host-name host-name: Specifies an AC by its host name, a case-insensitive string of 1 to 253 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.).

ip ipv4-address: Specifies an AC by its IPv4 address.

Usage guidelines

You can configure a maximum of three AC IPv4 addresses and only one host name. If you configure multiple host names, the most recent configuration takes effect.

The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.

The configuration in AP provision view takes precedence over the configuration in AP group provision view.

The undo form of the command deletes all AC IPv4 addresses if you do not specify the ipv4-address argument.

Examples

# Specify the AC whose IP address is 192.168.100.11 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ac ip 192.168.100.11

# Specify the AC whose IP address is 192.168.100.11 for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group1-prvs] ac ip 192.168.100.11

ap

Use ap to create an AP grouping rule by AP names.

Use undo ap to delete an AP grouping rule by AP names.

Syntax

ap ap-name-list

undo ap ap-name-list

Default

No AP grouping rules by AP names exist.

Views

AP group view

Predefined user roles

network-admin

Parameters

ap-name-list: Specifies a maximum of 10 space-separated AP names. An AP name is a case-insensitive string of 1 to 64 characters that can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Usage guidelines

This command does not identify whether the specified AP exists.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

If the created AP grouping rule already exists in another AP group, this command deletes the rule from that AP group.

You cannot execute this command in the view of the default AP group.

Examples

# Create an AP grouping rule by AP names to add APs ap1, ap2, and ap3 to AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap ap1 ap2 ap3

Related commands

wlan ap-group

ap-model

Use ap-model to create an AP model and enter its view, or enter the view of an existing AP model.

Use undo ap-model to remove an AP model and its configuration.

Syntax

ap-model ap-model

undo ap-model ap-model

Default

No AP models exist.

Views

AP group view

Predefined user roles

network-admin

Parameters

ap-model: Specifies an AP model name.

Examples

# Create an AP model named WA4320i-ACN and enter its view.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-group1-ap-model-WA4320i-ACN]

control-address

Use control-address to specify the IP address to be carried in the CAPWAP Control IP Address message element.

Use undo control-address to restore the default.

Syntax

control-address { ip ipv4-address | ipv6 ipv6-address }

undo control-address { ip | ipv6 }

Default

In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, AC's IP address is inserted in the CAPWAP Control IP Address element.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies an IPv4 address in the CAPWAP Control IPv4 Address message element.

ipv6 ipv6-address: Specifies an IPv6 address in the CAPWAP Control IPv6 Address message element.

Usage guidelines

This command takes effect only when the AC rediscovery feature is enabled.

You can specify a maximum of three IPv4 or IPv6 addresses in the CAPWAP Control IP Address message element.

The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.

Examples

# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] control-address ip 192.168.1.1

# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in AP group view.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-ap-group-10] control-address ip 192.168.1.1

# Specify 192.168.1.1 as the IPv4 address to be carried in the CAPWAP Control IPv4 Address message element in global configuration view.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] control-address ip 192.168.1.1

Related commands

control-address enable

Use control-address enable to enable the AC rediscovery feature.

Use control-address disable to disable the AC rediscovery feature.

Use undo control-address to restore the default.

Syntax

control-address { disable | enable }

undo control-address

Default

In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, the AC rediscovery feature is disabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

An AC enabled with AC rediscovery adds the CAPWAP Control IP Address message element to the discovery responses sent to APs. Upon receiving such a discovery response, an AP establishes a CAPWAP tunnel with the IP address representing the optimal AC in the CAPWAP Control IP Address message element.

An AC disabled with AC rediscovery does not add the CAPWAP Control IP Address message element in discovery responses sent to APs. APs that receive the discovery responses will send join requests to the source IP address of the discovery responses to establish CAPWAP tunnels with the AC.

The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.

Examples

# Enable the AC rediscovery feature in AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] control-address enable

# Enable the AC rediscovery feature in AP group view.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-ap-group-10] control-address enable

# Enable the AC rediscovery feature in global configuration view.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] control-address enable

Related commands

control-address

data-tunnel encryption

Use data-tunnel encryption enable to enable CAPWAP data tunnel encryption.

Use data-tunnel encryption disable to disable CAPWAP data tunnel encryption.

Use undo data-tunnel encryption to restore the default.

Syntax

data-tunnel encryption { disable | enable }

undo data-tunnel encryption

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, CAPWAP data tunnel encryption is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

This command takes effect on an AP only when the AP restarts.

When this feature is enabled, an AP exchanges encryption information including keys with the AC through the CAPWAP control tunnel upon receiving the first keepalive packet from the AC. After the exchange, the AC and the AP will encrypt data packets transmitted in a CAPWAP data tunnel. Keepalive packets are not encrypted.

Before enabling this feature, make sure you have enabled the CAPWAP control tunnel encryption.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable CAPWAP data tunnel encryption for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] data-tunnel encryption enable

This operation will restart the AP. Continue? [Y/N]

# Enable CAPWAP data tunnel encryption for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] data-tunnel encryption enable

This operation will restart member APs that are not enabled with CAPWAP data tunnel encryption. Continue? [Y/N]

Related commands

tunnel encryption

delete file

Use delete file to delete a file from an AP.

Syntax

delete file filename

Views

AP view

Predefined user roles

network-admin

Parameters

filename: Specifies a file by its file name, a string of 1 to 255 characters.

Usage guidelines

This command takes effect only after an AP establishes a CAPWAP tunnel with the master AC.

Examples

# Delete file startup.cfg from AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] delete file startup.cfg

Related commands

display wlan ap files

download file

description (AP group view)

Use description to configure a description for an AP group.

Use undo description to restore the default.

Syntax

description text

undo description

Default

An AP group does not have a description.

Views

AP group view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 64 characters.

Usage guidelines

Configure a description for an AP group for easy identification and management purposes.

You can use the display wlan ap-group command to view the configured description.

Examples

# Configure a description for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] description L3-office

Related commands

display wlan ap-group

wlan ap-group

description (AP view)

Use description to configure a description for an AP.

Use undo description to restore the default.

Syntax

description text

undo description

Default

An AP does not have a description.

Views

AP view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 64 characters.

Examples

# Configure a description for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-ap-ap1] description L3-office

Related commands

display wlan ap

description (AP's VLAN view)

NOTE:

Support for this command depends on the AP model.

Use description to configure the description of an AP VLAN.

Use undo description to restore the default.

Syntax

description text

undo description

Default

In an AP's VLAN view, a VLAN uses the configuration in an AP group's VLAN view.

In an AP group's VLAN view, the description of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has less than four digits, leading zeros are added. For example, the default description of VLAN 100 is VLAN 0100.

Views

AP's VLAN view

AP group's VLAN view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Usage guidelines

To manage VLANs efficiently, configure descriptions for them based on their functions or connections.

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

Examples

# Configure the description of VLAN 2 as sales-private in the VLAN view of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] vlan 2

[Sysname-wlan-ap-ap1-vlan2] description sales-private

# Configure the description of VLAN 2 as sales-private in the VLAN view of AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] vlan 2

[Sysname-wlan-ap-group-1-vlan2] description sales-private

Related commands

remote-configuration

discovery-response

Use discovery-response wait-time to set the discovery-response timeout timer.

Use undo discovery-response wait-time to restore the default.

Syntax

discovery-response wait-time seconds

undo discovery-response wait-time

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the discovery-response timeout timer is 2 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

seconds: Specifies the discovery-response timeout timer in the range of 2 to 20 seconds.

Usage guidelines

The discovery-response timeout timer specifies the timeout time for an AP to wait for another discovery response. Whenever an AP receives a discovery response packet, the discovery-response timeout timer is created or refreshed. When the timeout timer expires, the AP sends a join request to the optimal AC.

If the network condition is poor, set a larger discovery-response timeout timer.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the discovery-response timeout timer to 3 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap3

[Sysname-wlan-ap-ap3] discovery-response wait-time 3

# Set the discovery-response timeout timer to 3 seconds for all APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] discovery-response wait-time 3

display wlan ap

Use display wlan ap to display AP information.

Syntax

display wlan ap { all | name ap-name } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

verbose: Displays detailed information.

Examples

# Display information about all APs.

<Sysname> display wlan ap all

Total number of APs: 1

Total number of connected APs: 1

Total number of connected manual APs: 1

Total number of connected auto APs: 0

Total number of connected common APs: 1

Total number of connected WTUs: 0

Total number of inside APs: 0

Maximum supported APs: 3072

Remaining APs: 3071

Total AP licenses: 128

Remaining AP licenses: 127

AP information

State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad

C = Config, DC = DataCheck, R = Run M = Master, B = Backup

AP name APID State Model Serial ID

ap1 1 R WA4320i-ACN 210235A1BSC123000050

Table 1 Command output

Field	Description
APID	ID of the AP to uniquely identify the AP on the AC.
State	Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC.
Serial ID	Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured.

# Display detailed information about AP ap1.

<Sysname> display wlan ap name ap1 verbose

AP name : ap1

AP ID : 1

AP group name : default-group

State : Run

Backup type : Master

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA4320i-ACN

Region code : CN

Region code lock : Disable

Serial ID : 219801A0CNC138011454

MAC address : 0AFB-423B-893C

IP address : 192.168.1.50

UDP control port number : 18313

UDP data port number : N/A

H/W version : Ver.C

S/W version : E2321

Boot version : 1.01

USB state : N/A

Power Level : N/A

PowerInfo : N/A

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Statistics report interval : 50 seconds

Fragment size (data) : 1500

Fragment size (control) : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

CWPCAP data-tunnel status : Down

Discovery type : Static Configuration

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup Ipv4 : Not configured

Backup Ipv6 : Not configured

Tunnel encryption : Disabled

Data-tunnel encryption : Disabled

LED mode : Normal

Remote configuration : Enabled

Radio 1:

Basic BSSID : 7848-59f6-3940

Admin state : Up

Radio type : 802.11ac

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Channel band-width : 20/40/80MHz

Active band-width : 20/40/80MHz

Secondary channel offset : SCB

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Channel usage(%) : 15

Max power : -102 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : 5 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : rts-cts

Continuous mode : N/A

HT protection mode : No protection

Radio 2:

Basic BSSID : 7848-59f6-3950

Admin state : Down

Radio type : 802.11b

Antenna type : internal

Client dot11n-only : Disabled

Channel band-width : 20MHz

Active band-width : 20MHz

Secondary channel offset : SCN

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 5(auto)

Channel usage(%) : 0

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : 0 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : rts-cts

Continuous mode : N/A

HT protection mode : No protection

Table 2 Command output

Field	Description
State	Current state of the AP: · Idle—Idle. · Join—Join. · JoinAck—Join acknowledge. · Image—The AP is downloading the version. · Config—The AP is downloading initial configurations. · Data Check—The AP is checking data. · Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC.
Backup type	CAPWAP tunnel type: · Idle—The AP has not established a CAPWAP tunnel with the AC. · Master—The CAPWAP tunnel established between the AP and the master AC. · Backup—The CAPWAP tunnel established between the AP and the backup AC.
Region code lock	· Enabled. · Disabled.
Serial ID	Serial ID of the AP. If no serial ID is configured, this field displays Not configured.
MAC address	MAC address of the AP. If no MAC address is configured, this field displays Not configured.
UDP control port number	Port number used by the AP to establish the CAPWAP control tunnel.
UDP data port number	Port number used by the AP to establish the CAPWAP data tunnel.
H/W version	Hardware version of the AP.
S/W version	Software version of the AP.
USB state	USB state: · Enabled. · Disabled. This field displays N/A if no USB state information is available.
Power Level	Power level: · Low. · Middle. · High. This field displays N/A if the power level is unknown.
PowerInfo	Power supply information. · Power adapter—The AP uses local power supply. · PoE (port1+port2)—The AP uses PoE power supply. The port1 and port2 arguments represent the power supply status of PoE+ ports. ¡ N/A. ¡ 802.3af. ¡ 802.3at. Support for this field depends on the AP model.
PoE status	PoE power supply state for each PI: · Enabled. · Disabled. Support for this field depends on the AP model.
Description	Description for the AP. If no description is configured, this field displays Not configured.
Priority	AP connection priority for the AC.
Fragment size (data)	Maximum fragment size for CAPWAP data packets.
Fragment size (control)	Maximum fragment size for CAPWAP control packets.
MAC type	MAC type of the AP-AC connection: · Local MAC—The AP encapsulates frames in 802.3 format before sending them to the AC. · Split MAC—The AP encapsulates frames in 802.11 format before sending them to the AC. · Local & Split MAC—The AP can encapsulate frames in either 802.3 format or 802.11 format before sending them to the AC.
Tunnel mode	Supported tunnel mode of the AP: · Local Bridging—The AP supports local bridging and does not forward data to the AC. · 802.3 Frame—The AP encapsulates the frames in 802.3 format to send them to the AC. · Native Frame—The AP encapsulates the frames in 802.11 format to send them to the AC. · Local Bridging & 802.3 Frame—The AP supports the Local Bridging mode and the 802.3 Frame mode. · 802.3 Frame & Native Frame—The AP supports the 802.3 Frame mode and the Native Frame mode. · Local Bridging & Native Frame—The AP supports the Local Bridging mode and the Native Frame mode.
CWPCAP data-tunnel status	Running status of the CAPWAP data tunnel: · Up. · Down.
Discovery type	Discovery type of the AP: · Static Configuration—The AP uses the manually configured IPv4 or IPv6 address of the AC. · DHCP—The AP gets the IP address of an AC through DHCP. · DNS—The AP gets the IP address of an AC through DNS. · Unknown.
Retransmission count	Number of retransmission attempts for an AC request.
Retransmission interval	Interval at which AC requests can be retransmitted.
Firmware upgrade	AP software upgrade: · Enabled. · Disabled.
Sent control packets	Number of sent packets, including Change State Event Response packets after the AC enters Run state. .
Received control packets	Number of received packets, including Change State Event Response packets after the AC enters Run state.
Echo requests	Number of echo requests sent by the AP in RUN state.
Lost echo responses	Number of echo responses not received by the AP in RUN state.
Average echo delay	Average echo delay in milliseconds.
Last reboot reason	Last reboot reason for the AP: · Power on. · Hard reboot. · Watchdog reboot. · Unknown reboot. · User soft reboot. · Kernel exception soft reboot. · Kernel deadloop soft reboot. · Auto update soft reboot. · Unknown soft reboot. · Memory exhausted. · Other unknown soft reboot.
Latest IP address	IP address that was most recently used by the AP.
Tunnel down reason	Cause for the CAPWAP tunnel to go down: · Failed to create timer. · Neighbor dead timer expired. · Request wait timer expired. · Data check timer expired. · Failed to process data channel keep-alive message. · Failed to process request. · AP was reset. · AP was deleted. · Failed to come online. · Serial number changed. · MAC address changed. · Number of APs exceeded the limit. · Processed join request in Run state. · Failed to create AP context. · Received failure result code. · Failed to retransmit message. · Failed to download image file. · Image file downloaded successfully. · File operation timer expired. · Failed to add tunnel. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Master and backup tunnel switchover. · Failed to inherit configuration. · AP authentication failed. This field displays N/A if the CAPWAP tunnel did not go down.
Connection count	Number of times that the AP connects to the AC. It is cleared in either one of the following cases: · The AC reboots. · The serial ID of the AP changes. The reset wlan ap command does not clear the connection count.
Backup Ipv4	IPv4 address of the backup AC. If no backup AC is specified, this field displays Not configured.
Backup Ipv6	IPv6 address of the backup AC. If no backup AC is specified, this field displays Not configured.
Tunnel encryption	CAPWAP control tunnel encryption: · Enabled. · Disabled.
Data-tunnel encryption	CAPWAP data tunnel encryption: · Enabled. · Disabled.
LED mode	LED lighting mode: · quiet—All LEDs are off. · awake—All LEDs flash once every minute. · always-on—All LEDs are steady on. · normal—How LEDs flash in this mode varies by AP model.
Remote configuration	Remote configuration assignment: · Enabled. · Disabled.
Basic BSSID	MAC address of the radio. This field displays N/A if the AP has not established a CAPWAP tunnel with the AC.
Admin state	Radio state: · Up. · Down.
Radio type	Wireless mode: · 5 GHz: ¡ 802.11a. ¡ 802.11n(5GHz). ¡ 802.11ac. · 2.4 GHz: ¡ 802.11b. ¡ 802.11g. ¡ 802.11n(2.4GHz).
Client dot11ac-only	· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11ac clients to associate with the radio.
Client dot11n-only	· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11n or 802.11ac clients to associate with the radio.
Channel band-width	Channel bandwidth mode: · 20 MHz. · 20 or 40 MHz. · 20/40/80 MHz. · 20/40/80/160MHz. · 20/40/80/160/(80+80)MHz.
Active band-width	Bandwidth being used by the radio.
Secondary channel offset	Secondary channel information for the 802.11n and 802.11ac radio mode: · SCA (Second Channel Above)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is above the primary channel. · SCB (Second Channel Below)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is below the primary channel. · SCN—The AP does not operate in 40 MHz bandwidth mode. This field is available only when the bandwidth that the radio is using is 20/40/80MHz.
Secondary channel center frequency	Center frequency information about the 80 MHz bandwidth of the secondary channel when the radio operates in 802.11ac radio mode with a channel bandwidth of 160/(80+80)MHz. This field is available only when the bandwidth that the radio is using is 160/(80+80)MHz.
Short GI for 20MHz	Whether the radio supports short GI when it operates in 20 MHz mode.
Short GI for 40MHz	Whether the radio supports short GI when it operates in 40 MHz mode.
Short GI for 80MHz	Whether the radio supports short GI when it operates in 80 MHz mode.
Short GI for 160MHz	Whether the radio supports short GI when it operates in 160 MHz mode.
A-MSDU	· Disabled. · Enabled.
A-MPDU	· Disabled. · Enabled.
LDPC	· Supported. · Not supported.
STBC	· Supported. · Not supported.
Operational VHT MCS Set	· Supported—Supported VHT MCS set. · Mandatory—Mandatory VHT MCS set. · Multicast—Multicast VHT MCS set.
Operational HT MCS Set	· Supported—Supported MCS set. · Mandatory—Mandatory MCS set. · Multicast—Multicast MCS set.
Channel	This field displays Number<auto> if the current channel is the optimal channel automatically selected by the AP. This field displays Number if the current channel is manually configured. This field displays Number<avoid radar> if the current channel is automatically selected by the AP to avoid radar signals.
Max power	Maximum transmission power of the radio.
Preamble type	Preamble type: · Short. · Long.
Operational rate	· Mandatory. · Supported. · Multicast. · Disabled. · Not configured.
Distance	Maximum distance that the radio signal can reach.
ANI	· Enabled. · Disabled.
Protection threshold	Frame length threshold required for triggering the protection mechanism.
Long retry threshold	Maximum number of retransmission attempts for frames whose length exceeds the RTS threshold.
Short retry threshold	Maximum number of retransmission attempts for frames whose length is below the RTS threshold.
Maximum rx duration	Maximum buffer duration for frames.
Smart antenna	· Enabled. · Disabled. Support for this field depends on the AP model.
Smart antenna policy	· Auto. · High availability. · High throughput. Support for this field depends on the AP model.
Protection mode	Conflict avoidance mode: · cts-to-self. · rts-cts.
Continuous mode	Continuous mode configuration: · Rate. · MCS index. · NSS index. · VHT-MCS index. This field displays N/A if the continuous mode is not configured.
HT protection mode	802.11n protection mode: · No protection. ¡ AP-associated clients and nearby wireless devices are operating in 802.11n mode and AP-associated clients are 802.11n clients with a bandwidth of 40 MHz. ¡ AP-associated clients are 802.11n clients with a bandwidth of 20 MHz. · Non-member protection. In this mode, all AP-associated clients are 802.11n clients but some nearby wireless devices are non-802.11n clients. · 20 MHz protection. In this mode, the AP's radio has a bandwidth of 40 MHz. AP-associated clients and nearby wireless devices are operating in 802.11n mode and a minimum of one 802.11n client with a bandwidth of 20 MHz is associated with the AP's radio. · Non-HT mixed. The mode applies when none of the above mentioned modes can apply.
MU-TxBF	· Enabled. · Disabled. Support for this field depends on the AP model.
SU-TxBF	· Enabled. · Disabled. Support for this field depends on the AP model.

display wlan ap address

Use display wlan ap address to display AP address information.

Syntax

display wlan ap { all | name ap-name } address

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name : Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display address information for all APs.

<Sysname> display wlan ap all address

Total number of APs: 1

Total number of connected APs: 1

Total number of connected manual Aps: 1

Total number of connected auto APs: 0

Total number of inside APs: 0

AP name IP address MAC address

ap1 1.1.1.5 000b-6b8f-fc6a

Table 3 Command output

Field	Description
IP address	IP address of an AP. This field displays N/A for an offline AP.
MAC address	MAC address of an AP. This field displays N/A for an offline AP.

Field

Description

IP address

IP address of an AP.

This field displays N/A for an offline AP.

MAC address

MAC address of an AP.

This field displays N/A for an offline AP.

display wlan ap association-failure-record

Use display wlan ap association-failure-record to display association failure records for APs.

Syntax

display wlan ap association-failure-record

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display association failure records for APs.

<Sysname> display wlan ap association-failure-record

MAC address AP ID Last failure at Reason

9a48-45ed-0300 12312 07-07/15:56:25 AP authentication failed

Table 4 Command output

Field	Description
MAC address	MAC address of an AP.
AP ID	ID of an AP, which uniquely identifies the AP on the AC.
Last failure at	Last time an AP associated with the AC. The format is date/hh:mm:ss.
Reason	Association failure reason: · Memory is not enough. · The AP model doesn't exist. · Lack of AP license. · MAC address was used. · Failed to add APLB. · AP chose another AC. · Reached AC max capability. · Received join request in Run state. · APLB check failed. · Rejected AP access in HA smooth. · AP authentication failed. · Failed to create auto AP. · Manual AP online info check failed. · Failed to add index. · Mismatched AP and AC versions. · Wait request timer expired. · Received failure result code. · Failed to add tunnel. · AP configuration was not found. · Inconsistent AP IDs. · Failed to add AP basic running data. · Failed to communicate with the other board.

display wlan ap connection-record

Use display wlan ap connection-record to display AP connection records on the AC.

Syntax

display wlan ap { all | name ap-name } connection-record

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

Examples

# Display all AP connection records on an AC.

<Sysname> display wlan ap all connection-record

AP name IP address State Time

ap2 192.168.100.27 Run 01-06 09:06:40

Table 5 Command output

Field	Description
State	Current state of the AP: · Discovery—AC discovery. · Join—The CAPWAP tunnel is being established. · Offline—Offline. · Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully.
Time	Most recent time when the AP established a CAPWAP tunnel with the AC.

Field

Description

State

Current state of the AP:

· Discovery—AC discovery.

· Join—The CAPWAP tunnel is being established.

· Offline—Offline.

· Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully.

Time

Most recent time when the AP established a CAPWAP tunnel with the AC.

display wlan ap files

Use display wlan ap files to display information about files and file folders on an AP.

Syntax

display wlan ap name ap-name files

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display information about files and file folders on AP ap1.

<Sysname> display wlan ap name ap1 files

Directory of flash:

0 13638656 wa4300-system.bin

1 2573312 wa4300-boot.bin

131072 KB total (114208 KB free)

Table 6 Command output

Field	Description
0 13638656 xx.xx	File or file folder information: · 0—Serial number, which is automatically assigned by the system. · 13638656—File size in bytes. A hyphen (-) is displayed if it is a file folder. · xx.xx—Name of the file or file folder.

Field

Description

0 13638656 xx.xx

File or file folder information:

· 0—Serial number, which is automatically assigned by the system.

· 13638656—File size in bytes. A hyphen (-) is displayed if it is a file folder.

· xx.xx—Name of the file or file folder.

Related commands

delete file

download file

display wlan ap gps

Use display wlan ap gps to display Global Positioning System (GPS) information for the specified APs.

Syntax

display wlan ap { all | name ap-name } gps

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

Usage guidelines

This command takes effect only on APs that support the GPS module.

Examples

# Display GPS information for AP ap1.

<Sysname> display wlan ap name ap1 gps

AP name : ap1

Serial ID : 219801A17C817200001

Model : WA5620

Longitude : 117.788887

Latitude : 30.822136

Velocity : 25.445878

Orientation: 8.054548

Elevation : 156.655897

Obtained at: 2017-02-20 15:32:19

Table 7 Command output

Field	Description
AP name	Name of the AP.
Serial ID	Serial ID of the AP.
Model	AP model.
Longitude	Longitude rounded to six decimal places.
Latitude	Latitude rounded to six decimal places.
Velocity	Horizontal velocity rounded to six decimal places.
Orientation	Orientation rounded to six decimal places.
Elevation	Elevation rounded to six decimal places.
Obtained at	Time when the GPS information was obtained.

display wlan ap group

Use display wlan ap group to display AP groups to which the specified APs belong.

Syntax

display wlan ap { all | name ap-name } group

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

Examples

# Display AP groups for all APs.

<Sysname> display wlan ap all group

Total number of APs: 1

Total number of connected APs: 1

Total number of connected manual APs: 1

Total number of connected auto APs: 0

Total number of connected common APs: 1

Total number of connected WTUs: 0

Total number of inside APs: 0

Maximum supported APs: 3072

Remaining APs: 3071

Total AP licenses: 128

Remaining AP licenses: 127

AP information

State: I = Idle, J= Join, JA= JoinAck, IL= ImageLoad

C= Config, DC= DataCheck, R= Run M= Master, B= Backup

AP name APID State Model AP group name

ap1 1 I WA4320i-ACN default-group

Table 8 Command output

Field	Description
APID	ID of the AP to uniquely identify the AP on the AC.
State	Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC.
Model	AP model
AP group name	Name of the AP group to which the AP belongs.

display wlan ap online-time

Use display wlan ap online-time to display the online duration for APs.

Syntax

display wlan ap { all | name ap-name } online-time

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

Examples

# Display online duration for all APs.

<Sysname> display wlan ap all online-time

AP name IP address Time

ap1 1.1.1.2 0 days 0 hours 2 minutes 6 seconds

ap2 1.1.1.1 0 days 0 hours 5 minutes 6 seconds

ap3 1.1.1.6 0 days 0 hours 2 minutes 1 seconds

Table 9 Command output

Field	Description
IP address	IP address of an AP.
Time	Realtime association duration of an AP since the AP came online.

display wlan ap reboot-log

Use display wlan ap reboot-log to display reboot logs for an AP.

Syntax

display wlan ap name ap-name reboot-log

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Usage guidelines

If the AP has suffered a system crash, you can use this command to view detailed information about the crash.

To use this command, make sure the specified AP is in Run state.

Examples

# Display reboot logs for AP ap1.

<Sysname> display wlan ap name ap1 reboot-log

Debugging information is not available on the AC.

Downloading debugging data from AP. Continue? [Y/N]:y

Downloading debugging data. Please wait...

Please enter the same command again to view the log messages.

Related commands

reset wlan ap reboot-log

display wlan ap running-configuration

Use display wlan ap running-configuration to display running configuration for the specified AP or all APs.

Syntax

display wlan ap { all | ap-name ap-name } running-configuration [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

ap-name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

verbose: Displays detailed running configuration.

Examples

# Display detailed running configuration for all APs.

<Sysname> display wlan ap all running-configuration verbose

(i) -- Inherited from AP group

(g) -- Inherited from AP global-configuration

wlan ap ap1 model WA4320i-ACN id 5

ap group name 1

serialid 210235A1BSC123000050

region code 156

echo interval 10 (i)

retransmission count 3 (i)

retransmission interval 5 (i)

statistics interval 50 (i)

fragment-size data 1500 (i)

fragment-size control 1450 (i)

preempt disable (g)

firmware-upgrade disable (g)

priority 4 (i)

…

radio 1

radio type 802.11ac (i)

radio disable (i)

channel auto<64> (i)

channel unlock (i)

fragment-threshold 2346 (i)

max-power 20 (i)

power unlock (i)

distance 1 kilometer (i)

ANI Enabled (i)

…

radio 2

radio type 802.11n(2.4GHz) (i)

radio disable (i)

channel auto<11> (i)

channel unlock (i)

fragment-threshold 2346 (i)

max-power 20 (i)

power unlock (i)

distance 1 kilometer (i)

ANI Enabled (i)

…

wlan ap ap2 model WA4320i-ACN id 6

ap group name 2

serialid 210235A1BSC123000055

region code 156

echo interval 10 (i)

retransmission count 3 (i)

retransmission interval 5 (i)

statistics interval 50 (i)

fragment-size data 1500 (i)

fragment-size control 1450 (i)

preempt disable (g)

firmware-upgrade disable (g)

priority 4 (i)

…

radio 1

radio type 802.11ac (i)

radio disable (i)

channel auto<60> (i)

channel unlock (i)

fragment-threshold 2346 (i)

max-power 20 (i)

power unlock (i)

distance 1 kilometer (i)

ANI Enabled (i)

…

radio 2

radio type 802.11n(2.4GHz) (i)

radio disable (i)

channel auto<13> (i)

channel unlock (i)

fragment-threshold 2346 (i)

max-power 20 (i)

power unlock (i)

distance 1 kilometer (i)

ANI Enabled (i)

…

display wlan ap tunnel latency

Use display wlan ap tunnel latency to display tunnel latency information for an AP.

Syntax

display wlan ap name ap-name tunnel latency

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Usage guidelines

Make sure CAPWAP tunnel latency detection is enabled before you execute this command.

Examples

# Display tunnel latency information for AP ap1.

<Sysname> display wlan ap name ap1 tunnel latency

AP name : ap1

Tunnel Latency : Enabled

Control Link Delay:

Current Delay : 1ms

Maximum Delay : 1ms

Minimum Delay : 1ms

Data Link Delay:

Current Delay : 1ms

Maximum Delay : 1ms

Minimum Delay : 1ms

Table 10 Command output

Field	Description
Tunnel Latency	· Disabled. · Enabled.
Current Delay	The most recent delay.

Field

Description

Tunnel Latency

· Disabled.

· Enabled.

Current Delay

The most recent delay.

Related commands

reset wlan tunnel latency ap

tunnel latency-detect

display wlan ap tunnel-down-record

Use display wlan ap tunnel-down-record to display CAPWAP tunnel down records.

Syntax

display wlan ap tunnel-down-record

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display CAPWAP tunnel down records.

<Sysname> display wlan ap tunnel-down-record

AP ID AP name Tunnel down at Tunnel down reason

12321 9a48-45ed-0300 2017-07-07/15:56:25 Processed join request in Run state

Table 11 Command output

Field	Description
AP ID	ID of an AP, which uniquely identifies the AP on the AC.
AP name	Name of an AP.
Tunnel down at	Time when the CAPWAP tunnel between an AP and the AC went down. The format is date/hh:mm:ss.
Tunnel down reason	CAPWAP tunnel down reason: · Failed to create timer. · Neighbor dead timer expired. · Request wait timer expired. · Data check timer expired. · Failed to process keepalive message. · Failed to process request. · AP was reset by admin. · AP was reset by CloudTunnel. · AP was reset on Cloud. · WT was offline. · AP was deleted. · Failed to come online. · Serial number changed. · MAC address changed. · Exceeded AC max capability. · Processed join request in Run state. · Failed to create AP context. · Received failure result code. · Failed to retransmit message. · Failed to download image file. · Image file downloaded successfully. · File operation timer expired. · Failed to add tunnel. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Master and backup tunnel switchover. · Failed to inherit configuration. · AP authentication failed. · Backup AP upgrade failed. · Board is inactive. · WT went offline. · Lack of AP license.

display wlan ap unauthenticated

Use display wlan ap unauthenticated to display information about unauthenticated auto APs.

Syntax

display wlan ap unauthenticated [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information about unauthenticated auto APs. If you do not specify this keyword, this command displays brief information about unauthenticated auto APs.

Examples

# Display brief information about unauthenticated auto APs.

<Sysname> display wlan ap unauthenticated

Total number of APs: 1

Total number of connected APs: 1

Total number of connected manual APs: 0

Total number of connected auto APs: 1

Total number of inside APs: 0

Maximum supported APs: 3072

Remaining APs: 3071

Fit APs activated by license: 128

Remaining fit APs: 127

WTUs activated by license: 0

Remaining WTUs: 0

AP information

State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad

C = Config, DC = DataCheck, R = Run, M = Master, B = Backup

AP name APID State Model Serial ID

6649-99be-0300 6 R/M WA4320i-ACN 219801A0CNC138011454

Table 12 Command output

Field	Description
AP ID	ID of the AP to uniquely identify the AP on the AC.
State	Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the software image version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC.
Serial ID	Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured.

# Display detailed information about unauthenticated auto APs.

<Sysname> display wlan ap unauthenticated verbose

Total number of APs: 1

Total number of connected APs: 0

Total number of connected manual APs: 0

Total number of connected auto APs: 1

Total number of inside APs: 0

Maximum supported APs: 3072

Remaining APs: 3071

Fit APs activated by license: 128

Remaining fit APs: 127

WTUs activated by license: 0

Remaining WTUs: 0

AP name : ap1

AP ID : 1

AP group name : default-group

State : Run

Backup Type : Master

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA4320i-ACN

Region code : CN

Region code lock : Disable

Serial ID : 219801A0CNC138011454

MAC address : 0AFB-423B-893C

IP address : 192.168.1.50

UDP port number : 65488

H/W version : Ver.C

S/W version : V700R001B49D001

Boot version : 1.01

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Statistics report interval : 50 seconds

Fragment-size data : 1500

Fragment-size control : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

Discovery type : Static Configuration

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup IPv4 : Not configured

Backup IPv6 : Not configured

Tunnel encryption : Disabled

Data-tunnel encryption : Disabled

LED mode : Normal

Remote configuration : Enabled

Radio 1:

Basic BSSID : 7848-59f6-3940

Admin state : Up

Radio type : 802.11ac

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Channel band-width : 20/40/80MHz

Secondary channel offset : SCB

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Max power : 20 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : 5 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

Continuous-mode : N/A

Radio 2:

Basic BSSID : 7848-59f6-3950

Admin state : Down

Radio type : 802.11b

Antenna type : internal

Client dot11n-only : Disabled

Channel band-width : 20MHz

Secondary channel offset : SCN

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 5(auto)

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : 5 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

Continuous-mode : N/A

Table 13 Command output

Field	Description
State	Current state of the AP: · Idle—Idle. · Join—Join. · JoinAck—Join acknowledge. · Image—The AP is downloading the software version. · Config—The AP is downloading initial configurations. · Data Check—The AP is checking data. · Run—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel successfully. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel successfully. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC.
Backup Type	CAPWAP tunnel type: · Idle—The AP has not established a CAPWAP tunnel with the AC. · Master—The CAPWAP tunnel established between the AP and the master AC. · Backup—The CAPWAP tunnel established between the AP and the backup AC.
Region code lock	· Enabled. · Disabled.
Serial ID	Serial ID of the AP. If no serial ID is configured, this field displays Not configured.
MAC address	MAC address of the AP. If no MAC address is configured, this field displays Not configured.
UDP port number	Port number used by the AP to establish the CAPWAP control tunnel.
H/W version	Hardware version of the AP.
S/W version	Software version of the AP.
Description	Description for the AP. If no description is configured, this field displays Not configured.
Priority	AP connection priority for the AC.
Echo interval	Interval for the AP to send echo requests to the AC.
Statistics report interval	Statistics report interval for the AP to send statistics reports to the AC
Fragment-size data	Maximum fragment size for CAPWAP data packets.
Fragment-size control	Maximum fragment size for CAPWAP control packets.
MAC type	MAC type of the AP-AC connection: · Local MAC—The AP encapsulates frames in 802.3 format before sending them to the AC. · Split MAC—The AP encapsulates frames in 802.11 format before sending them to the AC. · Local & Split MAC—The AP can encapsulate frames in either 802.3 format or 802.11 format before sending them to the AC.
Tunnel mode	Supported tunnel mode of the AP: · Local Bridging—The AP supports local bridging and does not forward data to the AC. · 802.3 Frame—The AP encapsulates the frames in 802.3 format to send them to the AC. · Native Frame—The AP encapsulates the frames in 802.11 format to send them to the AC. · Local Bridging & 802.3 Frame—The AP supports the Local Bridging mode and the 802.3 Frame mode. · 802.3 Frame & Native Frame—The AP supports the 802.3 Frame mode and the Native Frame mode. · Local Bridging & Native Frame—The AP supports the Local Bridging mode and the Native Frame mode.
Discovery type	Discovery type of the AP: · Static Configuration—The AP uses the manually configured IPv4 or IPv6 address of the AC. · DHCP—The AP gets the IP address of an AC through DHCP. · DNS—The AP gets the IP address of an AC through DNS. · Unknown.
Retransmission count	Number of retransmission attempts for an AC request.
Retransmission interval	Interval at which AC requests can be retransmitted.
Firmware upgrade	AP software upgrade: · Enabled. · Disabled.
Sent control packets	Number of sent packets, including Change State Event Response packets after the AC enters Run state. .
Received control packets	Number of received packets, including Change State Event Response packets after the AC enters Run state.
Echo requests	Number of echo requests sent by the AP in RUN state.
Lost echo responses	Number of echo responses not received by the AP in RUN state.
Average echo delay	Average echo delay in milliseconds.
Last reboot reason	Last reboot reason for the AP: · Power on. · Hard reboot. · Watchdog reboot. · Unknown reboot. · User soft reboot. · Kernel exception soft reboot. · Kernel deadloop soft reboot. · Auto update soft reboot. · Unknown soft reboot. · Memory exhausted. · Other unknown soft reboot.
Latest IP address	IP address that was most recently used by the AP.
Tunnel down reason	Cause for the CAPWAP tunnel to go down: · Failed to create timer. · Neighbor dead timer expired. · Request wait timer expired. · Data check timer expired. · Failed to process data channel keep-alive message. · Failed to process request. · AP was reset. · AP was deleted. · Failed to come online. · Serial number changed. · MAC address changed. · Number of APs exceeded the limit. · Processed join request in Run state. · Failed to create AP context. · Received failure result code. · Failed to retransmit message. · Failed to download image file. · Image file downloaded successfully. · File operation timer expired. · Failed to add tunnel. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Master and backup tunnel switchover. · Failed to inherit configuration. · AP authentication failed. This field displays N/A if the CAPWAP tunnel did not go down.
Connection count	Number of times that the AP connects to the AC. It is cleared in either one of the following cases: · The AC reboots. · The serial ID of the AP changes. The reset wlan ap command does not clear the connection count.
Backup IPv4	IPv4 address of the backup AC. If no backup AC is specified, this field displays Not configured.
Backup IPv6	IPv6 address of the backup AC. If no backup AC is specified, this field displays Not configured.
Tunnel encryption	CAPWAP control tunnel encryption: · Enabled. · Disabled.
Data-tunnel encryption	CAPWAP data tunnel encryption: · Enabled. · Disabled.
LED mode	LED lighting mode: · Quiet—All LEDs are off. · Awake—All LEDs flash once every minute. · Always-on—All LEDs are steady on. · Normal—How LEDs flash in this mode varies by AP model.
Remote configuration	Remote configuration assignment: · Enabled. · Disabled.
Basic BSSID	MAC address of the radio. This field displays N/A if the AP has not established a CAPWAP tunnel with the AC.
Admin state	Radio state: · Up. · Down.
Radio type	Wireless mode: · 5 GHz: ¡ 802.11a. ¡ 802.11n(5GHz). ¡ 802.11ac. · 2.4 GHz: ¡ 802.11b. ¡ 802.11g. ¡ 802.11n(2.4GHz).
Client dot11ac-only	· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11ac clients to associate with the radio.
Client dot11n-only	· Disabled—Allows 802.11a/b/g/n/ac clients to associate with the radio. · Enabled—Allows only 802.11n or 802.11ac clients to associate with the radio.
Channel band-width	Channel bandwidth: · 20 MHz. · 20 or 40 MHz. · 20/40/80 MHz.
Secondary channel offset	Secondary channel information for the 802.11n and 802.11ac radio mode: · SCA (Second Channel Above)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is above the primary channel. · SCB (Second Channel Below)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is below the primary channel. · SCN—The AP does not operate in 40 MHz bandwidth mode.
Short GI for 20MHz	Whether the radio supports short GI when it operates in 20 MHz mode.
Short GI for 40MHz	Whether the radio supports short GI when it operates in 40 MHz mode.
Short GI for 80MHz	Whether the radio supports short GI when it operates in 80 MHz mode.
Short GI for 160MHz	Whether the radio supports short GI when it operates in 160 MHz mode.
A-MSDU	· Disabled. · Enabled.
A-MPDU	· Disabled. · Enabled.
LDPC	· Supported. · Not supported.
STBC	· Supported. · Not supported.
Operational VHT MCS Set	· Supported—Supported VHT MCS set. · Mandatory—Mandatory VHT MCS set. · Multicast—Multicast VHT MCS set.
Operational HT MCS Set	· Supported—Supported MCS set. · Mandatory—Mandatory MCS set. · Multicast—Multicast MCS set.
Channel	This field displays Number<auto> if the current channel is the optimal channel automatically selected by the AP. This field displays Number if the current channel is manually configured. This field displays Number<avoid radar> if the current channel is automatically selected by the AP to avoid radar signals.
Max power	Maximum transmission power of the radio.
Preamble type	Preamble type: · Short. · Long.
Operational rate	· Mandatory. · Supported. · Multicast. · Disabled. · Not configured.
Distance	Maximum distance that the radio signal can reach.
ANI	· Enabled. · Disabled.
Protection threshold	Frame length threshold required for triggering the protection mechanism.
Long retry threshold	Maximum number of retransmission attempts for frames whose length exceeds the RTS threshold.
Short retry threshold	Maximum number of retransmission attempts for frames whose length is below the RTS threshold.
Maximum rx duration	Maximum buffer duration for frames.
Smart antenna	· Enabled. · Disabled.
Smart antenna policy	· Auto. · High availability. · High throughput.
Protection mode	Conflict avoidance mode: · cts-to-self. · rts-cts.
Continuous mode	Continuous mode configuration: · Rate. · MCS index. · NSS index. · VHT-MCS index. This field displays N/A if the continuous mode is not configured.

display wlan ap-distribution

Use display wlan ap-distribution to display distribution information for attached APs for ACs.

Syntax

Centralized devices in standalone mode:

display wlan ap-distribution all

Centralized devices in IRF mode:

display wlan ap-distribution { all | slot slot-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all ACs.

slot slot-number: Specifies an IRF member device by its member ID.

Examples

# Display distribution information for APs attached to the specified slot.

<Sysname> display wlan ap-distribution slot 0

Total number of APs: 1

AP information

State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad

C = Config, DC = DataCheck, R = Run, M = Master, B = Backup

AP name APID State Model Serial ID

722a-d561-0300 4 R/M WA4320i-ACN 210235A1BSC123000050

Table 14 Command output

Field	Description
APID	ID of the AP to uniquely identify the AP on the AC.
State	Current state of the AP: · I—Idle. · J—Join. · JA—Join acknowledge. · IL—The AP is downloading the software image version. · C—The AP is downloading initial configurations. · DC—The AP is checking data. · R—The CAPWAP tunnel is operating. It indicates that the AP and the AC have established a CAPWAP tunnel successfully. · R/M—The master CAPWAP tunnel is operating. It indicates that the AP and the master AC have established a CAPWAP tunnel. · R/B—The backup CAPWAP tunnel is operating. It indicates that the AP and the backup AC have established a CAPWAP tunnel. · M—The AP is connected to the master AC. · B—The AP is connected to the backup AC.
Model	AP model information.
Serial ID	Serial ID of the AP. This field displays Not configured if the serial ID of the AP is not configured.

display wlan ap-distribution ap-name

Use display wlan ap-distribution ap-name to display the attachment location of an AP.

Syntax

display wlan ap-distribution ap-name ap-name

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display the attachment location of AP ap1.

<Sysname> display wlan ap-distribution ap-name ap1

The AP is attached to slot 0.

display wlan ap-group

Use display wlan ap-group to display information about all AP groups or the specified AP group.

Syntax

display wlan ap-group [ brief | name group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

brief: Displays brief information about all AP groups.

name group-name: Displays detailed information about the specified AP group. The group-name argument represents the name of an AP group, a case-insensitive string of 1 to 31 characters.

Usage guidelines

If you do not specify any parameter, this command displays detailed information about all AP groups.

Examples

# Display detailed information about all AP groups.

[Sysname] display wlan ap-group

Total number of AP groups: 2

AP group name : default-group

Description : Not configured

AP model : Not configured

APs : Not configured

AP group name : group1

Description : abcd

AP model : WA4320i-ACN

AP grouping rules:

AP name : ap1, ap2

Serial ID : 219801A0CNC138011454

MAC address : 0AFB-423B-893C

IPv4 address : Not configured

IPv6 address : Not configured

APs : ap1 (AP name)

# Display detailed information about AP group group1.

[Sysname] display wlan ap-group group1

AP group name : group1

Description : Not configured

AP model : WA4320i-ACN

AP grouping rules:

AP name : ap1, ap2

Serial ID : 219801A0CNC138011454

MAC address : 0AFB-423B-893C

IPv4 address : Not configured

IPv6 address : Not configured

APs : ap1 (AP name)

# Display brief information about all AP groups.

<Sysname> display wlan ap-group brief

Total number of AP groups: 4

AP group name Group ID Member APs Online APs

default-group 1 1 0

group1 2 2006 1986

group2 3 10 10

group3 4 4 4

Related commands

wlan ap-group

display wlan ap-model

Use display wlan ap-model to display AP model information.

Syntax

display wlan ap-model { all | name model-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all AP models.

name model-name: Specifies an AP model by its name.

Examples

# Display information about AP model WA4320i-ACN.

<Sysname> display wlan ap-model name WA4320i-ACN

AP model : WA4320i-ACN

Alias : WA4320i-ACN

Vendor name : H3C

Vendor ID : 25506

License weight : 100

License type : 1

Radio count : 2

Radio 1:

Mode : 802.11a, 802.11an, 802.11ac

Default mode : 802.11ac

BSS count : 16

Radio 2:

Mode : 802.11b, 802.11g, 802.11gn

Default mode : 802.11gn

BSS count : 16

Version Support List :

Hardware Version Ver.A:

Software Version : R2206P02

Default Software Version : R2206P02

Image Name : wa4300.ipe

Hardware Version Ver.B:

Software Version : R2206P02

Default Software Version : R2206P02

Image Name : wa4300.ipe

Hardware Version Ver.C:

Software Version : R2206P02

Default Software Version : R2206P02

Image Name : wa4300.ipe

Hardware Version Ver.D:

Software Version : R2206P02

Default Software Version : R2206P02

Image Name : wa4300.ipe

Hardware Version Ver.E:

Software Version : R2206P02

Default Software Version : R2206P02

Image Name : wa4300.ipe

Hardware Version Ver.F:

Software Version : R2206P02

Default Software Version : R2206P02

Image Name : wa4300.ipe

Table 15 Command output

Field	Description
AP model	AP model name.
Alias	AP model alias.
License weight	Weight of the AP model in using an AP license, in percentage.
License type	AP type. · 1—Common AP. · 2—WTU. This value is not supported in the current software version. · 3—WT. This value is not supported in the current software version.
Radio count	Number of radios.
Mode	Supported radio types.
Default mode	Default radio type.
BSS count	Maximum number of BSSs that the radio supports.
Software Version	AP' software version used to compare with the software version reported by the AP. The default value is the AP software version stored in the APDB.
Default Software Version	AP software version stored in the APDB.
Image Name	Name of the AP image file.

display wlan license

Use display wlan license to display the number of installed WLAN licenses.

Syntax

display wlan license

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of installed WLAN licenses.

