv6,53
ignorelist,309
import hotspot,310
import oui,310
inherit exclude service-template,191
interference-threshold,431
invalid-oui-classify illegal,311
ip address,54
ipv6 address,55
ipv6 multicast-optimization enable,392
key-derivation,222
ldpc,136
led-mode,56
long-retry threshold,137
mac-address,312
mac-address (AP group view),56
mac-address (AP view),57
mac-authentication domain,251
mac-authentication max-user,251
malformed duplicated-ie,312
malformed fata-jack,313
malformed illegal-ibss-ess,314
malformed invalid-address-combination,314
malformed invalid-assoc-req,315
malformed invalid-auth,316
malformed invalid-deauth-code,316
malformed invalid-disassoc-code,317
malformed invalid-ht-ie,318
malformed invalid-ie-length,318
malformed invalid-pkt-length,319
malformed large-duration,320
malformed null-probe-resp,320
malformed overflow-eapol-key,321
malformed overflow-ssid,322
malformed redundant-ie,322
man-in-the-middle,323
manual-classify mac-address,324
map-configuration,192
match all (AP classification rule view),324
match all (signature view),325
max-power,138
measure,372
measure-duration,373
measure-interval,374
mimo,139
multicast-optimization enable,393
mu-txbf,140
name,58
nas-id,193
nas-port-id,194
nas-vlan,195
omerta,325
oui,326
pattern,327
permit-channel,327
pmf,223
pmf association-comeback,223
pmf saquery retrycount,224
pmf saquery retrytimeout,225
port access vlan,59
port hybrid pvid,60
port hybrid vlan,61
port link-type,62
port trunk permit vlan,64
port trunk pvid,65
power holddown-time,432
power-capability mode,433
power-constraint mode,434
power-level default,66
power-lock,141
power-save,328
preamble,142
preshared-key,225
priority,68
prohibited-channel,329
protection-mode,142
protection-threshold,144
provision,68
provision auto-recovery,69
provision auto-update,70
ptk-lifetime,226
ptk-rekey enable,227
qos priority,360
qos trust,361
quick-association enable,195
radio,145
radio,144
random-mac-scan enable,330
rate,146
region-code,196
region-code-lock,199
remote-configuration,71
reset client-proximity-sensor device,472
reset client-proximity-sensor statistics,473
reset wips embedded-oui,330
reset wips statistics,330
reset wips virtual-security-domain,331
reset wips virtual-security-domain countermeasure record,331
reset wlan ap,72
reset wlan ap provision,72
reset wlan ap radio-statistics,147
reset wlan ap reboot-log,73
reset wlan ap unauthenticated,73
reset wlan client,200
reset wlan dynamic-blacklist,200
reset wlan ipv6 multicast-optimization entry,393
reset wlan ipv6 multicast-optimization entry group,394
reset wlan multicast-optimization entry,394
reset wlan multicast-optimization entry group,395
reset wlan nat-detect,332
reset wlan statistics client,200
reset wlan statistics service-template,201
reset wlan tunnel latency ap,74
reset wlan wmm,362
resource-measure,374
retransmit-count,74
retransmit-interval,75
rm-capability mode,375
rrm,435
rssi,332
save wlan ap provision,76
scan channel blacklist,377
scan channel whitelist,378
scan idle-time,379
scan max-service-time,380
scan mode all,380
scan mode all interval,381
scan scan-time,382
scan-only,435
security,333
security-ie,227
select sensor all,334
seq-number,334
serial-id (AP group view),77
serial-id (AP view),78
service-template,201
service-template enable,203
short-gi,148
short-retry threshold,148
signature policy,335
signature rule,335
smart-antenna,149
smart-antenna policy,150
smartrate-ethernet,78
snmp-agent trap enable wlan ap,79
snmp-agent trap enable wlan capwap,79
snmp-agent trap enable wlan client,203
snmp-agent trap enable wlan client-audit,204
snmp-agent trap enable wlan load-balance,451
snmp-agent trap enable wlan mobility,368
snmp-agent trap enable wlan rrm,436
snmp-agent trap enable wlan usersec,228
soft-ap,336
spectrum-management,437
ssid,204
ssid (AP classification rule view),336
ssid (signature view),337
ssid-length,338
statistics-interval,80
stbc,151
su-txbf,152
svp map-ac,362
tkip-cm-time,229
tolerance-level,437
trust mac-address,338
trust oui,339
trust ssid,339
tunnel encryption,81
tunnel latency-detect,82
type,153
unencrypted-authorized-ap,340
unencrypted-trust-client,340
unknown-client,205
up-duration,341
usb,82
virtual-security-domain,342
vlan,205
vlan,83
weak-iv,342
wep key,229
wep key-id,230
wep mode dynamic,231
windows-bridge,343
wips (radio view),344
wips (system view),343
wips virtual-security-domain,344
wireless-bridge,345
wlan ap,84
wlan ap-authentication,85
wlan ap-authentication acl,86
wlan ap-authentication domain,87
wlan ap-authentication enable,87
wlan ap-authentication import,88
wlan ap-authentication method,89
wlan ap-authentication permit-unauthenticated,89
wlan apdb,90
wlan apdb file,91
wlan ap-group,92
wlan auto-ap enable,92
wlan auto-ap persistent,93
wlan auto-persistent enable,93
wlan band-navigation aging-time,385
wlan band-navigation balance access-denial,385
wlan band-navigation balance session,386
wlan band-navigation enable,387
wlan band-navigation rssi-threshold,387
wlan calibrate-channel pronto ap all,438
wlan calibrate-power pronto ap all,439
wlan capwap discovery-policy unicast,94
wlan client forwarding enable,206
wlan client forwarding-policy-name,206
wlan client reauthentication-period,207
wlan client-rate-limit,363
wlan detect-anomaly enable,94
wlan dynamic-blacklist active-on-ap,208
wlan dynamic-blacklist lifetime,209
wlan forwarding-policy,209
wlan global-configuration,95
wlan image-load filepath,95
wlan ipv6 multicast-optimization aging-time,395
wlan ipv6 multicast-optimization client entry-limit,396
wlan ipv6 multicast-optimization entry client-limit,396
wlan ipv6 multicast-optimization global entry-limit,397
wlan ipv6 multicast-optimization packet-rate-limit,398
wlan link-test,210
wlan load-balance access-denial,452
wlan load-balance enable,453
wlan load-balance group,453
wlan load-balance mode bandwidth,454
wlan load-balance mode session,454
wlan load-balance mode traffic,455
wlan load-balance rssi-threshold,456
wlan max-bandwidth,364
wlan multicast-optimization aging-time,398
wlan multicast-optimization client entry-limit,399
wlan multicast-optimization entry client-limit,400
wlan multicast-optimization global entry-limit,400
wlan multicast-optimization packet-rate-limit,401
wlan nat-detect,346
wlan permit-ap-group,211
wlan permit-ssid,212
wlan radio,154
wlan re-group,96
wlan rename-ap,97
wlan rrm baseline apply,439
wlan rrm baseline remove,440
wlan rrm baseline save,440
wlan rrm calibration-channel interval,441
wlan rrm calibration-power interval,442
wlan rrm-calibration-group,442
wlan service-template,213
wlan static-blacklist mac-address,213
wlan tcp mss,97
wlan web-server api-path,214
wlan web-server host,215
wlan web-server max-client-entry,215
wlan whitelist mac-address,216
wmm,365