<Sysname> display wlan license

Installed common AP licenses : 64

Installed WTU licenses : 64

dns domain

Use dns domain to specify a domain name for an AP.

Use undo dns domain to restore the default.

Syntax

dns domain domain-name

undo dns domain

Default

In AP provision view, an AP uses the configuration in AP group provision view.

In AP group provision view, no domain name is specified for an AP.

Views

AP provision view

AP group provision view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters separated by dots. The string can contain letters, digits, hyphens (-), and underscores (_).

Usage guidelines

The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.

The configuration in AP provision view takes precedence over the configuration in AP group provision view.

Examples

# Set the domain name for AP ap1 to com.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] dns domain com

# Set the domain name for APs in AP group group1 to com.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group-prvs] dns domain com

Related commands

dns server

Use dns server to specify a DNS server for an AP.

Use undo dns server to delete the DNS server configuration.

Syntax

dns server { ip ipv4-address | ipv6 ipv6-address }

undo dns server { ip | ipv6 }

Default

In AP provision view, an AP uses the configuration in AP group provision view.

In AP group provision view, no DNS server is specified for an AP.

Views

AP provision view

AP group provision view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies a DNS server by its IPv4 address. Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.

ipv6 ipv6-address: Specifies a DNS server by its IPv6 address.

Usage guidelines

You can specify only one IPv4 address and one IPv6 address in each view.

The configuration in AP provision view takes effect only on the AP. The configuration in AP group provision view takes effect on all APs in the AP group.

The configuration in AP provision view takes precedence over the configuration in AP group provision view.

Examples

# Set the DNS server IP address to 192.168.100.123 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] dns server ip 192.168.100.123

# Set the DNS server IP address to 192.168.100.123 for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group-prvs] dns server ip 192.168.100.123

Related commands

dns domain

download file

Use download file to download an image file to an AP.

Syntax

download file filename

Views

AP view

Predefined user roles

network-admin

Parameters

filename: Specifies an image file by its name, a string of 1 to 255 characters.

Usage guidelines

This feature takes effect only on the master AC after a CAPWAP tunnel is established.

Examples

# Download image file main.ipe to AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan–ap-ap1] download file main.ipe

echo-interval

Use echo-interval to set the interval for an AP to send echo requests to the AC.

Use undo echo-interval to restore the default.

Syntax

echo-interval interval

undo echo-interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the interval for an AP to send echo requests is 10 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval for sending echo requests, in the range of 5 to 80 seconds.

Usage guidelines

An AP sends echo requests to the AC at the specified echo intervals to identify whether the CAPWAP tunnel is operating correctly. The AC responds by sending echo responses. If the AP does not receive any echo responses from the AC within the keepalive time, the AP terminates the connection. If the AC does not receive any echo requests within the keepalive time, the AC terminates the connection.

The configuration in AP provision view takes precedence over the configuration in AP group provision view.

Examples

# Set the echo interval for AP ap3 to 15 seconds.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA4320i-ACN

[Sysname-wlan-ap-ap3] echo-interval 15

# Set the echo interval for APs in AP group group1 to 15 seconds.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] echo-interval 15

firmware-upgrade

Use firmware-upgrade enable to enable the software upgrade feature.

Use firmware-upgrade disable to disable the software upgrade feature.

Use undo firmware-upgrade to restore the default.

Syntax

firmware-upgrade { disable | enable }

undo firmware-upgrade

Default

In AP view, an AP uses the configuration in AP group view. If no software upgrade configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, the software upgrade feature is enabled.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Usage guidelines

This feature enables the AC to examine whether an AP's software version matches the hardware version and software version mappings stored on the AC during CAPWAP tunnel establishment.

· If a match is found, the AC establishes a CAPWAP tunnel with the AP.

· If no match is found, the CAPWAP tunnel establishment proceeds as follows:

a. The AC notifies the AP of software version inconsistency.

b. After receiving the notification, the AP requests the software version from the AC, upgrades the software, and then establishes a CAPWAP tunnel with the AC.

When this feature is disabled, the AC does not examine the software version of an AP and establishes a CAPWAP tunnel with the AP.

The configuration in AP view takes precedence over the configuration in AP group view. The configuration in AP group view takes precedence over the configuration in global configuration view.

Examples

# Enable the software upgrade feature for AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA4320i-ACN

[Sysname-wlan-ap-ap3] firmware-upgrade enable

# Enable the software upgrade feature for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] firmware-upgrade enable

# Enable the software upgrade feature globally.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] firmware-upgrade enable

Related commands

wlan apdb

fragment-size

Use fragment-size to set the maximum fragment size for CAPWAP control or data packets.

Use undo fragment-size to remove the configuration.

Syntax

fragment-size { control control-size | data data-size }

undo fragment-size { control | data }

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the maximum fragment size for CAPWAP control packets and data packets is 1450 bytes and 1500 bytes, respectively.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

control control-size: Specifies the maximum fragment size for CAPWAP control packets in bytes. The value range for the control-size argument is 1000 to 1450.

data data-size: Specifies the maximum fragment size for CAPWAP data packets in bytes. The value range for the control-size argument is 1000 to 1748.

Usage guidelines

This command prevents packets between AC and AP from being dropped by intermediate devices if the AP connects to the AC across the Internet.

Any maximum fragment size modification takes effect immediately on online APs.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the maximum fragment size for CAPWAP data packets to 1500 bytes for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-ap-ap1] fragment-size data 1500

# Set the maximum fragment size for CAPWAP data packets to 1500 bytes for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] fragment-size data 1500

gateway

Use gateway to specify a gateway for an AP.

Use undo gateway to delete the gateway configuration.

Syntax

gateway { ip ipv4-address | ipv6 ipv6-address }

undo gateway { ip | ipv6 }

Default

No gateway is specified for an AP.

Views

AP provision view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies a gateway by its IPv4 address. Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.

ipv6 ipv6-address: Specifies a gateway by its IPv6 address.

Usage guidelines

You can set only one IPv4 address and one IPv6 address.

Examples

# Set the gateway IP address to 192.168.100.1 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] gateway ip 192.168.100.1

gigabitethernet

NOTE:

Support for this command depends on the AP model.

Use gigabitethernet to enter the GigabitEthernet interface view of an AP.

Syntax

gigabitethernet interface-number

Views

AP view

AP group's AP model view

Predefined user roles

network-admin

Parameters

interface-number: Specifies an interface number. The value range varies by AP model.

Examples

# Enter the interface view of GigabitEthernet 1 from AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] gigabitethernet 1

[Sysname-wlan-ap-ap1-gigabitethernet-1]

# Enter the interface view of GigabitEthernet 1 from the AP model view of AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-group1-ap-model-WA4320i-ACN] gigabitethernet 1

[Sysname-wlan-ap-group-group1-ap-model-WA4320i-ACN-gigabitethernet-1]

hybrid-remote-ap

Use hybrid-remote-ap enable to enable remote AP.

Use hybrid-remote-ap disable to disable remote AP.

Use undo hybrid-remote-ap to restore the default.

Syntax

hybrid-remote-ap { disable | enable }

undo hybrid-remote-ap

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, remote AP is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

By default, an AP stops providing services after the tunnel between the AP and the associated AC is disconnected. This command enables the AP to act as a remote AP to still provide services.

This command takes effect only on an AP that operates in local forwarding mode.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable remote AP for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] hybrid-remote-ap enable

# Enable remote AP for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] hybrid-remote-ap enable

if-match ip

Use if-match ip to create an AP grouping rule by IPv4 addresses.

Use undo if-match ip to delete AP grouping rules by IPv4 addresses.

Syntax

if-match ip ip-address { mask-length | mask }

undo if-match ip [ ip-address { mask-length | mask } ]

Default

No AP grouping rules by IPv4 addresses exist.

Views

AP group view

Predefined user roles

network-admin

Parameters

ip-address: Specifies an IPv4 address in dotted decimal notation.

mask-length: Specifies the mask length in the range of 1 to 31.

mask: Specifies the mask in dotted decimal notation.

Usage guidelines

You cannot execute this command in the view of the default AP group.

AP grouping rules by IPv4 addresses for an AP group or for different AP groups cannot overlap with each other.

An AP group supports a maximum of 32 AP grouping rules by IPv4 addresses.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

You can create AP grouping rules by both IPv4 addresses and IPv6 addresses for an AP group.

If you do not specify any argument in the undo form of the command, the command deletes all AP grouping rules by IPv4 addresses.

Examples

# Add APs whose IP address belongs to 192.168.0.0/16 to AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] if-match ip 192.168.0.0 16

if-match ipv6

Use if-match ipv6 to create an AP grouping rule by IPv6 addresses.

Use undo if-match ipv6 to delete AP grouping rules by IPv6 addresses.

Syntax

if-match ipv6 { ipv6-address prefix-length | ipv6-address/prefix-length }

undo if-match ip [ ipv6-address prefix-length | ipv6-address/prefix-length ]

Default

No AP grouping rules by IPv6 addresses exist.

Views

AP group view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies the IPv6 address prefix length in the range of 1 to 128.

Usage guidelines

You cannot execute this command in the view of the default AP group.

AP grouping rules by IPv6 addresses for an AP group or for different AP groups cannot overlap with each other.

An AP group supports a maximum of 32 AP grouping rules by IPv6 addresses.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

You can create AP grouping rules by both IPv4 addresses and IPv6 addresses for an AP group.

If you do not specify any argument in the undo form of the command, the command deletes all AP grouping rules by IPv6 addresses.

Examples

# Add APs whose IPv6 address belongs to 2001:DB0::/28 to AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-ap-group-group1] if-match ipv6 2001:DB8:: 28

ip address

Use ip address to specify an IPv4 address for the management VLAN interface for an AP.

Use undo ip address to restore the default.

Syntax

ip address ip-address { mask | mask-length }

undo ip address

Default

No IPv4 address is specified for the management VLAN interface of an AP.

Views

AP provision view

Predefined user roles

network-admin

Parameters

ip-address: Specifies an IPv4 address in dotted decimal notation.

mask: Specifies the mask in dotted decimal notation.

mask-length: Specifies the mask length in the range of 1 to 31.

Usage guidelines

Make sure you specify a valid IP address. Invalid IP addresses include loopback IP addresses, direct broadcast addresses, Class D IP addresses, Class E IP addresses, IP address 255.255.255.255, and IP addresses in the 0.X.X.X format.

The IP address of the management VLAN interface for an AP must be different from the following IP addresses:

· IP address of the management VLAN interface of another AP.

· AC IP address specified in provision view of any APs.

Examples

# Set the IP address of the management VLAN interface to 10.1.1.1/24 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ip address 10.1.1.1 24

ipv6 address

Use ipv6 address to specify an IPv6 address for the management VLAN interface for an AP.

Use undo ipv6 address to restore the default.

Syntax

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

undo ipv6 address

Default

No IPv6 address is specified for the management VLAN interface of an AP.

Views

AP provision view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies the prefix length in the range of 1 to 128.

Usage guidelines

The IP address of the management VLAN interface for an AP must be different from the following IP addresses:

· IP address of the management VLAN interface of another AP.

· AC IP address specified in provision view of any APs.

Examples

# Set the IPv6 address of the management VLAN interface to 2001::1/64 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ipv6 address 2001::1/64

led-mode

Use led-mode to set a LED lighting mode.

Use undo led-mode to restore the default.

Syntax

led-mode { always-on | awake | normal | quiet }

undo led-mode

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the LED lighting mode is normal.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

always-on: Specifies the always-on mode. Support for this keyword depends on the AP model.

awake: Specifies the awake mode. Support for this keyword depends on the AP model.

normal: Specifies the normal mode. How LEDs flash in this mode varies by AP model.

quiet: Specifies the quiet mode.

Usage guidelines

If you set the LED lighting mode to awake or always-on in AP group view, the setting takes effect only on member APs that support the specified LED lighting mode.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the LED lighting mode to normal for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] led-mode normal

# Set the LED lighting mode to awake for APs in AP group ap1.

<Sysname> system-view

[Sysname] wlan ap-group g1

[Sysname-wlan-ap-group-g1] led-mode awake

mac-address (AP group view)

Use mac-address to create an AP grouping rule by MAC addresses.

Use undo mac-address to delete an AP grouping rule by MAC addresses.

Syntax

mac-address mac-address

undo mac-address mac-address

Default

No AP grouping rules by MAC addresses exist.

Views

AP group view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the MAC address of an AP.

Usage guidelines

This command does not identify whether the specified AP exists.

You can configure multiple AP grouping rules by MAC addresses.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

If the created AP grouping rule already exists in another AP group, this command deletes the rule from that AP group.

You cannot execute this command in the view of the default AP group.

Examples

# Create an AP grouping rule by MAC addresses for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] mac-address 0AC1-F9B2-B1C2

Related commands

wlan ap-group

mac-address (AP view)

Use mac-address to assign a MAC address to an AP.

Use undo mac-address to restore the default.

Syntax

mac-address mac-address

undo mac-address

Default

No MAC address is assigned to an AP.

Views

AP view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the MAC address in H-H-H format.

Usage guidelines

Changing or deleting the MAC address of an AP terminates the CAPWAP tunnel if the AP has established a CAPWAP tunnel with the AC. Then the AP will reestablish a CAPWAP tunnel with the AC.

Examples

# Assign the MAC address 0001-0000-0000 to AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] mac-address 0001-0000-0000

name

NOTE:

Support for this command depends on the AP model.

Use name to assign a name to an AP's VLAN.

Use undo name to restore the default.

Syntax

name text

undo name

Default

In an AP's VLAN view, a VLAN uses the configuration in an AP group's VLAN view.

In an AP group's VLAN view, the name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit format. If the VLAN ID has less than four digits, leading zeros are added. For example, the name of VLAN 100 is VLAN 0100.

Views

AP's VLAN view

AP group's VLAN view

Predefined user roles

network-admin

Parameters

text: Specifies a VLAN name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

The configuration in an AP's VLAN view takes precedence over the configuration in an AP group's VLAN view.

Examples

# Assign name test vlan to VLAN 2 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] vlan 2

[Sysname-wlan-ap-ap1-vlan2] name test vlan

# Assign name test vlan to VLAN 2 of all APs in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] vlan 2

[Sysname-wlan-ap-group-1-vlan2] name test vlan

Related commands

remote-configuration

port access vlan

NOTE:

Support for this command depends on the AP model.

Use port access vlan to assign an access port on an AP to the specified VLAN.

Use undo port access vlan to restore the default.

Syntax

port access vlan vlan-id

undo port access vlan

Default

In an AP's Layer 2 Ethernet interface view, an access port uses the configuration in an AP group's Layer 2 Ethernet interface view.

In an AP group's Layer 2 Ethernet interface view, all access ports on an AP belong to VLAN 1.

Views

AP's Layer 2 Ethernet interface view

AP group's Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

Before assigning an access port to a VLAN, make sure the VLAN has been created.

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.

Examples

# Assign GigabitEthernet 1 to VLAN 3 in the Layer 2 Ethernet interface view of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] gigabitethernet 1

[Sysname-wlan-ap-ap3-gigabitethernet-1] port access vlan 3

# Assign GigabitEthernet 1 to VLAN 3 in the Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port access vlan 3

Related commands

remote-configuration

port hybrid pvid

NOTE:

Support for this command depends on the AP model.

Use port hybrid pvid to set the PVID of a hybrid port on an AP.

Use undo port hybrid pvid to set the PVID of a hybrid port on an AP to 1.

Syntax

port hybrid pvid vlan vlan-id

undo port hybrid pvid

Default

In an AP's Layer 2 Ethernet interface view, a hybrid port uses the configuration in an AP group's Layer 2 Ethernet interface view.

In an AP group's Layer 2 Ethernet interface view, the PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.

Views

AP's Layer 2 Ethernet interface view

AP group's Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.

For correct packet transmission, set the same PVID for a hybrid port on an AP and the hybrid port on the switch connected to the AP.

To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.

Examples

# Configure GigabitEthernet 1 as a hybrid port, and set its PVID to VLAN 100 in Layer 2 Ethernet interface view of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] gigabitethernet 1

[Sysname-wlan-ap-ap1-gigabitethernet-1] port link-type hybrid

[Sysname-wlan-ap-ap1-gigabitethernet-1] port hybrid pvid vlan 100

# Configure GigabitEthernet 1 as a hybrid port, and set its PVID to VLAN 100 in Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type hybrid

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port hybrid pvid vlan 100

Related commands

port hybrid vlan

port link-type

remote-configuration

port hybrid vlan

NOTE:

Support for this command depends on the AP model.

Use port hybrid vlan to assign a hybrid port to the specified VLANs.

Use undo port hybrid vlan to remove a hybrid port from the specified VLANs

Syntax

port hybrid vlan vlan-id-list { tagged | untagged }

undo port hybrid vlan vlan-id-list

Default

In an AP's Layer 2 Ethernet interface view, a hybrid port uses the configuration in an AP group's Layer 2 Ethernet interface view.

In an AP group's Layer 2 Ethernet interface view, a hybrid port is an untagged member of the VLAN to which the port belongs when its link type is access.

Views

AP's Layer 2 Ethernet interface view

AP group's Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument cannot be lower than the value for the vlan-id1 argument. The specified VLANs must already exist on the device.

tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a VLAN sends packets from the VLAN without removing VLAN tags.

untagged: Configures the port as an untagged member of the specified VLANs. An untagged member of a VLAN sends packets from the VLAN after removing VLAN tags.

Usage guidelines

A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port, the hybrid port allows all the specified VLANs.

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.

Examples

# In Layer 2 Ethernet interface view of AP ap1, perform the following steps:

1. Configure GigabitEthernet 1 as a hybrid port.

2. Assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 as a tagged member.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] gigabitethernet 1

[Sysname-wlan-ap-ap1-gigabitethernet-1] port link-type hybrid

[Sysname-wlan-ap-ap1-gigabitethernet-1] port hybrid vlan 2 4 50 to 100 tagged

# In Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1, perform the following steps:

3. Configure GigabitEthernet 1 as a hybrid port.

4. Assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 as a tagged member.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type hybrid

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port hybrid vlan 2 4 50 to 100 tagged

Related commands

port link-type

remote-configuration

port link-type

NOTE:

Support for this command depends on the AP model.

Use port link-type to set the link type of an Ethernet port on an AP.

Use undo port link-type to restore the default.

Syntax

port link-type { access | hybrid | trunk }

undo port link-type

Default

In an AP's Layer 2 Ethernet interface view, an Ethernet port uses the configuration in an AP group's Layer 2 Ethernet interface view.

In an AP group's Layer 2 Ethernet interface view, each Ethernet port is an access port.

Views

AP's Layer 2 Ethernet interface view

AP group's Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

access: Sets the port link type to access.

hybrid: Sets the port link type to hybrid.

trunk: Sets the port link type to trunk.

Usage guidelines

To change the link type of an Ethernet port from trunk to hybrid or vice versa, first set the link type to access.

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.

Examples

# Configure GigabitEthernet 1 as a trunk port in Layer 2 Ethernet interface view of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] gigabitethernet 1

[Sysname-wlan-ap-ap1-gigabitethernet-1] port link-type trunk

# Configure GigabitEthernet 1 as a trunk port in Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type trunk

Related commands

remote-configuration

port trunk permit vlan

NOTE:

Support for this command depends on the AP model.

Use port trunk permit vlan to assign a trunk port to the specified VLANs.

Use undo port trunk permit vlan to remove a trunk port from the specified VLANs.

Syntax

port trunk permit vlan { vlan-id-list | all }

undo port trunk permit vlan { vlan-id-list | all }

Default

In an AP's Layer 2 Ethernet interface view, a trunk port uses the configuration in an AP group's Layer 2 Ethernet interface view.

In an AP group's Layer 2 Ethernet interface view, a trunk port allows packets only from VLAN 1 to pass through.

Views

AP's Layer 2 Ethernet interface view

AP group's Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

all: Specifies all VLANs.

Usage guidelines

A trunk port can allow multiple VLANs. If you execute this command multiple times on a trunk port, the trunk port allows all the specified VLANs.

On a trunk port, only packets from the PVID can pass through untagged.

To prevent unauthorized VLAN users from accessing restricted resources through the port, use the port trunk permit vlan all command with caution.

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.

Examples

# Configure GigabitEthernet 1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 in Layer 2 Ethernet interface view of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] gigabitethernet 1

[Sysname-wlan-ap-ap1-gigabitethernet-1] port link-type trunk

[Sysname-wlan-ap-ap1-gigabitethernet-1] port trunk permit vlan 2 4 50 to 100

# Configure GigabitEthernet 1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100 in Layer 2 Ethernet interface view of APs with model WA4320i-ACN in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type trunk

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port trunk permit vlan 2 4 50 to 100

Related commands

port link-type

remote-configuration

port trunk pvid

NOTE:

Support for this command depends on the AP model.

Use port trunk pvid to set the PVID for a trunk port on an AP.

Use undo port trunk pvid to restore the default.

Syntax

port trunk pvid vlan vlan-id

undo port trunk pvid

Default

In an AP's Layer 2 Ethernet interface view, a trunk port uses the configuration in an AP group's Layer 2 Ethernet interface view.

In an AP group's Layer 2 Ethernet interface view, the PVID of a trunk port is VLAN 1.

Views

AP's Layer 2 Ethernet interface view

AP group's Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.

Usage guidelines

You can use a nonexistent VLAN as the PVID for a trunk port. When you delete the PVID of a trunk port by using the undo vlan command, the PVID setting of the port does not change.

For correct packet transmission, set the same PVID for a hybrid port on an AP and the hybrid port on the switch connected to the AP.

To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID by using the port trunk permit vlan command.

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

The configuration in an AP's Layer 2 Ethernet interface view takes precedence over the configuration in an AP group's Layer 2 Ethernet interface view.

Examples

# In Layer 2 Ethernet interface view of AP ap1, configure GigabitEthernet 1 as a trunk port, set its PVID to VLAN 100, and assign it to VLAN 100.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] gigabitethernet 1

[Sysname-wlan-ap-ap3-gigabitethernet-1] port link-type trunk

[Sysname-wlan-ap-ap3-gigabitethernet-1] port trunk pvid vlan 100

[Sysname-wlan-ap-ap3-gigabitethernet-1] port trunk permit vlan 100

# In an AP group's Layer 2 Ethernet interface view, configure GigabitEthernet 1 as a trunk port, set its PVID to VLAN 100, and assign it to VLAN 100.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN] gigabitethernet 1

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port link-type trunk

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port trunk pvid vlan 100

[Sysname-wlan-ap-group-1-ap-model-WA4320i-ACN-gigabitethernet-1] port trunk permit vlan 100

Related commands

port link-type

port trunk permit vlan

remote-configuration

power-level default

NOTE:

Support for this command depends on the AP model.

Use power-level default to set the default input power level for an AP in case the AP cannot obtain its input power level.

Use undo power-level default to restore the default.

Syntax

power-level default { high | low | middle }

undo power-level default

Default

In AP view, an AP uses the configuration in an AP group's AP model view.

In an AP group's AP model view, the default input power level of an AP is middle.

Views

AP view

AP group's AP model view

Predefined user roles

network-admin

Parameters

high: Specifies the high default input power level.

low: Specifies the low default input power level.

middle: Specifies the middle default input power level.

Usage guidelines

Configure this command for an AP in case the AP cannot obtain its input power level at startup.

The power level of an AP can be high, middle, or low. An AP automatically performs power supply mode detection to obtain its input power level at startup. If the AP fails to obtain the input power level, it operates at the low input power level before associating with an AC. After the association, it operates at the configured default input power level.

The following table shows the relationship between the AP's power supply mode and input power level:

Power supply mode	Input power level
· Power adapter. · Multiple PoE+ ports. · Combination of PoE and PoE+ ports.	High
· Single PoE+ port · Multiple PoE ports	Middle
Single PoE port	Low

An AP's support for MIMO modes and USB interfaces varies by power level, as shown in Table 16.

Table 16 AP's support for MIMO modes and USB interfaces

Input power level	MIMO modes	Whether USB interfaces can be enabled
High	1×1, 2×2, 3×3, and 4×4.	Yes.
Middle	1×1, 2×2, 3×3, and 4×4.	Yes when the MIMO mode is 1×1 or 2×2.
Low	1×1.	No.

The configuration in AP view takes precedence over the configuration in an AP group' AP model view.

Examples

# Set the default input power level to high for AP ap1 in AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA5620i-ACN

[Sysname-wlan-ap-ap1] power-level default high

# Set the default input power level to high in AP model view of AP group g1.

<Sysname> system-view

[Sysname] wlan ap-group g1

[Sysname-wlan-ap-group-g1] ap-model WA5620i-ACN

[Sysname-wlan-ap-group-g1-ap-model-WA5620i-ACN] power-level default high

priority

Use priority to set the AP connection priority for the AC.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the AP connection priority for the AC is 4.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

priority: Specifies the AP connection priority for the AC, in the range of 0 to 7. A larger value represents a higher connection priority.

Usage guidelines

The AP prefers to establish a CAPWAP tunnel with an AC that has higher connection priority.

The AP connection priority only takes effect during AC discovery.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the AP connection priority for the AC to 7 for AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA4320i-ACN

[Sysname-wlan-ap-ap3] priority 7

# Set the AP connection priority for the AC to 7 for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] priority 7

provision

Use provision to enable AP preprovisioning and enter AP provision view, or enter AP provision view. if AP preprovisioning is already enabled.

Use undo provision to disable AP preprovisioning.

Syntax

provision

undo provision

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, AP preprovisioning is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

AP preprovisioning allows you to configure network settings for APs on the AC. The AC automatically assigns these settings to the APs.

If you disable AP preprovisioning, network settings configured on the AC will be deleted. However, the operation does not affect the network settings already assigned to the APs.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable AP preprovisioning and enter AP provision view of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs]

# Enable AP preprovisioning and enter AP provision view of AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision

[Sysname-wlan-ap-group-group1-prvs]

provision auto-recovery

Use provision auto-recovery enable to enable auto loading of preprovisioned settings.

Use provision auto-recovery disable to disable auto loading of preprovisioned settings.

Use undo provision auto-recovery to restore the default.

Syntax

provision auto-recovery { disable | enable }

undo provision auto-recovery

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, auto loading of preprovisioned settings is enabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

Auto loading of preprovisioned settings ensures successful CAPWAP tunnel establishment between AP and AC. An AP uses the following procedure to discover an AC when you enable this feature:

1. Uses the preprovisioned settings to discover an AC that has the AP's manual or auto AP configuration.

2. Reboots and uses other methods to discover ACs if AC discovery fails.

3. Reboots and uses the preprovisioned settings again to discover ACs if the AP still fails to discover the target AC.

This AC discovery process will be repeated until the AP discovers the target AC to establish a CAPWAP tunnel.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Disable auto loading of preprovisioned settings for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-ap-ap1] provision auto-recovery disable

# Disable auto loading of preprovisioned settings for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision auto-recovery disable

provision auto-update

Use provision auto-update enable to enable auto assignment of preprovisioned settings.

Use provision auto-update disable to disable auto assignment of preprovisioned settings.

Use undo provision auto-update to restore the default.

Syntax

provision auto-update { disable | enable }

undo provision auto-update

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, auto assignment of preprovisioned settings is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

This command enables the AC to automatically assign preprovisioned settings to an AP so that the AP can use the preprovisioned settings to come online.

This command applies only to offline APs. To deploy preprovisioned settings to online APs, use the save wlan ap provision command.

The configuration in AP provision view has higher priority than the configuration in AP group provision view.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable auto assignment of preprovisioned settings for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-ap-ap1] provision auto-update enable

# Enable auto assignment of preprovisioned settings for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] provision auto-update enable

remote-configuration

NOTE:

Support for this command depends on the AP model.

Use remote-configuration enable to enable the remote configuration assignment feature.

Use remote-configuration disable to disable the remote configuration assignment feature.

Use undo remote-configuration to restore the default.

Syntax

remote-configuration { disable | enable }

undo remote-configuration enable

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, remote configuration assignment is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

The AC will assign related VLAN settings to APs only when the remote configuration assignment feature is enabled.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable the remote configuration assignment feature for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] remote-configuration enable

# Enable the remote configuration assignment feature for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] remote-configuration enable

reset wlan ap

Use reset wlan ap to reset all APs or the specified AP.

Syntax

reset wlan ap { all | ap-group group-name | model model-name | name ap-name | native }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all APs connected to the AC.

ap-group group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.

model model-name: Specifies an AP model by model name.

native: Specifies all APs that have established CAPWAP tunnels with the AC.

Usage guidelines

This command terminates the CAPWAP tunnel between an AP and the AC and deletes all connection information about the AP.

Examples

# Reset the AP ap1.

<Sysname> reset wlan ap name ap1

Reset the AP that has established or is to establish a primary tunnel with the AC. Continue? [Y/N]:

reset wlan ap provision

Use reset wlan ap provision to delete configuration file wlan_ap_prvs.xml from all APs or the specified AP.

Syntax

reset wlan ap provision { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

Usage guidelines

This command takes effect only on APs that have established CAPWAP tunnels with the master AC and are in Run state.

For this command to take effect on an AP, restart the AP.

Examples

# Delete configuration file wlan_ap_prvs.xml from AP ap1.

<Sysname> reset wlan ap provision name ap1

reset wlan ap reboot-log

Use reset wlan ap reboot-log to clear the reboot logs of all APs or the specified AP.

Syntax

reset wlan ap reboot-log { all | name ap-name }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

Examples

# Clear the reboot logs of AP ap1.

<Sysname> reset wlan ap reboot-log name ap1

Related commands

display wlan ap reboot-log

reset wlan ap unauthenticated

Use reset wlan ap unauthenticated to restart unauthenticated auto APs for reauthentication.

Syntax

reset wlan ap unauthenticated

Views

User view

Predefined user roles

network-admin

Examples

# Restart unauthenticated auto APs.

<Sysname> reset wlan ap unauthenticated

reset wlan tunnel latency ap

Use reset wlan tunnel latency ap to clear tunnel latency information for all APs or the specified AP.

Syntax

reset wlan tunnel latency ap { all | name ap-name }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

Usage guidelines

This command takes effect only on APs that have established tunnels with the master AC and are in Run state.

Examples

# Clear tunnel latency information for AP ap1.

<Sysname> reset wlan tunnel latency ap name ap1

Related commands

display wlan ap name tunnel latency

tunnel latency-detect

retransmit-count

Use retransmit-count to set the maximum number of AC request retransmission attempts.

Use undo retransmit-count to restore the default.

Syntax

retransmit-count value

undo retransmit-count

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the maximum number of AC request retransmission attempts is 3.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

value: Specifies the maximum number of AC request retransmission attempts, in the range of 2 to 5.

Usage guidelines

The AC sends a request to an AP at the retransmission interval until the maximum number of request retransmission attempts is reached or a response is received.

Requests sent by the AC to an AP include the following types:

· Image Data Request.

· Configuration Update Request.

· Reset Request.

· Data Transfer Request.

· IEEE 802.11 WLAN Configuration Request.

· Station Configuration Request.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the maximum number of AC request retransmission attempts to 4 for AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA4320i-ACN

[Sysname-wlan-ap-ap3] retransmit-count 4

# Set the maximum number of AC request retransmission attempts to 4 for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] retransmit-count 4

Related commands

retransmit-interval

Use retransmit-interval to set the request retransmission interval for the AC to retransmit requests to an AP.

Use undo retransmit-interval to restore the default.

Syntax

retransmit-interval interval

undo retransmit-interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the request retransmission interval is 5 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the request retransmission interval in the range of 3 to 8 seconds.

Usage guidelines

The AC sends a request to an AP at the retransmission interval until the maximum number of request retransmission attempts is reached or a response is received.

Requests sent by the AC to an AP include the following types:

· Image Data Request.

· Configuration Update Request.

· Reset Request.

· Data Transfer Request.

· IEEE 802.11 WLAN Configuration Request.

· Station Configuration Request.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the request retransmission interval to 6 seconds for the AC to send requests to AP ap3.

<Sysname> system-view

[Sysname] wlan ap ap3 model WA4320i-ACN

[Sysname-wlan-ap-ap3] retransmit-interval 6

# Set the request retransmission interval to 6 seconds for the AC to send requests to APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] retransmit-interval 6

Related commands

retransmit-count

save wlan ap provision

Use save wlan ap provision to deploy the provision configuration to all APs or the specified AP.

Syntax

save wlan ap provision { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

Usage guidelines

This command saves the added or modified preprovisioned settings to the wlan_ap_prvs.xml configuration file, and takes effect immediately.

This command takes effect only on online APs that have established tunnels with the master AC.

This command has the same effect as the reset wlan ap provision command if no AP preprovisioned settings exist.

Preprovisioned settings configured in provision view take effect immediately when you execute the save wlan ap provision command.

Cancellations of preprovisioned settings in provision view do not take effect when you execute the save wlan ap provision command. For the cancellations to take effect on an AP, restart the AP.

Examples

# Save the configuration in AP provision view to configuration file wlan_ap_prvs.xml on AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] provision

[Sysname-wlan-ap-ap1-prvs] ac ip 192.168.0.1

[Sysname-wlan-ap-ap1-prvs] save wlan ap provision name ap1

serial-id (AP group view)

Use serial-id to create an AP grouping rule by serial IDs.

Use undo serial-id to delete an AP grouping rule by serial IDs.

Syntax

serial-id serial-id

undo serial-id serial-id

Default

No AP grouping rules by serial IDs exist.

Views

AP group view

Predefined user roles

network-admin

Parameters

serial-id: Specifies an AP serial ID, a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command does not identify whether the specified AP exists.

You can configure multiple AP grouping rules by serial IDs.

The priorities of AP grouping rules by AP names, serial IDs, MAC addresses, and IP addresses are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

If the created AP grouping rule already exists in another AP group, this command deletes the rule from that AP group.

You cannot execute this command in the view of the default AP group.

Examples

# Create an AP grouping rule by serial IDs for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] serial-id 210235A1BSC123000037

Related commands

wlan ap-group

serial-id (AP view)

Use serial-id to specify the serial ID for an AP.

Use undo serial-id to restore the default.

Syntax

serial-id serial-id

undo serial-id

Default

No serial ID is specified for an AP.

Views

AP view

Predefined user roles

network-admin

Parameters

serial-id: Specifies the serial ID for an AP, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Changing or deleting the serial ID of an AP terminates the CAPWAP tunnel if the AP has established a CAPWAP tunnel with an AC. Then the AP will reestablish a CAPWAP tunnel with the AC.

Examples

# Set the serial ID of AP ap1 to 210235A1BSC123000050.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-ap-ap1] serial-id 210235A1BSC123000050

smartrate-ethernet

NOTE:

Support for this command depends on the AP model.

Use smartrate-ethernet to enter 2.5 GigabitEthernet interface view of an AP.

Syntax

smartrate-ethernet interface-number

Views

AP view

AP group's AP model view

Predefined user roles

network-admin

Parameters

interface-number: Specifies an interface number. The value range varies by AP model.

Examples

# Enter the interface view of Smartrate-Ethernet 1 from AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA5620i-CAN

[Sysname-wlan-ap-ap1] smartrate-ethernet 1

[Sysname-wlan-ap-ap3-smartrate-ethernet-1]

# Enter the interface view of Smartrate-Ethernet 1 from the AP model view of AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA5620i-ACN

[Sysname-wlan-ap-group-group1-ap-model-WA4320i-ACN] smartrate-ethernet 1

[Sysname-wlan-ap-group-group1-ap-model-WA5620i-ACN-smartrate-ethernet-1]

snmp-agent trap enable wlan ap

Use snmp-agent trap enable wlan ap to enable SNMP notifications for AP management.

Use undo snmp-agent trap enable wlan ap to disable SNMP notifications for AP management.

Syntax

snmp-agent trap enable wlan ap

undo snmp-agent trap enable wlan ap

Default

SNMP notifications are disabled for AP management.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical AP management events to an NMS, enable SNMP notifications for AP management. For AP management event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.

Examples

# Enable SNMP notifications for AP management.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan ap

snmp-agent trap enable wlan capwap

Use snmp-agent trap enable wlan capwap to enable SNMP notifications for CAPWAP.

Use undo snmp-agent trap enable wlan capwap to disable SNMP notifications for CAPWAP.

Syntax

snmp-agent trap enable wlan capwap

undo snmp-agent trap enable wlan capwap

Default

SNMP notifications are disabled for CAPWAP.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical CAPWAP events to an NMS, enable SNMP notifications for CAPWAP. For CAPWAP event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.

Examples

# Enable SNMP notifications for CAPWAP.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan capwap

statistics-interval

Use statistics-interval to set the statistics report interval for an AP to send statistics reports to the AC.

Use undo statistics-interval to restore the default.

Syntax

statistics-interval interval

undo statistics-interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the statistics report interval is 50 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the statistics report interval in the range of 0 to 240 seconds.

Usage guidelines

Execute this command to change the interval for an AP to report its statistics. You can use these statistics to monitor the operating status of radios on the AP.

To disable an AP from reporting radio statistics to the AC, set the statistics report interval to 0.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the statistics reports interval to 10 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] statistics-interval 10

# Set the statistics reports interval to 10 seconds for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] statistics-interval 10

tunnel encryption

Use tunnel encryption enable to enable CAPWAP control tunnel encryption.

Use tunnel encryption disable to disable CAPWAP control tunnel encryption.

Use undo tunnel encryption enable to restore the default.

Syntax

tunnel encryption { disable | enable }

undo tunnel encryption enable

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, CAPWAP control tunnel encryption is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

This command takes effect on an AP only when the AP restarts.

When this feature is enabled, an AP establishes a CAPWAP tunnel with the AC after receiving a discovery response with the encryption flag from the AC. Then, the AC and the AP encrypt control packets transmitted in the CAPWAP control tunnel after the DTLS handshake.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable CAPWAP tunnel control encryption for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] tunnel encryption enable

This operation will restart the AP. Continue? [Y/N]

# Enable CAPWAP control tunnel encryption for APs in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] tunnel encryption enable

This operation will restart member APs that are enabled with CAPWAP control tunnel encryption. Continue? [Y/N]

tunnel latency-detect

Use tunnel latency-detect to configure CAPWAP tunnel latency detection.

Syntax

tunnel latency-detect { start | stop }

Default

CAPWAP tunnel latency detection is not started.

Views

AP view

Predefined user roles

network-admin

Parameters

start: Starts CAPWAP tunnel latency detection.

stop: Stops CAPWAP tunnel latency detection.

Usage guidelines

CAPWAP tunnel latency detection enables the AC to detect the transmission latency of CAPWAP control frames or data frames from an AP to the AC and back.

When an AP goes offline, CAPWAP tunnel latency detection automatically stops. To restart CAPWAP tunnel latency detection when the AP comes online again, execute the tunnel latency-detect start command again.

The tunnel latency-detect start command takes effect only on APs that have established CAPWAP tunnels with the master AC and are in Run state.

Examples

# Start CAPWAP tunnel latency detection for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] tunnel latency-detect start

Related commands

display wlan ap tunnel latency

reset wlan tunnel latency ap

usb

Use usb enable to enable USB interfaces on APs.

Use usb disable to disable USB interfaces on APs.

Use undo usb to restore the default.

Syntax

usb { disable | enable }

undo usb

Default

In AP view, an AP uses the configuration in an AP group's AP model view.

In an AP group's AP model view, USB interfaces are disabled.

Views

AP view

AP group's AP model view

Predefined user roles

network-admin

Usage guidelines

This command takes effect on an AP only when either of the following requirements is met:

· The power level of the AP is high.

· The power level of the AP is middle and the MIMO mode is 1×1 or 2×2.

For information about power levels, see "power-level default." For information about MIMO modes, see radio management in WLAN Configuration Guide.

The configuration in AP view takes precedence over the configuration in AP group' AP model view.

Examples

# Enable USB interfaces in AP view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA5620i-ACN

[Sysname-wlan-ap-ap1] usb enable

# Enable USB interfaces in AP model view of AP group g1.

<Sysname> system-view

[Sysname] wlan ap-group g1

[Sysname-wlan-ap-group-g1] ap-model WA5620i-ACN

[Sysname-wlan-ap-group-g1-ap-model-WA5620i-ACN] usb enable

Related commands

power-level default

vlan

Use vlan vlan-id to create a VLAN for an AP and enter the VLAN view of the AP, or enter the view of an existing VLAN of an AP.

Use vlan vlan-id1 to vlan-id2 to create VLANs vlan-id1 through vlan-id2 for an AP, except for reserved VLANs.

Use vlan all to create VLANs 1 through 4094 for an AP.

Use undo vlan to delete the specified VLANs of an AP.

Syntax

vlan { vlan-id1 [ to vlan-id2 ] | all }

undo vlan { vlan-id1 [ to vlan-id2 ] | all }

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, VLAN 1 (the default VLAN) exists on an AP.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

vlan-id1: Specifies a VLAN ID in the range of 1 to 4094.

vlan-id1 to vlan-id2: Specifies a VLAN range. The vlan-id1 and vlan-id2 arguments specify VLAN IDs. The value range for each of the two arguments is 1 to 4094. The value for the vlan-id2 argument cannot be lower than the value for the vlan-id1 argument.

all: Specifies all VLANs except for reserved VLANs. The keyword is not supported when the maximum number of VLANs that can be created on an AP is less than 4094. Support for this keyword depends on the AP model.

Usage guidelines

You cannot create or delete VLAN 1 (the default VLAN) or reserved VLANs.

For this command to take effect on an AP, make sure the remote configuration assignment feature is enabled.

Examples

# Create VLAN 2 for AP ap1 and enter the VLAN view of the VLAN.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] vlan 2

[Sysname-wlan-ap-ap1-vlan2]

# Create VLAN 2 for AP group group1 and enter the VLAN view of the VLAN.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] vlan 2

[Sysname-wlan-ap-group-1-vlan2]

Related commands

remote-configuration

wlan ap

Use wlan ap to create a manual AP and enter its view, or enter the view of an existing manual AP.

Use undo wlan ap to delete an AP.

Syntax

wlan ap ap-name [ model model-name ]

undo wlan ap ap-name

Default

No manual APs exist.

Views

System view

Predefined user roles

network-admin

Parameters

model model-name: Specifies the model name of the AP. You must specify the model name when you create an AP.

Usage guidelines

If the specified AP has established a CAPWAP tunnel, the undo wlan ap command also terminates the tunnel.

Examples

# Create an AP named ap1 with model WA4320i-ACN.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1]

wlan ap-authentication

Use wlan ap-authentication to manually authenticate unauthenticated auto APs.

Syntax

wlan ap-authentication { accept | reject } ap-unauthenticated { all | name ap-name }

Default

Manual authentication is not configured for unauthenticated auto APs.

Views

System view

Predefined user roles

network-admin

Parameters

accept: Enables unauthenticated auto APs to pass authentication and generate ACL permit rules. Authenticated auto APs can provide wireless services.

reject: Rejects unauthenticated auto APs and generates ACL deny rules. If you specify this keyword, the command logs off all online unauthenticated auto APs.

all: Specifies all unauthenticated auto APs.

name ap-name: Specifies an unauthenticated auto AP by its name, a case-insensitive string of 1 to 64 characters.

Usage guidelines

Unauthenticated auto APs can associate with the AC but cannot provide wireless services. You can execute this command to authenticate these APs.

Before you execute this command, perform the following tasks:

· Use the acl wlan ap command to create a WLAN AP ACL.

· Use the wlan ap-authentication acl command to specify the ACL as the ACL for authenticating unauthenticated auto APs.

The generated ACL rules will be added to the specified ACL.

Examples

# Enable unauthenticated auto APs to pass authentication and generate permit rules in ACL 200.

<Sysname> system-view

[Sysname] acl wlan ap 200

[Sysname-acl-ap-200] quit

[Sysname] wlan ap-authentication acl 200

[Sysname] wlan ap-authentication accept ap-unauthenticated all

Related commands

acl wlan ap

permit-unauthenticated

wlan ap-authentication

wlan ap-authentication acl

Use wlan ap-authentication acl to specify an ACL for authenticating auto APs.

Use undo wlan ap-authentication acl to restore the default.

Syntax

wlan ap-authentication acl acl-number

undo wlan ap-authentication acl

Default

No ACL is specified for authenticating auto APs.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies a WLAN AP ACL by its number, in the range of 200 to 299.

Usage guidelines

Before you execute this command, use the acl wlan ap command to create a WLAN AP ACL and configure ACL rules. You can use either of the following methods to configure ACL rules:

· Use the ap-authentication import command.

· Use the rule command. If this method is used, make sure the match criterion used in the rule is consistent with the auto AP authentication method. To configure an auto AP authentication method, use the wlan ap-authentication method command.

Unauthenticated auto APs that match ACL permit rules are allowed to associate with the AC. Unauthenticated auto APs that match ACL deny rules or do not match any ACL rules are rejected to associate with the AC.

If you do not configure any ACL rules, all auto APs will become unauthenticated.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify ACL 200 for authenticating auto APs by serial ID.

<Sysname> system-view

[Sysname] acl wlan ap 200

[Sysname-acl-ap-200] rule 0 permit serial-id 210235A42QB095000766

[Sysname-acl-ap-200] quit

[Sysname] wlan ap-authentication acl 200

Related commands

acl wlan ap

rule

wlan ap-authentication import

wlan ap-authentication method

wlan ap-authentication domain

Use wlan ap-authentication domain to configure an ISP domain for auto AP authentication.

Use undo wlan ap-authentication domain to restore the default.

Syntax

wlan ap-authentication domain domain-name

undo wlan ap-authentication domain

Default

No ISP domain is configured for auto AP authentication.

Views

System view

Predefined user roles

network-admin

Parameters

domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters. For information about ISP domains, see AAA in Security Configuration Guide.

Usage guidelines

You must configure this command when remote authentication is configured. If the remote authentication succeeds, the AC accepts the AP. If it does not succeed, the AC rejects the AP.

Examples

# Configure the authentication domain as office for auto AP authentication.

<Sysname> system-view

[Sysname] wlan ap-authentication domain office

wlan ap-authentication enable

Use wlan ap-authentication enable to enable auto AP authentication.

Use undo wlan ap-authentication enable to restore the default.

Syntax

wlan ap-authentication enable

undo wlan ap-authentication enable

Default

Auto AP authentication is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Auto AP authentication only takes effect on auto APs that have not come online. It does not take effect on online auto APs, manual APs, and manual APs converted from auto APs.

Auto AP authentication does not take effect on online auto APs.

Examples

# Enable auto AP authentication.

<Sysname> system-view

[Sysname] wlan ap-authentication enable

wlan ap-authentication import

Use wlan ap-authentication import to import an authentication file and generate corresponding ACL permit rules for auto AP authentication.

Syntax

wlan ap-authentication import file-name

Views

System view

Predefined user roles

network-admin

Parameters

file-name: Specifies the name of an auto AP authentication file. It is a case-insensitive string of 1 to 32 characters and must have extension .txt.

Usage guidelines

An auto AP authentication file contains either the MAC address or serial ID of auto APs but not both of them. The MAC addresses must be in the format of HH-HH-HH-HH-HH-HH. MAC addresses and serial IDs are comma-separated.

Before you execute this command, make sure the following tasks are completed:

· Use the wlan ap-authentication acl command to specify an ACL.

The generated permit rules will be added to the ACL.

· Use the wlan ap-authentication method command to specify an auto AP authentication method.

The ACL rules are generated according to the authentication method. Make sure the authentication file format is consistent with the authentication method.

Examples

# Import auto AP authentication file office.txt to generate ACL permit rules in ACL 200.

<Sysname> system-view

[Sysname] acl number 200

[Sysname-acl-ap-200] quit

[Sysname] wlan ap-authentication acl 200

[Sysname] wlan ap-authentication import office.txt

Related commands

wlan ap-authentication acl

wlan ap-authentication method

Use wlan ap-authentication method to specify an auto AP authentication method.

Use undo wlan ap-authentication method to restore the default.

Syntax

wlan ap-authentication method { mac-address | serial-id }

undo wlan ap-authentication method

Default

Auto APs are authenticated by MAC address.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the MAC address authentication method.

serial-id: Specifies the serial ID authentication method.

Examples

# Authenticate auto APs by AP serial ID.

<Sysname> system-view

[Sysname] wlan ap-authentication method serial-id

wlan ap-authentication permit-unauthenticated

Use wlan ap-authentication permit-unauthenticated to enable unauthenticated auto APs to associate with the AC.

Use undo wlan ap-authentication permit-unauthenticated to disable unauthenticated auto APs from associating with the AC.

Syntax

wlan ap-authentication permit-unauthenticated

undo wlan ap-authentication permit-unauthenticated

Default

Unauthenticated auto APs are allowed to associate with the AC, but they cannot provide wireless services.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Unauthenticated auto APs are auto APs that do not match an ACL rule in local authentication. Unauthenticated auto APs can associate with the AC but cannot provide wireless services. You can use the undo wlan ap-authentication permit-unauthenticated command to log off all unauthenticated auto APs.

Examples

# Disable unauthenticated auto APs from associating with the AC.

<Sysname> system-view

[Sysname] undo wlan ap-authentication permit-unauthenticated

wlan apdb

Use wlan apdb to configure the mapping between a software version and a hardware version of an AP model.

Use undo wlan apdb to restore the default.

Syntax

wlan apdb model-name hardware-version software-version

undo wlan apdb model-name hardware-version

Default

The software version for a hardware version of an AP model is the software version that is stored in APDB user scripts.

Views

System view

Predefined user roles

network-admin

Parameters

model-name: Specifies an AP model name in the APDB.

hardware-version: Specifies a hardware version in the APDB.

software-version: Specifies an AP software version, a case-insensitive string of 1 to 31 characters.

Usage guidelines

CAUTION:

To avoid CAPWAP tunnel establishment failure, use this command under the guidance of H3C Support.

This command is used together with the software upgrade feature for software version consistency check during software upgrade.

Use this command only when the software version you expect for an AP is inconsistent with the software version specified for the AP model stored in the APDB.

Examples

# Configure the mapping between software version E2108 and hardware version Ver.C of AP model WA4320i-ACN.

<Sysname> system-view

[Sysname] wlan apdb WA4320i-ACN Ver.C E2108

Related commands

firmware-upgrade

wlan apdb file

Use wlan apdb file to load an APDB user script.

Use undo wlan apdb file to delete an APDB user script.

Syntax

wlan apdb file user.apdb

undo wlan apdb file

Default

No APDB user script is loaded.

Views

System view

Predefined user roles

network-admin

Parameters

user.apdb: Specifies an APDB user profile by its name, a case-sensitive string of 1 to 63 characters. apdb is the filename extension.

Usage guidelines

When you load an APDB user script, follow these restrictions and guidelines:

· Make sure the user script is valid. Invalid scripts can cause loading failure.

· The AP models in the user script must be different from the AP models in the system script.

· If you load multiple user scripts on the AC, the most recently loaded user script overwrites the old user scripts.

· If you rename the user script in the file system, reload the user script to prevent AP model configuration in the user script from being lost after an AC reboot.

· If you replace the user script with a new user script in the file system, reload the new user script. If the new user script does not include AP model information saved in the replaced user script, the AP model information will be lost after an AC reboot.

· If you delete a user script in the file system, the AP model configuration in the user script will be lost after an AC reboot.

If an old user script already exists, follow these restrictions and guidelines when you load an APDB user script:

· If a manual AP or an online auto AP whose model is listed in the old user script exists ,you can load a new user script only when you delete the corresponding AP model information on the AC.

· If APs of an AP model listed in the old user script have been added to an AP group, you can load a new user script only when you remove the APs from the AP group.

· If the old user script includes an AP model whose software version was already configured, you can load a new user script only when you use the wlan apdb command to restore the original software version.

Examples

# Load user script user.apdb.

<Sysname> system-view

[Sysname] wlan apdb file user.apdb

Related commands

wlan apdb

wlan ap-group

Use wlan ap-group to create an AP group and enter its view, or enter the view of an existing AP group.

Use undo wlan ap-group to delete an AP group.

Syntax

wlan ap-group group-name

undo wlan ap-group group-name

Default

The default AP group default-group exists, and it cannot be deleted.

Views

System view

Predefined user roles

network-admin

Parameters

group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.

Examples

# Create an AP group named group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1]

Related commands

display wlan ap-group

wlan auto-ap enable

Use wlan auto-ap enable to enable the auto AP feature.

Use undo wlan auto-ap enable to disable the auto AP feature.

Syntax

wlan auto-ap enable

undo wlan auto-ap enable

Default

The auto AP feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables an AP to connect to an AC without manual AP configuration. It simplifies configuration when you deploy a large number of APs in a WLAN.

To configure an auto AP, you must use auto-AP persistence to convert the auto AP to a manual AP or configure it through an AP group.

Examples

# Enable the auto AP feature.

<Sysname> system-view

[Sysname] wlan auto-ap enable

wlan auto-ap persistent

Use wlan auto-ap persistent to convert online auto APs to manual APs.

Syntax

wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ] }

Views

System view

Predefined user roles

network-admin

Parameters

all: Specifies all online auto APs. If you specify this keyword, the command converts all online auto APs to manual APs with AP names unchanged.

auto-ap-name: Specifies an online auto AP.

new-ap-name: Specifies a new name for the AP, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-). If you do not specify this argument, the converted manual AP uses the name of the auto AP.

Examples

# Convert the auto AP whose MAC address is 0001-ab12-cd36 to manual AP ap2.

<Sysname> system-view

[Sysname] wlan auto-ap persistent name 0001-ab12-cd36 ap2

wlan auto-persistent enable

Use wlan auto-persistent enable to convert auto APs to manual APs after they come online.

Use undo wlan auto-persistent enable to restore the default.

Syntax

wlan auto-persistent enable

undo wlan auto-persistent enable

Default

Auto AP conversion is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only on auto APs that come online after you execute this command. For auto APs that are already online, use the wlan auto-ap persistent command to convert them to manual APs.

Examples

# Enable auto AP conversion.

<Sysname> system-view

[Sysname] wlan auto-persistent enable

wlan capwap discovery-policy unicast

Use wlan capwap discovery-policy unicast to enable an AC to respond only to unicast discovery requests.

Use undo wlan capwap discovery-policy to disable an AC to respond only to unicast discovery requests.

Syntax

wlan capwap discovery-policy unicast

undo wlan capwap discovery-policy

Default

An AC can respond to unicast, multicast, and broadcast discovery requests.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the AC to respond only to unicast discovery requests.

<Sysname> system-view

[Sysname] wlan capwap discovery-policy unicast

wlan detect-anomaly enable

Use wlan detect-anomaly enable to enable service anomaly detection.

Use undo wlan detect-anomaly enable to restore the default.

Syntax

wlan detect-anomaly enable

undo wlan detect-anomaly enable

Default

Service anomaly detection is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AC to check service status and start a reboot timer upon detecting that no APs are associated with the AC. When the reboot timer (10 minutes) expires, the AC restarts. If an AP comes online on the AC before the reboot timer expires, the AC deletes the timer.

Examples

# Enable service anomaly detection.

<Sysname> system-view

[Sysname] wlan detect-anomaly enable

wlan global-configuration

Use wlan global-configuration to enter global configuration view.

Syntax

wlan global-configuration

Views

System view

Predefined user roles

network-admin

Usage guidelines

The configuration priorities for an AP in AP view, AP group view, and global configuration view are in descending order. If no settings are configured in one view, the settings in the view with a lower priority are used. If no settings are configured in any one of the three views, the AP uses the default configuration in the view that has the lowest priority.

Examples

# Enter global configuration view.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration]

wlan image-load filepath

Use wlan image-load filepath to specify the preferred location for the AC to obtain an AP image file for software version assignment.

Use undo wlan image-load filepath to restore the default.

Syntax

wlan image-load filepath { local | ram }

undo wlan image-load filepath

Default

The AC prefers the AP image file stored in the RAM when assigning a software version to APs.

Views

System view

Predefined user roles

network-admin

Parameters

local: Specifies the local folder as the preferred location to obtain an AP image file. If the local folder does not contain an AP image file, the AC obtains the AP image file from the RAM. If the RAM does not contain an AP image file, the AC fails to obtain an AP image file.

ram: Specifies the RAM as the preferred location to obtain an AP image file. If the RAM does not contain an AP image file, the AC obtains the AP image file from the local folder. If the local folder does not contain an AP image file, the AC fails to obtain an AP image file.

Usage guidelines

The AC image file contains AP image files. The AC reads the AP image files into the RAM when it starts.

Specify the local keyword only when the following conditions are met:

· The required AP image file is not contained in the AC's image file.

· The software version an AP uses when it comes online has been specified using the wlan apdb command.

When you specify the local keyword, make sure the AC uses a CF card as the default file system and the AP image file is stored in the root directory of the file system on the AC.

The AC can assign only .ipe AP image files to APs.

Examples

# Specify the local folder as the preferred location to obtain an AP image file for AP software version assignment.

<Sysname> system-view

[Sysname] wlan image-load filepath local

wlan re-group

Use wlan re-group to move an AP grouping rule or a list of AP grouping rules to the specified AP group.

Syntax

wlan re-group { ap ap-name | ap-group old-group-name | mac-address mac-address | serial-id serial-id } group-name

Views

System view

Predefined user roles

network-admin

Parameters

ap ap-name: Specifies an AP grouping rule by AP names.

ap-group old-group-name: Specifies the source AP group. The source AP group cannot be the default AP group.

mac-address mac-address: Specifies an AP grouping rule by MAC addresses.

serial-id serial-id: Specifies an AP grouping rule by serial IDs.

group-name: Specifies the target AP group. The target AP group cannot be the default AP group.

Examples

# Create an AP group named group1, and create AP grouping rules by AP names to add APs ap1, ap2, and ap3 to AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap ap1 ap2 ap3

[Sysname-wlan-ap-group-group1] quit

# Create an AP group named group2, and move an AP grouping rule by AP names to AP group group2.

[Sysname] wlan ap-group group2

[Sysname-wlan-ap-group-group2] quit

[Sysname] wlan re-group ap ap1 group2

wlan rename-ap

Use wlan rename-ap to rename a manual AP.

Syntax

wlan rename-ap ap-name new-ap-name

Views

System view

Predefined user roles

network-admin

Parameters

ap-name: Specifies a manual AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

new-ap-name: Specifies a new AP name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Change the name of AP ap1 to ap1-office.

<Sysname> system-view

[Sysname] wlan rename-ap ap1 ap1-office

wlan tcp mss

Use wlan tcp mss to set the maximum TCP segment size (TCP MSS) for CAPWAP tunnels.

Use undo wlan tcp mss to restore the default.

Syntax

wlan tcp mss value

undo wlan tcp mss

Default

The TCP MSS is 1460 bytes for CAPWAP tunnels.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the TCP MSS in bytes in the range of 128 to 2048.

Usage guidelines

This command sets the value of the MSS option in SYN packets transmitted over a CAPWAP tunnel.

The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the size of a TCP segment is smaller than or equal to the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, TCP fragments the segment based on the receiver's MSS.

Examples

# Set the TCP MSS to 2000 bytes for CAPWAP tunnels.

<Sysname> system-view

[Sysname] wlan tcp mss 2000

Radio management commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

a-mpdu

Use a-mpdu enable to enable the A-MPDU aggregation method.

Use a-mpdu disable to disable the A-MPDU aggregation method.

Use undo a-mpdu to restore the default.

Syntax

a-mpdu { disable | enable }

undo a-mpdu

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the A-MPDU aggregation method is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Disable the A-MPDU aggregation method for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] a-mpdu disable

# Disable the A-MPDU aggregation method for radio 1 of APs with model WA4320i-ACN in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] a-mpdu disable

a-msdu

Use a-msdu enable to enable the A-MSDU aggregation method.

Use a-msdu disable to disable the A-MSDU aggregation method.

Use undo a-msdu to restore the default.

Syntax

a-msdu { disable | enable }

undo a-msdu

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the A-MSDU aggregation method is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The device can receive but cannot send A-MSDUs.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Disable the A-MSDU aggregation method for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] a-msdu disable

# Disable the A-MSDU aggregation method for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] a-msdu disable

ani

Use ani enable to enable Adaptive Noise Immunity (ANI).

Use ani disable to disable ANI.

Use undo ani to restore the default.

Syntax

ani { disable | enable }

undo ani

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, ANI is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

ANI enables the device to adjust the anti-noise level based on the environment to reduce interference from the surrounding environment.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable ANI for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] ani enable

# Enable ANI for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] ani enable

antenna type

Use antenna type to set the antenna type for an AP.

Use undo antenna type to restore the default.

Syntax

antenna type antenna-type

undo antenna type

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the default antenna type for an AP varies by device model.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

antenna-type: Specifies an antenna type, a string of 1 to 10 characters. Antenna types supported by an AP vary by device model.

Usage guidelines

Perform this task to set the antenna type for an AP. The antenna type setting for an AP must be consistent with the type of the antenna used on the AP.

To ensure that the Effective Isotropic Radiated Power (EIRP) is within the correct range, the antenna gain automatically changes after you set the antenna type.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the antenna type to internal for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] antenna type internal

# Set the antenna type to internal for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] antenna type internal

beacon-interval

Use beacon-interval to set the beacon interval.

Use undo beacon-interval to restore the default.

Syntax

beacon-interval interval

undo beacon-interval

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the beacon interval is 100 Time Units (TUs).

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

interval: Specifies the beacon interval in the range of 32 to 8191 TUs.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the beacon interval to 1000 TUs for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] beacon-interval 1000

# Set the beacon interval to 1000 TUs for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] beacon-interval 1000

channel

Use channel to specify a working channel for a radio.

Use undo channel to restore the default.

Syntax

channel { channel-number | auto { lock | unlock } }

undo channel [ auto ]

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the AC automatically selects a channel for a radio and the channel is unlocked.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

channel-number: Specifies a channel by its number. The value range for this argument varies by country code and radio mode.

auto lock: Configures the AC to automatically select a channel for a radio and lock the channel.

auto unlock: Configures the AC to automatically select a channel for a radio and not lock the channel.

Usage guidelines

When radar signals are detected on the working channel of a radio, one of the following events occurs:

· If the channel is automatically assigned, the radio changes its channel.

· If the channel is manually specified, the radio changes its channel, and switches back to the specified channel after 30 minutes and then starts the quiet timer. If no radar signals are detected within the quiet time, the radio starts to use the channel. If radar signals are detected within the quiet time, the radio changes it channel again.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Specify working channel 149 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] channel 149

# Specify working channel 149 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel 149

channel auto-select

Use channel auto-select to configure the channel selection blacklist or whitelist.

Use undo channel auto-select to remove the specified channels from the channel selection blacklist or whitelist.

Syntax

channel auto-select { blacklist | whitelist } channel-number

undo channel auto-select { blacklist | whitelist } { all | channel-number }

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, no channel selection blacklist or whitelist exists

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

blacklist: Adds channels to the channel selection blacklist. An AP will not select channels in the blacklist.

whitelist: Adds channels to the channel selection whitelist. An AP will only select channels in the whitelist.

channel-number: Specifies channels by their channel numbers. The value range for this argument varies by country code and radio mode.

all: Specifies all channels in the channel selection blacklist or whitelist.

Usage guidelines

You cannot configure both the channel selection blacklist and whitelist for the same AP.

This command takes effect only on APs operating in auto channel selection mode.

Examples

# Add channels 149, 153, and 157 to the channel selection whitelist for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] channel auto-select whitelist 149 153 157

# Add channels 149, 153, and 157 to the channel selection whitelist for APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel auto-select whitelist 149 153 157

Related commands

channel

channel band-width

Use channel band-width to set the bandwidth mode.

Use undo channel band-width to restore the default.

Syntax

channel band-width { 20 | 40 [ auto-switch ] | 80 | { 160 | dual-80 } [ secondary-channel channel-number ] }

undo channel band-width

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the bandwidth mode is 80 MHz for 802.11ac radios, 40 MHz for 802.11an radios, and 20 MHz for 802.11gn radios.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

20: Sets the bandwidth mode to 20 MHz.

40: Sets the bandwidth mode to 40 MHz.

80: Sets the bandwidth mode to 80 MHz.

auto-switch: Allows a radio to switch its bandwidth mode between 20 MHz and 40 MHz. This keyword is applicable only to 802.11gn radios.

160: Sets the bandwidth mode to 160 MHz. Support for this keyword depends on the device model.

dual-80: Sets the bandwidth mode to 80+80 MHz. Support for this keyword depends on the device model.

secondary-channel channel-number: Specifies the secondary channel for the 160 MHz or 80+80 MHz bandwidth mode. Support for this option depends on the device model.

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. When you change the mode of a radio, the default setting of this command for the new radio mode is restored.

The radio uses the specified 40/80/160 MHz bandwidth if adjacent channels can be bound to form a 40/80/160 channel. If adjacent channels cannot form a 40/80/160 channel, the radio uses the next available bandwidth less than the specified one.

For example, the bandwidth mode is set to 80 MHz. The radio uses the 80 MHz bandwidth if adjacent channels that can be bound together exist. If adjacent channels that can be bound to an 80 MHz channel do not exist, but two adjacent channels that can be bound to a 40 MHz channel exist, the 40 MHz bandwidth is used. If no adjacent channels that can be bound together exist, the radio uses the 20 MHz bandwidth.

When the bandwidth mode is set to 80+80 MHz, the radio uses the 160 MHz bandwidth if two adjacent 80 MHz channels that can be bound together exist. If a 160 MHz channel cannot be formed but two non-adjacent 80 MHz channels are available, the radio uses the two 80 MHz channels to achieve the 160 MHz bandwidth.

If the working channel is specified, you can specify the secondary 80 MHz channel for the 160 MHz or 80+80 MHz bandwidth mode. If no working channel is specified, the device automatically selects a secondary channel. The working channel forwards all packets and the secondary channel forwards only data packets.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the bandwidth mode to 40 MHz for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] channel band-width 40

# Set the bandwidth mode to 40 MHz for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel band-width 40

# Set the bandwidth mode to 160 MHz for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[System-wlan-ap-ap1-radio-1] type dot11ac

[Sysname-wlan-ap-ap1-radio-1] channel band-width 160

# Set the bandwidth mode to 160 MHz for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11ac

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel band-width 160

# Set the bandwidth mode to 80+80 MHz and set the secondary channel to 36 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[System-wlan-ap-ap1-radio-1] type dot11ac

[Sysname-wlan-ap-ap1-radio-1] channel 149

[Sysname-wlan-ap-ap1-radio-1] channel band-width dual-80 secondary-channel 36

# Set the bandwidth mode to 80+80 MHz and set the secondary channel to 36 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11ac

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel 149

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel band-width dual-80 secondary-channel 36

Related commands

channel

channel-usage measure

Use channel-usage measure to perform on-demand channel usage measurement.

Syntax

channel-usage measure

Views

Radio view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AP to scan supported channels and display the channel usage after measurement. The measurement of each channel takes about one second.

Examples

# Perform on-demand channel usage measurement on radio 2 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] channel-usage measure

Please wait......Done.

Channel Usage

1 63%

2 61%

3 55%

4 45%

5 64%

6 74%

7 66%

8 48%

9 35%

10 38%

11 54%

12 30%

13 72%

client dot11ac-only

Use client dot11ac-only enable to enable the client dot11ac-only feature.

Use client dot11ac-only disable to disable the client dot11ac-only feature.

Use undo client dot11ac-only to restore the default.

Syntax

client dot11ac-only { disable | enable }

undo client dot11ac-only

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the client dot11ac-only feature is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11ac radios. Changing the radio mode invalidates the command.

After you configure this command on a radio, the radio accepts only 802.11ac clients, and all non-802.11ac clients that are associated with the radio are logged off.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable the client dot11ac-only feature for AP ap1.

<System> system-view

[System] wlan ap ap1 model WA2620-WiNet

[System-wlan-ap-ap1] radio 1

[System-wlan-ap-ap1-radio-1] type dot11ac

[System-wlan-ap-ap1-radio-1] client dot11ac-only enable

# Enable the client dot11ac-only feature for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] client dot11ac-only enable

Related commands

dot11ac mandatory maximum-nss

client dot11b-forbidden

Use client dot11b-forbidden enable to disable access services for 802.11b clients.

Use client dot11b-forbidden disable to enable access services for 802.11b clients.

Use undo client dot11b-forbidden to restore the default.

Syntax

client dot11b-forbidden { disable | enable }

undo client dot11b-forbidden

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, access services for 802.11b clients are enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

Enabling an 802.11g or 802.11gn radio to reject 802.11b clients reduces the impact of low-speed 802.11b clients and speeds up wireless data transmission.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Configure AP ap1 to reject 802.11b clients.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] client dot11b-forbidden enable

# Configure AP group apgroup1 to reject 802.11b clients.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-model-WA2620-WiNet] radio 2

[Sysname-wlan-ap-group-apgroup1-model-WA2620-WiNet-radio-2] client dot11b-forbidden enable

client dot11n-only

Use client dot11n-only enable to enable the client dot11n-only feature.

Use client dot11n-only disable to disable the client dot11n-only feature.

Use undo client dot11n-only to restore the default.

Syntax

client dot11n-only { disable | enable }

undo client dot11n-only

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the client dot11n-only feature is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

After you configure this command on a radio, the radio accepts only the 802.11n and 802.11ac clients, and all 802.11a/b/g clients that are associated with the radio are logged off.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable the client dot11n-only feature for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] client dot11n-only enable

# Enable the client dot11n-only feature for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client dot11n-only enable

client max-count

Use client max-count to set the maximum number of clients that can associate with an AP.

Use undo client max-count to restore the default.

Syntax

client max-count max-number

undo client max-count

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, no limit is set for the number of clients that can associate with an AP.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of clients that can associate with an AP. The value range depends on the AP model.

Usage guidelines

When the maximum number of clients is reached on an AP, the AP stops accepting new clients.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum number of clients that can associate with an AP to 38 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] client max-count 38

# Set the maximum number of clients that can associate with an AP to 38 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client max-count 38

continuous-mode

Use continuous-mode to enable the continuous mode for a radio.

Use undo continuous-mode to restore the default.

Syntax

continuous-mode { mcs mcs-index | nss nss-index vht-mcs vhtmcs-index | rate rate-value }

undo continuous-mode

Default

The continuous mode is disabled.

Views

Radio view

Predefined user roles

network-admin

Parameters

mcs mcs-index: Specifies the MCS index in the range of 0 to 76. This option applies only to 802.11n and 802.11ac radios.

nss nss-index vht-mcs vhtmcs-index: Specifies the VHT-MCS index. The value ranges for the nss-index and vhtmcs-index arguments are 1 to 8 and 0 to 9, respectively. This option applies only to 802.11ac radios.

rate rate-value: Specifies the transmit rate in Mbps. This option applies to all radio types.

Usage guidelines

This feature is used for network testing only. Do not use it under any other circumstances.

It enables continuous data packet sending at the specified rate. When the feature is enabled, do not perform any other operations except changing the transmit rate.

Examples

# Enable the continuous mode and set the transmit rate to 6 Mbps.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] continuous-mode rate 6

Related commands

display wlan ap continuous-mode

custom-antenna gain

Use custom-antenna gain to set the antenna gain.

Use undo custom-antenna gain to restore the default.

Syntax

custom-antenna gain antenna-gain

undo custom-antenna gain

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the antenna gain is 0 dBi.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

antenna-gain: Specifies the antenna gain in the range of 0 to 20 dBi.

Usage guidelines

This command is applicable only when an AP uses a third-party antenna.

Effective Isotropic Radiated Power (EIRP) is the actual transmit power of an antenna, and it is the sum of the antenna gain and the maximum transmit power of the radio. If the configured antenna gain causes the EIRP to exceed the threshold, the antenna gain configuration fails.

Make sure the antenna gain setting is the same as the gain of the antenna used on the AP.

Changing the radio mode automatically changes the antenna gain.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the antenna gain to 2 dBi for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] custom-antenna gain 2

# Set the antenna gain to 2 dBi for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] custom-antenna gain 2

display wlan ap continuous-mode

Use display wlan ap continuous-mode to display information about the continuous mode.

Syntax

display wlan ap { all | name ap-name } continuous-mode

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

Examples

# Display information about the continuous mode for radios on AP ap1.

<Sysname> display wlan ap name ap1 continuous-mode

AP name Radio ID Radio type Rate Mcs-Index Nss Vht-mcs

ap1 1 802.11a 6 N/A N/A N/A

Table 17 Command output

Field	Description
Mcs-Index	MCS index.
Nss	NSS index.
Vht-mcs	VHT-MCS index.

Related commands

continuous-mode

display wlan ap radio

Use display wlan ap radio to display AP radio information.

Syntax

display wlan ap { all | name ap-name } radio [ frequency-band { 5 | 2.4 } ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

frequency-band: Specifies a frequency band.

5: Specifies the 5 GHz frequency band.

2.4: Specifies the 2.4 GHz frequency band.

Examples

# Display radio information for all APs.

<Sysname> display wlan ap all radio

Total number of APs: 1

Total number of connected APs: 1

Total number of connected manual APs: 1

Total number of connected auto APs: 0

Total number of connected common APs: 1

Total number of connected WTUs: 0

Total number of inside APs: 0

Maximum supported APs: 256

Remaining APs: 255

Total AP licenses: 128

Remaining AP licenses: 127

AP name RID State Channel Usage TxPower AntGain EIRP

(%) (dBm) (dBi) (dBm)

ap1 1 Up 149(auto) 10 20 10 30

ap1 2 Up 11(auto) 15 20 10 30

# Display 2.4 GHz radio information for AP ap1.

<Sysname> display wlan ap name ap1 radio frequency-band 2.4

AP name RID State Channel Usage TxPower AntGain EIRP

(%) (dBm) (dBi) (dBm)

ap1 2 Up 11(auto) 15 20 10 30

Table 18 Command output

Field	Description
Total number of inside APs	An inside AP is a manual AP automatically created for radio management when an anchor AP acts as an AC. The name and serial ID of the inside AP are the MAC address and serial ID of the anchor AP, respectively.
Maximum supported APs	Maximum number of supported APs, including fit APs and WTUs, on the AC.
Remaining APs	Remaining number of supported APs. The value equals the number of maximum supported APs minus the number of connected common APs and the number of connected WTUs.
Total AP licenses	Total number of AP licenses. Each WTU license is considered as 0.25 AP licenses.
Remaining AP licenses	Number of remaining AP licenses. Each AP occupies one AP license and each WTU occupies 0.25 AP licenses.
State	Radio state: · Up. · Down.
Usage	Channel usage.
TxPower (dBm)	Transmission power. By default, the maximum supported power is used to transmit packets.
AntGain (dBi)	Antenna gain.
EIRP (dBm)	Effective Isotropic Radiated Power.

display wlan ap radio channel

Use display wlan ap radio channel to display radio channel information.

Syntax

display wlan ap { all | name ap-name } radio channel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

Examples

# Display radio channel information for AP ap3.

<Sysname> display wlan ap name ap3 radio channel

AP name RID Channel Band-width CenterFreq

(MHz)

ap3 1 36(auto) 20/40/80/160/(80+80) 42/58

ap3 2 149 20/40/80 155

ap3 3 11(auto) 20 0

Table 19 Command output

Field	Description
Band-width (MHz)	Supported channel bandwidth.
CenterFreq	Central frequencies. This field is available only when the supported channel bandwidth reaches 80 MHz. This field displays the central frequencies for both the main and the secondary channels when 160 MHz or 80+80 MHz bandwidth is supported.

display wlan ap radio type

Use display wlan ap radio type to display radio type information.

Syntax

display wlan ap { all | name ap-name } radio type

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

Examples

# Display radio type information for AP ap1.

<Sysname> display wlan ap name ap1 radio type

AP name RID AP state Radio state Radio type

ap1 1 Up Up 802.11n(5GHz)

ap1 2 Up Down 802.11n(2.4GHz)

Table 20 Command output

Field	Description
AP state	AP state: · Up—The AP has established a CAPWAP tunnel with the AC. · Down—The AP has not established a CAPWAP tunnel with the AC.
Radio state	Radio state: · Up. · Down.

Field

Description

AP state

AP state:

· Up—The AP has established a CAPWAP tunnel with the AC.

· Down—The AP has not established a CAPWAP tunnel with the AC.

Radio state

Radio state:

· Up.

· Down.

display wlan ap radio-statistics

Use display wlan ap radio-statistics to display radio statistics.

Syntax

display wlan ap { all | name ap-name } radio-statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters.

Examples

# Display radio statistics for AP ap1.

<Sysname> display wlan ap name ap1 radio-statistics

Radio Statistics

--------------------------------------------------------------------------------

AP name: ap1 Radio ID: 1

--------------------------------------------------------------------------------

Transmitted frame statistics:

Total frames : 836532

Total frame bytes : 214040681

Unicast frames : 4

Unicast frame bytes : 900

Broadcast/Multicast frames : 836528

Broadcast/Multicast frame bytes : 214039781

Other frames : 0

Other frame bytes : 0

Discarded frames : 0

Failed RTS frames : 0

Retransmissions : 6

Successful RTS frames : 0

Retransmitted frames : 3

No-ACK frames : 1555

Authentication frames : 1

Association frames : 1

Packet statistics by size:

Smaller than or equal to 128 : 747

Between 128 and 512 (inclusive) : 85983

Between 512 and 1024 (inclusive) : 0

Larger than 1024 : 0

Packet statistics by rate:

1 Mbps : 0 2 Mbps : 0

5.5 Mbps : 0 6 Mbps : 0

9 Mbps : 0 11 Mbps : 0

12 Mbps : 0 18 Mbps : 0

24 Mbps : 880 36 Mbps : 0

48 Mbps : 0 54 Mbps : 0

Packet statistics by 802.11n rate:

6.5 Mbps : 0 7.2 Mbps : 0

13 Mbps : 0 13.5 Mbps : 0

14.4 Mbps : 0 15 Mbps : 0

19.5 Mbps : 0 21.7 Mbps : 0

26 Mbps : 0 27 Mbps : 0

28.9 Mbps : 0 29.3 Mbps : 0

30 Mbps : 0 32.5 Mbps : 0

39 Mbps : 0 40.5 Mbps : 0

43.3 Mbps : 0 45 Mbps : 0

52 Mbps : 0 54 Mbps : 0

57.8 Mbps : 0 58.5 Mbps : 0

60 Mbps : 0 65 Mbps : 0

72.2 Mbps : 0 78 Mbps : 1

81 Mbps : 0 86.7 Mbps : 0

87.8 Mbps : 0 90 Mbps : 0

97.5 Mbps : 0 104 Mbps : 3

108 Mbps : 0 115.6 Mbps : 0

117 Mbps : 0 120 Mbps : 0

121.5 Mbps : 0 130 Mbps : 0

135 Mbps : 0 144.4 Mbps : 0

150 Mbps : 0 156 Mbps : 0

162 Mbps : 0 173.3 Mbps : 0

175.5 Mbps : 0 180 Mbps : 0

195 Mbps : 0 200 Mbps : 0

216 Mbps : 0 216.7 Mbps : 0

234 Mbps : 0 240 Mbps : 0

243 Mbps : 0 260 Mbps : 0

263.3 Mbps : 0 270 Mbps : 0

288.9 Mbps : 0 292.5 Mbps : 0

300 Mbps : 0 324 Mbps : 0

325 Mbps : 0 351 Mbps : 0

360 Mbps : 0 364.5 Mbps : 0

390 Mbps : 0 400 Mbps : 0

405 Mbps : 0 433.3 Mbps : 0

450 Mbps : 0 468 Mbps : 0

486 Mbps : 0 520 Mbps : 0

526.5 Mbps : 0 540 Mbps : 0

585 Mbps : 0 600 Mbps : 0

650 Mbps : 0 702 Mbps : 0

780 Mbps : 0 866.7 Mbps : 0

877.5 Mbps : 0 975 Mbps : 0

1053 Mbps : 0 1170 Mbps : 0

1300 Mbps : 0

--------------------------------------------------------------------------------

Received frame statistics:

Total frames : 420815

Total frame bytes : 24112652

Unicast frames : 585

Unicast frame bytes : 15357

Broadcast/Multicast frames : 420230

Broadcast/Multicast frame bytes : 24097295

Fragmented frames : 0

Duplicate frames : 0

FCS failures : 474471639

Decryption errors : 0

Authentication frames : 1

Association frames : 1

Packet statistics by size:

Smaller than or equal to 128 : 420759

Between 128 and 512 (inclusive) : 54

Between 512 and 1024 (inclusive) : 0

Larger than 1024 : 0

Packet statistics by rate:

6 Mbps : 420115 9 Mbps : 0

12 Mbps : 0 18 Mbps : 0

24 Mbps : 0 36 Mbps : 1

48 Mbps : 0 54 Mbps : 2

Packet statistics by 802.11n rate:

6.5 Mbps : 0 7.2 Mbps : 0

13 Mbps : 0 13.5 Mbps : 0

14.4 Mbps : 0 15 Mbps : 0

19.5 Mbps : 0 21.7 Mbps : 0

26 Mbps : 0 27 Mbps : 0

28.9 Mbps : 0 29.3 Mbps : 0

30 Mbps : 0 32.5 Mbps : 0

39 Mbps : 0 40.5 Mbps : 0

43.3 Mbps : 0 45 Mbps : 0

52 Mbps : 1 54 Mbps : 2

57.8 Mbps : 0 58.5 Mbps : 17

60 Mbps : 0 65 Mbps : 10

72.2 Mbps : 0 78 Mbps : 48

81 Mbps : 0 86.7 Mbps : 70

87.8 Mbps : 0 90 Mbps : 0

97.5 Mbps : 0 104 Mbps : 87

108 Mbps : 0 115.6 Mbps : 170

117 Mbps : 130 120 Mbps : 0

121.5 Mbps : 0 130 Mbps : 140

135 Mbps : 0 144.4 Mbps : 22

150 Mbps : 0 156 Mbps : 0

162 Mbps : 0 173.3 Mbps : 0

175.5 Mbps : 0 180 Mbps : 0

195 Mbps : 0 200 Mbps : 0

216 Mbps : 0 216.7 Mbps : 0

234 Mbps : 0 240 Mbps : 0

243 Mbps : 0 260 Mbps : 0

263.3 Mbps : 0 270 Mbps : 0

288.9 Mbps : 0 292.5 Mbps : 0

300 Mbps : 0 324 Mbps : 0

325 Mbps : 0 351 Mbps : 0

360 Mbps : 0 364.5 Mbps : 0

390 Mbps : 0 400 Mbps : 0

405 Mbps : 0 433.3 Mbps : 0

450 Mbps : 0 468 Mbps : 0

486 Mbps : 0 520 Mbps : 0

526.5 Mbps : 0 540 Mbps : 0

585 Mbps : 0 600 Mbps : 0

650 Mbps : 0 702 Mbps : 0

780 Mbps : 0 866.7 Mbps : 0

877.5 Mbps : 0 975 Mbps : 0

1053 Mbps : 0 1170 Mbps : 0

1300 Mbps : 0

--------------------------------------------------------------------------------

Radio Statistics

--------------------------------------------------------------------------------

AP name: ap1 Radio ID: 2

--------------------------------------------------------------------------------

Transmitted frame statistics:

Total frames : 13134

Total frame bytes : 3259997

Unicast frames : 11

Unicast frame bytes : 3518

Broadcast/Multicast frames : 13123

Broadcast/Multicast frame bytes : 3256479

Other frames : 0

Other frame bytes : 0

Discarded frames : 0

Failed RTS frames : 0

Retransmissions : 58

Successful RTS frames : 0

Retransmitted frames : 11

No-ACK frames : 7541

Authentication frames : 14

Association frames : 8

Packet statistics by size:

Smaller than or equal to 128 : 1020

Between 128 and 512 (inclusive) : 11386

Between 512 and 1024 (inclusive) : 0

Larger than 1024 : 0

Packet statistics by rate:

1 Mbps : 0 2 Mbps : 0

5.5 Mbps : 0 6 Mbps : 0

9 Mbps : 0 11 Mbps : 1121

12 Mbps : 0 18 Mbps : 0

24 Mbps : 0 36 Mbps : 0

48 Mbps : 0 54 Mbps : 0

Packet statistics by 802.11n rate:

6.5 Mbps : 3 7.2 Mbps : 0

13 Mbps : 1 13.5 Mbps : 0

14.4 Mbps : 0 15 Mbps : 0

19.5 Mbps : 4 21.7 Mbps : 0

26 Mbps : 0 27 Mbps : 0

28.9 Mbps : 0 29.3 Mbps : 0

30 Mbps : 0 32.5 Mbps : 0

39 Mbps : 1 40.5 Mbps : 0

43.3 Mbps : 0 45 Mbps : 0

52 Mbps : 0 54 Mbps : 0

57.8 Mbps : 0 58.5 Mbps : 0

60 Mbps : 0 65 Mbps : 0

72.2 Mbps : 0 78 Mbps : 0

81 Mbps : 0 86.7 Mbps : 0

87.8 Mbps : 0 90 Mbps : 0

97.5 Mbps : 0 104 Mbps : 1

108 Mbps : 0 115.6 Mbps : 0

117 Mbps : 1 120 Mbps : 0

121.5 Mbps : 0 130 Mbps : 0

135 Mbps : 0 144.4 Mbps : 0

150 Mbps : 0 156 Mbps : 0

162 Mbps : 0 173.3 Mbps : 0

175.5 Mbps : 0 180 Mbps : 0

195 Mbps : 0 200 Mbps : 0

216 Mbps : 0 216.7 Mbps : 0

234 Mbps : 0 240 Mbps : 0

243 Mbps : 0 260 Mbps : 0

263.3 Mbps : 0 270 Mbps : 0

288.9 Mbps : 0 292.5 Mbps : 0

300 Mbps : 0 324 Mbps : 0

325 Mbps : 0 351 Mbps : 0

360 Mbps : 0 364.5 Mbps : 0

390 Mbps : 0 400 Mbps : 0

405 Mbps : 0 433.3 Mbps : 0

450 Mbps : 0 468 Mbps : 0

486 Mbps : 0 520 Mbps : 0

526.5 Mbps : 0 540 Mbps : 0

585 Mbps : 0 600 Mbps : 0

650 Mbps : 0 702 Mbps : 0

780 Mbps : 0 866.7 Mbps : 0

877.5 Mbps : 0 975 Mbps : 0

1053 Mbps : 0 1170 Mbps : 0

1300 Mbps : 0

--------------------------------------------------------------------------------

Received frame statistics:

Total frames : 32156

Total frame bytes : 3076192

Unicast frames : 1613

Unicast frame bytes : 102957

Broadcast/Multicast frames : 30543

Broadcast/Multicast frame bytes : 2973235

Fragmented frames : 0

Duplicate frames : 2

FCS failures : 9978084

Decryption errors : 0

Authentication frames : 14

Association frames : 8

Packet statistics by size:

Smaller than or equal to 128 : 25327

Between 128 and 512 (inclusive) : 6097

Between 512 and 1024 (inclusive) : 0

Larger than 1024 : 0

Packet statistics by rate:

1 Mbps : 28718 2 Mbps : 1895

5.5 Mbps : 284 6 Mbps : 29

9 Mbps : 12 11 Mbps : 0

12 Mbps : 10 18 Mbps : 24

24 Mbps : 11 36 Mbps : 5

48 Mbps : 4 54 Mbps : 0

Packet statistics by 802.11n rate:

6.5 Mbps : 45 7.2 Mbps : 0

13 Mbps : 53 13.5 Mbps : 0

14.4 Mbps : 0 15 Mbps : 0

19.5 Mbps : 120 21.7 Mbps : 0

26 Mbps : 136 27 Mbps : 0

28.9 Mbps : 0 29.3 Mbps : 0

30 Mbps : 0 32.5 Mbps : 0

39 Mbps : 59 40.5 Mbps : 0

43.3 Mbps : 0 45 Mbps : 0

52 Mbps : 17 54 Mbps : 0

57.8 Mbps : 0 58.5 Mbps : 20

60 Mbps : 0 65 Mbps : 4

72.2 Mbps : 0 78 Mbps : 0

81 Mbps : 0 86.7 Mbps : 0

87.8 Mbps : 0 90 Mbps : 0

97.5 Mbps : 0 104 Mbps : 0

108 Mbps : 0 115.6 Mbps : 0

117 Mbps : 0 120 Mbps : 0

121.5 Mbps : 0 130 Mbps : 0

135 Mbps : 0 144.4 Mbps : 0

150 Mbps : 0 156 Mbps : 0

162 Mbps : 0 173.3 Mbps : 0

175.5 Mbps : 0 180 Mbps : 0

195 Mbps : 0 200 Mbps : 0

216 Mbps : 0 216.7 Mbps : 0

234 Mbps : 0 240 Mbps : 0

243 Mbps : 0 260 Mbps : 0

263.3 Mbps : 0 270 Mbps : 0

288.9 Mbps : 0 292.5 Mbps : 0

300 Mbps : 0 324 Mbps : 0

325 Mbps : 0 351 Mbps : 0

360 Mbps : 0 364.5 Mbps : 0

390 Mbps : 0 400 Mbps : 0

405 Mbps : 0 433.3 Mbps : 0

450 Mbps : 0 468 Mbps : 0

486 Mbps : 0 520 Mbps : 0

526.5 Mbps : 0 540 Mbps : 0

585 Mbps : 0 600 Mbps : 0

650 Mbps : 0 702 Mbps : 0

780 Mbps : 0 866.7 Mbps : 0

877.5 Mbps : 0 975 Mbps : 0

1053 Mbps : 0 1170 Mbps : 0

1300 Mbps : 0

---------------------------------------------------------------------------------

Table 21 Command output

Field	Description
Transmitted frame statistics
Total frames	Total number of transmitted frames, including probe responses and beacon frames.
Total frame bytes	Total bytes of transmitted frames, including probe responses and beacon frames.
Unicast frames	Total number of transmitted unicast frames, excluding probe responses.
Unicast frame bytes	Total bytes of transmitted unicast frames, excluding probe responses.
Broadcast/Multicast frames	Total number of transmitted broadcast and multicast frames, excluding beacon frames.
Broadcast/Multicast frame bytes	Total bytes of transmitted broadcast and multicast frames, excluding beacon frames.
Others frames	Total number of other transmitted frames.
Others frame bytes	Total bytes of other transmitted frames.
Packet statistics by rate	Total number of packets classified by 802.11a/b/g rates.
Packet statistics by 802.11n rate	Total number of packets classified by 802.11n rates. This field is not available if the device does not support 802.11n.
Received frame statistics
Total frames	Total number of received frames.
Total frame bytes	Total bytes of received frames.
Unicast frames	Total number of received unicast frames.
Unicast frame bytes	Total bytes of received unicast frames.
Broadcast/Multicast frames	Total number of received broadcast and multicast frames.
Broadcast/Multicast frame bytes	Total bytes of received broadcast and multicast frames.
Fragmented frames	Total number of received fragmented frames.
FCS failures	Total number of received packets with FCS failures.
Decryption errors	Total number of received packets with decryption errors.

distance

Use distance to set the maximum transmission distance.

Use undo distance to restore the default.

Syntax

distance distance

undo distance

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the maximum transmission distance is 1 km (0.62 miles).

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

distance: Specifies the maximum transmission distance in the range of 1 to 40 km (0.62 to 24.86 miles).

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum transmission distance to 5 km (3.11 miles) for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] distance 5

# Set the maximum transmission distance to 5 km (3.11 miles) for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] distance 5

dot11ac mandatory maximum-nss

Use dot11ac mandatory maximum-nss to set the maximum mandatory NSS.

Use undo dot11ac mandatory maximum-nss to restore the default.

Syntax

dot11ac mandatory maximum-nss nss-number

undo dot11ac mandatory maximum-nss

Default

In radio view, the default settings are as follows:

· If the maximum supported NSS is set, no maximum mandatory NSS is set.

· If the maximum supported NSS is not set, a radio uses the configuration in AP group radio view.

In AP group radio view, no maximum mandatory NSS is set.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

nss-number: Specifies the maximum mandatory NSS in the range of 1 to 8.

Usage guidelines

This command is applicable only to 802.11ac radios. Changing the radio mode to non-802.11ac modes invalidates the command.

The maximum mandatory NSS cannot be greater than the maximum supported NSS.

After you modify the maximum mandatory NSS, clients that are associated with the radio and that do not support the modified NSS will go offline.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum mandatory NSS to 7 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11ac

[Sysname-wlan-ap-ap1-radio-1] dot11ac mandatory maximum-nss 7

# Set the maximum mandatory NSS to 7 for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] type dot11ac

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] dot11ac mandatory maximum-nss 7

Related commands

dot11ac support maximum-nss

dot11ac multicast-nss

Use dot11ac multicast-nss to set the multicast NSS and specify a VHT-MCS index.

Use undo dot11ac multicast-nss to restore the default.

Syntax

dot11ac multicast-nss nss-number vht-mcs index

undo dot11ac multicast-nss

Default

In radio view, the default settings are as follows:

· If the maximum supported NSS or the maximum mandatory NSS is set, no multicast NSS is set.

· If neither the maximum supported NSS nor the maximum mandatory NSS is set, a radio uses the configuration in AP group radio view.

In AP group radio view, no multicast NSS is set.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

nss-number: Specifies the multicast NSS in the range of 1 to 8.

Index: Specifies a VHT-MCS index in the range of 0 to 9.

Usage guidelines

This command is applicable only to 802.11ac radios. Changing the radio mode to non-802.11ac modes invalidates the command.

Before configuring this command, you must configure the dot11ac mandatory maximum-nss command.

The multicast NSS cannot be greater than the maximum mandatory NSS.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum mandatory NSS, multicast NSS, and VHT-MCS index for AP ap1 to 2, 2, and 2, respectively.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11ac

[Sysname-wlan-ap-ap1-radio-1] dot11ac mandatory maximum-nss 2

[Sysname-wlan-ap-ap1-radio-1] dot11ac multicast-nss 2 vht-mcs 2

# Set the maximum mandatory NSS, multicast NSS, and VHT-MCS index for AP group 2 to 2, 2, and 6, respectively.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] dot11ac mandatory maximum-nss 2

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] dot11ac multicast-nss 2 vht-mcs 2

Related commands

dot11ac mandatory maximum-nss

dot11ac support maximum-nss

Use dot11ac support maximum-nss to set the maximum supported NSS.

Use undo dot11ac support maximum-nss to restore the default.

Syntax

dot11ac support maximum-nss nss-number

undo dot11ac support maximum-nss

Default

In radio view, the default settings are as follows:

· If the maximum mandatory NSS is set, the maximum supported NSS is 8.

· If the maximum mandatory NSS is not set, a radio uses the configuration in AP group radio view.

In AP group radio view, the maximum supported NSS is 8.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

nss-number: Specifies the maximum supported NSS in the range of 1 to 8.

Usage guidelines

This command is applicable only to 802.11ac radios. Changing the radio mode to non-802.11ac modes invalidates the command.

The maximum supported NSS cannot be smaller than the maximum mandatory NSS.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum supported NSS to 7 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11ac

[Sysname-wlan-ap-ap1-radio-1] dot11ac support maximum-nss 7

# Set the maximum supported NSS to 7 for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] type dot11ac

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] dot11ac support maximum-nss 7

Related commands

dot11ac mandatory maximum-nss

dot11g protection

Use dot11g protection enable to enable 802.11g protection.

Use dot11g protection disable to disable 802.11g protection.

Use undo dot11g protection to restore the default.

Syntax

dot11g protection { disable | enable }

undo dot11g protection

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, 802.11g protection is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11g and 802.11n (2.4 GHz) radios. If you change the mode of a radio to a mode other than the three modes, 802.11g protection configuration is removed.

802.11g and 802.11n devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11b signals are detected on the channel.

802.11g protection automatically takes effect when 802.11b clients associate with an 802.11g or 802.11n (2.4 GHz) radio.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable 802.11g protection for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] type dot11gn

[Sysname-wlan-ap-ap1-radio-2] dot11g protection enable

# Enable 802.11g protection for the APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 2

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-2] type dot11gn

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-2] dot11g protection enable

Related commands

protection-mode

dot11n mandatory maximum-mcs

Use dot11n mandatory maximum-mcs to set the maximum mandatory MCS index.

Use undo dot11n mandatory maximum-mcs to restore the default.

Syntax

dot11n mandatory maximum-mcs index

undo dot11n mandatory maximum-mcs

Default

In radio view, the default settings are as follows:

· If the maximum supported MCS index is set, no maximum mandatory MCS index is set.

· If the maximum supported MCS index is not set, a radio uses the configuration in AP group radio view.

In AP group radio view, no maximum mandatory MCS index is set.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

index: Specifies the maximum mandatory MCS index in the range of 0 to 76.

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

Before configuring the dot11n multicast-mcs command, you must set the maximum mandatory MCS index.

After you modify the maximum mandatory MCS index, clients that are associated with the radio and that do not support the modified MCS index will go offline.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum mandatory MCS index to 14 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] dot11n mandatory maximum-mcs 14

# Set the maximum mandatory MCS index to 14 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n mandatory maximum-mcs 14

dot11n multicast-mcs

Use dot11n multicast-mcs to set the multicast MCS index.

Use undo dot11n multicast-mcs to restore the default.

Syntax

dot11n multicast-mcs index

undo dot11n multicast-mcs

Default

In radio view, the default settings are as follows:

· If the maximum mandatory MCS index or the maximum supported MCS index is set, no multicast MCS index is set.

· If neither the maximum mandatory MCS index nor the maximum supported MCS index is set, a radio uses the configuration in AP group radio view.

In AP group radio view, no multicast MCS index is set.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

index: Specifies the multicast MCS index in the range of 0 to 76.

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The multicast MCS index takes effect only when the radio associates only with 802.11n and 802.11ac clients.

If 802.11a/b/g clients exist, the AP and clients use the 802.11a/b/g multicast rate to multicast packets.

The multicast MCS index maps to a rate in 20 MHz bandwidth mode regardless of whether the bandwidth mode is 20 MHz or 40 MHz.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the multicast MCS index to 14 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] dot11n mandatory maximum-mcs 15

[Sysname-wlan-ap-ap1-radio-1] dot11n multicast-mcs 14

# Set the multicast MCS index to 14 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n mandatory maximum-mcs 14

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n multicast-mcs 14

dot11n protection

Use dot11n protection enable to enable 802.11n protection.

Use dot11n protection disable to disable 802.11n protection.

Use undo dot11n protection to restore the default.

Syntax

dot11n protection { disable | enable }

undo dot11n protection

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, 802.11n protection is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. If you change the mode of a radio to a mode other than the three modes, the 802.11n protection configuration is removed.

802.11n and 802.11ac devices send RTS/CTS or CTS-to-self packets before sending data only when 802.11a/b/g signals are detected on the channel.

802.11n protection automatically takes effect when 802.11a/b/g clients associate with an 802.11n or 802.11ac radio.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable 802.11n protection for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] dot11n protection enable

# Enable 802.11n protection for the APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n protection enable

Related commands

protection-mode

dot11n support maximum-mcs

Use dot11n support maximum-mcs to set the maximum supported MCS index.

Use undo dot11n support maximum-mcs to restore the default.

Syntax

dot11n support maximum-mcs index

undo dot11n support maximum-mcs

Default

In radio view, the default settings are as follows:

· If the maximum mandatory MCS index is set, the maximum supported MCS index is 76.

· If the maximum mandatory MCS index is not set, a radio uses the configuration in AP group radio view.

In AP group radio view, the maximum supported MCS index is 76.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

index: Specifies the maximum supported MCS index in the range of 0 to 76.

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The maximum supported MCS index cannot be smaller than the maximum mandatory MCS index.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum supported MCS index to 14 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] dot11n support maximum-mcs 14

# Set the maximum supported MCS index to 14 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dot11n support maximum-mcs 14

dtim

Use dtim to set the Delivery Traffic Indication Map (DTIM) interval.

Use undo dtim to restore the default.

Syntax

dtim counter

undo dtim

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the DTIM interval is 1, and an AP sends buffered broadcast and multicast frames after every beacon frame.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

counter: Specifies the DTIM interval in the range of 1 to 31.

Usage guidelines

An AP periodically broadcasts a beacon compliant with the DTIM. After the AP broadcasts the beacon, it sends buffered broadcast and multicast frames based on the value of the DTIM interval. For example, if you set the DTIM interval to 5, the AP sends buffered broadcast and multicast frames every five beacon frames.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the DTIM interval to 5 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] dtim 5

# Set the DTIM interval to 5 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] dtim 5

fragment-threshold

Use fragment-threshold to set the frame fragmentation threshold.

Use undo fragment-threshold to restore the default.

Syntax

fragment-threshold size

undo fragment-threshold

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the fragmentation threshold is 2346 bytes.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

size: Specifies the fragmentation threshold in the range of 256 to 2346 bytes. The value for this argument must be an even number.

Usage guidelines

Frames larger than the fragmentation threshold are fragmented before transmission. Frames smaller than the fragmentation threshold are transmitted without fragmentation.

In a WLAN with great interference, decrease the fragmentation threshold and set the MTU (ip mtu command) of packets sent over the radio to be lower than the fragmentation threshold. This improves the network throughput and efficiency.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the fragmentation threshold to 2048 bytes for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] fragment-threshold 2048

# Set the fragmentation threshold to 2048 bytes for the APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] fragment-threshold 2048

green-energy-management

Use green-energy-management enable to enable the energy-saving feature.

Use green-energy-management disable to disable the energy-saving feature.

Use undo green-energy-management to restore the default.

Syntax

green-energy-management { disable | enable }

undo green-energy-management

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the energy-saving feature is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

After you enable the energy-saving feature, the multiple-input and multiple-output (MIMO) mode of a radio automatically changes to 1x1 if no clients associate with the radio. This reduces power consumption.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable the energy-saving feature for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] green-energy-management enable

# Enable the energy-saving feature for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] green-energy-management enable

ldpc

Use ldpc enable to enable LDPC.

Use ldpc disable to disable LDPC.

Use undo ldpc to restore the default.

Syntax

ldpc { disable | enable }

undo ldpc

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, LDPC is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The device can receive but cannot send LDPC packets.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Disable LDPC for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] ldpc disable

# Disable LDPC for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] ldpc disable

long-retry threshold

Use long-retry threshold to set the hardware retransmission limit for large frames.

Use undo long-retry threshold to restore the default.

Syntax

long-retry threshold count

undo long-retry threshold

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the hardware retransmission limit is 4 for large frames.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

count: Specifies the hardware retransmission limit for large frames, in the range of 1 to 15.

Usage guidelines

Perform this task to set the hardware retransmission limit for frames larger than the RTS threshold.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the hardware retransmission limit for large frames to 5 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] long-retry threshold 5

# Set the hardware retransmission limit for large frames to 5 for the APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] long-retry threshold 5

Related commands

protection-threshold

short-retry threshold

max-power

Use max-power to set the maximum transmit power.

Use undo max-power to restore the default.

Syntax

max-power radio-power

undo max-power

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the AP uses the maximum supported transmit power.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

radio-power: Specifies the maximum transmit power. The value range for this argument varies by device model.

Usage guidelines

The transmit power range supported by a radio varies by country code, channel, AP model, radio mode, antenna type, and bandwidth mode. If you change these attributes for a radio after you set the maximum transmit power, the configured maximum transmit power might be out of the supported transmit power range. If this happens, the system automatically adjusts the maximum transmit power to a valid value.

If you enable power lock, the locked power becomes the maximum transmit power.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum transmit power to 15 dBm for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] max-power 15

# Set the maximum transmit power to 15 dBm for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] max-power 15

mimo

NOTE:

Support for the parameters of this command depends on the device model.

Use mimo to specify a MIMO mode for a radio.

Use undo mimo to restore the default.

Syntax

mimo { 1x1 | 2x2 | 3x3 | 4x4 }

undo mimo

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the default setting for this command varies by AP model.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

1x1: Sends and receives signals through one spatial stream.

2x2: Sends and receives signals through two spatial streams.

3x3: Sends and receives signals through three spatial streams.

4x4: Sends and receives signals through four spatial streams.

Usage guidelines

MIMO enables a radio to send and receive wireless signals through multiple spatial streams. This improves system capacity and spectrum usage without requiring higher bandwidth.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the MIMO mode to 2x2 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] mimo 2x2

# Set the MIMO mode to 2x2 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] mimo 2x2

mu-txbf

NOTE:

Support for this command depends on the AP model.

Use mu-txbf enable to enable multi-user transmit beamforming (TxBF).

Use mu-txbf disable to disable multi-user TxBF.

Use undo mu-txbf to restore the default.

Syntax

mu-txbf { disable | enable }

undo mu-txbf

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, multi-user TxBF is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.

TxBF enables an AP to adjust transmitting parameters based on the channel information to focus RF signals on intended clients. This feature improves the RF signal quality.

Multi-user TxBF is part of 802.11ac Wave2. Multi-user TxBF enables an AP to focus different RF signals on their intended clients to reduce interference and transmission delay. This improves traffic throughput and bandwidth usage. Multi-user TxBF is applicable to WLANs that have a large number of clients and require high bandwidth usage and low transmission delay.

Multi-user TxBF takes effect only when single-user TxBF is enabled.

As a best practice, do not modify the default MIMO settings for an AP enabled with multi-user TxBF.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable multi-user TxBF for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] su-txbf enable

[Sysname-wlan-ap-ap1-radio-1] mu-txbf enable

# Enable multi-user TxBF for APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] su-txbf enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] mu-txbf enable

Related commands

mimo

su-txbf

power-lock

Use power-lock enable to enable power lock.

Use power-lock disable to disable power lock.

Use undo power-lock to restore the default.

Syntax

power-lock { disable | enable }

undo power-lock

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, power lock is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

If you enable power lock, the current power is locked and becomes the maximum transmit power. The locked power still takes effect after the AC restarts.

If a radio enabled with power lock switches to a new channel that provides lower power than the locked power, the maximum power supported by the new channel takes effect.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable power lock for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] power-lock enable

# Enable power lock for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] power-lock enable

preamble

Use preamble to set the preamble type.

Use undo preamble to restore the default.

Syntax

preamble { long | short }

undo preamble

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the short preamble is used.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

long: Specifies a long preamble. A long preamble ensures compatibility with all wireless devices that use an earlier standard than 802.11n.

short: Specifies a short preamble. A short preamble can improve network performance.

Usage guidelines

This command is applicable only to 802.11b, 802.11g, and 802.11gn radios.

A preamble is a set of bits in a packet header to synchronize transmission signals between sender and receiver.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the preamble type to long for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] type dot11g

[Sysname-wlan-ap-ap1-radio-2] preamble long

# Set the preamble type to long for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 2

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11g

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] preamble long

protection-mode

Use protection-mode to specify a collision avoidance mode.

Use undo protection-mode to restore the default.

Syntax

protection-mode { cts-to-self | rts-cts }

undo protection-mode

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the CTS-to-self mode is used.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

cts-to-self: Specifies the CTS-to-self mode.

rts-cts: Specifies the RTS/CTS mode.

Usage guidelines

You can specify either of the following collision avoidance modes for an AP:

· RTS/CTS—An AP sends an RTS packet to a client before sending data to the client. After receiving the RTS packet, the client sends a CTS packet to the AP. The AP begins to send data after receiving the CTS packet, and other devices that detect the RTS or CTS packet do not send data within a specific time period.

· CTS-to-self—An AP sends a CTS packet with its own MAC address as the destination MAC address before sending data to a client. After receiving the CTS-to-self packet, the AP begins to send data, and other devices that detect the CTS-to-self packet do not send data within a specific time period.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Specify the RTS/CTS mode for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] protection-mode rts-cts

# Specify the RTS/CTS mode for the APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 2

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-2] protection-mode rts-cts

Related commands

dot11g protection

dot11n protection

protection-threshold

Use protection-threshold to set the RTS threshold.

Use undo protection-threshold to restore the default.

Syntax

protection-threshold size

undo protection-threshold

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the RTS threshold is 2346 bytes.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

size: Specifies the RTS threshold in the range of 0 to 2346 bytes.

Usage guidelines

The system performs collision avoidance only for packets larger than the RTS threshold.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the RTS threshold to 2048 bytes for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] protection-threshold 2048

# Set the RTS threshold to 2048 bytes for the APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] protection-threshold 2048

Related commands

protection-mode

radio

Use radio to enter radio view.

Syntax

radio radio-id

Views

AP view

AP group AP model view

Predefined user roles

network-admin

Parameters

radio-id: Specifies a radio by its ID. The value range for this argument varies by device model.

Examples

# Enter radio view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1]

# Enter AP group radio view.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1]

radio

Use radio enable to enable a radio.

Use radio disable to disable a radio.

Use undo radio to restore the default.

Syntax

radio { disable | enable }

undo radio

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, a radio is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable radio 1 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] radio enable

# Enable radio 1 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] radio enable

rate

Use rate to set the transmission rates for a radio.

Use undo rate to restore the default.

Syntax

rate { multicast { auto | rate-value } | { disabled | mandatory | supported } rate-value }

undo rate

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view:

· 802.11a/802.11an/802.11ac:

¡ Prohibited rates—None.

¡ Mandatory rates—6, 12, and 24.

¡ Multicast rate—Selected from the mandatory rates.

¡ Supported rates—9, 18, 36, 48, and 54.

· 802.11b:

¡ Prohibited rates—None.

¡ Mandatory rates—1 and 2.

¡ Multicast rate—Selected from the mandatory rates.

¡ Supported rates—5.5 and 11.

· 802.11g/802.11gn:

¡ Prohibited rates—None.

¡ Mandatory rates—1, 2, 5.5, and 11.

¡ Multicast rate—Selected from the mandatory rates.

¡ Supported rates—6, 9, 12, 18, 24, 36, 48, and 54.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

disabled: Specifies rates that cannot be used by an AP.

mandatory: Specifies rates that the clients must support to associate with an AP.

multicast: Specifies the rate at which an AP multicasts packets. The multicast rate must be selected from the mandatory rates.

supported: Specifies rates that an AP supports. After a client associates with an AP, the client can select a higher or lower rate from the supported rates to communicate with the AP.

auto: Automatically selects a mandatory rate as the multicast rate.

rate-value: Specifies the rate value in Mbps. You can set multiple rates and separate them by spaces. The available values for this argument are as follows:

· 802.11a/802.11an/802.11ac—6, 9, 12, 18, 24, 36, 48, and 54.

· 802.11b—1, 2, 5.5, and 11.

· 802.11g/802.11gn—1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54.

Usage guidelines

The mandatory rates and multicast rate cannot be null. When there is only one mandatory rate, you cannot specify the mandatory rate as a supported rate or prohibited rate.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rate mandatory 6 12 24

# Set the mandatory rates to 6 Mbps, 12 Mbps, and 24 Mbps for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] rate mandatory 6 12 24

reset wlan ap radio-statistics

Use reset wlan ap radio-statistics to clear radio statistics.

Syntax

reset wlan ap { all | name ap-name } radio-statistics

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all APs.

Examples

# Clear radio statistics for AP ap1.

<Sysname> reset wlan ap name ap1 radio-statistics

short-gi

Use short-gi enable to enable short Guard Interval (GI).

Use short-gi disable to disable short GI.

Use undo short-gi to restore the default.

Syntax

short-gi { disable | enable }

undo short-gi

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, short GI is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Disable short GI for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] short-gi disable

# Disable short GI for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] short-gi disable

short-retry threshold

Use short-retry threshold to set the hardware retransmission limit for small frames.

Use undo short-retry threshold to restore the default.

Syntax

short-retry threshold count

undo short-retry threshold

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the hardware retransmission limit is 7 for small frames.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

count: Specifies the hardware retransmission limit for small frames, in the range of 1 to 15.

Usage guidelines

Perform this task to set the hardware retransmission limit for frames smaller than or equal to the RTS threshold.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the hardware retransmission limit for small frames to 10 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] short-retry threshold 10

# Set the hardware retransmission limit for small frames to 10 for the APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] short-retry threshold 10

Related commands

long-retry threshold

protection-threshold

smart-antenna

NOTE:

Support for this command depends on the device model.

Use smart-antenna enable to enable the smart antenna feature.

Use smart-antenna disable to disable the smart antenna feature.

Use undo smart-antenna to restore the default.

Syntax

smart-antenna { disable | enable }

undo smart-antenna

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the smart antenna feature is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable smart antenna for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] smart-antenna enable

# Enable smart antenna for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] smart-antenna enable

smart-antenna policy

NOTE:

Support for this command depends on the device model.

Use smart-antenna policy to specify a smart antenna mode.

Use undo smart-antenna policy to restore the default.

Syntax

smart-antenna policy { auto | high-availability | high-throughput }

undo smart-antenna policy

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the auto mode is used.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

auto: Specifies the auto mode. When this mode is enabled, high availability mode is used for audio and video packets, and high throughput mode is used for other packets.

high-availability: Specifies the high availability mode. This mode ensures guaranteed bandwidth for clients and is applicable to WLANs that require stable bandwidth.

high-throughput: Specifies the high throughput mode. This mode ensures as more associations as possible and is applicable to WLANs that require high performance.

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The smart antenna mode configuration takes effect only after you enable the smart antenna feature.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the smart antenna mode to high-availability for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] smart-antenna policy high-availability

# Set the smart antenna mode to high-availability for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] smart-antenna policy high-availability

stbc

Use stbc enable to enable Space-Time Block Coding (STBC).

Use stbc disable to disable STBC.

Use undo stbc to restore the default.

Syntax

stbc { disable | enable }

undo stbc

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, STBC is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11n and 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable STBC for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

[Sysname-wlan-ap-ap1-radio-1] stbc enable

# Enable STBC for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] type dot11an

[Sysname-wlan-ap-group-1-ap-model-WA2620-WiNet-radio-1] stbc enable

su-txbf

NOTE:

Support for this command depends on the AP model.

Use su-txbf enable to enable single-user TxBF.

Use su-txbf disable to disable single-user TxBF.

Use undo su-txbf to restore the default.

Syntax

su-txbf { disable | enable }

undo su-txbf

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, single-user TxBF is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to 802.11ac radios. Changing the radio mode to 802.11a, 802.11b, 802.11g, or 802.11n invalidates the command.

Single-user TxBF enables an AP to improve the signal to one intended client. Single-user TxBF is applicable to WLANs that have widely spread clients, poor network quality, and serious signal attenuation.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable single-user TxBF for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] su-txbf enable

# Enable single-user TxBF for APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] su-txbf enable

Related commands

mimo

mu-txbf

type

Use type to specify a radio mode.

Use undo type to restore the default.

Syntax

type { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gn }

undo type

Default

The default setting varies by device model.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

dot11a: Specifies the 802.11a radio mode.

dot11ac: Specifies the 802.11ac radio mode.

dot11an: Specifies the 802.11n (5 GHz) radio mode.

dot11b: Specifies the 802.11b radio mode.

dot11g: Specifies the 802.11g radio mode.

dot11gn: Specifies the 802.11n (2.4 GHz) radio mode.

Usage guidelines

CAUTION:

Modifying the mode of an enabled radio logs off all associated clients.

When you change the radio mode in AP group radio view, the default settings for the radio mode related commands are restored.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the radio mode to 802.11n (5 GHz) for radio 1 on AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] type dot11an

# Set the radio mode to 802.11n (5 GHz) for radio 1 in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] type dot11an

wlan radio

Use wlan radio enable to enable all radios.

Use wlan radio disable to disable all radios.

Use undo wlan radio to restore the default.

Syntax

wlan radio { disable | enable }

undo wlan radio

Default

Radios are disabled unless they are already enabled in radio view or AP group radio view.

Views

System view

Predefined user roles

network-admin

Usage guidelines

CAUTION:

This feature takes effect on all manual APs and online auto APs.

If you execute both the wlan radio { disable | enable } command and the radio { disable | enable } command, the most recent configuration takes effect.

Examples

# Enable all radios.

<Sysname> system-view

[Sysname] wlan radio enable

Related commands

radio { disable | enable }

WLAN access commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

access-control acl

Use access-control acl to specify an ACL for ACL-based access control.

Use undo access-control acl to restore the default.

Syntax

access-control acl acl-number

undo access-control acl

Default

No ACL is specified.

Views

AP view

Service template view

Predefined user roles

network-admin

Parameters

acl-number: Specifies the number of a Layer 2 ACL, in the range of 4000 to 4999.

Usage guidelines

This feature controls client access by using the specified ACL rules. When the device receives an association request, it performs the following actions:

· Allows the client to access the WLAN if the MAC address of the client matches the MAC address attribute or MAC address OUI attribute in a rule and the rule action is permit. If multiple clients match the OUI attribute, all these clients are allowed to access the WLAN.

· Denies the client's access to the WLAN if no match is found or the matched rule has a deny statement.

When you configure this feature, follow these restrictions and guidelines:

· If the specified ACL contains a deny statement, configure a permit statement for the ACL to permit all clients. If you do not do so, no clients can come online.

· The ACL-based access control configuration takes precedence over the whitelist and blacklist configuration.

· You can specify only one ACL. If you execute this command multiple times, the most recent configuration takes effect.

· The configuration in AP view takes precedence over the configuration in service template view.

Examples

# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for service template service1.

<Sysname> system-view

[Sysname] acl mac 4000

[Sysname -acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff

[Sysname -acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000

[Sysname -acl-mac-4000] rule 2 deny

[Sysname -acl-mac-4000] quit

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] access-control acl 4000

# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for AP ap1.

<Sysname> system-view

[Sysname] acl mac 4000

[Sysname -acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff

[Sysname -acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000

[Sysname -acl-mac-4000] rule 2 deny

[Sysname -acl-mac-4000] quit

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] access-control acl 4000

beacon ssid-hide

Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames.

Use undo beacon ssid-hide to restore the default.

Syntax

beacon ssid-hide

undo beacon ssid-hide

Default

The SSID is advertised in beacon frames.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command disables a radio from carrying SSIDs in the beacon frames and responding to probe requests after the specified service template is bound to the radio.

Examples

# Disable advertising the SSID in beacon frames.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] beacon ssid-hide

broadcast-probe reply

Use broadcast-probe reply enable to enable an AP to respond to broadcast probe requests.

Use broadcast-probe reply disable to disable an AP from responding to broadcast probe requests.

Use undo broadcast-probe reply to restore the default.

Syntax

broadcast-probe reply { disable | enable }

undo broadcast-probe reply

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, an AP responds to broadcast probe requests.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

Broadcast probe requests do not carry an SSID. Upon receiving a broadcast probe request, an AP responds with a probe response that carries service information for the AP. To ensure that clients that send unicast probe requests can associate with the AP, disable the AP from responding to broadcast probe requests.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Disable AP ap1 from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] broadcast-probe reply disable

# Disable APs in AP group group1 from responding to broadcast probe requests.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] broadcast-probe reply disable

classifier acl

Use classifier acl to configure a forwarding rule for a forwarding policy.

Use undo classifier acl to remove a forwarding rule.

Syntax

classifier acl { acl-number | ipv6 ipv6-acl-number }

undo classifier acl { acl-number | ipv6 ipv6-acl-number }

Default

No forwarding rules are configured.

Views

Forwarding policy view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an IPv4 or Layer 2 ACL number in the range of 2000 to 4999.

ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 2000 to 3999.

Usage guidelines

Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.

A forwarding rule takes effect immediately after it is created. You can configure a maximum of 1000 forwarding rules for a forwarding policy.

Examples

# Specify ACL 2000 as a forwarding rule for forwarding policy abc.

<sysname> system-view

[sysname] wlan forwarding-policy abc

[sysname-wlan-fp-abc] classifier acl 2000

client association-location

Use client association-location to enable client association at the AC or APs.

Use undo client association-location to restore the default.

Syntax

client association-location { ac | ap }

undo client association-location

Default

Client association is performed at the AC.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Enables client association at the AC.

ap: Enables client association at APs.

Usage guidelines

Make sure the service template is disabled before you execute this command.

Examples

# Enable client association at the AC.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client association-location ac

client cache aging-time

Use client cache aging-time to set the aging time for the cache of clients.

Use undo client cache aging-time to restore the default.

Syntax

client cache aging-time aging-time

undo client cache aging-time

Default

The aging time for the cache of clients is 180 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the aging time for the cache of clients, in the range of 0 to 86400 seconds.

Usage guidelines

If you set the aging time to 0 seconds, the AC clears the client cache immediately when the clients go offline.

Make sure the service template is disabled before you execute this command.

Examples

# Set the aging time for the cache of clients to 100 seconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client cache aging-time 100

client forwarding-location

Use client forwarding-location to specify the client data traffic forwarder.

Use undo client forwarding-location to restore the default.

Syntax

client forwarding-location { ac | ap [ vlan { start-vlan [ to end-vlan ] } ] }

undo client forwarding-location

Default

The AC forwards client data traffic.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Enables the AC to forward client data traffic.

ap: Enables APs to forward client data traffic.

vlan start-vlan to end-vlan: Specifies a VLAN ID range. The value range for the start-vlan and end-vlan arguments is 1 to 4094. If you do not specify this option, APs forward client data traffic from all VLANs.

Usage guidelines

Make sure the service template is disabled before you execute this command.

If APs forward client data traffic, you can specify a VLAN or a VLAN range for the APs to forward client data traffic from the specified VLANs. The AC forwards data traffic from other VLANs.

Make sure client traffic forwarding is enabled when the AC is configured as the client traffic forwarder.

Examples

# Configure APs to forward client data traffic from all VLANs.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] user-forward location ap

client forwarding-policy enable

Use client forwarding-policy enable to enable policy-based forwarding for a service template.

Use undo client forwarding-policy enable to disable policy-based forwarding for a service template.

Syntax

client forwarding-policy enable

undo client forwarding-policy enable

Default

Policy-based forwarding is disabled for a service template.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Enable policy-based forwarding for a service template for the following forwarding policies to take effect:

· The forwarding policy applied to the service template.

· The forwarding policy applied to a user profile that uses the service template.

Examples

# Enable policy-based forwarding for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-policy enable

Related commands

client-security authentication-location

client forwarding-policy-name

Use client forwarding-policy-name to apply a forwarding policy to a service template.

Use undo client forwarding-policy-name to restore the default.

Syntax

client forwarding-policy-name policy-name

undo client forwarding-policy-name

Default

No forwarding policy is applied to a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Make sure the service template is disabled before you execute this command.

For the forwarding policy to take effect, you must enable policy-based forwarding and specify the AC to perform client authentication for the service template.

Make sure the AC and its associated APs are in different network segments.

Examples

# Apply forwarding policy strategy to service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client forwarding-policy-name strategy

Related commands

client forwarding-policy enable

client-security authentication-location

client frame-format

Use client frame-format to set the client data frame format.

Use undo client frame-format to restore the default.

Syntax

client frame-format { dot3 | dot11 }

undo client frame-format

Default

Client data frames are encapsulated in 802.3 format.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot3: Specifies the 802.3 format.

dot11: Specifies the 802.11 format.

Usage guidelines

This command takes effect only in centralized forwarding mode.

Make sure the service template is disabled before you execute this command.

Examples

# Configure the client data frames to be encapsulated in 802.11 format.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client frame-format dot11

Related commands

client forwarding-location

client idle-timeout

Use client idle-timeout to set the client idle timeout timer.

Use undo client idle-timeout to restore the default.

Syntax

client idle-timeout timeout

undo client idle-timeout

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the client idle timeout timer is 3600 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

timeout: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.

Usage guidelines

If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the client idle timeout timer to 2000 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client idle-timeout 2000

# Set the client idle timeout timer to 2000 seconds for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client idle-timeout 2000

client keep-alive

Use client keep-alive enable to enable client keepalive.

Use client keep-alive disable to disable client keepalive.

Use undo client keep-alive to restore the default.

Syntax

client keep-alive { disable | enable }

undo client keep-alive

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, client keepalive is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

This feature enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable client keepalive for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client keep-alive enable

# Enable client keepalive for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client keep-alive enable

Related commands

client keep-alive interval

Use client keep-alive interval to set the client keepalive interval.

Use undo client keep-alive interval to restore the default.

Syntax

client keep-alive interval interval

undo client keep-alive interval

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, the client keepalive interval is 300 seconds.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.

Usage guidelines

Enable client keepalive before you execute this command.

This command enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Set the keepalive interval to 20 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client keep-alive 20

# Set the keepalive interval to 20 seconds for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client keep-alive interval 20

Related commands

client keep-alive enable

client max-count

Use client max-count to set the maximum number of associated clients for a service template.

Use undo client max-count to restore the default.

Syntax

client max-count max-number

undo client max-count

Default

The number of associated clients for a service template is not limited.

Views

Service template view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of clients in the range of 1 to 2007.

Usage guidelines

When this feature is configured, new clients cannot access the WLAN when the maximum number is reached.

Examples

# Set the maximum number of associated clients to 38 for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client max-count 38

client preferred-vlan authorized

Use client preferred-vlan authorized to configure clients to prefer the authorization VLAN after roaming.

Use undo client preferred-vlan authorized to configure client VLANs to remain unchanged after client roaming.

Syntax

client preferred-vlan authorized

undo client preferred-vlan authorized

Default

Clients prefer the authorization VLAN after roaming.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This feature takes effect only on 802.1X and MAC authentication clients.

Typically, the VLAN of a client remains unchanged after client roaming. However, if the client triggers a security alert configured on IMC after roams to another AP, the issued authorization VLAN for user isolation takes effect.

Examples

# Configure clients to prefer the authorization VLAN after roaming.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client preferred-vlan authorized

client report-mandatory

Use client report-mandatory to allow locally authenticated clients to come online after successful client information reporting.

Use undo client report-mandatory to allow locally authenticated clients to come online immediately after successful local authentication.

Syntax

client report-mandatory

undo client report-mandatory

Default

Locally authenticated clients come online after successful client information reporting.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

By default, an AP reports information about locally authenticated clients that pass authentication to the AC, and the AC creates client entries and informs the AP to get the clients online. If the CAPWAP tunnel between the AC and the AP operates incorrectly, clients might fail to come online and perform reauthentication repeatedly. To avoid this problem, you can allow clients to come online immediately after successful local authentication so that the AP can forward client traffic when the AC cannot be reached. The AP synchronizes client information to the AC when the tunnel recovers.

Examples

# Allow locally authenticated clients to come online immediately after successful local authentication.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client report-mandatory

client vlan-alloc

Use client vlan-alloc to set the VLAN allocation method for clients.

Use undo client vlan-alloc to restore the default.

Syntax

client vlan-alloc { dynamic | static }

undo client vlan-alloc

Default

The VLAN allocation method for clients is dynamic.

Views

Service template view

Predefined user roles

network-admin

Parameters

dynamic: Specifies dynamic VLAN allocation.

static: Specifies static VLAN allocation.

Usage guidelines

When a client comes online for the first time, the radio assigns a random VLAN to it. When the client comes online again, the VLAN assigned to the client depends on the allocation method.

· Static allocation—The client inherits the VLAN that has been assigned to it. If the IP address lease has not expired, the client will use the same IP address. This method helps save IP addresses.

· Dynamic allocation—The radio re-assigns a VLAN to the client. This method balances clients in all VLANs.

Examples

# Set the VLAN allocation method for clients to dynamic.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client vlan-alloc dynamic

Related commands

service-template

client-statistics-report

Use client-statistics-report enable to enable client statistics reporting.

Use client-statistics-report disable to disable client statistics reporting.

Use undo client-statistics-report to restore the default.

Syntax

client-statistics-report { disable | enable [ interval interval ] }

undo client-statistics-report

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, client statistics reporting is enabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

interval interval: Specifies the interval at which client statistics are reported, in the range of 2 to 120 seconds. The interval is 50 seconds by default.

Usage guidelines

This feature enables an AP to report client statistics to the AC at the specified intervals for client entry update. The AC informs the AP to log off a client if the client's information does not exist in the saved entries.

To avoid frequent client re-associations, disable this feature when the network is in a bad condition.

The configuration in AP view takes precedence over the configuration in AP group view.

Examples

# Enable client statistics reporting and set the reporting interval to 20 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] client-statistics-report enable interval 20

# Enable client statistics reporting and set the reporting interval to 20 seconds for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] client-statistics-report enable interval 20

customlog format wlan

Use customlog format wlan to enable the device to generate client logs in the specified format.

Use undo customlog format wlan to restore the default.

Syntax

customlog format wlan { normal | sangfor }

undo customlog format wlan

Default

The device generates client logs only in H3C format.

Views

System view

Predefined user roles

network-admin

Parameters

normal: Specifies normal format.

sangfor: Specifies sangfor format.

Usage guidelines

By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.

You can configure the device to generate client logs in one of the following formats:

· normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.

· sangfor—Logs AP MAC address, client IP address, and client MAC address.

This feature does not affect the generation of client logs in H3C format.

Examples

# Enable the device to generate client logs in sangfor format.

<Sysname> system-view

[Sysname] customlog format wlan sangfor

description

Use description to configure a description for a service template.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 64 characters.

Examples

# Configure a description for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] description wlanst

display wlan ap all radio client-number

Use display wlan ap all radio client-number to display the number of online clients and channel information for each radio.

Syntax

display wlan ap all radio client-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of online clients and channel information for each radio.

<Sysname> display wlan ap all radio client-number

AP name RID Channel Clients

1 1 44 12

1 2 11 4

2 1 6 10

display wlan ap all client-number

Use display wlan ap all client-number to display the number of online clients at both the 2.4 GHz and 5 GHz bands.

Syntax

display wlan ap all client-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of online clients at both the 2.4 GHz and 5 GHz bands.

<System> display wlan ap all client-number

AP name Clients 2.4GHz 5GHz

ap1 3 2 1

ap2 5 1 4

Table 22 Command output

Field	Description
Clients	Total number of online clients.
2.4GHz	Number of online clients at the 2.4 GHz band.
5GHz	Number of online clients at the 5 GHz band.

display wlan ap-group all client-number

Use display wlan ap-group all client-number to display the number of online clients in each radio group.

Syntax

display wlan ap-group all client-number

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the number of online clients in each radio group.

<Sysname> display wlan ap-group all client-number

AP group name Group ID Clients 2.4GHz 5GHz

default-group 1 150 100 50

1 2 250 50 200

Table 23 Command output

Field	Description
2.4GHz	Number of clients at the 2.4 GHz band.
5GHz	Number of clients at the 5 GHz band.

display wlan blacklist

Use display wlan blacklist to display blacklist entries.

Syntax

display wlan blacklist { dynamic | static }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dynamic: Specifies the dynamic blacklist.

static: Specifies the static blacklist.

Examples

# Display static blacklist entries.

<Sysname> display wlan blacklist static

Total number of clients: 3

MAC addresses:

000e-35b2-000e

0019-5b8e-b709

001c-f0bf-9c92

# Display dynamic blacklist entries.

<Sysname> display wlan blacklist dynamic

Total number of clients: 3

MAC address APID Lifetime (s) Duration (hh:mm:ss)

000f-e2cc-0001 1 300 00:02:11

000f-e2cc-0002 2 300 00:01:17

000f-e2cc-0003 3 300 00:02:08

Table 24 Command output

Field	Description
MAC address	Client MAC address.
APID	ID of the AP that detects the rogue client.
Lifetime (s)	Lifetime of the entry in seconds.
Duration (hh:mm:ss)	Duration for the entry since the entry was added to the dynamic blacklist.

display wlan bss

Use display wlan bss to display basic service set (BSS) information.

Syntax

display wlan bss { all | ap ap-name | bssid bssid } [ slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all BSSs.

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

bssid bssid: Specifies a BSS by its ID. The value is a 48-bit hexadecimal number in the format of H-H-H.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays client information on the master device.

verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.

Examples

# Display brief information about all BSSs.

<Sysname> display wlan bss all

Total number of BSSs: 4

AP name RID SSID BSSID

ap1 1 SSID1 001c-f08f-f804

ap1 2 SSID1 001c-f08f-f806

ap2 1 SSID1 001c-f0bf-9c92

ap2 2 SSID1 001c-f0bf-9c94

# Display detailed information about the BSS with ID 001c-f08f-f804.

<Sysname> display wlan bss bssid 001c-f08f-f804 verbose

AP name : ap1

BSSID : 001c-f08f-f804

Radio ID : 1

Service template name : servcie1

SSID : SSID1

VLAN ID : 1

AKM mode : Not configured

User authentication mode : Bypass

Table 25 Command output

Field	Description
AKM mode	AKM mode: · 802.1X. · PSK. · Not configured.
User authentication mode	User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI.

Field

Description

AKM mode

AKM mode:

· 802.1X.

· PSK.

· Not configured.

User authentication mode

User authentication mode:

· Bypass—No client authentication.

· MAC.

· 802.1X.

· OUI.

display wlan client

Use display wlan client to display client information.

Syntax

Centralized devices in standalone mode:

display wlan client [ ap ap-name [ radio radio-id ] | mac-address mac-address | service-template service-template-name | frequency-band { 2.4 | 5 } ] [ verbose ]

Centralized devices in IRF mode:

display wlan client distributed-sys [ slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Displays information about clients that are connected to the specified AP. The AP name is a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

radio radio-id: Displays information about clients that are connected to the specified radio. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays information about all clients that are connected to the specified AP.

mac-address mac-address: Specifies a client by its MAC address.

service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.

frequency-band: Displays information about clients working on the specified band.

2.4: Specifies the 2.4 GHz band.

5: Specifies the 5 GHz band.

distributed-sys: Specifies the IRF network.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays client information on the master device.

verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.

Examples

# Display brief information about all clients.

<Sysname> display wlan client

Total number of clients: 3

MAC address Username AP name RID IPv4 address VLAN

000f-e265-6400 N/A ap1 1 1.1.1.1 100

000f-e265-6401 user ap2 1 3.0.0.3 200

84db-ac14-dd08 N/A ap1 1 5.5.5.3 1

Table 26 Command output

Field	Description
MAC address	Client MAC address.
Username	Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client.
AP name	Name of the AP that the client is associated with.
RID	ID of the radio that the client is associated with.
IPv4 address	IPv4 address of the client.
VLAN ID	ID of the VLAN to which the client belongs.

# Display detailed information about all clients on the specified member device.

<Sysname> display wlan client distributed-sys slot 1 verbose

Total number of clients: 1

MAC address : 000f-e265-6400

IPv4 address : 10.1.1.114

IPv6 address : 2001::1234:5678:0102:0304

Username : N/A

AID : 1

AP ID : 1

AP name : ap1

Radio ID : 1

SSID : office

BSSID : 0026-3e08-1150

VLAN ID : 3

Sleep count : 3

Wireless mode : 802.11ac

Channel bandwidth : 80MHz

SM power save : Enabled

SM power save mode : Dynamic

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160/80+80MHz : Not supported

STBC RX capability : Not supported

STBC TX capability : Not supported

LDPC RX capability : Not supported

SU beamformee capability : Not supported

MU beamformee capability : Not supported

Beamformee STS capability : N/A

Block Ack : TID 0 In

Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8

NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8

Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,

8, 9, 10, 11, 12, 13, 14,

15, 16, 17, 18, 19, 20,

21, 22, 23

Supported rates : 6, 9, 12, 18, 24, 36,

48, 54 Mbps

QoS mode : WMM

Listen interval : 10

RSSI : 62

Rx/Tx rate : 130/195 Mpbs

Authentication method : Open system

Security mode : PRE-RSNA

AKM mode : Not configured

Cipher suite : N/A

User authentication mode : Bypass

Authorization ACL ID : 3001(Not effective)

Authorization user profile : N/A

Roam status : N/A

Key derivation : SHA1

PMF status : Enabled

Forward policy name : Not configured

Online time : 0days 0hours 1minutes 13seconds

FT status : Inactive

Table 27 Command output

Field	Description
MAC address	Client MAC address.
IPv4 address	Client IPv4 address.
IPv6 address	Client IPv6 address.
Username	Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client.
AID	Association ID.
AP ID	ID of the AP that the client is associated with.
AP name	Name of the AP that the client is associated with.
Radio ID	ID of the radio that the client is associated with.
SSID	SSID with which the client is associated.
VLAN ID	ID of the VLAN to which the client belongs.
Sleep count	Client sleep times.
Wireless mode	Wireless mode: · 802.11a. · 802.11b. · 802.11g. · 802.11gn. · 802.11an. · 802.11ac.
Channel bandwidth	Channel bandwidth: · 20 MHz. · 40 MHz. · 80 MHz. · 160 MHz.
SM Power Save	SM Power Save status: · Enabled—Only one antenna of a client operates in active state, and others operate in sleep state to save power. · Disabled.
SM power save mode	Power saving mode: · Dynamic. · Static.
Short GI for 20MHz	Whether the client supports short GI when its channel bandwidth is 20 MHz: · Supported. · Not supported.
Short GI for 40MHz	Whether the client supports short GI when its channel bandwidth is 40 MHz: · Supported. · Not supported.
Short GI for 80MHz	Whether the client supports short GI when its channel bandwidth is 80 MHz: · Supported. · Not supported.
Short GI for 160/80+80MHz	Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz: · Supported. · Not supported.
STBC Rx Capability	Client STBC receive capability; · Not Supported. · Supported.
STBC Tx Capability	Client STBC transmission capability: · Not Supported. · Supported.
LDPC Rx capability	Client LDPC receive capability; · Not Supported. · Supported.
SU beamformee capability	Client SU beamformee capability: · Not Supported. · Supported. This field is supported only by 802.11ac radios.
MU beamformee capability	Client MU beamformee capability: · Not Supported. · Supported. This field is supported only by 802.11ac radios.
Beamformee STS capability	Client beamformee STS capability. This field displays N/A if the feature is not supported.
Block Ack	Negotiation result of Block ACK with TID: · TID 0 In—Sends Block ACK for inbound traffic. · TID 0 Out—Sends Block ACK for outbound traffic. · TID 0 Both—Sends Block ACK for both inbound and outbound traffic. · N/A—Does not send Block ACK for both inbound and outbound traffic.
Supported VHT-MCS set	VHT-MCS supported by the client.
Supported HT MCS set	HT-MCS supported by the client.
QoS mode	QoS mode: · N/A—WMM is not supported. · WMM—WMM is supported. WMM information negotiation is carried out between an AP and a client that both support WMM.
Listen interval	Interval at which the client wakes up to listen for beacon frames. It is counted by beacon interval.
RSSI	Received signal strength indication. This value indicates the client signal strength detected by the AP.
Rx/Tx rate	Sending and receiving rates of data, management, and control frames.
Authentication method	Authentication method: · Open system. · Shared key.
Security mode	Security mode: · RSN—Beacons and probe responses carry RSN IE. · WPA—Beacons and probe responses carry WPA IE. · PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE.
AKM mode	AKM mode: · 802.1X. · PSK. · Not configured.
Cipher suite	Cipher suite: · N/A. · WEP40. · WEP104. · WEP128. · CCMP. · TKIP.
User authentication mode	User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI.
Authorization ACL ID	Authorized ACL number: · This field displays the ACL number if the authorized ACL takes effect. · This field displays ACL number(Not effective) if the authorized ACL does not take effect. · This field displays N/A if the authentication server is configured without any authorized ACL.
Authorization user profile	Name of the authorized user profile: · This field displays the authorized user profile name if the authorized user profile takes effect. · This field displays authorized user profile name + Not effective if the authorized user profile does not take effect. · This field displays N/A if the authentication server is configured without any authorized user profile.
Roam status	Roam status: · Roaming in progress. · Inter-AC slow roaming. · Inter-AC fast roaming. · Intra-AC slow roaming. · Intra-AC fast roaming. · This field displays N/A if the client stays in one BSS after coming online.
Key derivation	Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · N/A—No key derivation algorithm is involved for the authentication type.
PMF status	PMF status: · Enabled—Management frame protection is enabled. · Disabled—Management frame protection is disabled. · N/A—Management frame protection is not involved.
Forward policy name	WLAN forwarding policy name: · Not configured. · Policy-name.
Online time	Client online duration.
FT status	Fast BSS transition (FT): · Active—FT is enabled. · Inactive—FT is disabled.

display wlan client ipv6

Use display wlan client ipv6 to display information about client IPv6 addresses.

Syntax

display wlan client ipv6

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display brief status information about the specified client.

<Sysname> display wlan client ipv6

MAC address AP name RID IPv6 address VLAN

84db-ac14-dd08 ap1 1 1::2:0:0:3 300

Table 28 Command output

Field	Description
MAC address	Client MAC address.
RID	Radio ID
IPv6 address	Client IPv6 address.

display wlan client online-duration

Use display wlan client online-duration to display client online duration.

Syntax

display wlan client online-duration [ ap ap-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

Examples

# Display brief information about client online duration.

<Sysname> display wlan client online-duration

Total number of online clients: 2

MAC address IPv4 address Online duration

a4c1-5b79-fa5b-1d62 192.168.11.123 0days 0hours 2minutes 23seconds

22d3-c5b7-a4b5-96fa 192.168.11.234 0days 0hours 5minutes 34seconds

Table 29 Command output

Field	Description
MAC address	Client MAC address.
IPv4 address	Client IPv4 address.
Online duration	Client online duration.

display wlan client status

Use display wlan client status to display client status information.

Syntax

display wlan client status [ mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.

verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.

Examples

# Display brief status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804

Total number of clients: 1

MAC address Access time RSSI Rx/Tx rate Discard AP name RID

001c-f08f-f804 41ms 0 39/117Mbps 0.00 ap2 2

# Display brief status information about all clients.

<Sysname> display wlan client status

Total number of clients: 2

MAC address Access time RSSI Rx/Tx rate Discard AP name RID

000b-c002-9d09 41ms 65 39/117Mbps 0.00% ap2 2

000f-e265-6401 10ms 62 130/195Mbps 0.00% ap1 1

Table 30 Command output

Field	Description
MAC address	Client MAC address.
Access time	Time the client took to associate with the WLAN.
RSSI	RSSI of the client.
Rx/Tx rate	Rates at which the client receives and sends data, management packets, and control packets.
Discard	Ratio of packets discarded by the client.
AP name	Name of the AP with which the client is associated.
RID	ID of the radio with which the client is associated.

# Display detailed status information about the specified client.

<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose

Total number of clients: 1

MAC address : 001c-f08f-f804

AP name : ap2

Radio ID : 2

Access time : 41 ms

RSSI : 0

Rx/Tx rate : 39/117 Mbps

Received:

Retransmitted packets : 84

Retransmitted packet ratio : 64.12%

Sent:

Retransmitted packets : 0

Retransmitted packet ratio : 0.00%

Discarded:

Discarded packets : 0

Discarded packet ratio : 0.00%

Table 31 Command output

Field	Description
MAC address	Client MAC address.
AP name	Name of the AP that the client is associated with.
Radio ID	ID of the radio that the client is associated with.
Access time	Time the client took to associate with the WLAN.
RSSI	RSSI of the client.
Rx/Tx rate	Rates at which the client receives and sends data, management packets, and control packets.
Received	Received packet statistics: · Retransmitted packets. · Retransmitted packet ratio.
Sent	Sent packet statistics: · Retransmitted packets. · Retransmitted packet ratio.
Discarded	Discarded packet statistics: · Discarded packets. · Discarded packet ratio.

display wlan forwarding-policy

Use display wlan forwarding-policy to display WLAN forwarding policy information.

Syntax

display wlan forwarding-policy [ policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameter

policy-name: Specifies a WLAN forwarding policy by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all WLAN forwarding policies.

Examples

# Display information about all WLAN forwarding policies.

<Sysname> display wlan forwarding-policy

Total number of forwarding policies: 2

Forwarding policy name: fwd1

Classifier ACL 2000: Local

Classifier ACL 2004: Local

Classifier IPv6 ACL 2001: Remote

Classifier IPv6 ACL 2002: Remote

Forwarding policy name: fwd2

Classifier ACL 4021: Local

Classifier IPv6 ACL 2000: Remote

Classifier IPv6 ACL 3024: Remote

Table 32 Command output

Field	Description
Classifier ACL number	IPv4 packet forwarding mode. The forwarding mode is Remote, indicating centralized forwarding.
Classifier IPv6 ACL number	IPv6 packet forwarding mode. The forwarding mode is Remote, indicating centralized forwarding.

Related commands

wlan forwarding-policy

display wlan ap region-code

Use display wlan ap region-code to display region code information for all APs or the specified AP.

Syntax

display wlan ap { all | name ap-name } region-code

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

Examples

# Display region code information for all APs.

<Sysname> display wlan ap all region-code

Region Code

AP name Region Code

ap1 CN CHINA

ap2 CN CHINA

ap3 CN CHINA

Table 33 Command output

Field	Description
Region Code	Region code. For more information about region codes, see Table 36.

display wlan service-template

Use display wlan service-template to display service template information.

Syntax

display wlan service-template [ service-template-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.

verbose: Displays detailed service template information.

Examples

# Display brief information about all service templates.

[Sysname] display wlan service-template

Total number of service templates: 2

Service template name SSID Status

1 2333 Enabled

2 3222 Enabled

# Display detailed information about all service templates.

<Sysname> display wlan service-template verbose

Service template name : service1

Description : Not configured

SSID : wuxianfuwu

SSID-hide : Disabled

User-isolation : Disabled

Service template status : Disabled

Maximum clients per BSS : 64

Frame format : Dot3

Seamless roam status : Disabled

Seamless roam RSSI threshold : 50

Seamless roam RSSI gap : 20

VLAN ID : 1

AKM mode : PSK

Security IE : RSN

Cipher suite : CCMP

WEP key ID : 1

TKIP countermeasure time : 100 sec

PTK lifetime : 43200 sec

GTK rekey : Enabled

GTK rekey method : Time-based

GTK rekey time : 86400 sec

GTK rekey client-offline : Enabled

User authentication mode : Bypass

Intrusion protection : Disabled

Intrusion protection mode : Temporary-block

Temporary block time : 180 sec

Temporary service stop time : 20 sec

Fail VLAN ID : 1

802.1X handshake : Enabled

802.1X handshake secure : Disabled

802.1X domain : my-domain

MAC-auth domain : Not configured

Max 802.1X users per BSS : 4096

Max MAC-auth users per BSS : 4096

802.1X re-authenticate : Enabled

Authorization fail mode : Online

Accounting fail mode : Online

Authorization : Permitted

Key derivation : SHA1

PMF status : Optional

Hotspot policy number : Not configured

Forwarding policy status : Disabled

Forward policy name : Not configured

Forwarder : AC

FT status : Enabled

FT method : over-the-air

FT reassociation deadline : 20 sec

QoS trust : Port

QoS priority : 0

Table 34 Command output

Field	Description
SSID	SSID of the service template.
SSID-hide	Whether the SSID is hidden in beacons: · Disabled. · Enabled.
User-isolation	Use isolation: · Disabled. · Enabled.
Service template status	Service template status: · Disabled. · Enabled.
Maximum clients per BSS	Maximum number of clients that the BSS supports.
Frame format	Client data frame encapsulation format: · Dot3—802.3 format. · Dot11—802.11 format.
Seamless roam status	Seamless roaming status: · Disabled. · Enabled.
Seamless roam RSSI threshold	Seamless roaming RSSI threshold.
Seamless roam RSSI gap	Seamless roaming RSSI gap.
VLAN ID	ID of the VLAN to which clients belong after they come online through the service template.
AKM mode	AKM mode: · 802.1X. · PSK.
Security IE	Security IE: · RSN. · WPA.
Cipher suite	Cipher suite: · WEP40. · WEP104. · WEP128. · TKIP. · CCMP.
TKIP countermeasure time	TKIP countermeasure time. The value 0 indicates no countermeasures are taken.
GTK rekey	Whether GTK rekey is enabled: · Enabled. · Disabled.
GTK rekey method	GTK rekey method: · Time-based. · Packet-based.
GTK rekey time	GTK rekey interval.
GTK rekey packets	Number of packets that can be transmitted before the GTK is refreshed.
GTK rekey client-offline	Whether client-off GTK rekey is enabled: · Enabled. · Disabled.
User authentication mode	Authentication mode: · Bypass—No authentication. · MAC. · MAC-or-802.1X—MAC authentication is performed first. If MAC authentication fails, 802.1X authentication is performed. · 802.1X. · 802.1X-or-MAC—802.1X authentication is performed first. If 802.1X authentication fails, MAC authentication is performed. · OUI-or-802.1X—OUI authentication is performed first. If OUI authentication fails, 802.1X authentication is performed.
Intrusion protection	Whether intrusion protection is enabled: · Enabled. · Disabled.
Intrusion protection mode	Intrusion protection mode: · Temporary-block—Temporarily adds intruders to the block list. · Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets. · Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets.
Temporary block time	Temporary block time in seconds.
Temporary service stop time	Temporary service stop time in seconds.
Fail VLAN ID	ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured.
Critical VLAN ID	ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the critical VLAN ID is not configured.
802.1X handshake	Whether 802.1X handshake is enabled: · Enabled. · Disabled.
802.1X handshake secure	Whether secure 802.1X handshake is enabled: · Enabled. · Disabled.
802.1X domain	802.1X authentication domain. This field displays Not configured if the domain is not configured.
MAC-auth domain	MAC authentication domain. This field displays Not configured if the domain is not configured.
Max 802.1X users per BSS	Maximum number of supported 802.1X users in a BSS.
Max MAC-auth users per BSS	Maximum number of supported users that pass the MAC authentication in a BSS.
802.1X re-authenticate	Whether 802.1X reauthentication is enabled: · Enabled. · Disabled.
Authorization fail mode	Authorization fail mode: · Offline—Clients are logged off when authorization fails. · Online—Clients are not logged off when authorization fails.
Accounting fail mode	Accounting fail mode: · Offline—Clients are logged off when accounting fails. · Online—Clients are not logged off when accounting fails.
Authorization	Authorization information: · Permitted—Applies the authorization information issued by the RADIUS server or the local device. · Ignored—Ignores the authorization information issued by the RADIUS server or the local device.
Key derivation	Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm.
PMF status	PMF status: · Disabled—Management frame protection is disabled. · Optional—Management frame protection in optional mode is enabled. · Mandatory—Management frame protection in mandatory mode is enabled.
Forwarding policy status	WLAN forwarding policy status: · Disabled. · Enabled.
Forward policy name	WLAN forwarding policy name: · Not configured—No WLAN forwarding policy is configured. · policy-name.
Forwarder	Client traffic forwarder: · AC. · AP.
FT status	FT status: · Disabled. · Enabled.
FT method	FT method: · over-the-air. · over-the-ds. This field is not supported in the current software version.
FT reassociation deadline	FT reassociation timeout timer in seconds. This field is not supported in the current software version.
QoS trust	QoS priority trust mode: · Port—Port priority trust mode. · Dot11e—802.11e priority trust mode.
QoS priority	Port priority in the range of 0 to 7.

display wlan statistics

Use display wlan statistics to display client statistics or service template statistics.

Syntax

display wlan statistics { ap { all | name ap-name } connect-history | client [ mac-address mac-address ] | service-template service-template-name [ connect-history ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap: Specifies APs.

all: Specifies all APs.

connect-history: Displays the connection history.

client: Specifies client statistics.

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.

service-template service-template-name: Specifies a service template by its name. If you also specify the connect-history keyword, the command displays the connection history for the specified service template.

Examples

# Display statistics for all clients.

<Sysname> display wlan statistics client

MAC address : 0014-6c8a-43ff

AP name : ap1

Radio ID : 1

SSID : office

BSSID : 000f-e2ff-7700

RSSI : 31

Sent frames:

Back ground : 0/0 (frames/bytes)

Best effort : 9/1230 (frames/bytes)

Video : 0/0 (frames/bytes)

Voice : 2/76 (frames/bytes)

Received frames:

Back ground : 0/0 (frames/bytes)

Best effort : 18/2437 (frames/bytes)

Video : 0/0 (frames/bytes)

Voice : 7/468 (frames/bytes)

Discarded frames:

Back ground : 0/0 (frames/bytes)

Best effort : 0/0 (frames/bytes)

Video : 0/0 (frames/bytes)

Voice : 5/389 (frames/bytes)

Table 35 Command output

Field	Description
SSID	SSID of the service template.
MAC address	Client MAC address.
Back ground	AC-BK queue.
Best effort	AC-BE queue.
Video	AC-VI queue.
Voice	AC-VO queue.

# Display statistics for service template 1.

<Sysname> display wlan statistics service-template 1

AP name : ap1

Radio ID : 1

Received:

Frame count : 1713

Frame bytes : 487061

Data frame count : 1683

Data frame bytes : 485761

Association request count : 2

Sent:

Frame count : 62113

Frame bytes : 25142076

Data frame count : 55978

Data frame bytes : 22626600

Association response count : 2

# Display the connection history for service template 1.

<Sysname> display wlan statistics service-template 1 connect-history

AP name : ap1

Radio ID : 1

Associations : 132

Association failures : 3

Reassociations : 30

Rejections : 12

Abnormal disassociations : 2

Current associations : 57

AP name : ap1

Radio ID : 2

Associations : 1004

Association failures : 35

Reassociations : 59

Rejections : 4

Abnormal disassociations : 22

Current associations : 300

# Display the connection history for AP ap1.

<Sysname> display wlan statistics ap name ap1 connect-history

AP name : ap1

Associations : 1

Reassociations : 0

Failures : 0

Rejections : 0

Abnormal disassociations : 0

Current associations : 1

display wlan whitelist

Use display wlan whitelist to display whitelist entries.

Syntax

display wlan whitelist

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display whitelist entries.

<Sysname> display wlan whitelist

Total number of clients: 3

MAC addresses:

000e-35b2-000e

0019-5b8e-b709

001c-f0bf-9c92

inherit exclude service-template

Use inherit exclude service-template to configure an AP to not inherit the specified service template from the AP group to which it belongs.

Use undo inherit exclude service-template to restore the default.

Syntax

inherit exclude service-template service-template-name

undo inherit exclude service-template service-template-name

Default

An AP inherits the service template bound to an AP group.

Views

Radio view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Examples

# Configure AP ap1 to not inherit service template st from an AP group.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-ap-ap1] radio 1

[Sysname-ap-ap1-radio-1] inherit exclude service-template st

map-configuration

Use map-configuration to deploy a configuration file to an AP.

Use undo map-configuration to restore the default.

Syntax

map-configuration filename

undo map-configuration

Default

No configuration file is deployed to an AP.

Views

AP view

AP group AP model view

Predefined user roles

network-admin

Parameters

filename: Specifies a configuration file by its name, a case-insensitive string of 1 to 63 characters. Make sure the configuration file is stored in the storage medium of the AC.

Usage guidelines

Contents in the configuration file must be complete commands.

The configuration file takes effect when the CAPWAP tunnel to the AC is in Run state. It does not survive an AP reboot.

An AP can only use its main IP address to establish a CAPWAP tunnel to the AC if the AP is configured by using a configuration file.

Examples

# Deploy configuration file downconfig.txt to AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] map-configuration downconfig.txt

# Deploy configuration file downconfig.txt to APs with model WA4320i-ACN in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] map-configuration downconfig.txt

nas-id

Use nas-id to set the network access server identifier (NAS ID).

Syntax

nas-id nas-id

undo nas-id

Default

In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, no NAS ID is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

nas-id: Specifies a NAS ID, a case-sensitive string of 1 to 63 characters.

Usage guidelines

After coming online, a client sends a RADIUS request that carries the NAS ID to the RADIUS server to indicate its network access server.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order. You can also set the NAS ID when binding a service template to a radio. If you have specified a NAS ID when binding a service template to a radio, the AP uses the NAS ID specified for the service template.

Examples

# Set the NAS ID to abc123 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-AGN

[Sysname-wlan-ap-ap1] nas-id abc123

# Set the NAS ID to abc123 for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] nas-id abc123

# Set the global NAS ID to abc123.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] nas-id abc123

nas-port-id

Use nas-port-id to set the network access server port identifier (NAS port ID).

Use the undo nas-port-id to restore the default.

Syntax

nas-port-id nas-port-id

undo nas-port-id

Default

In AP view, an AP uses the configuration in AP group view. If no NAS ID is specified in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, no NAS port ID is specified.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

nas-port-id: Specifies a NAS port ID, a case-sensitive string of 1 to 63 characters.

Usage guidelines

After coming online, a client sends a RADIUS request that carries the NAS port ID to the RADIUS server to indicate its network access server.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order. You can also set the NAS port ID when binding a service template to a radio. If you have specified a NAS port ID when binding a service template to a radio, the AP uses the NAS port ID specified for the service template.

Examples

# Set the NAS port ID to abcd1234 for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-AGN

[Sysname-wlan-ap-ap1] nas-port-id abcd1234

# Set the NAS port ID to abcd1234 for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] nas-port-id abcd1234

# Set the global NAS port ID to abcd1234.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] nas-port-id abcd1234

nas-vlan

Use nas-vlan to set the network access server VLAN identifier (NAS VLAN ID) and enable the AC to encapsulate the VLAN ID in RADIUS requests.

Use undo nas-vlan to restore the default.

Syntax

nas-vlan vlan-id

undo nas-vlan

Default

No NAS VLAN ID is set. Authentication requests sent to the RADIUS server do not contain the NAS VLAN ID field.

Views

AP view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a NAS VLAN ID in the range of 1 to 4096.

Usage guidelines

When the NAS VLAN ID is set, the AC encapsulates the VLAN ID in RADIUS requests sent to the RADIUS server to indicate clients' network access server.

Set the NAS VLAN ID when a third-party Security Accounting Management (SAM) server is used as the RADIUS server.

Examples

# Set the NAS VLAN ID to 1234 for the AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] nas-vlan 1234

quick-association enable

Use quick-association to enable quick association.

Use undo quick-association to disable quick association.

Syntax

quick-association enable

undo quick-association enable

Default

Quick association is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.

Examples

# Enable quick association for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1]quick-association enable

region-code

Use region-code to specify a region code.

Use undo region-code to restore the default.

Syntax

region-code code

undo region-code

Default

In AP view, an AP uses the configuration in AP group view. If no region code is specified in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, the region code is CN.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

code: Specifies a region code. For more information about region codes, see Table 36.

Table 36 Region code information

Country	Code	Country	Code
Andorra	AD	Korea, Republic of Korea	KR
United Arab Emirates	AE	Kenya	KE
Albania	AL	Kuwait	KW
Armenia	AM	Kazakhstan	KZ
Australia	AU	Lebanon	LB
Argentina	AR	Liechtenstein	LI
Australia	AT	Sri Lanka	LK
Azerbaijan	AZ	Lithuania	LT
Bosnia and Herzegovina	BA	Luxembourg	LU
Belgium	BE	Latvia	LV
Bulgaria	BG	Libyan	LY
Bahrain	BH	Morocco	MA
Brunei Darussalam	BN	Monaco	MC
Bolivia	BO	Moldova	MD
Brazil	BR	Macedonia	MK
Bahamas	BS	Macau	MO
Belarus	BY	Martinique	MQ
Belize	BZ	Malta	MT
Canada	CA	Mauritius	MU
Switzerland	CH	Mexico	MX
Cote d'ivoire	CI	Malay Archipelago	MY
Chile	CL	Namibia	NA
China	CN	Nigeria	NG
Colombia	CO	Nicaragua	NI
Costarica	CR	Netherlands	NL
Serbia	RS	Norway	NO
Cyprus	CY	New Zealand	NZ
Czech Republic	CZ	Oman	OM
Germany	DE	Panama	PA
Denmark	DK	Peru	PE
Dominica	DO	Poland	PL
Algeria	DZ	Philippines	PH
Ecuador	EC	Pakistan	PK
Estonia	EE	Puerto Rico	PR
Egypt	EG	Portugal	PT
Spain	ES	Paraguay	PY
Faroe Islands	FO	Qatar	QA
Finland	FI	Romania	RO
France	FR	Russian Federation	RU
Britain	GB	Saudi Arabia	SA
Georgia	GE	Sweden	SE
Gibraltar	GI	Singapore	SG
Greenland	GL	Slovenia	SI
Guadeloupe	GP	Slovak	SK
Greece	GR	San Marino	SM
Guatemala	GT	Salvador	SV
Guyana	GY	Syrian	SY
Honduras	HN	Thailand	TH
Hong Kong	HK	Tunisia	TN
Croatia	HR	Turkey	TR
Hungary	HU	Trinidad and Tobago	TT
Iceland	IS	, China	TW
India	IN	Ukraine	UA
Indonesia	ID	United States of America	US
Ireland	IE	Uruguay	UY
Israel	IL	Uzbekistan	UZ
Iraq	IQ	The Vatican City State	VA
Italy	IT	Venezuela	VE
Iran	IR	Virgin Islands	VI
Jamaica	JM	Vietnam	VN
Jordan	JO	Yemen	YE
Japan	JP	South Africa	ZA
Democratic People's Republic of Korea	KP	Zimbabwe	ZW

Usage guidelines

A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

Examples

# Specify US as the region code for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] region-code US

# Specify US as the region code for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] region-code US

# Specify US as the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code US

Related commands

region-code-lock

Use region-code-lock enable to lock the region code.

Use region-code-lock disable to unlock the region code.

Use undo region-code-lock to restore the default.

Syntax

region-code-lock { disable | enable }

undo region-code-lock

Default

In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

In AP group view, an AP uses the configuration in global configuration view.

In global configuration view, the region code is not locked.

Views

AP view

AP group view

Global configuration view

Predefined user roles

network-admin

Parameters

A locked region code cannot be changed.

The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order.

The region-code-lock enable command does not take effect on an AP if you execute this command without specifying a region code first in AP view. The AP's region code is determined by the region code configuration for the AP group to which the AP belongs, or by the global configuration. The same rule applies to an AP group in the same situation.

Examples

# Lock the region code for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] region-code-lock enable

# Lock the region code for AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] region-code-lock enable

# Lock the global region code.

<Sysname> system-view

[Sysname] wlan global-configuration

[Sysname-wlan-global-configuration] region-code-lock enable

Related commands

region-code

reset wlan client

Use reset wlan client to log off a client or all clients.

Syntax

reset wlan client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all clients.

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Log off all clients.

<Sysname> reset wlan client all

Related commands

display wlan client

reset wlan dynamic-blacklist

Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.

Syntax

reset wlan dynamic-blacklist [ mac-address mac-address ]

Views

User view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.

Examples

# Remove all clients from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist

# Remove the specified client from the dynamic blacklist.

<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69

Related commands

display wlan blacklist

reset wlan statistics client

Use reset wlan statistics client to clear client statistics.

Syntax

reset wlan statistics client { all | mac-address mac-address }

View

User view

Predefined user roles

network-admin

Parameters

all: Specifies all clients.

mac-address mac-address: Specifies a client by its MAC address.

Examples

# Clear statistics about all clients.

<Sysname> reset wlan statistics client all

Related commands

display wlan statistics

reset wlan statistics service-template

Use reset wlan statistics service-template to clear service template statistics.

Syntax

reset wlan statistics service-template service-template-name

View

User view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Examples

# Clear statistics about service template service1.

<Sysname> reset wlan statistics service-template service1

Related commands

display wlan statistics

service-template

Use service-template to bind a service template to a radio or a radio interface.

Use undo service-template to unbind a service template from a radio or a radio interface.

Syntax

service-template service-template-name [ nas-id nas-id | nas-port-id nas-port-id ] [ ssid-hide ] [ vlan vlan-id | vlan-group vlan-group-name ]

undo service-template service-template-name

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, no service template is bound to a radio.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

nas-id nas-id: Specifies a NAS ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.

nas-port-id nas-port-id: Specifies a NAS port ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.

ssid-hide: Hides SSIDs in beacon frames.

vlan vlan-id: Specifies a VLAN ID. The value range for this option varies by device model. If you do not specify this option, the radio uses the VLAN configured for the service template. If the specified VLAN does not exist, this command creates the VLAN when clients come online.

vlan-group vlan-group-name: Specifies a VLAN group name, a case-insensitive string of 1 to 31 characters. If you do not specify this option, the radio uses the VLAN configured for the service template. For more information about configuring VLAN groups, see VLAN commands in Layer 2—LAN Switching Command Reference.

Usage guidelines

Before you bind a service template to a radio or a radio interface, you must create the service template.

The VLAN ID or VLAN group configured using this command takes precedence over the VLAN ID configured for a service template.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radio.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-ap-ap1] radio 1

[Sysname-ap-ap1-radio-1] service-template service1 vlan-group vg1

# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radio in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-ACN

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-ACN-radio-1] service-template service1 vlan-group vg1

service-template enable

Use service-template enable to enable a service template.

Use undo service-template enable to disable a service template.

Syntax

service-template enable

undo service-template enable

Default

A service template is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

If the number of BSSs on a device exceeds the limit, you cannot enable a new service template.

Examples

# Enable service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] service-template enable

snmp-agent trap enable wlan client

Use snmp-agent trap enable wlan client to enable SNMP notification for client access.

Use undo snmp-agent trap enable wlan client to disable SNMP notification for client access.

Syntax

snmp-agent trap enable wlan client

undo snmp-agent trap enable wlan client

Default

SNMP notification is disabled for client access.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for client access.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client

snmp-agent trap enable wlan client-audit

Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.

Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.

Syntax

snmp-agent trap enable wlan client-audit

undo snmp-agent trap enable wlan client-audit

Default

SNMP notification is disabled for client audit.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notification for client audit.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan client-audit

ssid

Use ssid to set an SSID for a service template.

Use undo ssid to restore the default.

Syntax

ssid ssid-name

undo ssid

Default

No SSID is configured for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

Disable the service template before you execute this command.

Examples

# Set the SSID to lynn for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] ssid lynn

unknown-client

Use unknown-client to set the way that an AP processes traffic from unknown clients.

Use undo unknown-client to restore the default.

Syntax

unknown-client { deauthenticate | drop }

undo unknown-client

Default

An AP drops packets from unknown clients and deauthenticates these clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

deauthenticate: Drops packets from unknown clients and deauthenticates these clients.

drop: Drops packets from unknown clients.

Examples

# Configure APs that use service template example to drop packets from unknown clients but not deauthenticate these clients.

<Sysname> system-view

[Sysname] wlan service-template example

[Sysname -wlan-st-example] unknown-client drop

vlan

Use vlan to assign clients coming online through a service template to the specified VLAN.

Use undo vlan to restore the default.

Syntax

vlan vlan-id

undo vlan

Default

Clients are assigned to VLAN 1 after coming online through a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094. If the specified VLAN does not exist, this command creates the VLAN when clients come online.

Usage guidelines

Disable the service template before you execute this command.

If the specified VLAN does not exist, this command creates the VLAN when clients come online.

Examples

# Assign clients coming online through service template service1 to VLAN 2.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] vlan 2

wlan client forwarding enable

Use wlan client forwarding enable to enable client traffic forwarding.

Use undo wlan client forwarding enable to disable client traffic forwarding.

Syntax

wlan client forwarding enable

undo wlan client forwarding enable

Default

Client traffic forwarding is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable this feature if you configure the AC as the client traffic forwarder.

Examples

# Disable client traffic forwarding.

<Sysname> system-view

[Sysname] undo wlan client forwarding enable

Related commands

client forwarding-location

wlan client forwarding-policy-name

Use wlan client forwarding-policy-name to apply a forwarding policy to a user profile.

Use undo wlan client forwarding-policy-name to restore the default.

Syntax

wlan client forwarding-policy-name policy-name

undo wlan client forwarding-policy-name

Default

No forwarding policy is applied to a user profile.

Views

User profile view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

For the AC to perform policy-based forwarding for clients that use a user profile, apply a forwarding policy to the user profile. After a client passes authentication, the authentication server sends the user profile name specified for the client to the AC. The AC will forward traffic of the client based on the forwarding policy applied to the user profile.

For the forwarding policy applied to a user profile to take effect, perform the following tasks for the service template that the user profile uses:

· Enable policy-based forwarding.

· Specify the AC to perform client authentication.

If you modify or delete the applied forwarding policy, the change takes effect when the client comes online again.

The AC preferentially uses the forwarding policy applied to a user profile to direct client traffic forwarding. If the user profile of a client does not have a forwarding policy applied, the AC uses the forwarding policy applied to the service template.

Make sure the AC and its associated APs are in different network segments.

Examples

# Apply forwarding policy policyname to user profile profilename.

<Sysname> system-view

[Sysname] user-profile profilename

[Sysname-user-profile-profilename] wlan client forward-policy-name policyname

Related commands

client forwarding-policy enable

client-security authentication-location

wlan client reauthentication-period

Use wlan client reauthentication-period to set the idle period before client reauthentication.

Use undo wlan client reauthentication-period to restore the default.

Syntax

wlan client reauthentication-period [ period-value ]

undo wlan client reauthentication-period

Default

The idle period is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

period-value: Specifies the idle period in the range of 1 to 3600 seconds. By default, the idle period is 10 seconds.

Usage guidelines

Set the idle period before client reauthentication to reduce reauthentication failures.

When URL redirection is enabled for WLAN MAC authentication clients, an AP logs off a client that has passed MAC authentication. At the next MAC authentication attempt, the client can pass MAC authentication and access the WLAN. With the idle period configured, the AP adds the client to the dynamic blacklist after logging off the client and the client entry ages out after the specified idle period.

Examples

# Set the idle period before client reauthentication to 100 seconds.

<Sysname> system-view

[Sysname] wlan client reauthentication-period 100

wlan dynamic-blacklist active-on-ap

Use wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on APs.

Use undo wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on the AC.

Syntax

wlan dynamic-blacklist active-on-ap

undo wlan dynamic-blacklist active-on-ap

Default

The dynamic blacklist takes effect on APs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If you configure the dynamic blacklist to take effect on the AC, all APs connected to the AC will reject the client in the dynamic blacklist. If you configure the dynamic blacklist to take effect on APs, the AP associated with the client in the dynamic blacklist will reject the client, but the client can still associate with other APs connected to the AC. As a best practice, configure the dynamic blacklist to take effect on the AC in high-density environments.

Examples

# Configure the dynamic blacklist to take effect on the AC.

<Sysname> system-view

[Sysname] undo wlan dynamic-blacklist active-on-ap

wlan dynamic-blacklist lifetime

Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries.

Use undo wlan dynamic-blacklist lifetime to restore the default.

Syntax

wlan dynamic-blacklist lifetime lifetime

undo wlan dynamic-blacklist lifetime

Default

The aging time is 300 seconds for dynamic blacklist entries.

Views

System view

Predefined user roles

network-admin

Parameters

lifetime: Specifies the aging time in the range of 1 to 3600 seconds.

Usage guidelines

The configured aging time takes effect only on entries added to the dynamic blacklist after this command is executed.

The aging time for dynamic blacklist entries only applies to rogue client entries.

Examples

# Set the aging time for dynamic blacklist entries to 3600 seconds.

<Sysname> system-view

[Sysname] wlan dynamic-blacklist lifetime 3600

wlan forwarding-policy

Use wlan forwarding-policy to create a forwarding policy and enter its view, or enter the view of an existing forwarding policy.

Use undo wlan forwarding-policy to delete a forwarding policy.

Syntax

wlan forwarding-policy policy-name

undo wlan forwarding-policy policy-name

Default

No forwarding policies are created.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.

You can create a maximum of 1000 forwarding policies.

Examples

# Create forwarding policy abc and enter its view.

<Sysname> system-view

[Sysname] wlan forwarding-policy abc

[Sysname-wlan-fp-abc]

wlan link-test

Use wlan link-test to test wireless link quality.

Syntax

wlan link-test mac-address

Views

Any view

Predefined user roles

network-admin

Parameters

mac-address: Specifies the client MAC address in the H-H-H format.

Usage guidelines

Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.

The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.

Examples

# Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0.

<Sysname> wlan link-test 60a4-4cda-eff0

Testing link to 60a4-4cda-eff0. Press CTRL + C to break.

Link Status

-----------------------------------------------------------------------

MAC address: 60a4-4cda-eff0

-----------------------------------------------------------------------

VHT-MCS Rate(Mbps) TxCnt RxCnt RSSI Retries RTT(ms)

-----------------------------------------------------------------------

NSS = 1

-----------------------------------------------------------------------

0 32.5 5 5 54 0 0

1 65 5 5 51 0 0

2 97.5 5 5 49 0 0

3 130 5 5 47 0 0

4 195 5 5 45 0 0

5 260 5 5 45 0 0

6 292.5 5 5 44 0 0

7 325 5 5 44 0 0

8 390 5 5 44 0 0

9 433.3 5 5 43 0 0

-----------------------------------------------------------------------

NSS = 2

-----------------------------------------------------------------------

0 65 5 5 44 0 0

1 130 5 5 44 0 0

2 195 5 5 44 0 0

3 260 5 5 44 0 0

4 390 5 5 44 0 0

5 520 5 5 44 0 0

6 585 5 5 43 0 0

7 650 5 5 43 0 0

8 780 5 5 43 0 0

9 866.7 5 5 43 0 0

Table 37 Command output

Field	Description
No./MCS/VHT-MCS	· No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients. · MCS—MCS index for link quality test on 802.11n clients. · VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients.
Rate(Mbps)	Rate at which the AP sends wireless link quality detection frames.
TxCnt	Number of wireless link quality detection frames sent by the AP.
RxCnt	Number of responses received by the AP.
RSSI	RSSI of the client detected by the AP.
Retries	Number of wireless link quality retransmission frames sent by the AP.
RTT(ms)	Round trip time for link quality test frames from the AP to the client.
NSS	Number of spatial streams for link quality test on 802.11n or 802.11ac clients.

wlan permit-ap-group

Use wlan permit-ap-group to specify a permitted AP group for client association.

Use undo permit-ap-group to delete a permitted AP group.

Syntax

wlan permit-ap-group ap-group-name

undo wlan permit-ap-group [ ap-group-name ]

Default

No permitted AP group is specified for client association.

Views

User profile view

Predefined user roles

network-admin

Parameters

ap-group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

If no permitted AP group is specified for client association, client access is not restricted.

If you specify a permitted AP group for client association, clients can only associate with APs in the AP group.

The undo form of the command deletes all permitted AP groups if you do not specify the ap-group-name argument.

Examples

# Specify AP group group1 as the permitted AP group for client association.

<Sysname> system-view

[Sysname] user-profile profile1

[Sysname-user-profile-profile1] wlan permit-ap-group group1

wlan permit-ssid

Use wlan permit-ssid to specify a permitted SSID for client association.

Use undo permit-ssid to delete a permitted SSID.

Syntax

wlan permit-ssid ssid-name

undo wlan permit-ssid [ ssid-name ]

Default

No permitted SSID is specified for client association.

Views

User profile view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

If no permitted SSID is specified for client association, client association is not restricted.

If you specify a permitted SSID for client association, clients can only associate with WLANs through the SSID.

The undo form of the command deletes all permitted SSIDs if you do not specify the ssid-name argument.

Examples

# Specify SSID ssid1 as the permitted SSID for client access.

<Sysname> system-view

[Sysname] user-profile profile1

[Sysname-user-profile- profile1] wlan permit-ssid ssid1

wlan service-template

Use wlan service-template to create a service template and enter its view, or enter the view of an existing service template.

Use undo wlan service-template to delete a service template.

Syntax

wlan service-template service-template-name

undo wlan service-template service-template-name

Default

No service template exists.

Views

System view

Predefined user roles

network-admin

Parameters

service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You cannot delete a service template that has been bound to a radio.

Examples

# Create service template service1 and enter its view.

<Sysname> system-view

[Sysname] wlan service-template service1

wlan static-blacklist mac-address

Use wlan static-blacklist mac-address to add a client to the static blacklist.

Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.

Syntax

wlan static-blacklist mac-address mac-address

undo wlan static-blacklist [ mac-address mac-address ]

Default

No clients exist in the static blacklist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

If you add an online client to the static blacklist, the command logs off the client.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.

Do not add multicast or broadcast MAC addresses to the static blacklist.

Examples

# Add MAC address 001c-f0bf-9c92 to the static blacklist.

<Sysname> system-view

[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92

Related commands

display wlan blacklist

wlan web-server api-path

Use wlan web-server api-path to specify the path of the Web server to which client information is reported.

Use undo wlan web-server api-path to restore the default.

Syntax

wlan web-server api-path path

undo wlan web-server api-path

Default

The path of the Web server is not specified.

Views

System view

Predefined user roles

network-admin

Parameters

path: Specifies a path, a case-sensitive string of 1 to 256 characters.

Usage guidelines

The Web server accepts client information only when the server's host name, port number, and path are specified.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the path of the Web server as /wlan/dev-cfg.

<Sysname> system-view

[Sysname] wlan web-server api-path /wlan/dev-cfg

Related commands

wlan web-server host

wlan web-server max-client-entry

wlan web-server host

Use wlan web-server host to specify the host name and port number of the Web server to which client information is reported.

Use undo wlan web-server host to restore the default.

Syntax

wlan web-server host host-name port port-number

undo wlan web-server host

Default

The host name and port number of the Web server are not specified.

Views

System view

Predefined user roles

network-admin

Parameters

host host-name: Specifies a host name, a case-insensitive string of 3 to 127 characters that can contain letters, digits, hyphens (-), underscores (_), and dots (.).

port port-number: Specifies a port number in the range of 1 to 65534.

Usage guidelines

The Web server accepts client information only when the server's host name, port number, and path are specified.

Client information changes are reported to the Web server in real time.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the host name and port number of the Web server as www.abc.com and 668, respectively.

<Sysname> system-view

[Sysname] wlan web-server host www.abc.com port 668

Related commands

wlan web-server api-path

wlan web-server max-client-entry

Use wlan web-server max-client-entry to set the maximum number of client entries that can be reported at a time.

Use undo wlan web-server max-client-entry to restore the default.

Syntax

wlan web-server max-client-entry number

undo wlan web-server max-client-entry

Default

A maximum of ten client entries can be reported at a time.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies a maximum number of client entries that can be reported at a time, in the range of 1 to 25.

Examples

# Set the maximum of client entries that can be reported at a time to 12.

<Sysname> system-view

[Sysname] wlan web-server max-client-entry 12

Related commands

wlan web-server api-path

wlan web-server host

wlan whitelist mac-address

Use wlan whitelist mac-address to add a client to the whitelist.

Use undo wlan whitelist mac-address to remove a client from the whitelist.

Syntax

wlan whitelist mac-address mac-address

undo wlan whitelist [ mac-address mac-address ]

Default

No clients exist in the whitelist.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.

Usage guidelines

When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.

If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.

You cannot add a client to both the whitelist and the static blacklist.

The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.

Do not add multicast or broadcast MAC addresses to the whitelist.

Examples

# Add MAC address 001c-f0bf-9c92 to the whitelist.

<Sysname> system-view

[Sysname] wlan whitelist mac-address 001c-f0bf-9c92

This command will disconnect all clients. Continue? [Y/N]:

Related commands

display wlan whitelist

WLAN security commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

akm mode

Use akm mode to set an authentication and key management (AKM) mode.

Use undo akm mode to restore the default.

Syntax

akm mode { dot1x | private-psk | psk | anonymous-dot1x }

undo akm mode

Default

No AKM mode is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

dot1x: Specifies 802.1X as the AKM mode.

private-psk: Specifies private PSK as the AKM mode.

psk: Specifies PSK as the AKM mode.

anonymous-dot1x: Specifies WiFi alliance anonymous 802.1X as the AKM mode.

Usage guidelines

You must set the AKM mode for 802.11i (RSNA) networks.

Each WLAN service template supports only one AKM mode. Set the AKM mode only when the WLAN service template is disabled.

Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.

Each of the following AKM modes must be used with a specific authentication mode:

· 802.1X AKM—802.1X authentication mode.

· Private PSK AKM—MAC authentication mode.

· PSK AKM—MAC or bypass authentication mode.

· WiFi alliance anonymous 802.1X AKM—802.1X authentication mode.

For more information about the authentication mode, see "Configuring WLAN user access authentication."

Examples

# Set the PSK AKM mode.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] akm mode psk

Related commands

cipher-suite

security-ie

cipher-suite

Use cipher-suite to specify the cipher suite used for frame encryption.

Use undo cipher-suite to remove the cipher suite configuration.

Syntax

cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }

undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }

Default

No cipher suite is specified.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

ccmp: Specifies the AES-CCMP cipher suite.

tkip: Specifies the TKIP cipher suite.

wep40: Specifies the WEP40 cipher suite.

wep104: Specifies the WEP104 cipher suite.

wep128: Specifies the WEP128 cipher suite.

Usage guidelines

You must set the cipher suite for 802.11i networks. Set a cipher suite only when the WLAN service template is disabled.

Set the TKIP or CCMP cipher suite when you configure the RSN IE or WPA IE.

The WEP cipher suite includes three types, WEP40, WEP104, and WEP128. Each WLAN service template supports only one type of WEP cipher suite. After you set a type of WEP cipher suite, you must create and apply a key of the same type.

WEP128 cannot be set if the CCMP or TKIP cipher suite is configured.

Examples

# Set the TKIP cipher suite for frame encryption.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite tkip

Related commands

security-ie

wep key

wep key-id

gtk-rekey client-offline enable

Use gtk-rekey client-offline enable to enable offline-triggered GTK update.

Use undo gtk-rekey client-offline to restore the default.

Syntax

gtk-rekey client-offline enable

undo gtk-rekey client-offline enable

Default

Offline-triggered GTK update is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

Enable offline-triggered GTK update only when GTK update is enabled.

Examples

# Enable offline-triggered GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey client-offline enable

Related commands

gtk-rekey enable

Use gtk-rekey enable to enable GTK update.

Use undo gtk-rekey enable to disable GTK update.

Syntax

gtk-rekey enable

undo gtk-rekey enable

Default

GTK update is enabled.

Views

WLAN service template view

Predefined user roles

network-admin

Examples

# Enable GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey enable

gtk-rekey method

Use gtk-rekey method to set a GTK update method.

Use undo gtk-rekey method to restore the default.

Syntax

gtk-rekey method { packet-based [ packet ] | time-based [ time ] }

undo gtk-rekey method

Default

The GTK is updated at an interval of 86400 seconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

packet-based packet: Specifies the number of packets (including multicasts and broadcasts) that are transmitted before the GTK is updated. The value range for the packet argument is 5000 to 4294967295 and the default is 10000000.

time-based time: Specifies the interval at which the GTK is updated. The value range for the time argument is 180 to 604800 seconds and the default is 86400 seconds.

Usage guidelines

Set the GTK update method only when GTK update is enabled.

The most recent configuration overwrites the previous one. For example, if you set the packet-based method and then set the time-based method, the time-based method takes effect.

If you set the GTK update method after the service template is enabled, the change takes effect when the following conditions exist:

· If you change the GTK update interval, the new interval takes effect when the old timer times out.

· If you change the packet number threshold, the new threshold takes effect immediately.

· If you change the GTK update method to packet-based, the new method takes effect when the timer is deleted and the packet number threshold is reached.

· If you change the GTK update method to time-based, the configuration takes effect immediately.

Examples

# Enable time-based GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey method time-based 3600

# Enable packet-based GTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] gtk-rekey method packet-based 600000

Related commands

gtk-rekey enable

key-derivation

Use key-derivation to set the key derivation function (KDF).

Use undo key-derivation to restore the default.

Syntax

key-derivation { sha1 | sha1-and-sha256 | sha256 }

undo key-derivation

Default

The KDF is the HMAC-SHA1 algorithm.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

sha1: Specifies the HMAC-SHA1 algorithm as the KDF.

sha256: Specifies the HMAC-SHA256 algorithm as the KDF.

sha1-and-sha256: Specifies the HMAC-SHA1 algorithm and the HMAC-SHA256 algorithm as the KDFs.

Usage guidelines

KDFs take effect only for a network that uses the 802.11i mechanism.

The HMAC-SHA256 algorithm is recommended if mandatory management frame protection is enabled.

Examples

# Configure the HMAC-SHA256 algorithm as the KDF.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] key-derivation sha256

Related commands

akm mode

cipher-suite

security-ie

pmf

Use pmf to enable management frame protection.

Use undo pmf to restore the default.

Syntax

pmf { mandatory | optional }

undo pmf

Default

Management frame protection is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

mandatory: Specifies the mandatory mode. Only clients that support management frame protection can access the WLAN.

optional: Specifies the optional mode. All clients can access the WLAN.

Usage guidelines

Management frame protection takes effect only for a network that uses the 802.11i mechanism and is configured with the CCMP cipher suite and RSN security information element.

Examples

# Enable management frame protection in optional mode.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf optional

Related commands

cipher-suite

security-ie

pmf association-comeback

Use pmf association-comeback to set the association comeback time.

Use undo pmf association-comeback to restore the default.

Syntax

pmf association-comeback time

undo pmf association-comeback

Default

The association comeback time is 1 second.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Specifies the association comeback time in the range of 1 to 20 seconds.

Usage guidelines

If an AP rejects the current association or reassociation request from a client, it returns an association/reassociation response that carries the association comeback time. The AP starts to receive the association or reassociation request from the client when the association comeback time times out.

Examples

# Set the association comeback time to 2 seconds.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf association-comeback 2

pmf saquery retrycount

Use pmf saquery retrycount to maximum retransmission attempts for SA query requests.

Use undo pmf saquery retrycount to restore the default.

Syntax

pmf saquery retrycount count

undo pmf saquery retrycount

Default

The maximum retransmission attempt number is 4 for SA query requests.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum retransmission attempts for SA query requests, in the range of 1 to 16.

Usage guidelines

If an AP does not receive an acknowledgment for the SA query request after retransmission attempts reach the maximum number, the AP determines that the client is offline.

Examples

# Set the number of maximum retransmission attempt to 3 for SA query requests.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf saquery retrycount 3

Related commands

pmf

pmf saquery retrycount

pmf saquery retrytimeout

Use pmf saquery retrytimeout to set the interval for sending SA query requests.

Use undo pmf saquery retrytimeout to restore the default.

Syntax

pmf saquery retrytimeout timeout

undo pmf saquery retrytimeout

Default

The interval for sending SA query requests is 200 milliseconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

timeout: Specifies the interval for an AP to send SA query requests, in the range of 100 to 500 milliseconds.

Examples

# Set the interval for sending SA query requests to 300 milliseconds.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] pmf saquery retrytimeout 300

Related commands

pmf

pmf saquery retrytimeout

preshared-key

Use preshared-key to set the PSK.

Use undo preshared-key to restore the default.

Syntax

preshared-key { pass-phrase | raw-key } { cipher | simple } string

undo preshared-key

Default

No PSK is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

pass-phrase: Sets a PSK, a character string.

raw-key: Sets a PSK, a hexadecimal number.

cipher: Sets a key in encrypted form.

simple: Sets a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies a key string. This argument is case sensitive. Key length varies by key type:

· pass-phrase—Its plaintext form is 8 to 63 characters. Its encrypted form is 8 to 117 characters.

· raw-key—Its plaintext form is 64 hexadecimal digits. Its encrypted form is 8 to 117 characters.

Usage guidelines

Set the PSK only when the WLAN service template is disabled and the AKM mode is PSK. If you set the PSK when the AKM mode is 802.1X, the WLAN service template can be enabled but the PSK configuration does not take effect.

You can set only one PSK for a WLAN service template.

Examples

# Configure simple character string 12345678 as the PSK.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] akm mode psk

[Sysname-wlan-st-security] preshared-key pass-phrase simple 12345678

Related commands

akm mode

ptk-lifetime

Use ptk-lifetime to set the PTK lifetime.

Use undo ptk-lifetime to restore the default.

Syntax

ptk-lifetime time

undo ptk-lifetime

Default

The PTK lifetime is 43200 seconds.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Specifies the lifetime of the PSK, in the range of 180 to 604800 seconds.

Usage guidelines

If you configure the PTK lifetime when the service template is enabled, the configuration takes effect after the old timer times out.

Examples

# Set the PTK lifetime to 200 seconds.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] ptk-lifetime 200

ptk-rekey enable

Use ptk-rekey enable to enable PTK update.

Use undo ptk-rekey enable to disable PTK update.

Syntax

ptk-rekey enable

undo ptk-rekey enable

Default

PTK update is enabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

This feature enables the device to update the PTK after the PTK lifetime expires.

Examples

# Enable PTK update.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] ptk-rekey enable

Related commands

ptk-lifetime

security-ie

Use security-ie to enable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.

Use undo security-ie to disable the OSEN IE, RSN IE, or WPA IE in beacon and probe responses.

Syntax

security-ie { osen | rsn | wpa }

undo security-ie { osen | rsn | wpa }

Default

OSEN IE, RSN IE, and WPA IE are disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

osen: Enables the OSEN IE in the beacon and probe response frames sent by the AP. The OSEN IE advertises the OSEN capabilities of the AP.

rsn: Enables the RSN IE in the beacon and probe response frames sent by the AP. The RSN IE advertises the RSN capabilities of the AP.

wpa: Enables the WPA IE in the beacon and probe response frames sent by the AP. The WPA IE advertises the WPA capabilities of the AP.

Usage guidelines

You must set the security IE for 802.11i networks. Set a security IE only when the WLAN service template is disabled and the CCMP or TKIP cipher suite is configured.

You can set both the WPA IE and RSN IE for the same WLAN service template. The WPA IE and RSN IE cannot be used together with the OSEN IE for a WLAN service template.

Set the WiFi alliance anonymous 802.1X AKM mode if the OSEN IE is used.

Examples

# Enable the RSN IE in beacon and probe responses.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] security-ie rsn

Related commands

akm mode

cipher-suite

snmp-agent trap enable wlan usersec

Use snmp-agent trap enable wlan usersec to enable SNMP notifications for WLAN security.

Use undo snmp-agent trap enable wlan usersec to disable SNMP notifications for WLAN security.

Syntax

snmp-agent trap enable wlan usersec

undo snmp-agent trap enable wlan usersec

Default

SNMP notifications are disabled for WLAN security.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN security events to an NMS, enable SNMP notifications for WLAN security. For WLAN security event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.

Examples

# Enable SNMP notifications for WLAN security.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan usersec

tkip-cm-time

Use tkip-cm-time to set the TKIP MIC failure hold time.

Use undo tkip-cm-time to restore the default.

Syntax

tkip-cm-time time

undo tkip-cm-time

Default

The TKIP MIC failure hold time is 0 seconds. The AP does not take any countermeasures.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

time: Sets the TKIP MIC failure hold time in the range of 0 to 3600 seconds.

Usage guidelines

Set the TKIP MIC failure hold time only when the TKIP cipher suite is configured.

If you configure the MIC failure hold time when the service template is enabled, the configuration takes effect after the old timer times out.

If the AP detects two MIC failures within the MIC failure hold time, it disassociates all clients for 60 seconds.

Examples

# Set the TKIP MIC failure hold time to 180 seconds.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] tkip-cm-time 180

Related commands

cipher-suite

wep key

Use wep key to set a WEP key.

Use undo wep key to delete the configured WEP key.

Syntax

wep key key-id { wep40 | wep104 | wep128 } { pass-phrase | raw-key } { cipher | simple } string

undo wep key key-id

Default

No WEP key is set.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

key-id: Sets the key ID in the range of 1 to 4.

wep40: Sets the WEP40 key.

wep104: Sets the WEP104 key.

wep128: Sets the WEP128 key.

pass-phrase: Sets a WEP key, a character string.

raw-key: Sets a WEP key, a hexadecimal number.

cipher: Sets a key in encrypted form.

simple: Sets a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

key: Specifies a key string. This argument is case sensitive. The cipher key length is in the range of 37 to 73 characters. The plaintext key length varies by key type:

· wep40 pass-phrase—Its plaintext form is 5 characters.

· wep104 pass-phrase—Its plaintext form is 13 characters.

· wep128 pass-phrase—Its plaintext form is 16 characters.

· wep40 raw-key—Its plaintext form is 10 hexadecimal digits.

· wep104 raw-key—Its plaintext form is 26 hexadecimal digits.

· wep128 raw-key—Its plaintext form is 32 hexadecimal digits.

Usage guidelines

Set a WEP key only when the WLAN service template is disabled and the cipher suite WEP is configured. You can set a maximum of four WEP keys.

Examples

# Configure the cipher suite WEP40 and configure plain text 12345 as WEP key 1.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite wep40

[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345

Related commands

cipher-suite

wep key-id

Use wep key-id to apply a WEP key.

Use undo wep key-id to restore the default.

Syntax

wep key-id { 1 | 2 | 3 | 4 }

undo wep key-id

Default

Key 1 is applied.

Views

WLAN service template view

Predefined user roles

network-admin

Parameters

1: Specifies the WEP key whose ID is 1.

2: Specifies the WEP key whose ID is 2.

3: Specifies the WEP key whose ID is 3.

4: Specifies the WEP key whose ID is 4.

Usage guidelines

Apply a WEP key only when the WLAN service template is disabled.

In the 802.11i mechanism, key 1 is the negotiated key. To apply a WEP key, specify a WEP key whose ID is not 1.

You can only apply an existing WEP key.

Examples

# Configure the cipher suite WEP40, configure plain text 12345 as WEP key 1, and apply WEP key 1.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] cipher-suite wep40

[Sysname-wlan-st-security] wep key 1 wep40 pass-phrase simple 12345

[Sysname-wlan-st-security] wep key-id 1

Related commands

wep key

wep mode dynamic

Use the wep mode dynamic command to enable the dynamic WEP mechanism.

Use the undo wep mode dynamic command to disable the dynamic WEP mechanism.

Syntax

wep mode dynamic

undo wep mode dynamic

Default

The dynamic WEP mechanism is disabled.

Views

WLAN service template view

Predefined user roles

network-admin

Usage guidelines

Enable the dynamic WEP mechanism only when the WLAN service template is disabled.

The dynamic WEP mechanism requires 802.1X authentication for user access authentication.

Do not apply WEP key 4 if the dynamic WEP mechanism is enabled.

Examples

# Enable the dynamic WEP mechanism.

<Sysname> system-view

[Sysname] wlan service-template security

[Sysname-wlan-st-security] wep mode dynamic

Related commands

cipher-suite

client-security authentication-mode

wep key

wep key-id

WLAN authentication commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

This chapter describes WLAN-specific authentication commands. For more information about 802.1X and MAC authentication commands, see Security Command Reference.

client url-redirect enable

Use client url-redirect enable to enable URL redirection for WLAN clients.

Use undo client url-redirect enable to disable URL redirection for WLAN clients.

Syntax

client url-redirect enable

undo client url-redirect enable

Default

URL redirection is disabled for WLAN clients

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

This command takes effect only on clients that use RADIUS-based MAC authentication.

A client is allowed to pass RADIUS-based MAC authentication only when its credential information (username and password) and MAC address are recorded on the RADIUS server.

This command facilitates MAC authentication for a client whose credential information and MAC address are not recorded on the RADIUS server. After this command is enabled, the client will perform Web authentication on the Web interface specified by the RADIUS server-assigned redirect URL. After the client passes Web authentication, the RADIUS server records the client's credential information and MAC address. At the same time, the server uses DM requests to log off the client. At the next MAC authentication attempt, the client can pass MAC authentication. For information about DMs, see AAA in Security Configuration Guide.

Examples

# Enable URL redirection for WLAN clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client url-redirect enable

client-security accounting-delay time

Use client-security accounting-delay time to configure the accounting delay.

Use undo client-security accounting-delay time to restore the default.

Syntax

client-security accounting-delay time time [ no-ip-logoff ]

undo client-security accounting-delay time

Default

The device sends start-accounting requests for a client when the device learns the IP address of the client.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Specifies the accounting delay timer that starts after the client passes 802.1X or MAC authentication. The value range for the time argument is 1 to 60 seconds.

no-ip-logoff: Logs off a client if the device fails to obtain the client IP address within the delay timer. If you do not specify this keyword, the device sends start-accounting requests when the delay timer expires.

Usage guidelines

The device takes a predefined action on a client if it does not learn an IP address of the specified type for the client within the delay time. To specify the type of IP addresses that have the accounting-start qualification, use the client-security accounting-start trigger command. When the IP address type is set to none, the accounting delay feature does not take effect.

As a best practice, consider the time the device takes to obtain an IP address when you set the accounting delay timer. Increase the delay timer in a low-performance network.

If you execute this command on a service template that has been enabled, the command takes effect only on subsequent clients. It does not affect clients that have been online since before this command is executed.

Examples

# On service template service1, set the accounting delay timer to 15 seconds. Configure the device to log off a client if it fails to learn the required client IP address within the delay timer.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-delay time 15 no-ip-logoff

Related commands

client-security accounting-start trigger

Use client-security accounting-start trigger to specify an IP address type to have the accounting-start qualification.

Use undo client-security accounting-start trigger to restore the default.

Syntax

client-security accounting-start trigger { ipv4 | ipv4-ipv6 | ipv6 | none }

undo client-security accounting-start trigger

Default

The IP address type is IPv4.

Views

Service template view

Predefined user roles

network-admin

Parameters

ipv4: Specifies the IPv4 address type.

ipv4-ipv6: Specifies the IPv4 or IPv6 address type.

ipv6: Specifies the IPv6 address type.

none: Configures the device to send start-accounting requests for a client when the client passes authentication.

Usage guidelines

This command allows the device to send start-accounting requests to the accounting server only for clients that use a specific type of IP addresses. The command takes effect on clients that have passed 802.1X or MAC authentication. For more information about accounting, see AAA in Security Configuration Guide.

To configure an IP address type to have the accounting-start qualification, you must enable learning for IP addresses of that type. For information about wireless client IP address learning, see WLAN IP snooping in WLAN Configuration Guide.

The IP address type setting configured by using this command must meet the protocol requirements of the accounting server.

Examples

# On service template service1, allow the device to send start-accounting requests only for clients that use IPv6 addresses.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-start trigger ipv6

Related commands

client ipv4-snooping arp-learning enable

client ipv4-snooping dhcp-learning enable

client ipv6-snooping dhcpv6-learning enable

client ipv6-snooping nd-learning enable

client ipv6-snooping snmp-nd-report enable

client-security accounting-delay time

client-security accounting-update trigger

Use client-security accounting-update trigger to specify an IP address type to have the accounting-update qualification.

Use undo client-security accounting-update trigger to restore the default.

Syntax

client-security accounting-update trigger { ipv4 | ipv4-ipv6 | ipv6 }

undo client-security accounting-update trigger

Default

The device sends update-accounting requests to the accounting server at the server-assigned or user-defined realtime accounting interval.

Views

Service template view

Predefined user roles

network-admin

Parameters

ipv4: Specifies the IPv4 address type, which indicates that the device triggers accounting update for a client only when the learned IP address of the client changes to an IPv4 address.

ipv4-ipv6: Specifies the IPv4 or IPv6 address type, which indicates that the device triggers accounting update for a client whenever the learned IP address of the client changes.

ipv6: Specifies the IPv6 address type, which indicates that the device triggers accounting update for a client only when the learned IP address of the client changes to an IPv6 address.

Usage guidelines

This command takes effect only when the client-security accounting-start trigger command takes effect.

This command is independent of the periodic realtime-accounting feature. For example, if you configure the accounting-update trigger as client IP addresses changing to IPv6 addresses and set the realtime accounting interval to 12 minutes, both settings take effect. For a client that uses the settings, the device sends update-accounting requests every 12 minutes and triggers accounting update whenever the client IP address changes to an IPv6 address.

To set the realtime accounting interval, use the timer realtime-accounting command.

Examples

# On service template service1, configure the device to trigger accounting update for a client whenever the client IP address changes to an IPv6 address.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security accounting-update trigger ipv6

Related commands

client-security accounting-start trigger

timer realtime-accounting (Security Command Reference)

client-security authentication critical-vlan

Use client-security authentication critical-vlan to configure a critical VLAN for a service template.

Use undo client-security authentication critical-vlan to restore the default.

Syntax

client-security authentication critical-vlan vlan-id

undo client-security authentication critical-vlan

Default

No critical VLAN exists for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies the ID of the critical VLAN, in the range of 1 to 4094.

Usage guidelines

The WLAN critical VLAN accommodates clients that have failed WLAN authentication because all RADIUS servers in their ISP domains are unreachable. Clients in the critical VLAN can access a limited set of network resources depending on the configuration.

The authenticator reauthenticates a client in the critical VLAN at the interval of 30 seconds.

· If the client passes the reauthentication, the authenticator assigns the client to the authorization VLAN. If no authorization VLAN is configured, the client is assigned to the initial VLAN.

· If the client fails the reauthentication because all the RADIUS servers are unreachable, the client is still in the critical VLAN.

· If the client fails the reauthentication for any reason other than unreachable servers, the device assigns the client to the Auth-Fail VLAN. If no Auth-Fail VLAN is configured, the device handles the client depending on the intrusion protection setting. If the intrusion protection feature is not configured, the device logs off the client.

The critical VLAN feature does not take effect on clients that use RSNA. When these clients fail authentication because all the RADIUS servers are unreachable, the authenticator directly logs off the clients.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure VLAN 10 as the critical VLAN on service template 1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security authentication critical-vlan 10

client-security authentication fail-vlan

Use client-security authentication fail-vlan to configure an Auth-Fail VLAN for a service template.

Use undo client-security authentication fail-vlan to restore the default.

Syntax

client-security authentication fail-vlan vlan-id

undo client-security authentication fail-vlan

Default

No Auth-Fail VLAN exists for a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies the ID of the Auth-Fail VLAN, in the range of 1 to 4094. Make sure the VLAN has been created.

Usage guidelines

The WLAN Auth-Fail VLAN accommodates clients that have failed WLAN authentication because of the failure to comply with the organization security strategy. For example, the VLAN accommodates clients that have entered invalid passwords. The Auth-Fail VLAN does not accommodate WLAN clients that have failed authentication for authentication timeouts or network connection problems.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure VLAN 10 as the Auth-Fail VLAN on service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] client-security authentication fail-vlan 10

client-security authentication-location

Use client-security authentication-location to specify the authenticator for WLAN clients.

Use undo client-security authentication-location to restore the default.

Syntax

client-security authentication-location { ac | ap }

undo client-security authentication-location

Default

The AC acts as the authenticator to authenticate WLAN clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

ac: Specifies the AC as the authenticator.

ap: Specifies the AP as the authenticator.

Usage guidelines

You cannot specify the AP as the authenticator if the AC is configured to forward client data traffic (by using the client forwarding-location command). For information about the client forwarding-location command, see "WLAN access commands."

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure the AC as the authenticator for WLAN clients on service template s1.

<Sysname> system-view

[Sysname] wlan service-template s1

[Sysname-wlan-st-s1] client-security authentication-location ac

Related commands

client forwarding-location

client-security authentication-mode

Use client-security authentication-mode to set the authentication mode for WLAN clients.

Use undo client-security authentication-mode to restore the default.

Syntax

client-security authentication-mode { dot1x | dot1x-then-mac | mac | mac-then-dot1x | oui-then-dot1x }

undo client-security authentication-mode

Default

The WLAN authentication mode is Bypass. The device does not perform authentication for WLAN clients.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot1x: Performs 802.1X authentication only.

dot1x-then-mac: Performs 802.1X authentication first, and then MAC authentication. If the client passes 802.1X authentication, MAC authentication is not performed.

mac: Performs MAC authentication only.

mac-then-dot1x: Performs MAC authentication first, and then 802.1X authentication. If the client passes MAC authentication, 802.1X authentication is not performed.

oui-then-dot1x: Performs OUI authentication first, and then 802.1X authentication. If the client passes OUI authentication, 802.1X authentication is not performed.

Usage guidelines

A service template allows access of multiple authenticated clients in any authentication mode. To set the maximum number of 802.1X clients, use the dot1x max-user command. To set the maximum number of MAC authentication clients, use the mac-authentication max-user command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Set the authentication mode to mac for WLAN clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security authentication-mode mac

client-security authorization-fail offline

Use client-security authorization-fail offline to enable the authorization-fail-offline feature.

Use undo client-security authorization-fail offline to disable the authorization-fail-offline feature.

Syntax

client-security authorization-fail offline

undo client-security authorization-fail offline

Default

The authorization-fail-offline feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

The authorization-fail-offline feature logs off WLAN clients that fail ACL or user profile authorization.

A WLAN client fails ACL or user profile authorization in the following situations:

· The device or server fails to authorize the specified ACL or user profile to the client.

· The authorized ACL or user profile does not exist.

If this feature is disabled, the device does not log off WLAN clients that fail ACL or user profile authorization. However, the device outputs logs to report the failure.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the authorization-fail-offline feature for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security authorization-fail offline

client-security ignore-authentication

Use client-security ignore-authentication to configure the device to ignore the 802.1X or MAC authentication failures.

Use undo client-security ignore-authentication to restore the default.

Syntax

client-security ignore-authentication

undo client-security ignore-authentication

Default

The device does not ignore the authentication failures for wireless clients that use 802.1X authentication or RADIUS-based MAC authentication.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command applies to the following clients:

· Clients that use 802.1X authentication.

This command enables the device to ignore the 802.1X authentication failures and allow clients that have failed 802.1X authentication to come online.

· Clients that use both RADIUS-based MAC authentication and portal authentication.

Typically, a client must pass MAC authentication and portal authentication in turn to access network resources. The client provides username and password each time portal authentication is performed.

This command simplifies the authentication process for a client as follows:

¡ If the RADIUS server already records the client's MAC authentication information, the client passes MAC authentication. The device allows the client to access network resources without performing portal authentication.

¡ If the RADIUS server does not record the client's MAC authentication information, the client fails MAC authentication. The device ignores the MAC authentication failure and performs portal authentication for the client. If the client passes portal authentication, it can access network resources. The MAC address of the portal authenticated client will be recorded as MAC authentication information on the RADIUS server.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For 802.1X clients that use RSN to roam to a new AP, do not use this command.

Examples

# Configure the device to ignore 802.1X or MAC authentication failures on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security ignore-authentication

client-security ignore-authorization

Use client-security ignore-authorization to configure the device to ignore the authorization information received from the authentication server (a RADIUS server or the local device).

Use undo client-security ignore-authorization to restore the default.

Syntax

client-security ignore-authorization

undo client-security ignore-authorization

Default

The device uses the authorization information from the server.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

After a client passes RADIUS or local authentication, the server performs authorization based on the authorization attributes configured for the user account. For example, the server can assign a VLAN. If you do not want the device to use these authorization attributes for clients, configure this command to ignore the authorization information from the server.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Configure the device to ignore the authorization information from the authentication server for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security ignore-authorization

client-security intrusion-protection action

Use client-security intrusion-protection action to configure the intrusion protection action that the device takes when intrusion protection detects illegal frames.

Use undo client-security intrusion-protection action to restore the default.

Syntax

client-security intrusion-protection action { service-stop | temporary-block | temporary-service-stop }

undo client-security intrusion-protection action

Default

The intrusion protection action is temporary-block.

Views

Service template view

Predefined user roles

network-admin

Parameters

service-stop: Stops the BSS where an illegal frame is received until the BSS is enabled manually on the radio interface.

temporary-block: Adds the source MAC address of an illegal frame to the blocked MAC address list for a period. To set the period, use the client-security intrusion-protection timer temporary-block command.

temporary-service-stop: Stops the BSS where an illegal frame is received for a period. To set the period, use the client-security intrusion-protection timer temporary-service-stop command.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For this command to take effect, you must also use the client-security intrusion-protection enable command to enable the intrusion protection feature.

Examples

# Configure the device to stop the BSS where intrusion protection detects illegal frames for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action service-stop

Related commands

client-security intrusion-protection enable

client-security intrusion-protection timer temporary-block

client-security intrusion-protection timer temporary-service-stop

client-security intrusion-protection enable

Use client-security intrusion-protection enable to enable the intrusion protection feature.

Use undo client-security intrusion-protection enable to disable the intrusion protection feature.

Syntax

client-security intrusion-protection enable

undo client-security intrusion-protection enable

Default

The intrusion protection feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

When the device receives an association request from an illegal client, the device takes the predefined protection action on the BSS where the request is received. A client is illegal if its MAC address fails WLAN authentication. To set the protection action, use the client-security intrusion-protection action command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the intrusion protection feature for service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

Related commands

client-security intrusion-protection action

client-security intrusion-protection timer temporary-block

Use client-security intrusion-protection timer temporary-block to set the period during which a MAC address is blocked by intrusion protection.

Use undo client-security intrusion-protection timer temporary-block to restore the default.

Syntax

client-security intrusion-protection timer temporary-block time

undo client-security intrusion-protection timer temporary-block

Default

An illegal MAC address is blocked for 180 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Specifies the period during which a MAC address is blocked. The value range is 60 to 300 seconds.

Usage guidelines

This command takes effect only when the intrusion protection action is temporary-block.

If you change the blocking period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.

Examples

# Configure service template service1 to block illegal MAC addresses for 120 seconds.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-block

[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-block 120

Related commands

client-security intrusion-protection action

client-security intrusion-protection enable

client-security intrusion-protection timer temporary-service-stop

Use client-security intrusion-protection timer temporary-service-stop to set the BSS silence period for intrusion protection.

Use undo client-security intrusion-protection timer temporary-service-stop to restore the default.

Syntax

client-security intrusion-protection timer temporary-service-stop time

undo client-security intrusion-protection timer temporary-service-stop

Default

The BSS silence period for intrusion protection is 20 seconds.

Views

Service template view

Predefined user roles

network-admin

Parameters

time: Specifies the period during which a BSS is disabled. The value range is 10 to 300 seconds.

Usage guidelines

This command takes effect only when the intrusion protection action is temporary-service-stop.

If you change the BSS silence period after the service template is enabled, the new setting takes effect on the subsequent detected illegal packets.

Examples

# Set the BSS silence period to 30 seconds for intrusion protection on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client-security intrusion-protection enable

[Sysname-wlan-st-service1] client-security intrusion-protection action temporary-service-stop

[Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-service-stop 30

Related commands

client-security intrusion-protection action

client-security intrusion-protection enable

display wlan client-security block-mac

Use display wlan client-security block-mac to display blocked MAC address information for WLAN clients.

Syntax

display wlan client-security block-mac [ ap ap-name [ radio radio-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and minus signs (-). If you do not specify this option, the command displays information about all blocked MAC addresses.

radio radio-id: Specifies a radio by its ID. The value range for the radio-id argument varies by AP model. If you do not specify this option, the command displays blocked MAC address information for all radios on the specified AP.

Usage guidelines

A MAC address that fails authentication is added to the blocked MAC address list when the intrusion protection action is temporary-block.

Examples

# Display information about all blocked MAC addresses.

<Sysname> display wlan client-security block-mac

MAC address AP ID RADIO ID BSSID

0002-0002-0002 1 1 00ab-0de1-0001

000d-88f8-0577 1 1 0ef1-0001-02c1

Total entries: 2

Table 38 Command output

Field	Description
MAC address	Blocked MAC address, in the format of H-H-H.
AP ID	AP ID of the blocked MAC address.
RADIO ID	Radio ID of the blocked MAC address.
BSSID	BSS ID of the blocked MAC address, in the format of H-H-H.
Total entries	Number of blocked MAC addresses.

Related commands:

client-security intrusion-protection action

client-security intrusion-protection timer temporary-block

dot1x domain

Use dot1x domain to specify an authentication domain for 802.1X clients on a service template.

Use undo dot1x domain to restore the default.

Syntax

dot1x domain domain-name

undo dot1x domain

Default

No authentication domain is specified for 802.1X clients on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

802.1X chooses an authentication domain for WLAN clients in the following order:

1. Authentication domain specified on the service template.

2. Domain specified by username.

3. Default authentication domain.

Examples

# Specify ISP domain my-domain as the authentication domain for 802.1X clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x domain my-domain

dot1x eap

Use dot1x eap to specify the EAP mode for 802.1X authentication.

Use undo dot1x eap to restore the default.

Syntax

dot1x eap { extended | standard }

undo dot1x eap

Default

The EAP mode is standard for 802.1X authentication.

Views

Service template view

Predefined user roles

network-admin

Parameters

extended: Specifies the extended EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the proprietary EAP protocol.

standard: Specifies the standard EAP mode. This mode requires the device to interact with clients according to the provisions and packet format defined by the standard EAP protocol.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When you configure this command, specify the extended keyword for iNode clients and the standard keyword for other clients.

This command is required only when an IMC server is used as the RADIUS server.

Examples

# Set the EAP mode to extended for service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] dot1x eap extended

dot1x handshake enable

Use dot1x handshake enable to enable the 802.1X online user handshake feature.

Use undo dot1x handshake enable to disable the 802.1X online user handshake feature.

Syntax

dot1x handshake enable

undo dot1x handshake enable

Default

The 802.1X online user handshake feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

The online user handshake feature checks the connection status of online 802.1X clients by periodically sending handshake messages to the clients. The device sets a client to the offline state if it does not receive responses from the client after making the maximum handshake attempts within the handshake timer. To set the handshake timer, use the dot1x timer handshake-period command. To set the maximum handshake attempts, use the dot1x retry command.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the online user handshake feature for 802.1X clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x handshake enable

Related commands

dot1x handshake secure enable

dot1x retry (Security Command Reference)

dot1x timer handshake-period (Security Command Reference)

dot1x handshake secure enable

Use dot1x handshake secure enable to enable the 802.1X online user handshake security feature.

Use undo dot1x handshake secure enable to disable the 802.1X online user handshake security feature.

Syntax

dot1x handshake secure enable

undo dot1x handshake secure enable

Default

The 802.1X online user handshake security feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

For the 802.1X online user handshake security feature to take effect, you must enable the 802.1X online user handshake feature.

The online user handshake security feature protects only authenticated online 802.1X clients.

Examples

# Enable the 802.1X online user handshake security feature on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x handshake enable

[Sysname-wlan-st-service1] dot1x handshake secure enable

Related commands

dot1x handshake enable

dot1x max-user

Use dot1x max-user to set the maximum number of concurrent 802.1X clients on a service template.

Use undo dot1x max-user to restore the default.

Syntax

dot1x max-user count

undo dot1x max-user

Default

A maximum of 4096 concurrent 802.1X clients are allowed on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of concurrent 802.1X clients. The value range is 1 to 4096.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When the maximum number is reached, the service template denies subsequent 802.1X clients.

Examples

# Set the maximum number of concurrent 802.1X clients to 32 on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x max-user 500

dot1x re-authenticate enable

Use dot1x re-authenticate enable to enable the 802.1X periodic online user reauthentication feature.

Use undo dot1x re-authenticate enable to disable the 802.1X periodic online user reauthentication feature.

Syntax

dot1x re-authenticate enable

undo dot1x re-authenticate enable

Default

The 802.1X periodic online user reauthentication feature is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Periodic reauthentication enables the device to periodically authenticate online 802.1X clients on a service template. This feature checks the connection status of online clients and updates the authorization attributes assigned by the server, such as the ACL, VLAN, and user profile.

You can use the dot1x timer reauth-period command to configure the interval for reauthentication.

The server-assigned session timeout timer (Session-Timeout attribute) and termination action (Termination-Action attribute) can affect the periodic online user reauthentication feature. To display the server-assigned Session-Timeout and Termination-Action attributes, use the display dot1x connection command (see Security Command Reference).

· If the termination action is Default (logoff), periodic online user reauthentication on the template takes effect only when the periodic reauthentication timer is shorter than the session timeout timer.

· If the termination action is Radius-request, the periodic online user reauthentication configuration on the template does not take effect. The device reauthenticates the online 802.1X clients after the session timeout timer expires.

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

Examples

# Enable the 802.1X periodic online user reauthentication feature on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] dot1x re-authenticate enable

Related commands

dot1x timer (Security Command Reference)

mac-authentication domain

Use mac-authentication domain to specify an authentication domain for MAC authentication clients on a service template.

Use undo mac-authentication domain to restore the default.

Syntax

mac-authentication domain domain-name

undo mac-authentication domain

Default

No authentication domain is specified for MAC authentication clients on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

MAC authentication chooses an authentication domain for WLAN clients in the following order:

1. Authentication domain specified on the service template.

2. Global authentication domain specified in system view.

3. Default authentication domain.

Examples

# Specify ISP domain my-domain as the authentication domain for MAC authentication clients on service template service1.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] mac-authentication domain my-domain

mac-authentication max-user

Use mac-authentication max-user to set the maximum number of concurrent MAC authentication clients on a service template.

Use undo mac-authentication max-user to restore the default.

Syntax

mac-authentication max-user count

undo mac-authentication max-user

Default

A maximum of 4096 concurrent MAC authentication clients are allowed on a service template.

Views

Service template view

Predefined user roles

network-admin

Parameters

count: Specifies the maximum number of concurrent MAC authentication clients. The value range for this argument is 1 to 4096.

Usage guidelines

This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

When the maximum number is reached, the service template denies subsequent MAC authentication clients.

Examples

# Configure service template service1 to support a maximum of 32 concurrent MAC authentication clients.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] mac-authentication max-user 32

WIPS commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

access-scan enable

Use access-scan enable to configure APs to perform WIPS scanning while providing access services.

Use undo access-scan enable to disable APs from performing WIPS scanning while providing access services.

Syntax

access-scan enable

undo access-scan enable

Default

APs do not perform WIPS scanning while they are providing access services.

Views

WIPS view

Predefined user roles

network-admin

Usage guidelines

This command enhances the WIPS detection and protection capabilities but decreases the access service capability.

Examples

# Configure APs to perform WIPS scanning while providing access services.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] access-scan enable

ap-channel-change

Use ap-channel-change to configure channel change detection.

Use undo ap-channel-change to disable channel change detection.

Syntax

ap-channel-change [ quiet quiet-value ]

undo ap-channel-change

Default

Channel change detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a channel change. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a channel change within the quiet time.

Examples

# Configure channel change detection.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-channel-change quiet 5

ap-classification rule

Use ap-classification rule to create an AP classification rule and enter its view, or enter the view of an existing AP classification rule.

Use undo ap-classification rule to remove an AP classification rule.

Syntax

ap-classification rule rule-id

undo ap-classification rule rule-id

Default

No AP classification rules exist.

Views

WIPS view

Predefined user roles

network-admin

Parameters

rule-id: Specifies an AP classification rule ID in the range of 1 to 65535.

Examples

# Create AP classification rule 1 and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

ap-flood

Use ap-flood to configure AP flood attack detection.

Use undo ap-flood to disable AP flood attack detection.

Syntax

ap-flood [ apnum apnum-value | exceed exceed-value | quiet quiet-value ] *

undo ap-flood

Default

AP flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

apnum apnum-value: Specifies the AP number threshold in the range of 10 to 200. The default AP number threshold is 80.

exceed exceed-value: Specifies the maximum number of excessive APs allowed. The value range for the exceed-value argument is 10 to 200 and the default value is 80. If the number of APs exceeds the sum of the AP number threshold and the maximum number of excessive APs allowed, WIPS triggers an AP flood attack alarm.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP flood attack within the quiet time.

Examples

# Enable AP flood attack detection, and set the apnum-value, exceed-value, and quiet-value arguments to 50, 50, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-flood apnum 50 exceed 50 quiet 100

ap-impersonation

Use ap-impersonation to configure AP impersonation attack detection.

Use undo ap-impersonation to disable AP impersonation attack detection.

Syntax

ap-impersonation [ quiet quiet-value ]

undo ap-impersonation

Default

AP impersonation attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP impersonation attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP impersonation attack within the quiet time.

Examples

# Enable AP impersonation attack detection, and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-impersonation quiet 360

apply ap-classification rule

Use apply ap-classification rule to bind an AP classification rule to a classification policy.

Use undo apply ap-classification rule to cancel the configuration.

Syntax

apply ap-classification rule rule-id { authorized-ap | { { external-ap | misconfigured-ap | rogue-ap } [ severity-level level ] } }

undo apply ap-classification rule rule-id

Default

No AP classification rule is bound to a classification policy.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

rule-id: Specifies an AP classification rule by its ID in the range of 1 to 65535.

authorized-ap: Specifies APs that match the AP classification rule as authorized APs.

external-ap: Specifies APs that match the AP classification rule as external APs.

misconfigured-ap: Specifies APs that match the AP classification rule as misconfigured APs.

rogue-ap: Specifies APs that match the AP classification rule as rogue APs.

level: Specifies a severity level for the AP that matches the AP classification rule, in the range of 1 to 100. The default severity level is 50.

Examples

# Bind AP classification rule 1 to classification policy home, specify APs that match AP classification rule 1 as rogue APs, and set the severity level to 80.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] apply ap-classification rule 1 rogue-ap severity-level 80

Related commands

ap-classification rule

apply classification policy

Use apply classification policy to apply a classification policy to a virtual security domain (VSD).

Use undo apply classification policy to remove a classification policy from a VSD.

Syntax

apply classification policy policy-name

undo apply classification policy policy-name

Default

No classification policy is applied to a VSD.

Views

VSD view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a classification policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Apply classification policy policy1 to VSD home.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain home

[Sysname-wips-vsd-home] apply classification policy policy1

apply countermeasure policy

Use apply countermeasure policy to apply a countermeasure policy to a VSD.

Use undo apply countermeasure policy to remove a countermeasure policy from a VSD.

Syntax

apply countermeasure policy policy-name

undo apply countermeasure policy policy-name

Default

No countermeasure policy is applied to a VSD.

Views

VSD view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a countermeasure policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Apply countermeasure policy policy2 to VSD home.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain home

[Sysname-wips-vsd-home] apply countermeasure policy policy2

apply detect policy

Use apply detect policy to apply an attack detection policy to a VSD.

Use undo apply detect policy to remove an attack detection policy from a VSD.

Syntax

apply detect policy policy-name

undo apply detect policy policy-name

Default

No attack detection policy is applied to a VSD.

Views

VSD view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an attack detection policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Apply attack detection policy policy2 to VSD home.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain home

[Sysname-wips-vsd-home] apply detect policy policy2

apply signature policy

Use apply signature policy to apply a signature policy to a VSD.

Use undo apply signature policy to remove a signature policy from a VSD.

Syntax

apply signature policy policy-name

undo apply signature policy policy-name

Default

No signature policy is applied to a VSD.

Views

VSD view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a signature policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Apply signature policy policy1 to VSD home.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain home

[Sysname-wips-vsd-home] apply signature policy policy1

apply signature rule

Use apply signature rule to bind a signature to a signature policy.

Use undo apply signature rule to unbind a signature from a signature policy.

Syntax

apply signature rule rule-id

undo apply signature rule rule-id

Default

No signature is bound to a signature policy.

Views

Signature policy view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a signature by its ID in the range of 1 to 65535.

Examples

# Bind signature 1 to signature policy office.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature policy office

[Sysname-wips-sig-office] apply signature rule 1

ap-rate-limit

Use ap-rate-limit to rate limit AP entry learning.

Use undo ap-rate-limit to restore the default.

Syntax

ap-rate-limit [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo ap-rate-limit

Default

The statistics collection interval for learned AP entries is 60 seconds, the quiet time is 1200 seconds, and the AP entry threshold is 64.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for learned AP entries, in the range of 1 to 3600 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP entry attack. The value range for the quiet-value argument is 1200 to 3600 seconds. WIPS stops learning new entries and does not trigger an alarm even if it detects an AP entry attack within the quiet time.

threshold threshold-value: Specifies the number of AP entries that triggers an AP entry attack alarm. The value range for the threshold-value argument is 1 to 4096.

Examples

# Rate limit AP entry learning, and set the interval-value, quiet-value, and threshold-value arguments to 60, 1600, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-rate-limit interval 60 quiet 1600 threshold 100

ap-spoofing

Use ap-spoofing to enable AP spoofing attack detection.

Use undo ap-spoofing to disable AP spoofing attack detection.

Syntax

ap-spoofing [ quiet quiet-value ]

undo ap-spoofing

Default

AP spoofing attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an AP spoofing attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an AP spoofing attack within the quiet time.

Examples

# Enable AP spoofing attack detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-spoofing quiet 360

ap-timer

Use ap-timer to set an AP entry timer.

Use undo ap-timer to restore the default.

Syntax

ap-timer inactive inactive-value aging aging-value

undo ap-timer

Default

The inactive time is 300 seconds, and the aging time is 600 seconds.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

inactive inactive-value: Specifies the inactive time in the range of 60 to 1200 seconds. When an AP does not receive or send frames within the specified inactive time, WIPS sets the AP to inactive state.

aging aging-value: Specifies the aging time for an AP entry, in the range of 120 to 86400 seconds. When an AP does not receive or send frames within the specified aging time, WIPS deletes the entry. The aging time must be greater than the inactive time.

Examples

# Set the inactive time to 120 seconds and the aging time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ap-timer inactive 120 aging 360

association-table-overflow

Use association-table-overflow to configure association/reassociation DoS attack detection.

Use undo association-table-overflow to disable association/reassociation DoS attack detection.

Syntax

association-table-overflow [ quiet quiet-value ]

undo association-table-overflow

Default

Association/reassociation DoS attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an association/reassociation DoS attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an association/reassociation DoS attack within the quiet time.

Examples

# Enable association/reassociation DoS attack detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] association-table-overflow quiet 100

authentication

Use authentication to configure an AP classification rule to match APs by authentication mode.

Use undo authentication to restore the default.

Syntax

authentication { equal | include } { 802.1x | none | other | psk }

undo authentication

Default

An AP classification rule does not match APs by authentication mode.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

equal: Matches authentication modes equal to the specified authentication mode.

include: Matches authentication modes that include the specified authentication mode.

802.1x: Specifies the 802.1X authentication mode.

none: Specifies no authentication.

other: Specifies an authentication mode other than 802.1X and PSK.

psk: Specifies the PSK authentication mode.

Examples

# Configure AP classification rule 1 to match APs that use the PSK authentication mode.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] authentication equal psk

block mac-address

Use block mac-address to add the MAC address of an AP or client to the static prohibited device list.

Use undo block mac-address to remove one or all MAC addresses from the static prohibited device list.

Syntax

block mac-address mac-address

undo block mac-address { mac-address | all }

Default

No MAC address is added to the static prohibited device list.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

mac-address: Specifies an AP or client by its MAC address, in the H-H-H format.

all: Specifies all MAC addresses.

Examples

# Add MAC address 78AC-C0AF-944F to the static prohibited device list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] block mac-address 78AC-C0AF-944F

classification policy

Use classification policy to create a classification policy and enter its view, or enter the view of an existing classification policy.

Use undo classification policy to remove a classification policy.

Syntax

classification policy policy-name

undo classification policy policy-name

Default

No classification policies exist.

Views

WIPS view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a classification policy name, a case-sensitive string of 1 to 63 characters.

Examples

# Create classification policy home and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home]

client-online

Use client-online to configure an AP classification rule to match APs by number of associated clients.

Use undo client-online to restore the default.

Syntax

client-online value1 [ to value2 ]

undo client-online

Default

An AP classification rule does not match APs by number of associated clients.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

value1 to value2: Specifies a value range for the number of associated clients for APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 128 for both the value1 and value2 arguments, and value2 must be greater than value1.

Examples

# Configure AP classification rule 1 to match APs with 20 to 40 associated clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] client-online 20 to 40

client-rate-limit

Use client-rate-limit to rate limit client entry learning.

Use undo client -rate-limit to restore the default.

Syntax

client-rate-limit [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo client-rate-limit

Default

The statistics collection interval for learned client entries is 60 seconds, the quiet time is 1200 seconds, and the client entry threshold is 512.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for learned client entries, in the range of 1 to 3600 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a client entry attack. The value range for the quiet-value argument is 1200 to 3600 seconds. WIPS stops learning new entries and does not trigger an alarm even if it detects a client entry attack within the quiet time.

threshold threshold-value: Specifies the number of client entries that triggers a client entry attack alarm. The value range for the threshold-value argument is 1 to 4096.

Examples

# Rate limit client entry learning, and set the interval-value, quiet-value, and threshold-value arguments to 80, 1600, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] client-rate-limit interval 80 threshold 100 quiet 1600

client-spoofing

Use client-spoofing to enable client spoofing attack detection.

Use undo client-spoofing to disable client spoofing attack detection.

Syntax

client-spoofing [ quiet quiet-value ]

undo client-spoofing

Default

Client spoofing attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a client spoofing attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a client spoofing attack within the quiet time.

Examples

# Enable client spoofing attack detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] client-spoofing quiet 360

client-timer

Use client-timer to set a client entry timer.

Use undo client-timer to restore the default.

Syntax

client-timer inactive inactive-value aging aging-value

undo client-timer

Default

The inactive time is 300 seconds, and the aging time is 600 seconds.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

inactive inactive-value: Specifies the inactive time in the range of 60 to 1200 seconds. When a client does not receive or send frames within the specified inactive time, WIPS sets the client to inactive state.

aging aging-value: Specifies the aging time for a client entry, in the range of 120 to 86400 seconds. When a client does not receive or send frames within the specified aging time, WIPS deletes the entry. The aging time must be greater than the inactive time.

Examples

# Set the inactive time to 120 seconds, and set the aging time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] client-timer inactive 120 aging 360

countermeasure adhoc

Use countermeasure adhoc to enable WIPS to take countermeasures against Ad hoc devices.

Use undo countermeasure adhoc to restore the default.

Syntax

countermeasure adhoc

undo countermeasure adhoc

Default

WIPS does not take countermeasures against Ad hoc devices.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against Ad hoc devices.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure adhoc

countermeasure attack all

Use countermeasure attack all to enable WIPS to take countermeasures against all attackers.

Use undo countermeasure attack all to restore the default.

Syntax

countermeasure attack all

undo countermeasure attack all

Default

WIPS does not take countermeasures against all attackers.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against all attackers.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack all

countermeasure attack deauth-broadcast

Use countermeasure attack deauth-broadcast to enable WIPS to take countermeasures against devices that launch broadcast deauthentication attacks.

Use undo countermeasure deauth-broadcast to restore the default.

Syntax

countermeasure attack deauth-broadcast

undo countermeasure attack deauth-broadcast

Default

WIPS does not take countermeasures against devices that launch broadcast deauthentication attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch broadcast deauthentication attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack deauth-broadcast

countermeasure attack disassoc-broadcast

Use countermeasure attack disassoc-broadcast to enable WIPS to take countermeasures against devices that launch broadcast disassociation attacks.

Use undo countermeasure attack disassoc-broadcast to restore the default.

Syntax

countermeasure attack disassoc-broadcast

undo countermeasure attack disassoc-broadcast

Default

WIPS does not take countermeasures against devices that launch broadcast disassociation attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch broadcast disassociation attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack disassoc-broadcast

countermeasure attack honeypot-ap

Use countermeasure attack honeypot-ap to enable WIPS to take countermeasures against honeypot APs.

Use undo countermeasure attack honeypot-ap to restore the default.

Syntax

countermeasure attack honeypot-ap

undo countermeasure attack honeypot-ap

Default

WIPS does not take countermeasures against honeypot APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against honeypot APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack honeypot-ap

countermeasure attack hotspot-attack

Use countermeasure attack hotspot-attack to enable WIPS to take countermeasures against devices that launch hotspot attacks.

Use undo countermeasure attack hotspot-attack to restore the default.

Syntax

countermeasure attack hotspot-attack

undo countermeasure attack hotspot-attack

Default

WIPS does not take countermeasures against devices that launch hotspot attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch hotspot attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack hotspot-attack

countermeasure attack ht-40-mhz-intolerance

Use countermeasure attack ht-40-mhz-intolerance to enable WIPS to take countermeasures against devices with the 40 MHz bandwidth mode disabled.

Use undo countermeasure attack ht-40-mhz-intolerance to restore the default.

Syntax

countermeasure attack ht-40-mhz-intolerance

undo countermeasure attack ht-40-mhz-intolerance

Default

WIPS does not take countermeasures against devices with the 40 MHz bandwidth mode disabled.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices with the 40 MHz bandwidth mode disabled.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack ht-40-mhz-intolerance

countermeasure attack malformed-packet

Use countermeasure attack malformed-packet to enable WIPS to take countermeasures against devices that send malformed packets.

Use undo countermeasure attack malformed-packet to restore the default.

Syntax

countermeasure attack malformed-packet

undo countermeasure attack malformed-packet

Default

WIPS does not take countermeasures against devices that send malformed packets.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that send malformed packets.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack malformed-packet

countermeasure attack man-in-the-middle

Use countermeasure attack man-in-the-middle to enable WIPS to take countermeasures against devices that launch MITM attacks.

Use undo countermeasure attack man-in-the-middle to restore the default.

Syntax

countermeasure attack man-in-the-middle

undo countermeasure attack man-in-the-middle

Default

WIPS does not take countermeasures against devices that launch MITM attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch MITM attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack man-in-the-middle

countermeasure attack omerta

Use countermeasure attack omerta to enable WIPS to take countermeasures against devices that launch Omerta attacks.

Use undo countermeasure attack omerta to restore the default.

Syntax

countermeasure attack omerta

undo countermeasure attack omerta

Default

WIPS does not take countermeasures against devices that launch Omerta attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch Omerta attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack omerta

countermeasure attack power-save

Use countermeasure attack power-save to enable WIPS to take countermeasures against devices that launch power save attacks.

Use undo countermeasure attack power-save to restore the default.

Syntax

countermeasure attack power-save

undo countermeasure attack power-save

Default

WIPS does not take countermeasures against devices that launch power save attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch power save attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack power-save

countermeasure attack soft-ap

Use countermeasure attack soft-ap to enable WIPS to take countermeasures against soft APs.

Use undo countermeasure attack soft-ap to restore the default.

Syntax

countermeasure attack soft-ap

undo countermeasure attack soft-ap

Default

WIPS does not take countermeasures against soft APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against soft APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack soft-ap

countermeasure attack unencrypted-trust-client

Use countermeasure attack unencrypted-trust-client to enable WIPS to take countermeasures against unencrypted authorized clients.

Use undo countermeasure attack unencrypted-trust-client to restore the default.

Syntax

countermeasure attack unencrypted-trust-client

undo countermeasure attack unencrypted-trust-client

Default

WIPS does not take countermeasures against unencrypted authorized clients.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against unencrypted authorized clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack unencrypted-trust-client

countermeasure attack weak-iv

Use countermeasure attack weak-iv to enable WIPS to take countermeasures against devices that use weak IVs.

Use undo countermeasure weak-iv to restore the default.

Syntax

countermeasure attack weak-iv

undo countermeasure attack weak-iv

Default

WIPS does not take countermeasures against devices that use weak IVs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that use weak IVs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack weak-iv

countermeasure attack windows-bridge

Use countermeasure attack windows-bridge to enable WIPS to take countermeasures against devices that launch Windows bridge attacks.

Use undo countermeasure attack windows-bridge to restore the default.

Syntax

countermeasure attack windows-bridge

undo countermeasure attack windows-bridge

Default

WIPS does not take countermeasures against devices that launch Windows bridge attacks.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against devices that launch Windows bridge attacks.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure attack windows-bridge

countermeasure external-ap

Use countermeasure external-ap to enable WIPS to take countermeasures against external APs.

Use undo countermeasure external-ap to restore the default.

Syntax

countermeasure external-ap

undo countermeasure external-ap

Default

WIPS does not take countermeasures against external APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against external APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure external-ap

countermeasure mac-address

Use countermeasure mac-address to enable WIPS to take countermeasures against the device with the specified MAC address.

Use undo countermeasure mac-address to remove the configuration.

Syntax

countermeasure mac-address mac-address

undo countermeasure mac-address { mac-address | all }

Default

WIPS does not take countermeasures against detected devices.

Views

Countermeasure policy view

Predefined user roles

network-admin

Parameters

mac-address: Specifies an AP or a client by its MAC address in the H-H-H format.

all: Specifies all APs and clients.

Usage guidelines

You can configure this command multiple times to enable WIPS to take countermeasures against multiple devices.

Examples

# Enable WIPS to take countermeasures against the device with MAC address 2a11-1fa1-141f.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure mac-address 2a11-1fa1-141f

countermeasure misassociation-client

Use countermeasure misassociation-client to enable WIPS to take countermeasures against misassociated clients.

Use undo countermeasure misassociation-client to restore the default.

Syntax

countermeasure misassociation-client

undo countermeasure misassociation-client

Default

WIPS does not take countermeasures against misassociated clients.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against misassociated clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure misassociation-client

countermeasure misconfigured-ap

Use countermeasure misconfigured-ap to enable WIPS to take countermeasures against misconfigured APs.

Use undo countermeasure misconfigured-ap to restore the default.

Syntax

countermeasure misconfigured-ap

undo countermeasure misconfigured-ap

Default

WIPS does not take countermeasures against misconfigured APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against misconfigured APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure misconfigured-ap

countermeasure policy

Use countermeasure policy to create a countermeasure policy and enter its view, or enter the view of an existing countermeasure policy.

Use undo countermeasure policy to remove a countermeasure policy.

Syntax

countermeasure policy policy-name

undo countermeasure policy policy-name

Default

No countermeasure policies exist.

Views

WIPS view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a countermeasure policy by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Create countermeasure policy home and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home]

countermeasure potential-authorized-ap

Use countermeasure potential-authorized-ap to enable WIPS to take countermeasures against potential-authorized APs.

Use undo countermeasure potential-authorized-ap to restore the default.

Syntax

countermeasure potential-authorized-ap

undo countermeasure potential-authorized-ap

Default

WIPS does not take countermeasures against potential-authorized APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against potential-authorized APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure potential-authorized-ap

countermeasure potential-external-ap

Use countermeasure potential-external-ap to enable WIPS to take countermeasures against potential-external APs.

Use undo countermeasure potential-external-ap to restore the default.

Syntax

countermeasure potential-external-ap

undo countermeasure potential-external-ap

Default

WIPS does not take countermeasures against potential-external APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against potential-external APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure potential-external-ap

countermeasure potential-rogue-ap

Use countermeasure potential-rogue-ap to enable WIPS to take countermeasures against potential-rogue APs.

Use undo countermeasure potential-rogue-ap to restore the default.

Syntax

countermeasure potential-rogue-ap

undo countermeasure potential-rogue-ap

Default

WIPS does not take countermeasures against potential-rogue APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against potential-rogue APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure potential-rogue-ap

countermeasure rogue-ap

Use countermeasure rogue-ap to enable WIPS to take countermeasures against rogue APs.

Use undo countermeasure rogue-ap to restore the default.

Syntax

countermeasure rogue-ap

undo countermeasure rogue-ap

Default

WIPS does not take countermeasures against rogue APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against rogue APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure rogue-ap

countermeasure unauthorized-client

Use countermeasure unauthorized-client to enable WIPS to take countermeasures against unauthorized clients.

Use undo countermeasure unauthorized-client to restore the default.

Syntax

countermeasure unauthorized-client

undo countermeasure unauthorized-client

Default

WIPS does not take countermeasures against unauthorized clients.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against unauthorized clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure unauthorized-client

countermeasure uncategorized-ap

Use countermeasure uncategorized-ap to enable WIPS to take countermeasures against uncategorized APs.

Use undo countermeasure uncategorized-ap to restore the default.

Syntax

countermeasure uncategorized-ap

undo countermeasure uncategorized-ap

Default

WIPS does not take countermeasures against uncategorized APs.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against uncategorized APs.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure uncategorized-ap

countermeasure uncategorized-client

Use countermeasure uncategorized-client to enable WIPS to take countermeasures against uncategorized clients.

Use undo countermeasure uncategorized-client to restore the default.

Syntax

countermeasure uncategorized-client

undo countermeasure uncategorized-client

Default

WIPS does not take countermeasures against uncategorized clients.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable WIPS to take countermeasures against uncategorized clients.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-cms-home] countermeasure uncategorized-client

deauthentication-broadcast

Use deauthentication-broadcast to configure broadcast deauthentication attack detection.

Use undo deauthentication-broadcast to disable broadcast deauthentication attack detection.

Syntax

deauthentication-broadcast [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo deauthentication-broadcast

Default

Broadcast deauthentication attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for broadcast deauthentication frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a broadcast deauthentication attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a broadcast deauthentication attack within the quiet time.

threshold threshold-value: Specifies the number of broadcast deauthentication frames that triggers a broadcast deauthentication attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable broadcast deauthentication attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] deauthentication-broadcast interval 100 threshold 100 quiet 360

deauth-spoofing

Use deauth-spoofing to configure spoof deauthentication frame detection.

Use undo deauth-spoofing to disable spoof deauthentication frame detection.

Syntax

deauth-spoofing [ quiet quiet ]

undo deauth-spoofing

Default

Spoof deauthentication frame detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet: Specifies the quiet time after WIPS triggers an alarm upon a spoof deauthentication frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects spoof deauthentication frames within the quiet time.

Examples

# Enable spoof deauthentication frame detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] deauth-spoofing quiet 100

detect policy

Use detect policy to create an attack detection policy and enter its view, or enter the view of an existing attack detection policy.

Use undo detect policy to remove an attack detection policy.

Syntax

detect policy policy-name

undo detect policy policy-name

Default

No attack detection policies exist.

Views

WIPS view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an attack detection policy name, a case-sensitive string of 1 to 63 characters.

Examples

# Create attack detection policy home and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home]

detect signature

Use detect signature to enable signature-based attack detection.

Use undo detect signature to disable signature-based attack detection.

Syntax

detect signature [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo detect

Default

Signature-based attack detection is enabled.

Views

Signature policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for packets that match a signature. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an attack within the quiet time.

threshold threshold-value: Specifies the number of packets matching a signature that triggers an user-attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable WIPS to detect packets that match a signature, and set the interval-value, threshold-value, and quiet-value arguments to 60, 100, and 360, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature policy home

[Sysname-wips-sig-home] detect signature interval 60 threshold 100 quiet 360

disassociation-broadcast

Use disassociation-broadcast to configure broadcast disassociation attack detection.

Use undo disassociation-broadcast to disable broadcast disassociation attack detection.

Syntax

disassociation-broadcast [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo disassociation-broadcast

Default

Broadcast disassociation attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for broadcast disassociation frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a broadcast disassociation attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a broadcast disassociation attack within the quiet time.

threshold threshold-value: Specifies the number of broadcast disassociation frames that triggers a broadcast disassociation attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable broadcast disassociation attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] disassociation-broadcast interval 100 threshold 100 quiet 360

discovered-ap

Use discovered-ap to configure an AP classification rule to match APs by number of sensors that detect the APs.

Use undo discovered-ap to restore the default.

Syntax

discovered-ap value1 [ to value2 ]

undo discovered-ap

Default

An AP classification rule does not match APs by number of sensors that detect the APs.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

value1 to value2: Specifies a value range for the number of sensors that detect an AP. The value 1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 1 to 128 for both the value1 and value2 arguments, and value2 must be greater than value1.

Examples

# Configure AP classification rule 1 to match APs that are detected by 10 to 128 sensors.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] discovered-ap 10 to 128

display wips sensor

Use display wips sensor to display information about all sensors.

Syntax

display wips sensor

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all sensors.

<Sysname> display wips sensor

Total number of sensors: 1

Sensor ID Sensor name VSD name Radio ID Status

3 ap1 aaa 1 Active

Table 39 Command output

Field	Description
VSD name	Name of the VSD to which the AP belongs.
Radio ID	ID of the radio enabled with WIPS.
Status	Status of the sensor: · Active—The sensor is enabled with WIPS. · Inactive—The sensor is not enabled with WIPS.

display wips statistics

Use display wips statistics to display attack detection statistics information collected from sensors.

Syntax

display wips statistics [ receive | virtual-security-domain vsd-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

receive: Displays attack detection statistics information that the AC receives from sensors in all VSDs.

virtual-security-domain vsd-name: Displays attack detection statistics information that the AC receives from sensors in the specified VSD.

Examples

# Display attack detection statistics information collected from sensors in all VSDs.

<Sysname> display wips statistics receive

Information from sensor 3

Information about attack statistics:

Detected association-request flood messages: 0

Detected authentication flood messages: 0

Detected beacon flood messages: 0

Detected block-ack flood messages: 0

Detected cts flood messages: 0

Detected deauthentication flood messages: 0

Detected disassociation flood messages: 0

Detected eapol-start flood messages: 0

Detected null-data flood messages: 0

Detected probe-request flood messages: 0

Detected reassociation-request flood messages: 0

Detected rts flood messages: 0

Detected eapol-logoff flood messages: 0

Detected eap-failure flood messages: 0

Detected eap-success flood messages: 0

Detected duplicated-ie messages: 0

Detected fata-jack messages: 0

Detected illegal-ibss-ess messages: 0

Detected invalid-address-combination messages: 0

Detected invalid-assoc-req messages: 0

Detected invalid-auth messages: 0

Detected invalid-deauth-code messages: 0

Detected invalid-disassoc-code messages: 0

Detected invalid-ht-ie messages: 0

Detected invalid-ie-length messages: 0

Detected invalid-pkt-length messages: 0

Detected large-duration messages: 0

Detected null-probe-resp messages: 0

Detected overflow-eapol-key messages: 0

Detected overflow-ssid messages: 0

Detected redundant-ie messages: 0

Detected AP spoof AP messages: 0

Detected AP spoof client messages: 0

Detected AP spoof ad-hoc messages: 0

Detected ad-hoc spoof AP messages: 0

Detected client spoof AP messages: 0

Detected weak IV messages: 0

Detected excess AP messages: 0

Detected excess client messages: 0

Detected signature rule messages: 0

Detected 40MHZ messages: 0

Detected power save messages: 0

Detected omerta messages: 0

Detected windows bridge messages: 0

Detected soft AP messages: 0

Detected broadcast disassociation messages: 0

Detected broadcast deauthentication messages: 0

Detected AP impersonate messages: 0

Detected illegal channel 9 messages: 1

Table 40 Command output

Field	Description
Information from sensor n	Information collected from sensor n, where n represents the ID of the sensor.
Detected association-request flood messages	Number of detected messages for association request flood attacks.
Detected authentication flood messages	Number of detected messages for authentication request flood attacks.
Detected beacon flood messages	Number of detected messages for beacon flood attacks.
Detected block-ack flood messages	Number of detected messages for Block Ack flood attacks.
Detected cts flood messages	Number of detected messages for CTS flood attacks.
Detected deauthentication flood messages	Number of detected messages for deauthentication flood attacks.
Detected disassociation flood messages	Number of detected messages for disassociation flood attacks.
Detected eapol-start flood messages	Number of detected messages for EAPOL-start flood attacks.
Detected null-data flood messages	Number of detected messages for null data flood attacks.
Detected probe-request flood messages	Number of detected messages for probe request flood attacks.
Detected reassociation-request flood messages	Number of detected messages for reassociation request flood attacks.
Detected rts flood messages	Number of detected messages for RTS flood attacks.
Detected eapol-logoff flood messages	Number of detected messages for EAPOL-logoff flood attacks.
Detected eap-failure flood messages	Number of detected messages for EAP-failure flood attacks.
Detected eap-success flood messages	Number of detected messages for EAP-success flood attacks.
Detected duplicated-ie messages	Number of detected messages for malformed packets with duplicated IE.
Detected fata-jack messages	Number of detected messages for FATA-Jack malformed packets.
Detected illegal-ibss-ess messages	Number of detected messages for malformed packets with abnormal IBSS and ESS setting.
Detected invalid-address-combination messages	Number of detected messages for malformed packets with invalid source address.
Detected invalid-assoc-req messages	Number of detected messages for malformed association request frames.
Detected invalid-auth messages	Number of detected messages for malformed authentication request frames.
Detected invalid-deauth-code messages	Number of detected messages for malformed packets with invalid deauthentication code.
Detected invalid-disassoc-code messages	Number of detected messages for malformed packets with invalid disassociation code.
Detected invalid-ht-ie messages	Number of detected messages for malformed packets with malformed HT IE.
Detected invalid-ie-length messages	Number of detected messages for malformed packets with invalid IE length.
Detected invalid-pkt-length messages	Number of detected messages for malformed packets with invalid packet length.
Detected large-duration messages	Number of detected messages for malformed packets with oversized duration.
Detected null-probe-resp messages	Number of detected messages for malformed probe response frames.
Detected overflow-eapol-key messages	Number of detected messages for malformed packets with oversized EAPOL key.
Detected overflow-ssid messages	Number of detected messages for malformed packets with oversized SSID.
Detected redundant-ie messages	Number of detected messages for malformed packets with redundant IE.
Detected AP spoof AP messages	Number of detected messages for AP spoofing (AP spoofs AP) attacks.
Detected AP spoof client messages	Number of detected messages for client spoofing (AP spoofs client) attacks.
Detected AP spoof ad-hoc messages	Number of detected messages for Ad hoc spoofing (AP spoofs Ad hoc) attacks.
Detected ad-hoc spoof AP messages	Number of detected messages for AP spoofing (Ad hoc spoofs AP) attacks.
Detected client spoof AP messages	Number of detected messages for AP spoofing (client spoofs AP) attacks.
Detected weak IV messages	Number of detected messages for weak IVs.
Detected excess AP messages	Number of detected messages for AP entry attacks.
Detected excess client messages	Number of detected messages for client entry attacks.
Detected 40MHZ messages	Number of detected messages for clients disabled with the 40 MHz bandwidth mode.
Detected power save messages	Number of detected messages for power saving attacks.
Detected omerta messages	Number of detected messages for Omerta attacks.
Detected windows bridge messages	Number of detected messages for Windows bridge.
Detected soft AP messages	Number of detected messages for soft APs.
Detected broadcast disassociation messages	Number of detected messages for broadcast disassociation attacks.
Detected broadcast deauthentication messages	Number of detected messages for broadcast deauthentication attacks.
Detected AP impersonate messages	Number of detected messages for AP impersonation attacks.
Detected illegal channel n messages:	Number of detected messages for prohibited channels. n represents the channel number.

Related commands

reset wips statistics

display wips virtual-security-domain countermeasure record

Use display wips virtual-security-domain countermeasure record to display information about countermeasures that WIPS has taken against rogue devices.

Syntax

display wips virtual-security-domain vsd-name countermeasure record

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Display information about countermeasures that WIPS has taken against rogue devices for VSD office.

<Sysname> display wips virtual-security-domain office countermeasure record

Total 3 times countermeasure, current 3 countermeasure record in virtual-security-domain office

Reason: Att - attack; Ass - associated; Black - blacklist;

Class - classification; Manu - manual;

MAC address Type Reason Countermeasure AP Radio ID Time

1000-0000-00e3 AP Manu ap1 1 2016-05-03/09:32:01

1000-0000-00e4 AP Manu ap2 1 2016-05-03/09:32:11

2000-0000-f282 Client Black ap3 1 2016-05-03/09:31:56

Table 41 Command output

Field	Description
Total 3 times countermeasure, current 3 countermeasure record in virtual-security-domain office	Number of successful countermeasures. This field can display up to 1024 countermeasure records.
MAC Address	MAC address of the wireless device against which WIPS has taken countermeasures.
Type	Type of the wireless device: AP or Client.
Reason	Reason why WIPS takes countermeasures against the wireless device: · Att—WIPS takes countermeasures against the device because it is an attacker. · Ass—WIPS takes countermeasures against the device because WIPS has taken countermeasures against its associated AP. · Black—After WIPS takes countermeasures against the client, the client is added to the blacklist when it associates with an AP. · Class—WIPS takes countermeasures against the device based on its device type. · Manu—WIPS takes countermeasures against the device based on its MAC address.
Countermeasure AP	Name of the sensor that takes countermeasures against the wireless device.
Radio ID	Radio ID of the sensor that takes countermeasures against the wireless device.
Time	Time when the AC informs the sensor of taking countermeasures against the wireless device.

Related commands

reset wips virtual-security-domain countermeasure record

display wips virtual-security-domain device

Use display wips virtual-security-domain device to display information about wireless devices detected in a VSD.

Syntax

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

device: Specifies wireless devices.

ap: Specifies APs.

ad-hoc: Specifies APs operating in Ad hoc mode.

authorized: Specifies authorized APs.

external: Specifies external APs.

mesh: Specifies MPs.

misconfigured: Specifies misconfigured APs.

potential-authorized: Specifies potential-authorized APs.

potential-rogue: Specifies potential-rogue APs.

potential-external: Specifies potential-external APs.

rogue: Specifies rogue APs.

uncategorized: Specifies uncategorized APs.

client: Specifies clients.

dissociative-client: Specifies unassociated clients.

authorized: Specifies authorized clients.

misassociation: Specifies misassociated clients.

unauthorized: Specifies unauthorized clients.

uncategorized: Specifies uncategorized clients.

mac-address mac-address: Specifies a wireless device by its MAC address in the H-H-H format.

verbose: Displays detailed device information.

Examples

# Display information about wireless devices detected in VSD office.

<Sysname> display wips virtual-security-domain office device

Total 3 detected devices in virtual-security-domain office

Class: Auth - authorization; Ext - external; Mis - mistake;

Unauth - unauthorized; Uncate - uncategorized;

(A) - associate; (C) - config; (P) - potential;

Ad-hoc; Mesh

MAC address Type Class Duration Sensors Channel Status

1000-0000-0000 AP Ext(P) 00h 10m 46s 1 11 Active

1000-0000-0001 AP Ext(P) 00h 10m 46s 1 6 Active

1000-0000-0002 AP Ext(P) 00h 10m 46s 1 1 Active

Table 42 Command output

Field	Description
Type	Wireless device type: AP, Client, or Mesh.
Class	Category of the wireless device.
Duration	Duration since the wireless device entered the current state.
Sensors	Number of sensors that have detected the wireless device.
Channel	Channel on which the wireless device was most recently detected.
Status	Status of the AP or client: · Active—The AP or client is active. · Inactive—The AP or client is inactive.

# Display detailed information about wireless devices detected in VSD a.

<Sysname> display wips virtual-security-domain a device verbose

Total 2 detected devices in virtual-security-domain a

AP: 1000-0000-0000

Mesh Neighbor: None

Classification: Mis(C)

Severity level: 0

Classify way: Auto

Status: Active

Status duration: 00h 27m 57s

Vendor: Not found

SSID: service

Radio type: 802.11g

Countermeasuring: No

Security: None

Encryption method: None

Authentication method: None

Broadcast SSID: Yes

QoS supported: No

Ad-hoc: No

Beacon interval: 100 TU

Up duration: 00h 27m 57s

Channel band-width supported: 20MHZ

Hotspot AP: No

Soft AP: No

Honeypot AP: No

Total number of reported sensors: 1

Sensor 1:

Sensor ID: 3

Sensor name: 1

Radio ID: 1

RSSI: 15

Channel: 149

First reported time: 2014-06-03/09:05:51

Last reported time: 2014-06-03/09:05:51

Total number of associated clients: 1

01: 2000-0000-0000

Client: 2000-0000-0000

Last reported associated AP: 1000-0000-0000

Classification: Uncate

Severity level: 0

Classify way: Auto

Dissociative status: No

Status: Active

Status duration: 00h 00m 02s

Vendor: Not found

Radio type: 802.11a

40MHz intolerance: No

Countermeasuring: No

Man in the middle: No

Total number of reported sensors: 1

Sensor 1:

Sensor ID: 2

Sensor name: 1

Radio ID: 1

RSSI: 50

Channel: 149

First reported time: 2014-06-03/14:52:56

Last reported time: 2014-06-03/14:52:56

Reported associated AP: 1000-0000-0000

Table 43 Command output

Field	Description
AP	MAC address of the AP.
Mesh Neighbor	MAC address of the mesh AP's neighbor.
Client	MAC address of the client.
Last reported associated AP	MAC address of the associated AP that the client most recently reports.
Classification	Category of the AP or client: · AP category: ¡ ad_hoc. ¡ authorized. ¡ rogue. ¡ misconfigured. ¡ external. ¡ potential-authorized. ¡ potential-rogue. ¡ potential-external. ¡ uncategorized. · Client category: ¡ authorized. ¡ unauthorized. ¡ misassociated. ¡ uncategorized.
Severity level	Severity level of the device.
Classify way	AP or client classification method: · Manual—Manual classification. · Invalid OUI—Added to the invalid OUI list. · Block List—Added to the prohibited device list. · Associated—APs that are connected to the AC. · Trust List—Added to the permitted device list. · User Define—User-defined classification. · Auto—Automatic classification.
Dissociative status	Whether the client is an unassociated client.
Status	Status of the AP or client: · Active—The AP or client is active. · Inactive—The AP or client is inactive.
Status duration	Duration since the wireless device entered the current state.
Vendor	OUI of the device. This field displays the device OUI if the OUI matches an imported OUI. This field displays Not found if no OUI is configured for the device or the OUI does not match any imported OUIs.
SSID	SSID of the wireless service provided by the AP.
Radio Type	Radio mode of the wireless device.
40MHz intolerance	Whether the client supports 40 MHz bandwidth mode.
Countermeasuring	Whether WIPS is taking countermeasures against the wireless device: · No. · Yes.
Man in the middle	Whether an MITM attack is detected.
Security	Security method: · None. · WEP. · WPA. · WPA2.
Encryption method	Data encryption method: · TKIP. · CCMP. · WEP. · None.
Authentication method	Authentication method: · None. · PSK. · 802.1X. · Others—Authentication methods except for PSK authentication and 802.1X authentication.
Broadcast SSID	Whether the AP broadcasts the SSID. This field displays nothing if the AP does not broadcast the SSID.
QoS supported	Whether the wireless device supports QoS.
Ad-hoc	Whether the wireless device is in Ad hoc mode.
Beacon interval	Beacon interval in TUs. One TU is equal to 1024 microseconds.
Channel band-width supported	Supported channel bandwidth mode: · 20/40/80MHZ. · 20/40MHZ. · 20MHZ.
Hotspot AP	Whether the AP is a hotspot attack AP.
Soft AP	Whether the AP is a soft AP.
Honeypot AP	Whether the AP is a honeypot AP.
Sensor n	Sensor that detected the wireless device. n represents the ID assigned by the system.
Channel	Channel on which the sensor most recently detected the wireless device.
First reported time	Time when the sensor first detected the wireless device.
Last reported time	Time when the sensor most recently detected the wireless device.
n: H-H-H	MAC address of the client associated with the AP. n represents the number assigned by the system.
Reported associated AP	MAC address of the associated AP that the sensor reports.

Related commands

reset wips virtual-security-domain device

display wlan nat-detect

Use display wlan nat-detect to display information about clients with NAT configured.

Syntax

display wlan nat-detect [ mac-address mac-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all detected NAT-configured clients.

Examples

# Display information about all detected NAT-configured clients.

<Sysname> display wlan nat-detect

Total 1 detected clients with NAT configured

MAC address Last report First report Duration

0a98-2044-0000 2015-08-24/11:05:23 2015-08-24/10:05:23 01h 15m 00s

Table 44 Command output

Field	Description
Total number detected clients with NAT configured	Number of detected NAT-configured clients.
MAC address	MAC address of the detected client.
Last report	Time when the client was most recently detected.
First report	Time when the client was detected for the first time.
Duration	Duration since the client is configured with NAT.

Related commands

reset wlan nat-detect

export oui

Use export oui to export all OUIs in the OUI library to an OUI configuration file.

Syntax

export oui file-name

Views

WIPS view

Predefined user roles

network-admin

Parameters

file-name: Specifies a configuration file by its name, a case-insensitive string of 1 to 32 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).

Usage guidelines

This command exports all OUIs including embedded OUIs and imported OUIs.

The OUIs are exported in the following format:

000FE2 (base 16) New H3C Technologies Co., Ltd..

Examples

# Export all OUIs in the OUI library to configuration file OUIInfo.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] export oui OUIInfo

Related commands

import oui

reset wips embedded-oui

flood association-request

Use flood association-request to configure association request flood attack detection.

Use undo flood association-request to disable association request flood attack detection.

Syntax

flood association-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood association-request

Default

Association request flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for association request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an association request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an association request flood attack within the quiet time.

threshold threshold-value: Specifies the number of association request frames that triggers an association request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable association request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood association-request interval 100 threshold 100 quiet 360

flood authentication

Use flood authentication to configure authentication request flood attack detection.

Use undo flood authentication to disable authentication request flood attack detection.

Syntax

flood authentication [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood authentication

Default

Authentication request flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for authentication request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an authentication request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an authentication request flood attack within the quiet time.

threshold threshold-value: Specifies the number of authentication request frames that triggers an authentication request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable authentication request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood authentication interval 100 threshold 100 quiet 360

flood beacon

Use flood beacon to configure beacon flood attack detection.

Use undo flood beacon to disable beacon flood attack detection.

Syntax

flood beacon [ interval interval-value | quiet quiet-value | threshold threshold-value] *

undo flood beacon

Default

Beacon flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for beacon frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a beacon flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a beacon flood attack within the quiet time.

threshold threshold-value: Specifies the number of beacon frames that triggers a beacon flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable beacon flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood beacon interval 100 threshold 100 quiet 360

flood block-ack

Use flood block-ack to configure Block Ack flood attack detection.

Use undo flood block-ack to disable Block Ack flood attack detection.

Syntax

flood block-ack [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood block-ack

Default

Block Ack flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for Block Ack frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a Block Ack flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a Block Ack flood attack within the quiet time.

threshold threshold-value: Specifies the number of Block Ack frames that triggers a Block Ack flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable Block Ack flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood block-ack interval 100 threshold 100 quiet 360

flood cts

Use flood cts to configure CTS flood attack detection.

Use undo flood cts to disable CTS flood attack detection.

Syntax

flood cts [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood cts

Default

CTS flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for CTS frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a CTS flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a CTS flood attack within the quiet time.

threshold threshold-value: Specifies the number of CTS frames that triggers a CTS flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable CTS flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood cts interval 100 threshold 100 quiet 360

flood deauthentication

Use flood deauthentication to configure deauthentication flood attack detection.

Use undo flood deauthentication to disable deauthentication flood attack detection.

Syntax

flood deauthentication [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood deauthentication

Default

Deauthentication flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for deauthentication frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a deauthentication flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a deauthentication flood attack within the quiet time.

threshold threshold-value: Specifies the number of deauthentication frames that triggers a deauthentication flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable deauthentication flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood deauthentication interval 100 threshold 100 quiet 360

flood disassociation

Use flood disassociation to configure disassociation flood attack detection.

Use undo flood disassociation to disable disassociation flood attack detection.

Syntax

flood disassociation [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood disassociation

Default

Disassociation flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for disassociation frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a disassociation flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a disassociation flood attack within the quiet time.

threshold threshold-value: Specifies the number of disassociation frames that triggers a disassociation flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable disassociation flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood disassociation interval 100 threshold 100 quiet 360

flood eap-failure

Use flood eap-failure to configure EAP-failure flood attack detection.

Use undo flood eap-failure to disable EAP-failure flood attack detection.

Syntax

flood eap-failure [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood eap-failure

Default

EAP-failure flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for EAP-failure frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAP-failure flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAP-failure flood attack within the quiet time.

threshold threshold-value: Specifies the number of EAP-failure frames that triggers an EAP-failure flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable EAP-failure flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood eap-failure interval 100 threshold 100 quiet 360

flood eapol-logoff

Use flood eapol-logoff to configure EAPOL-logoff flood attack detection.

Use undo flood eapol-logoff to disable EAPOL-logoff flood attack detection.

Syntax

flood eapol-logoff [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood eapol-logoff

Default

EAPOL-logoff flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for EAPOL-logoff frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAPOL-logoff flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAPOL-logoff flood attack within the quiet time.

threshold threshold-value: Specifies the number of EAPOL-logoff frames that triggers an EAPOL-logoff flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable EAPOL-logoff flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood eapol-logoff interval 100 threshold 100 quiet 360

flood eapol-start

Use flood eapol-start to configure EAPOL-start flood attack detection.

Use undo flood eapol-start to disable EAPOL-start flood attack detection.

Syntax

flood eapol-start [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood eapol-start

Default

EAPOL-start flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for EAPOL-start frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAPOL-start flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAPOL-start flood attack within the quiet time.

threshold threshold-value: Specifies the number of EAPOL-start frames that triggers an EAPOL-start flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable EAPOL-start flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood eapol-start interval 100 threshold 100 quiet 360

flood eap-success

Use flood eap-success to configure EAP-success flood attack detection.

Use undo flood eap-success to disable EAP-success flood attack detection.

Syntax

flood eap-success [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood eap-success

Default

EAP-success flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for EAP-success frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an EAP-success flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an EAP-success flood attack within the quiet time.

threshold threshold-value: Specifies the number of EAP-success frames that triggers an EAP-success flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable EAP-success flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100, 360, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood eap-success interval 100 threshold 100 quiet 360

flood null-data

Use flood null-data to configure null data flood attack detection.

Use undo flood null-data to disable null data flood attack detection.

Syntax

flood null-data [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood null-data

Default

Null data flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for null data frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a null data flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a null data flood attack within the quiet time.

threshold threshold-value: Specifies the number of null data frames that triggers a null data flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable null data flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood null-data interval 100 threshold 100 quiet 360

flood probe-request

Use flood probe-request to configure probe request flood attack detection.

Use undo flood probe-request to disable probe request flood attack detection.

Syntax

flood probe-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood probe-request

Default

Probe request flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for probe request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a probe request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a probe request flood attack within the quiet time.

threshold threshold-value: Specifies the number of probe request frames that triggers a probe request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable probe request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood probe-request interval 100 threshold 100 quiet 360

flood reassociation-request

Use flood reassociation-request to configure reassociation request flood attack detection.

Use undo flood reassociation-request to disable reassociation request flood attack detection.

Syntax

flood reassociation-request [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood reassociation-request

Default

Reassociation request flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for reassociation request frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a reassociation request flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a reassociation request flood attack within the quiet time.

threshold threshold-value: Specifies the number of reassociation request frames that triggers a reassociation request flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable reassociation request flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood reassociation-request interval 100 threshold 100 quiet 360

flood rts

Use flood rts to configure RTS flood attack detection.

Use undo flood rts to disable RTS flood attack detection.

Syntax

flood rts [ interval interval-value | quiet quiet-value | threshold threshold-value ] *

undo flood rts

Default

RTS flood attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for RTS frames. The value range for the interval-value argument is 1 to 3600 seconds and the default statistics collection interval is 60 seconds.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an RTS flood attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an RTS flood attack within the quiet time.

threshold threshold-value: Specifies the number of RTS frames that triggers an RTS flood attack alarm. The value range for the threshold-value argument is 1 to 100000 and the default value is 50.

Examples

# Enable RTS flood attack detection and set the interval-value, quiet-value, and threshold-value arguments to 100 seconds, 360 seconds, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] flood rts interval 100 threshold 100 quiet 360

frame-type

Use frame-type to configure a subsignature to match frame types.

Use undo frame-type to restore the default.

Syntax

frame-type { control | data | management [ frame-subtype { association-request | association-response | authentication | beacon | deauthentication | disassociation | probe-request } ] }

undo frame-type

Default

No subsignature is configured to match frame types.

Views

Signature view

Predefined user roles

network-admin

Parameters

control: Matches control frames.

data: Matches data frames.

management: Matches management frames.

frame-subtype: Specifies a frame subtype.

association-request: Matches association request frames.

association-response: Matches association response frames.

authentication: Matches authentication frames.

beacon: Matches beacon frames.

deauthentication: Matches deauthentication frames.

disassociation: Matches disassociation frames.

probe-request: Matches probe request frames.

Examples

# Configure a subsignature to match data frames for signature 1.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[wips-sig-rule-1] frame-type data

honeypot-ap

Use honeypot-ap to configure honeypot AP detection.

Use undo honeypot-ap to disable honeypot AP detection.

Syntax

honeypot-ap [ similarity similarity-value | quiet quiet-value ] *

undo honeypot-ap

Default

Honeypot AP detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

similarity similarity-value: Specifies the similarity threshold that triggers a honeypot AP alarm, in the range of 70 to 100 in percentage. The default value is 80%. An AP is determined as a honeypot AP if the similarity between the SSID of the AP and the SSID of a legitimate AP reaches the threshold.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a honeypot AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a honeypot AP within the quiet time.

Examples

# Enable honeypot AP detection, and set the similarity threshold and quiet time to 90% and 10 seconds, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] honeypot-ap similarity 90 quiet 10

hotspot-attack

Use hotspot-attack to configure hotspot attack detection.

Use undo hotspot-attack to disable hotspot attack detection.

Syntax

hotspot-attack [ quiet quiet-value ]

undo hotspot-attack

Default

Hotspot attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a hotspot attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a hotspot attack within the quiet time.

Examples

# Enable hotspot attack detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] hotspot-attack quiet 100

ht-40mhz-intolerance

Use ht-40mhz-intolerance to configure detection on clients with the 40 MHz bandwidth mode disabled.

Use undo ht-40mhz-intolerance to disable detection on clients with the 40 MHz bandwidth mode disabled.

Syntax

ht-40mhz-intolerance [ quiet quiet-value ]

undo ht-40mhz-intolerance

Default

Detection on clients with the 40 MHz bandwidth mode disabled is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a client with the 40 MHz bandwidth mode disabled. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a client with the 40 MHz bandwidth mode disabled within the quiet time.

Examples

# Enable detection on clients with the 40 MHz bandwidth mode disabled and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ht-40mhz-intolerance quiet 100

ht-greenfield

Use ht-greenfield to configure HT-greenfield AP detection.

Use undo ht-greenfield to disable HT-greenfield AP detection.

Syntax

ht-greenfield [ quiet quiet-value ]

undo ht-greenfield

Default

HT-greenfield AP detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an HT-greenfield AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an HT-greenfield AP within the quiet time.

Examples

# Enable HT-greenfield AP detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] ht-greenfield quiet 100

ignorelist

Use ignorelist to add a MAC address to the alarm-ignored device list.

Use undo ignorelist to remove a specific or all MAC addresses from the alarm-ignored device list.

Syntax

ignorelist mac-address mac-address

undo ignorelist mac-address { mac-address | all }

Default

No MAC address is added to the alarm-ignored device list.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in the H-H-H format.

all: Specifies all MAC addresses in the alarm-ignored device list.

Usage guidelines

For wireless devices in the alarm-ignored device list, WIPS does not generate any alarms.

Examples

# Add MAC address 2a11-1fa1-1311 to the alarm-ignored device list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ignorelist mac-address 2a11-1fa1-1311

import hotspot

Use import hotspot to import hotspots from a configuration file.

Use undo import hotspot to remove the configuration.

Syntax

import hotspot file-name

undo import hotspot

Default

No hotspots are imported.

Views

WIPS view

Predefined user roles

network-admin

Parameters

file-name: Specifies a configuration file by its name, a case-insensitive string of 1 to 255 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).

Usage guidelines

You can import hotspots from only one configuration file.

Examples

# Import hotspots from configuration file hotspot_cfg.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] import hotspot hotspot_cfg

import oui

Use import oui to import OUIs from a configuration file.

Use undo import oui to restore the default.

Syntax

import oui file-name

undo import oui

Default

No OUIs are imported.

Views

WIPS view

Predefined user roles

network-admin

Parameters

oui: Specifies a configuration file by its name, a case-insensitive string of 1 to 255 characters. It cannot contain back slashes (\), slashes (/), colons (:), asterisks (*), question marks (?), quotation marks ("), left angle brackets (<), right angle brackets (>), or vertical bars (|).

Usage guidelines

You can download the configuration file from the IEEE website.

You can import OUIs from only one configuration file.

Examples

# Import OUIs from configuration file oui_import_cfg.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] import oui oui_import_cfg

Related commands

invalid-oui-classify illegal

Use invalid-oui-classify illegal to configure WIPS to classify devices with invalid OUIs as rogue devices.

Use undo invalid-oui-classify to restore the default.

Syntax

invalid-oui-classify illegal

undo invalid-oui-classify

Default

WIPS does not classify devices with invalid OUIs as rogue devices.

Views

Classification policy view

Predefined user roles

network-admin

Examples

# Configure WIPS to classify devices with invalid OUIs as rogue devices.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] invalid-oui-classify illegal

Related commands

import oui

mac-address

Use mac-address to configure a subsignature to match frames by MAC address.

Use undo mac-address to restore the default.

Syntax

mac-address { bssid | destination | source } mac-address

undo mac-address

Default

No subsignature is configured to match frames by MAC address.

Views

Signature view

Predefined user roles

network-admin

Parameters

bssid: Matches a BSSID.

destination: Matches a destination MAC address.

source: Matches a source MAC address.

mac-address: Specifies a MAC address in the H-H-H format.

Examples

# Configure a subsignature to match frames with source MAC address 000f-e201-0101 for signature 1.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[Sysname-wips-sig-rule-1] mac-address source 000f-e201-0101

malformed duplicated-ie

Use malformed duplicated-ie to enable duplicated IE detection.

Use undo malformed duplicated-ie to disable duplicated IE detection.

Syntax

malformed duplicated-ie [ quiet quiet-value ]

undo malformed duplicated-ie

Default

Duplicated IE detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a duplicated IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a duplicated IE within the quiet time.

Usage guidelines

This feature is applicable to all management frames. WIPS determines that a packet is malformed if the packet has an duplicated IE. This feature does not take effect on frames with vendor-defined IEs.

Examples

# Enable duplicated IE detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed duplicated-ie quiet 360

malformed fata-jack

Use malformed fata-jack to enable FATA-Jack detection.

Use undo malformed fata-jack to disable FATA-Jack detection.

Syntax

malformed fata-jack [ quiet quiet-value ]

undo malformed fata-jack

Default

FATA-Jack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a FATA-Jack malformed packet. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a FATA-Jack malformed packet within the quiet time.

Usage guidelines

This feature is applicable to authentication frames. WIPS determines that an authentication frame is malformed if the value of the authentication algorithm number is 2.

Examples

# Enable FATA-Jack detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed fata-jack quiet 360

malformed illegal-ibss-ess

Use malformed illegal-ibss-ess to enable abnormal IBSS or ESS setting detection.

Use undo malformed illegal-ibss-ess to disable abnormal IBSS or ESS setting detection.

Syntax

malformed illegal-ibss-ess [ quiet quiet-value ]

undo malformed illegal-ibss-ess

Default

Abnormal IBSS or ESS setting detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an abnormal IBSS and ESS setting. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an abnormal IBSS and ESS setting within the quiet time.

Usage guidelines

This feature is applicable to beacon frames and probe response frames. WIPS determines that a frame is malformed if both the IBSS and ESS are set to 1 in the frame.

Examples

# Enable abnormal IBSS or ESS setting detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed illegal-ibss-ess quiet 360

malformed invalid-address-combination

Use malformed invalid-address-combination to enable invalid source address detection.

Use undo malformed invalid-address-combination to disable invalid source address detection.

Syntax

malformed invalid-address-combination [ quiet quiet-value ]

undo malformed invalid-address-combination

Default

Invalid source address detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid source address. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid source address within the quiet time.

Usage guidelines

This feature is applicable to all management frames. WIPS determines that a frame is malformed when the following conditions are met:

· The TO DS of the frame is 1, indicating that the frame is sent to the AP by a client.

· The source MAC address of the frame is a multicast or broadcast address.

Examples

# Enable invalid source address detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-address-combination quiet 360

malformed invalid-assoc-req

Use malformed invalid-assoc-req to enable malformed association request frame detection.

Use undo malformed invalid-assoc-req to disable malformed association request frame detection.

Syntax

malformed invalid-assoc-req [ quiet quiet-value ]

undo malformed invalid-assoc-req

Default

Malformed association request frame detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed association request frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed association request frame within the quiet time.

Usage guidelines

This feature is applicable to association request frames. WIPS determines that a frame is malformed if the SSID length in the frame is 0.

Examples

# Enable malformed association request frame detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-assoc-req quiet 360

malformed invalid-auth

Use malformed invalid-auth to enable malformed authentication request frame detection.

Use undo malformed invalid-auth to disable malformed authentication request frame detection.

Syntax

malformed invalid-auth [ quiet quiet-value ]

undo malformed invalid-auth

Default

Malformed authentication request frame detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed authentication request frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed authentication request frame within the quiet time.

Usage guidelines

This feature is applicable to authentication request frames. WIPS determines that a frame is malformed when the following conditions are met:

· The authentication algorithm number does not conform to the 802.11 protocol and is larger than 3.

· The authentication transaction sequence number, indicating the authentication process between the client and the AP, is 1 and the status code is not 0.

· The authentication transaction sequence number is larger than 4.

Examples

# Enable malformed authentication request frame detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-auth quiet 360

malformed invalid-deauth-code

Use malformed invalid-deauth-code to enable invalid deauthentication code detection.

Use undo malformed invalid-deauth-code to disable invalid deauthentication code detection.

Syntax

malformed invalid-deauth-code [ quiet quiet-value ]

undo malformed invalid-deauth-code

Default

Invalid deauthentication code detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid deauthentication code. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid deauthentication code within the quiet time.

Usage guidelines

This feature is applicable to deauthentication frames. WIPS determines that a frame is malformed if the reason code in the frame is 0 or in the range of 67 to 65535.

Examples

# Enable invalid deauthentication code detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-deauth-code quiet 360

malformed invalid-disassoc-code

Use malformed invalid-disassoc-code to enable invalid disassociation code detection.

Use undo malformed invalid-disassoc-code to disable invalid disassociation code detection.

Syntax

malformed invalid-disassoc-code [ quiet quiet-value ]

undo malformed invalid-disassoc-code

Default

Invalid disassociation code detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid disassociation code. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid disassociation code within the quiet time.

Usage guidelines

This feature is applicable to disassociation frames. WIPS determines that a frame is malformed if the reason code in the frame is 0 or in the range of 67 to 65535.

Examples

# Enable invalid disassociation code detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-disassoc-code quiet 360

malformed invalid-ht-ie

Use malformed invalid-ht-ie to enable malformed HT IE detection.

Use undo malformed invalid-ht-ie to disable malformed HT IE detection.

Syntax

malformed invalid-ht-ie [ quiet quiet-value ]

undo malformed invalid-ht-ie

Default

Malformed HT IE detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed HT IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed HT IE within the quiet time.

Usage guidelines

This feature is applicable to beacon, probe response, association response, and reassociation response frames. WIPS determines that a frame is malformed when the following conditions are met:

· The SM power save value of the HT capabilities IE is 2.

· The secondary channel offset value of the HT operation IE is 2.

Examples

# Enable malformed HT IE detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-ht-ie quiet 360

malformed invalid-ie-length

Use malformed invalid-ie-length to enable invalid IE length detection.

Use undo malformed invalid-ie-length to disable invalid IE length detection.

Syntax

malformed invalid-ie-length [ quiet quiet-value ]

undo malformed invalid-ie-length

Default

Invalid IE length detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid IE length. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid IE length within the quiet time.

Usage guidelines

This feature is applicable to all management frames. WIPS determines that a frame is malformed if the length of an IE in the frame does not conform to the 802.11 protocol.

Examples

# Enable invalid IE length detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-ie-length quiet 360

malformed invalid-pkt-length

Use malformed invalid-pkt-length to enable invalid packet length detection.

Use undo malformed invalid-pkt-length to disable invalid packet length detection.

Syntax

malformed invalid-pkt-length [ quiet quiet-value ]

undo malformed invalid-pkt-length

Default

Invalid packet length detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an invalid packet length. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an invalid packet length within the quiet time.

Usage guidelines

This feature is applicable to all management frames. WIPS determines that a frame is malformed if the remaining length of the IE is not zero after the packet payload is resolved.

Examples

# Enable invalid packet length detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed invalid-pkt-length quiet 360

malformed large-duration

Use malformed large-duration to enable oversized duration detection.

Use undo malformed large-duration to disable oversized duration detection.

Syntax

malformed large-duration [ quiet quiet-value | threshold value ]

undo malformed large-duration

Default

Oversized duration detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized duration. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized duration within the quiet time.

threshold value: Specifies the duration size that triggers WIPS to determine an oversized duration and trigger an alarm. The value range for the value argument is 1 to 32767 and the default value is 5000.

Usage guidelines

This feature is applicable to unicast management frames, unicast data frames, RTS, CTS, and ACK frames. WIPS determines that a frame is malformed if the duration value in the frame is larger than the specified threshold.

Examples

# Enable oversized duration detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed large-duration quiet 360

malformed null-probe-resp

Use malformed null-probe-resp to enable malformed probe response frame detection.

Use undo malformed null-probe-resp to disable malformed probe response frame detection.

Syntax

malformed null-probe-resp [ quiet quiet-value ]

undo malformed null-probe-resp

Default

Malformed probe response frame detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a malformed probe response frame. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a malformed probe response frame within the quiet time.

Usage guidelines

This feature is applicable to probe response frames. WIPS determines that a frame is malformed if the frame is not a mesh frame and its SSID length is 0.

Examples

# Enable malformed probe response frame detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed null-probe-resp quiet 360

malformed overflow-eapol-key

Use malformed overflow-eapol-key to enable oversized EAPOL key detection.

Use undo malformed overflow-eapol-key to disable oversized EAPOL key detection.

Syntax

malformed overflow-eapol-key [ quiet quiet-value ]

undo malformed overflow-eapol-key

Default

Oversized EAPOL key detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized EAPOL key. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized EAPOL key within the quiet time.

Usage guidelines

This feature is applicable to EAPOL-Key frames. WIPS determines that a frame is malformed if the TO DS is 1 and the key length is larger than 0 in the frame. A malicious EAPOL-Key frame might result in DOS attacks.

Examples

# Enable oversized EAPOL key detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed overflow-eapol-key quiet 360

malformed overflow-ssid

Use malformed overflow-ssid to enable oversized SSID detection.

Use undo malformed overflow-ssid to disable oversized SSID detection.

Syntax

malformed overflow-ssid [ quiet quiet-value ]

undo malformed overflow-ssid

Default

Oversized SSID detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an oversized SSID. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an oversized SSID within the quiet time.

Usage guidelines

This feature is applicable to beacon, probe request, probe response, and association request frames. WIPS determines that a frame is malformed if the SSID length in the frame is larger than 32, which does not conform to the 802.11 protocol.

Examples

# Enable oversized SSID detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed overflow-ssid quiet 360

malformed redundant-ie

Use malformed redundant-ie to enable redundant IE detection.

Use undo malformed redundant-ie to disable redundant IE detection.

Syntax

malformed redundant-ie [ quiet quiet-value ]

undo malformed redundant-ie

Default

Redundant IE detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a redundant IE. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a redundant IE within the quiet time.

Usage guidelines

This feature is applicable to all management frames. WIPS determines that a frame is malformed if an IE in the frame is neither a necessary IE to the frame nor a reserved IE.

Examples

# Enable redundant IE detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] malformed redundant-ie quiet 360

man-in-the-middle

Use man-in-the-middle to configure man-in-the-middle (MITM) attack detection.

Use undo man-in-the-middle to disable MITM attack detection.

Syntax

man-in-the-middle [ quiet quiet-value ]

undo man-in-the-middle

Default

MITM attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an MITM attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an MITM attack within the quiet time.

Usage guidelines

WIPS can detect MITM attacks only when you enable both honeypot AP detection and MITM attack detection.

Examples

# Enable MITM attack detection.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] honeypot-ap

[Sysname-wips-dtc-home] man-in-the-middle

manual-classify mac-address

Use manual-classify mac-address to classify APs by MAC address.

Use undo manual-classify mac-address to restore the default.

Syntax

manual-classify mac-address mac-address { authorized-ap | external-ap | misconfigured-ap | rogue-ap }

undo manual-classify mac-address { mac-address | all }

Default

APs are not classified by MAC address.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

mac-address: Specifies an AP by its MAC address, in the H-H-H format.

authorized-ap: Specifies the AP as an authorized AP.

external-ap: Specifies the AP as an external AP.

misconfigured-ap: Specifies the AP as a misconfigured AP.

rogue-ap: Specifies the AP as a rogue AP.

all: Specifies all APs.

Examples

# Classify the AP whose MAC address is 000f-00e2-0001 as an authorized AP.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] manual-classify mac-address 000f-00e2-0001 authorized-ap

match all (AP classification rule view)

Use match all to configure the AP classification rule criteria to be in logical AND relationship.

Use undo match all to restore the default.

Syntax

match all

undo match all

Default

The AP classification rule criteria are in logical OR relationship. An AP matches an AP classification rule if it matches any of the criteria of the AP classification rule.

Views

AP classification rule view

Predefined user roles

network-admin

Examples

# Configure the criteria of AP classification rule 1 to be in logical AND relationship.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] match all

match all (signature view)

Use match all to configure the subsignatures to be in logical AND relationship.

Use undo match all to restore the default.

Syntax

match all

undo match all

Default

The subsignatures are in logical OR relationship. A packet matches a signature if it matches any of the subsignatures of the signature.

Views

Signature view

Predefined user roles

network-admin

Examples

# Configure the subsignatures of signature 1 to be in logical AND relationship.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[wips-sig-rule-1] match all

omerta

Use omerta to configure Omerta attack detection.

Use undo omerta to disable Omerta attack detection.

Syntax

omerta [ quiet quiet-value ]

undo omerta

Default

Omerta attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon an Omerta attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an Omerta attack within the quiet time.

Examples

# Enable Omerta attack detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] omerta quiet 100

oui

Use oui to configure an AP classification rule to match APs by OUI information.

Use undo oui to restore the default.

Syntax

oui oui-info

undo oui

Default

An AP classification rule does not match APs by OUI information.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

oui-info: Specifies the OUI information in the XXXXXX format, a case-insensitive hexadecimal string.

Examples

# Configure AP classification rule 1 to match APs with OUI 000fe4.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] oui 000fe4

pattern

Use pattern to configure a subsignature to match frames by specified bits.

Use undo pattern to restore the default.

Syntax

pattern pattern-number offset offset-value mask mask value1 [ to value2 ] [ from-payload ]

undo pattern { pattern-number | all }

Default

No subsignature is configured to match frames by specified bits.

Views

Signature view

Predefined user roles

network-admin

Parameters

pattern-number: Specifies a number for a subsignature that matches the specified bits of a frame, in the range of 0 to 65535.

offset offset-value: Specifies the offset from the specified bit to the reference bit. The value range for the offset-value argument is 0 to 2346 bits. The reference bit can be the first bit of the frame head (default) or the frame payload.

mask mask: Specifies a two-byte mask that is used for the AND operation with the specified bits. The mask is in hexadecimal format and the value range for the mask is 0 to ffff.

value1 [ to value2 ]: Specifies a value range for the specified bits. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 65535 for both the value1 and value2 arguments, and value2 cannot be smaller than value1.

from-payload: Specifies the first bit of the frame payload as the reference bit. If you do not specify this keyword, the first bit of the frame head is the reference bit.

Examples

# Configure a subsignature to match the second and third bits from the frame head of a frame. If the values of the second and third bytes of a frame are within the range of 0x0015 to 0x0020, the frame matches the subsignature.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[Sysname-wips-sig-rule-1] pattern 1 offset 8 mask ffff 15 to 20

permit-channel

Use permit-channel to add one or multiple channels to the permitted channel list.

Use undo permit-channel to remove the specified or all channels from the permitted channel list.

Syntax

permit-channel channel-id-list

undo permit-channel { channel-id-list | all }

Default

No channels are added to the permitted channel list.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

channel-id-list: Specifies a space-separated list of up to 10 permitted channel items. Each item specifies a channel number or a range of channel numbers in the form of value1 to value2. The value range for channel numbers is 1 to 224. The value for the value2 argument must be equal to or greater than the value for the value1 argument.

all: Specifies all permitted channels.

Usage guidelines

To prevent WIPS from taking all channels as prohibited channels, use this command to configure a permitted channel list before you configure prohibited channel detection.

Examples

# Add channel 1 to the permitted channel list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] permit-channel 1

Related commands

prohibited-channel

power-save

Use power-save to configure power saving attack detection.

Use undo power-save to disable power saving attack detection.

Syntax

power-save [ interval interval-value | minoffpacket packet-value | onoffpercent percent-value | quiet quiet-value ] *

undo power-save

Default

Power saving attack detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the statistics collection interval for power save frames. The value range for the interval-value argument is 1 to 3600 seconds, and the default value is 10 seconds.

minoffpacket packet-value: Specifies the threshold for the number of power save off frames that triggers power save attack analysis. If the number of off frames from a client reaches the threshold, WIPS analyzes the power save frames to determine whether a power save attack occurs. The value range for the argument is 10 to 150, and the default is 50.

onoffpercent percent-value: Specifies the threshold for the ratio between the power save on frames and off frames from a client. WIPS triggers an alarm for a power save attack when the threshold is reached. The value range for this argument is 0 to 100, and the default is 80.

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a power saving attack. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a power saving attack within the quiet time.

Examples

# Enable power saving attack detection, and set the interval-value, packet-value, percent-value, and quiet-value arguments to 20, 20, 90, and 100, respectively.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] power-save interval 20 minoffpacket 20 onoffpercent 90 quiet 100

prohibited-channel

Use prohibited-channel to configure prohibited channel detection.

Use undo prohibited-channel to disable prohibited channel detection.

Syntax

prohibited-channel [ quiet quiet-value ]

undo prohibited-channel

Default

Prohibited channel detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a prohibited channel. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a prohibited channel within the quiet time.

Usage guidelines

To prevent WIPS from taking all channels as prohibited channels, use the permit-channel command to configure a permitted channel list before you configure prohibited channel detection.

Examples

# Enable prohibited channel detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] prohibited-channel quiet 100

Related commands

permit-channel

random-mac-scan enable

Use random-mac-scan enable to configure WIPS to not trigger alarms for devices that use a random MAC address.

Use undo random-mac-scan enable to restore the default.

Syntax

random-mac-scan enable

undo random-mac-scan enable

Default

WIPS triggers alarms for devices that use a random MAC address.

Views

Attack detection policy view

Predefined user roles

network-admin

Examples

# Configure WIPS to not trigger alarms for devices that use a random MAC address.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] random-mac-scan enable

reset wips embedded-oui

Use reset wips embedded-oui to delete all embedded OUIs in the OUI library.

Syntax

reset wips embedded-oui

Views

User view

Predefined user roles

network-admin

Examples

# Delete all embedded OUIs in the OUI library.

<Sysname> reset wips embedded-oui

reset wips statistics

Use reset wips statistics to clear information collected by all sensors.

Syntax

reset wips statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear information collected by all sensors.

<Sysname> reset wips statistics

Related commands

display wips statistics receive

reset wips virtual-security-domain

Use reset wips virtual-security-domain to clear AP or client entries in a VSD.

Syntax

reset wips virtual-security-domain vsd-name device { ap { all | mac-address mac-address } | client { all | mac-address mac-address } | all }

Views

User view

Predefined user roles

network-admin

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

device: Specifies device entries.

ap: Specifies AP entries.

all: Specifies all AP entries.

mac-address mac-address: Specifies an AP by its MAC address.

client: Specifies client entries.

all: Specifies all client entries.

mac-address mac-address: Specifies a client by its MAC address.

all: Specifies all APs and client entries.

Examples

# Clear all AP and client entries in VSD aaa.

<Sysname> reset wips virtual-security-domain aaa device all

Related commands

display wips virtual-security-domain device

reset wips virtual-security-domain countermeasure record

Use reset wips virtual-security-domain countermeasure record to clear information about countermeasures that WIPS has taken against rogue devices.

Syntax

reset wips virtual-security-domain vsd-name countermeasure record

Views

User view

Predefined user roles

network-admin

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Clear information about countermeasures that WIPS has taken against rogue devices for VSD aaa.

<Sysname> reset wips virtual-security-domain aaa countermeasure record

Related commands

display wips virtual-security-domain countermeasure record

reset wlan nat-detect

Use reset wlan nat-detect to clear information about clients with NAT configured.

Syntax

reset wlan nat-detect

Views

User view

Predefined user roles

network-admin

network-operator

Examples

# Clear information about clients with NAT configured.

<Sysname> reset wlan nat-detect

Related commands

display wlan nat-detect

rssi

Use rssi to configure an AP classification rule to match APs by RSSI.

Use undo rssi to restore the default.

Syntax

rssi value1 [ to value2 ]

undo rssi

Default

An AP classification rule does not match APs by RSSI.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

value1 [ to value2 ]: Specifies a value range for the RSSI of APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 100 for both the value1 and value2 arguments, and value2 cannot be smaller than value1.

Examples

# Configure AP classification rule 1 to match APs with an RSSI of 20 to 40.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] rssi 20 to 40

security

Use security to configure an AP classification rule to match APs by security mode.

Use undo security to restore the default.

Syntax

security { equal | include } { clear | wep | wpa | wpa2 }

undo security

Default

No AP classification rule is configured to match APs by security mode.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

equal: Matches security modes equal to the specified security mode.

include: Matches security modes that include the specified security mode.

clear: Specifies the clear security mode.

wep: Specifies the WEP security mode.

wpa: Specifies the WPA security mode.

wpa2: Specifies the WPA2 security mode.

Examples

# Configure AP classification rule 1 to match APs that use the WEP security mode.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] security equal wep

select sensor all

Use select sensor all to enable all sensors that detect an attacker to take countermeasures against the attacker.

Use undo select sensor all to remove the configuration.

Syntax

select sensor all

undo select sensor all

Default

Only the sensor that most recently detects an attacker takes countermeasures against the attacker.

Views

Countermeasure policy view

Predefined user roles

network-admin

Examples

# Enable all sensors that detect an attacker to take countermeasures against the attacker.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] countermeasure policy home

[Sysname-wips-ctm-home] select sensor all

seq-number

Use seq-number to configure a subsignature to match frames by sequence number.

Use undo seq-number to restore the default.

Syntax

seq-number seq-value1 [ to seq-value2 ]

undo seq-number

Default

No subsignature is configured to match frames by sequence number.

Views

Signature view

Predefined user roles

network-admin

Parameters

seq-value1 [ to seq-value2 ]: Specifies a value range for the sequence number of a frame. The seq-value1 and seq-value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 4095 for both the seq-value1 and seq-value2 arguments, and seq-value2 cannot be smaller than seq-value1.

Examples

# Configure a subsignature to match frames with the sequence number 100.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[wips-sig-rule-1] seq-number 100

signature policy

Use signature policy to create a signature policy and enter its view, or enter the view of an existing signature policy.

Use undo signature policy to remove a signature policy.

Syntax

signature policy policy-name

undo signature policy policy-name

Default

No signature policies exist.

Views

WIPS view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a signature policy name, a case-sensitive string of 1 to 63 characters.

Examples

# Create a signature policy named home and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature policy home

signature rule

Use signature rule to create a signature and enter its view, or enter the view of an existing signature.

Use undo signature rule to remove a signature.

Syntax

signature rule rule-id

undo signature rule rule-id

Default

No signatures exist.

Views

WIPS view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a signature ID in the range of 1 to 65535.

Examples

# Create signature 1 and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

soft-ap

Use soft-ap to configure soft AP detection.

Use undo soft-ap to disable soft AP detection.

Syntax

soft-ap [ convert-time time-value ]

undo soft-ap

Default

Soft AP detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

convert-time time-value: Specifies the interval at which a soft AP switches between its role of client and AP. The value range for the time-value argument is 5 to 600 seconds, and the default is 10 seconds.

Examples

# Enable soft AP detection and set the time-value argument to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] soft-ap convert-time 100

ssid (AP classification rule view)

Use ssid to configure an AP classification rule to match APs by SSID.

Use undo ssid to restore the default.

Syntax

ssid [ case-sensitive ] [ not ] { equal | include } ssid-string

undo ssid

Default

An AP classification rule does not match APs by SSID.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

case-sensitive: Concerns the case of the SSID.

not: Matches SSIDs that are not equal to or do not include the specified SSID.

equal: Matches SSIDs equal to the specified SSID.

include: Matches SSIDs that include the specified SSID.

ssid-string: Specifies an SSID, a case-sensitive string of 1 to 32 characters.

Examples

# Configure AP classification rule 1 to match APs using SSID abc.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] ssid equal abc

ssid (signature view)

Use ssid to configure a subsignature to match frames by SSID.

Use undo ssid to restore the default.

Syntax

ssid [ case-sensitive ] [ not ] { equal | include } string

undo ssid

Default

No subsignature is configured to match frames by SSID.

Views

Signature view

Predefined user roles

network-admin

Parameters

case-sensitive: Concerns the case of the SSID.

not: Matches SSIDs that are not equal to or do not include the specified SSID.

equal: Matches SSIDs equal to the specified SSID.

include: Matches SSIDs that include the specified SSID.

string: Specifies an SSID, a case-sensitive string of 1 to 32 characters.

Examples

# Configure a subsignature to match frames with SSID office for signature 1.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[Sysname-wips-sig-rule-1] ssid equal office

ssid-length

Use ssid-length to configure a subsignature to match frames by SSID length.

Use undo ssid-length to restore the default.

Syntax

ssid-length length-value1 [ to length-value2 ]

undo ssid-length

Default

No subsignature is configured to match frames by SSID length.

Views

Signature rule

Predefined user roles

network-admin

Parameters

length-value1 [ to length-value2 ]: Specifies the value range for the SSID length. The length-value1 and length-value2 arguments specify the start value and end value for the value range, respectively. The value range is 1 to 32 for both the length-value1 and length-value2 arguments, and length-value2 cannot be smaller than length-value1.

Examples

# Configure a subsignature to match frames in which the SSID length is 10.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] signature rule 1

[Sysname-wips-sig-1] ssid-length 10

trust mac-address

Use trust mac-address to add the MAC address of an AP or client to the permitted device list.

Use undo trust mac-address to remove one or all MAC addresses from the permitted device list.

Syntax

trust mac-address mac-address

undo trust mac-address { mac-address | all }

Default

No MAC addresses exist in the permitted device list.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address.

all: Specifies all MAC addresses.

Examples

# Add MAC address 78AC-C0AF-944F to the permitted device list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] trust mac-address 78AC-C0AF-944F

trust oui

Use trust oui to add an OUI to the trusted OUI list.

Use undo trust oui to remove one or all OUIs from the trusted OUI list.

Syntax

trust oui oui

undo trust oui { oui | all }

Default

No OUIs exist in the trusted OUI list.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

oui: Specifies an OUI by its name, a case-insensitive string of 6 characters.

all: Specifies all OUIs.

Examples

# Add OUIs 000fe4 and 000fe5 to the trusted OUI list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] trust oui 000fe4

[Sysname-wips-cls-home] trust oui 000fe5

trust ssid

Use trust ssid to add an SSID to the trusted SSID list.

Use undo trust ssid to remove one or all SSIDs from the trusted SSID list.

Syntax

trust ssid ssid-name

undo trust ssid { ssid-name | all }

Default

No SSIDs exist in the trusted SSID list.

Views

Classification policy view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.

all: Specifies all SSIDs.

Examples

# Add SSID flood1 to the trusted SSID list.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] classification policy home

[Sysname-wips-cls-home] trust ssid flood1

unencrypted-authorized-ap

Use unencrypted-authorized-ap to configure unencrypted authorized AP detection.

Use undo unencrypted-authorized-ap to disable unencrypted authorized AP detection.

Syntax

unencrypted-authorized-ap [ quiet quiet-value ]

undo unencrypted-authorized-ap

Default

Unencrypted authorized AP detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an unencrypted authorized AP. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an unencrypted authorized AP within the quiet time.

Examples

# Enable unencrypted authorized AP detection and set the quiet time to 10 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] unencrypted-authorized-ap quiet 10

unencrypted-trust-client

Use unencrypted-trust-client to configure unencrypted authorized client detection.

Use undo unencrypted-trust-client to disable unencrypted authorized client detection.

Syntax

unencrypted-trust-client [ quiet quiet-value ]

undo unencrypted-trust-client

Default

Unencrypted authorized client detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting an unencrypted authorized client. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects an unencrypted authorized client within the quiet time.

Examples

# Enable unencrypted authorized client detection and set the quiet time to 10 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] unencrypted-trust-client quiet 10

up-duration

Use up-duration to configure an AP classification rule to match APs by running time.

Use undo up-duration to restore the default.

Syntax

up-duration value1 [ to value2 ]

undo up-duration

Default

An AP classification rule does not match APs by running time.

Views

AP classification rule view

Predefined user roles

network-admin

Parameters

value1 [ to value2 ]: Specifies the value range for the running time of APs. The value1 and value2 arguments specify the start value and end value for the value range, respectively. The value range is 0 to 2592000 seconds for both the value1 and value2 arguments, and value2 must be greater than value1.

Examples

# Configure AP classification rule 1 to match APs with a running time of 2000 to 40000 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] ap-classification rule 1

[Sysname-wips-cls-rule-1] up-duration 2000 to 40000

virtual-security-domain

Use virtual-security-domain to create a VSD and enter its view, or enter the view of an existing VSD.

Use undo virtual-security-domain to remove a VSD.

Syntax

virtual-security-domain vsd-name

undo virtual-security-domain vsd-name

Default

No VSDs exist.

Views

WIPS view

Predefined user roles

network-admin

Parameters

vsd-name: Specifies a VSD name, a case-sensitive string of 1 to 63 characters.

Examples

# Create VSD office and enter its view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] virtual-security-domain office

[Sysname-wips-vsd-office]

weak-iv

Use weak-iv to configure weak IV detection.

Use undo weak-iv to disable weak IV detection.

Syntax

weak-iv [ quiet quiet-value ]

undo weak-iv

Default

Weak IV detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon a weak IV. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a weak IV within the quiet time.

Examples

# Enable weak IV detection.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] weak-iv

windows-bridge

Use windows-bridge to configure Windows bridge detection.

Use undo windows-bridge to disable Windows bridge detection.

Syntax

windows-bridge [ quiet quiet-value ]

undo windows-bridge

Default

Windows bridge detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a Windows bridge. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a Windows bridge within the quiet time.

Examples

# Enable Windows bridge detection and set the quiet time to 360 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] windows-bridge quiet 360

wips (system view)

Use wips to enter WIPS view.

Use undo wips to clear all configurations in WIPS view.

Syntax

wips

undo wips

Default

No WIPS view is configured.

Views

System view

Predefined user roles

network-admin

Examples

# Enter WIPS view.

<Sysname> system-view

[Sysname] wips

[Sysname-wips]

wips (radio view)

Use wips enable to enable WIPS.

Use wips disable to disable WIPS.

Use undo wips to restore the default.

Syntax

wips { disable | enable }

undo wips

Default

In radio view, a radio uses the configuration in AP group view.

In AP group radio view, WIPS is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Examples

# Enable WIPS for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] wips enable

# Enable WIPS for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] wips enable

wips virtual-security-domain

Use wips virtual-security-domain to add an AP to a VSD.

Use undo wips virtual-security-domain to remove an AP from the VSD.

Syntax

wips virtual-security-domain vsd-name

undo wips virtual-security-domain

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, an AP group is not added to any VSD.

Views

AP view

AP group view

Predefined user roles

network-admin

Parameters

vsd-name: Specifies a VSD by its name, a case-sensitive string of 1 to 63 characters.

Examples

# Add AP ap1 to VSD office.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-AGN

[Sysname-wlan-ap-ap1] wips virtual-security-domain office

# Add AP group apgroup1 to VSD office.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] wips virtual-security-domain office

wireless-bridge

Use wireless-bridge to configure wireless bridge detection.

Use undo wireless-bridge to disable wireless bridge detection.

Syntax

wireless-bridge [ quiet quiet-value ]

undo wireless-bridge

Default

Wireless bridge detection is disabled.

Views

Attack detection policy view

Predefined user roles

network-admin

Parameters

quiet quiet-value: Specifies the quiet time after WIPS triggers an alarm upon detecting a wireless bridge. The value range for the quiet-value argument is 5 to 604800 seconds and the default quiet time is 600 seconds. WIPS does not trigger an alarm even if it detects a wireless bridge within the quiet time.

Examples

# Enable wireless bridge detection and set the quiet time to 100 seconds.

<Sysname> system-view

[Sysname] wips

[Sysname-wips] detect policy home

[Sysname-wips-dtc-home] wireless-bridge quiet 100

wlan nat-detect

Use wlan nat-detect enable to enable detection on clients with NAT configured.

Use wlan nat-detect disable to disable detection on clients with NAT configured.

Use undo wlan nat-detect to restore the default.

Syntax

wlan nat-detect { disable | enable }

undo wlan nat-detect

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, detection on clients with NAT configured is disabled.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

The device generates an alarm when it detects a client configured with NAT. To view information about detected NAT-configured clients, use the display wlan nat-detect command.

Examples

# Enable detection on clients with NAT configured for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] wlan nat-detect enable

# Enable detection on clients with NAT configured for APs in AP group aaa.

<Sysname> system-view

[Sysname] wlan ap-group aaa

[Sysname-wlan-ap-group-aaa] wlan nat-detect enable

WLAN QoS commands

Only the following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC/3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

bandwidth-guarantee

Use bandwidth-guarantee enable to enable bandwidth guaranteeing.

Use bandwidth-guarantee disable to disable bandwidth guaranteeing.

Use undo bandwidth-guarantee to restore the default.

Syntax

bandwidth-guarantee { disable | enable }

undo bandwidth-guarantee

Default

In radio view:

· If the service template setting in AP group view is used, an AP uses the configuration in AP group radio view.

· If a service template is manually bound to a radio, bandwidth guaranteeing is disabled.

In AP group radio view, bandwidth guaranteeing is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command enables clients that are associated with the same radio to get the guaranteed bandwidth when the network is congested. To set the guaranteed bandwidth, use the bandwidth-guarantee service-template command.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable bandwidth guaranteeing for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] service-template 1

[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee enable

# Enable bandwidth guaranteeing for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] bandwidth-guarantee enable

Related commands

bandwidth-guarantee service-template

Use bandwidth-guarantee service-template to set a guaranteed bandwidth percentage for the specified service template.

Use undo bandwidth-guarantee service-template to cancel the guaranteed bandwidth percentage configuration for the specified service template.

Syntax

bandwidth-guarantee service-template service-template-name percent percent

undo bandwidth-guarantee { all | service-template service-template-name }

Default

In radio view:

· If the service template setting in AP group view is used, an AP uses the configuration in AP group radio view.

· If a service template is manually bound to a radio, no guaranteed bandwidth percentage is set for the service template.

In AP group radio view, a service template does not have a guaranteed bandwidth.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

service-template service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. Make sure the specified service template has been bound to the radio.

percent percent: Specifies the percentage of the guaranteed bandwidth to the total bandwidth. The value range for the percent argument is 1 to 100. The total bandwidth represents the maximum bandwidth of the radio. The guaranteed bandwidth represents the minimum bandwidth for the BSS corresponding to the service template.

all: Specifies all service templates.

Usage guidelines

For this command to take effect, make sure the bandwidth guaranteeing feature is enabled.

For all service templates bound to the same radio, the sum of the guaranteed bandwidth percentages cannot exceed 100%.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the guaranteed bandwidth percentage to 30% for service template 1 in radio view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] service-template 1

[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee service-template 1 percent 30

[Sysname-wlan-ap-ap1-radio-1] bandwidth-guarantee enable

# Set the guaranteed bandwidth percentage to 30% for service template 1 in AP group radio view.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] bandwidth-guarantee enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] service-template 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] bandwidth-guarantee service-template 1 percent 30

Related commands

bandwidth-guarantee

wlan max-bandwidth

cac policy

Use cac policy to configure a Connect Admission Control (CAC) policy.

Use undo cac policy to restore the default.

Syntax

cac policy { channelutilization [ channelutilization-value ] | client [ client-number ] }

undo cac policy

Default

In radio view, an AP uses the configuration in AP group radio view.

In AP group radio view, the client-based admission policy is used, and the maximum number of admitted clients is 20.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

channelutilization: Specifies the channel usage-based admission policy.

channelutilization-value: Specifies the maximum channel usage in percentage, in the range of 0 to 100. The maximum channel usage refers to the medium time of the accepted AC-VO and AC-VI traffic to the valid time within a certain time. The valid time refers to the time available for transmitting and receiving data. By default, the maximum channel usage is 65%.

client: Specifies the client-based admission policy.

client-number: Specifies the maximum number of clients allowed to be connected, in the range of 0 to 124. A client is counted as one client if it is using both the AC-VO and AC-VI queues.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

The CAC policy takes effect only on the AC-VO and the AC-VI queues.

Examples

# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70%.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] cac policy channelutilization 70

# Configure the channel usage-based admission policy for CAC, and set the maximum channel usage to 70% for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] cac policy channelutilization 70

client-rate-limit (radio view/AP group radio view)

Use client-rate-limit to configure radio-based client rate limiting.

Use undo client-rate-limit to restore the default.

Syntax

client-rate-limit { inbound | outbound } mode { dynamic | static } cir cir

undo client-rate-limit { inbound | outbound }

Default

In radio view, an AP uses the configuration in AP group radio view.

In AP group radio view, radio-based client rate is not limited.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

inbound: Limits the rate of incoming traffic.

outbound: Limits the rate of outgoing traffic.

dynamic: Specifies the dynamic rate limit mode. In this mode, the maximum rate for each client is the total maximum rate divided by the number of clients.

static: Specifies the static rate limit mode. The maximum rate for each client is fixed.

cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000. This option sets the maximum rate for each client in static rate limit mode and sets the total maximum rate for all clients in dynamic rate limit mode.

Usage guidelines

For this command to take effect, make sure radio-based client rate limiting is enabled.

The configuration in radio view takes precedence over the configuration in AP group radio view.

You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic.

Examples

# Configure client rate limiting for radio 1 in radio view: set the CIR to 567 Kbps for incoming traffic of each client and set the CIR to 89 Kbps for outgoing traffic of all clients.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-1] client-rate-limit enable

[Sysname-wlan-ap-ap1-1] client-rate-limit inbound mode static cir 567

[Sysname-wlan-ap-ap1-1] client-rate-limit outbound mode dynamic cir 89

# Configure client rate limiting for radio 1 in AP group radio view: set the CIR to 567 Kbps for incoming traffic of each client and set the CIR to 89 Kbps for outgoing traffic of all clients.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client-rate-limit enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client-rate-limit inbound mode static cir 567

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client-rate-limit outbound mode dynamic cir 89

Related commands

client-rate-limit enable { disable | enable }

client-rate-limit (service template view)

Use client-rate-limit to configure service-template-based client rate limiting.

Use undo client-rate-limit to restore the default.

Syntax

client-rate-limit { inbound | outbound } mode { dynamic | static } cir cir

undo client-rate-limit { inbound | outbound }

Default

Service-template-based client rate is not limited.

Views

Service template view

Predefined user roles

network-admin

Parameters

inbound: Limits the rate of incoming traffic.

outbound: Limits the rate of outgoing traffic.

dynamic: Specifies the dynamic rate limit mode. In this mode, the maximum rate for each client is the total maximum rate divided by the number of clients.

static: Specifies the static rate limit mode. The maximum rate for each client is fixed.

Usage guidelines

For this command to take effect, make sure service-template-based client rate limiting is enabled.

You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic.

Examples

# Configure rate limiting for service template 1: set the CIR to 567 Kbps for each client's incoming traffic.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] client-rate-limit enable

[Sysname-wlan-st-1] client-rate-limit inbound mode static cir 567

Related commands

client-rate-limit enable

client-rate-limit { disable | enable }

Use client-rate-limit enable to enable radio-based client rate limiting.

Use client-rate-limit disable to disable radio-based client rate limiting.

Use undo client-rate-limit to restore the default.

Syntax

client-rate-limit { disable | enable }

undo client-rate-limit

Default

In radio view, an AP uses the configuration in AP group radio view.

In AP group radio view, radio-based client rate limiting is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command limits the traffic rate of the WLAN clients associated with a radio. To set the rate limit direction and rate limit rate, use the client-rate-limit command.

You can configure different rate limit methods and rate limit modes for client rate limiting, and all settings take effect. The minimum value for the rate limit among these settings will apply to each client.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable client rate limiting for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] client-rate-limit enable

# Enable client rate limiting for radio 1 of AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] client-rate-limit enable

Related commands

client-rate-limit (radio view/AP group radio view)

client-rate-limit enable

Use client-rate-limit enable to enable service-template-based client rate limiting.

Use undo client-rate-limit enable to restore the default.

Syntax

client-rate-limit enable

undo client-rate-limit enable

Default

Service-template-based client rate limiting is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

This command limits the traffic rate of the WLAN clients associated with a service template. To set the rate limit direction and rate limit rate, use the client-rate-limit command.

Examples

# Enable client rate limiting for service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] client-rate-limit enable

Related commands

client-rate-limit (service template view)

display wlan wmm

Use display wlan wmm to display WMM statistics.

Syntax

display wlan wmm { client [ ap ap-name | mac-address mac-address ] | radio [ ap ap-name ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client: Displays WMM statistics for clients. If you use this keyword without the ap ap-name or mac-address mac-address option, this command displays WMM statistics for all clients.

radio: Displays WMM statistics for radios. If you use this keyword without the ap ap-name option, this command displays WMM statistics for all radios.

mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.

Examples

# Display WMM statistics for all radios.

<Sysname> display wlan wmm radio

AP ID : 4 AP name : test

Radio : 1

Client EDCA updates : 0

QoS mode : WMM

WMM status : Enabled

Radio max AIFSN : 15 Radio max ECWmin : 10

Radio max TXOPLimit : 32767 Radio max ECWmax : 10

CAC information

Clients accepted : 0

Voice : 0

Video : 0

Total request medium time(µs) : 0

Voice(µs) : 0

Video(µs) : 0

Calls rejected due to insufficient resources : 0

Calls rejected due to invalid parameters : 0

Calls rejected due to invalid medium time : 0

Calls rejected due to invalid delay bound : 0

Radio : 2

Client EDCA updates : 0

QoS mode : WMM

WMM status: Disabled

Radio max AIFSN : 15 Radio max ECWmin : 10

Radio max TXOPLimit : 32767 Radio max ECWmax : 10

CAC information

Client accepted : 0

Voice : 0

Video : 0

Total request medium time(µs) : 0

Voice(µs) : 0

Video(µs) : 0

Calls rejected due to insufficient resources : 0

Calls rejected due to invalid parameters : 0

Calls rejected due to invalid medium time : 0

Calls rejected due to invalid delay bound : 0

Table 45 Command output

Field	Description
Client EDCA updates	Times that client EDCA parameters have been updated.
QoS mode	WMM. If this field displays N/A, the QoS mode is not available.
WMM status	· Enabled. · Disabled.
Radio max AIFSN	Maximum AIFSN that the radio supports.
Radio max ECWmin	Maximum ECWmin that the radio supports.
Radio max TXOPLimit	Maximum TXOPLimit that the radio supports.
Radio max ECWmax	Maximum ECWmax that the radio supports.
Total request medium time	Total request medium time for AC-VO and AC-VI queues, in microseconds.

# Display WMM statistics for all clients.

<Sysname> display wlan wmm client

MAC address : 000f-e23c-0001 SSID : service

QoS mode : WMM

APSD information :

Max SP length : 7

L: Legacy T: Trigger D: Delivery

AC AC-BK AC-BE AC-VI AC-VO

Assoc State T|D L T|D T|D

Statistics information :

Uplink packets : 0 Downlink packets : 0

Uplink bytes : 0 Downlink bytes : 0

Downgrade packets : 0 Discarded packets : 0

Downgrade bytes : 0 Discarded bytes : 0

TS information:

AC : AC-VO User priority : 7

TID : 1 Direction : Bidirectional

PSB : 0 Surplus bandwidth allowance : 1.0000

Medium time (µs) : 39 MSDU size (bytes) : 1500

Mean data rate (Kbps) : 10.000 Minimum PHY rate (Mbps) : 11.000

TS creation time : 0h:0m:5s

TS updating time : 0h:0m:5s

Uplink TS packets : 0 Downlink TS packets : 0

Uplink TS bytes : 0 Downlink TS bytes : 0

Table 46 Command output

Field	Description
QoS mode	· WMM. · -NA-.
Max SP length	Maximum service period (SP) length.
AC	· AC-VO. · AC-VI. · AC-BE. · AC-BK.
Assoc state	APSD attribute for an AC queue: · T—The AC queue is trigger-enabled. · D—The AC queue is delivery-enabled. · T \| D—The AC queue is both trigger-enabled and delivery-enabled. · L—The AC queue is of legacy attributes.
User priority	User priority for packets from wired networks.
TID	Traffic identifier, in the range of 0 to 15.
Direction	Traffic direction: · Uplink. · Downlink. · Bidirectional.
PSB	Power save behavior: · 1—U-APSD power saving mode. · 0—Traditional power saving mode.
Surplus bandwidth allowance	Surplus bandwidth allowance in percentage.
Medium time	Permitted medium time in microseconds.
MSDU size	Average MSDU size in bytes.
Mean data rate	Average data transmission rate in Kbps.
Minimum PHY rate	Minimum physical transmission rate in Mbps.

Related commands

reset wlan wmm

edca client (ac-be and ac-bk)

Use edca client to set EDCA parameters of AC-BE or AC-BK queues for clients.

Use undo edca client to restore the default.

Syntax

edca client { ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *

undo edca client { ac-be | ac-bk }

Default

In radio view, an AP uses the configuration in AP group radio view.

In AP group radio view, the default EDCA parameter values of AC-BE or AC-BK queues for clients are shown in Table 47.

Table 47 Default EDCA parameter values of AC-BE or AC-BK queues for clients

AC	AIFSN	ECWmin	ECWmax	TXOP Limit
AC-BK	7	4	10	0
AC-BE	3	4	10	0

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

ac-be: Specifies the AC-BE (best-effort traffic) queue.

ac-bk: Specifies the AC-BK (background traffic) queue.

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.

txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value, in the range of 0 to 65535 (in units of 32 microseconds). If the value is 0, a client can send only one packet each time it holds the channel.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

As a best practice, set the TXOP Limit value to 0 for both the AC-BE and AC-BK queues if all the clients are 802.11b clients.

As a best practice, use the default TXOPLimit values for both the AC-BK and AC-BE queues if both 802.11b and 802.11g clients exist in the WLAN.

Examples

# Set the AIFSN to 5 for the AC-BE queue.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] edca client ac-be aifsn 5

# Set the AIFSN to 5 for the AC-BE queue for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] edca client ac-be aifsn 5

edca client (ac-vi and ac-vo)

Use edca client to set EDCA parameters of AC-VI or AC-VO queues for clients.

Use undo edca client to restore the default.

Syntax

edca client { ac-vi | ac-vo } { aifsn aifsn-value | cac { disable | enable } | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } *

undo edca client { ac-vi | ac-vo }

Default

In radio view, an AP uses the configuration in AP group radio view.

In AP group radio view, the default EDCA parameter values of AC-VI or AC-VO queues for clients are shown in Table 48.

Table 48 Default EDCA parameter values of AC-VI or AC-VO queues for clients

AC	AIFSN	ECWmin	ECWmax	TXOP Limit
AC-VI	2	3	4	94
AC-VO	2	2	3	47

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

cac: Specifies CAC. The AC-VO and AC-VI queues support CAC. CAC is disabled by default.

disable: Disables CAC.

enable: Enables CAC.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin), in the range of 0 to 15.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax), in the range of 0 to 15. The value of ECWmax cannot be smaller than the value of ECWmin.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

As a best practice, set the TXOPLimit value to 188 and 102 for the AC-VI and AC-VO queues, respectively when all the clients are 802.11b clients.

As a best practice, use the default TXOPLimit values for both the AC-VI and AC-VO queues if both 802.11b and 802.11g clients exist in the WLAN.

Examples

# Set the AIFSN to 3 for the AC-VO queue.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] edca client ac-vo aifsn 3

# Set the AIFSN to 3 for the AC-VO queue for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] edca client ac-vo aifsn 3

edca radio

Use edca radio to set EDCA parameters.

Use undo edca radio to restore the default.

Syntax

edca radio { ac-be | ac-bk | ac-vi | ac-vo } { ack-policy { noack | normalack } | aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | noack | txoplimit txoplimit-value } *

undo edca radio { ac-be | ac-bk | ac-vi | ac-vo }

Default

In radio view, the AP uses the configuration in AP group radio view.

In AP group radio view, the default EDCA parameter values are shown in Table 49.

Table 49 Default EDCA parameter values

AC	AIFSN	ECWmin	ECWmax	TXOP Limit
AC-BK	7	4	10	0
AC-BE	3	4	6	0
AC-VI	1	3	4	94
AC-VO	1	2	3	47

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

ac-be: Specifies the AC-BE (best-effort traffic) queue.

ac-bk: Specifies the AC-BK (background traffic) queue.

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

ack-policy: Specifies the ACK policy for the AC queue.

noack: Specifies the No ACK policy.

normalack: Specifies the Normal ACK policy (the default).

aifsn aifsn-value: Specifies the arbitration inter-frame spacing number (AIFSN), in the range of 1 to 15.

ecwmin ecwmin-value: Specifies the exponent form of CWmin (ECWmin). The value range for the ecwmin-value argument is 0 to 10.

ecwmax ecwmax-value: Specifies the exponent form of CWmax (ECWmax). The value range for the ecwmax-value argument is 0 to 10. The value of ECWmax cannot be smaller than the value of ECWmin.

txoplimit txoplimit-value: Specifies the transmission opportunity limit (TXOP Limit) value in units of 32 microseconds. The value range for the txoplimit-value argument is 0 to 32767. If the value is 0, a client can send only one packet each time it holds the channel.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

As a best practice, set TXOP Limit values for AC-BK, AC-BE, AC-VI, and AC-VO queues to 0, 0, 188, and 102, respectively for 802.11b radios.

Examples

# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] edca radio ac-vo aifsn 2

# Set the AIFSN of the AC-VO queue to 2 in radio view of radio 2 for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] edca radio ac-vo aifsn 2

qos priority

Use qos priority to set the port priority.

Use undo qos priority to restore the default.

Syntax

qos priority priority-value

undo qos priority

Default

The port priority is 0.

Views

Service template view

Predefined user roles

network-admin

Parameters

priority-value: Specifies the port priority in the range of 0 to 7. A larger value represents a higher priority.

Usage guidelines

When the port trust mode is enabled, an AP assigns the port priority to all packets for the service template.

This command does not take effect when the packet trust mode is enabled.

Examples

# Set the port priority to 2 for service template 1.

<Sysname> system

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] qos priority 2

Related commands

qos trust

Use qos trust to configure the trusted packet priority type.

Use undo qos trust to restore the default.

Syntax

qos trust { dot11e | dscp }

undo qos trust

Default

The port priority is trusted.

Views

Service template view

Predefined user roles

network-admin

Parameters

dot11e: Uses the 802.1e priority carried in packets for priority mapping.

dscp: Uses the DSCP priority carried in packets for priority mapping.

Usage guidelines

This feature takes effect only on uplink packets.

Examples

# Configure service template 1 to use the 802.1e priority carried in packets for priority mapping.

<Sysname> system

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] qos trust dot11e

Related commands

qos priority

reset wlan wmm

Use reset wlan wmm to clear WMM statistics.

Syntax

reset wlan wmm { client [ ap ap-name | mac-address mac-address ] | radio [ ap ap-name ] }

Views

User view

Predefined user roles

network-admin

Parameters

client: Clears WMM statistics for clients. If you use this keyword without the ap ap-name or mac-address mac-address option, this command clears WMM statistics for all clients.

radio: Clears WMM statistics for radios. If you use this keyword without the ap ap-name option, this command clears WMM statistics for all radios.

mac-address mac-address: Specifies a client by its MAC address in the H-H-H format.

Examples

# Clear WMM statistics for all radios.

<Sysname> reset wlan wmm radio

Related commands

display wlan wmm

svp map-ac

Use svp map-ac to map SVP packets to the specified AC queue.

Use svp map-ac disable to disable SVP mapping.

Use undo svp map-ac to restore the default.

Syntax

svp map-ac { ac-vi | ac-vo }

svp map-ac disable

undo svp map-ac

Default

In radio view, an AP uses the configuration in AP group radio view.

In AP group radio view, SVP mapping is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

ac-vi: Specifies the AC-VI (video traffic) queue.

ac-vo: Specifies the AC-VO (voice traffic) queue.

Usage guidelines

SVP mapping takes effect only on non-WMM clients.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Map SVP packets to the AC-VO queue.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] svp map-ac ac-vo

# Map SVP packets to the AC-VO queue for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] svp map-ac ac-vo

wlan client-rate-limit

Use wlan client-rate-limit to configure client-type-based client rate limiting.

Use undo wlan client-rate-limit to remove the configuration.

Syntax

wlan client-rate-limit { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } { inbound | outbound } cir cir [ cbs cbs ]

undo wlan client-rate-limit [ { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } [ inbound | outbound ] ]

Default

Client-type-based client rate is not limited.

Views

System view

Predefined user roles

network-admin

Parameters

dot11a: Specifies 802.11a clients.

dot11ac: Specifies 802.11ac clients.

dot11an: Specifies 802.11an clients.

dot11b: Specifies 802.11b clients.

dot11g: Specifies 802.11g clients.

dot11gac: Specifies 802.11gac clients.

dot11gn: Specifies 802.11gn clients.

inbound: Limits the rate of incoming traffic.

outbound: Limits the rate of outgoing traffic.

cir cir: Specifies the CIR in Kbps for each client. The value range for the cir argument is 1 to 2097152.

cbs byte: Specifies the CBS in bytes for each client. The value range for the byte argument is 1 to 268435456. If you do not specify this option, the value of CBS is automatically calculated from the value of CIR.

Usage guidelines

Examples

# Set the rate limit to 20480 Kbps for incoming traffic of 802.11an clients.

<Sysname> system-view

[Sysname] wlan client-rate-limit dot11an inbound cir 20480

wlan max-bandwidth

Use wlan max-bandwidth to set the maximum bandwidth for a radio mode.

Use undo wlan max-bandwidth to restore the default setting for one radio mode or for all radio modes.

Syntax

wlan max-bandwidth { dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gac | dot11gn } bandwidth

Default

The following maximum bandwidth settings apply:

· 30000 Kbps for dot11a and dot11g.

· 250000 Kbps for dot11an, dot11gn, and dot11gac.

· 500000 Kbps for dot11ac.

· 7000 Kbps for dot11b.

Views

System view

Predefined user roles

network-admin

Parameters

dot11a: Specifies the 802.11a radio mode.

dot11ac: Specifies the 802.11ac radio mode.

dot11an: Specifies the 802.11an radio mode.

dot11b: Specifies the 802.11b radio mode.

dot11g: Specifies the 802.11g radio mode.

dot11gac: Specifies the 802.11gac radio mode.

dot11gn: Specifies the 802.11gn radio mode.

bandwidth: Specifies the maximum bandwidth in Kbps. The value range varies as follows depending on radio modes:

· 16 to 30000 for dot11a and dot11g.

· 16 to 250000 for dot11an, dot11gn, and dot11gac.

· 16 to 500000 for dot11ac.

· 16 to 7000 for dot11b.

Usage guidelines

The maximum bandwidth is used to calculate the guaranteed bandwidth.

Examples

# Set the maximum bandwidth to 2000 Kbps for 802.11ac.

<Sysname> system-view

[Sysname] wlan max-bandwidth dot11ac 2000

wmm

Use wmm enable to enable WMM.

Use wmm disable to disable WMM.

Use undo wmm to restore the default.

Syntax

wmm { disable | enable }

undo wmm

Default

In radio view, an AP uses the configuration in AP group radio view.

In AP group radio view, WMM is enabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

All 802.11n clients must support WLAN QoS. For 802.11n clients to communicate with the associated AP, enable WMM when the radio operates in 802.11an or 802.11gn mode.

Examples

# Disable WMM.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] wmm disable

# Disable WMM for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] wmm disable

WLAN roaming commands

Only the following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC/3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

display wlan mobility roam-track mac-address

Use display wlan mobility roam-track mac-address to display roaming information for a client on the AC.

Syntax

display wlan mobility roam-track mac-address mac-address

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mac-address mac-address: Specifies a client by its MAC address, in the form of H-H-H.

Usage guidelines

Roaming information is displayed in sequence. The most recent roam-track information is displayed the first.

Examples

# Display roaming information for the specified client on the Home AC.

<Sysname> display wlan mobility roam-track mac-address 5250-0012-0411

Total entries: 2

BSSID Created at Online time AC IP address RID AP name

3ce5-a68d-2280 2016-06-14 11:12:28 00hr 48min 46sec 192.168.0.2 2 ap1

0026-3e08-1150 2016-06-14 11:12:05 00hr 40min 46sec 127.0.0.1 2 ap2

Table 50 Command output

Field	Description
BSSID	BSSID of the AP with which the client is associated.
Created at	Time when a roam-track entry was created for the client.
Online time	Online time of the client.
AC IP address	IP address of the AC with which the client is associated.
RID	ID of the radio with which the client is associated.
AP name	Name of the AP with which the client is associated.

snmp-agent trap enable wlan mobility

Use snmp-agent trap enable wlan mobility to enable SNMP notifications for WLAN roaming.

Use undo snmp-agent trap enable wlan mobility to disable SNMP notifications for WLAN roaming.

Syntax

snmp-agent trap enable wlan mobility

undo snmp-agent trap enable wlan mobility

Default

SNMP notifications are disabled for WLAN roaming.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN roaming events to an NMS, enable SNMP notifications for WLAN roaming. For WLAN roaming event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.

Examples

# Enable SNMP notifications for WLAN roaming.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan mobility

WLAN radio resource measurement commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

display wlan measure-report

Use display wlan measure-report to display measurement reports for clients.

Syntax

display wlan measure-report ap ap-name radio radio-id [ client mac-address mac-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

radio radio-id: Specifies a radio by its number. The value range varies by device model.

client mac-address mac-address: Specifies a client by its MAC address. If you do not specify a client, this command displays measurement reports for all clients.

Examples

# Display measurement reports for clients associated with radio 2 of AP ap1.

<Sysname> display wlan measure-report ap ap1 radio 2

Total number of clients: 1

Client MAC address : 0aef-e760-3587

Link measurement:

Link margin : 2 dBm

RCPI : -85 dBm

RSNI : 53 dBm

Noise histogram:

Antenna ID : 3

ANPI : -56 dBm

IPI0 to IPI10 density : 5 12 16 13 8 5 5 15 17 1 3

Spectrum measurement:

Transmit power : 20 dBm

BSS : Detected

OFDM preamble : Detected

Radar : Detected

Unidentified signal : Undetected

CCA busy fraction : 60

RPI0 to RPI7 density : 3 7 11 19 15 23 15 7

Frame report entry:

BSSID : a072-2351-e253

PHY type : fhss

Average RCPI : -10 dBm

Last RSNI : 2 dBm

Last RCPI : -20 dBm

Frames : 1

Dot11BSSAverageAccessDelay group:

Average access delay : 32 ms

BestEffort average access delay : 1 ms

Background average access delay : 1 ms

Video average access delay : 1 ms

Voice average access delay : 1 ms

Clients : 32

Channel utilization rate : 11

Transmit stream:

Traffic ID : 0

Sent MSDUs : 60

Discarded MSDUs : 5

Failed MSDUs : 3

MSDUs resent multiple times : 3

Lost QoS CF-Polls : 2

Average queue delay : 2 ms

Average transmit delay : 1 ms

Bin0 range : 0 to 10 ms

Bin0 to Bin5 : 5 10 10 5 10 10

Table 51 Command output

Field	Description
Link margin	Gap between the received RSSI and the lowest available RSSI.
RCPI	Received Channel Power Indicator.
RSNI	Received Signal to Noise Indicator.
ANPI	Average Noise Power Indicator during the measurement.
IPI0 to IPI10 density	Percentage of time for different IPI ranges to the total measurement period. IPIn represents an IPI range. The value for n is in the range of 1 to 10: · 0: IPI <= –92 dBm. · 1: –92 dBm < IPI <= –89 dBm. · 2: –89 dBm < IPI <= –86 dBm. · 3: –86 dBm < IPI <= –83 dBm. · 4: –83 dBm < IPI <= –80 dBm. · 5: –80 dBm < IPI <= –75 dBm · 6: –75 dBm < IPI <= –70 dBm. · 7: –70 dBm < IPI <= –65 dBm. · 8: –65 dBm < IPI <= –60 dBm. · 9: –60 dBm < IPI <= –55 dBm. · 10: –55 dBm < IPI.
Transmit power	Transmission power of the client.
BSS	Whether the client has detected wireless packets from other BSSs.
OFDM preamble	Whether the client has detected OFDM preambles.
Radar	Whether the client has detected radar signals.
Unidentified signal	Whether the client has detected unknown signals.
CCA busy fraction	CCA utilization is expressed as a percentage of time that the channel is busy (during the measurement period).
RPI0 to RPI7 density	Percentage of time that each RPI was used during the measurement period. RPIn represents a RPI range. The value for n is in the range of 1 to 7: · 0: RPI <= –87 dBm. · 1: –87 dBm < RPI <= –82 dBm. · 2: –82 dBm < RPI <= –77 dBm. · 3: –77 dBm < RPI <= –72 dBm. · 4: –72 dBm < RPI <= –67 dBm. · 5: –67 dBm < RPI <= –62 dBm. · 6: –62 dBm < RPI <= –57 dBm. · 7: –57 dBm < RPI.
PHY type	Physical media type: · fhss. · dsss. · irbaseband. · ofdm. · hrdsss. · erp.
Frames	Number of frames from the same MAC address and BSSID during the measurement.
Bin0 range	Value range for Bin0.
Bin0 to Bin5	Number of successfully sent MSDUs for each average delay range. Binx represents an average delay range. The value for x is in the range of 0 to 5: · Bin0: Delay< 10 ms. · Bin1: 10 ms <= Delay < 20 ms. · Bin2: 20 ms <= Delay < 40 ms. · Bin3: 40 ms <= Delay < 80 ms. · Bin4: 80 ms <= Delay < 160 ms. · Bin5: 160 ms <= Delay.

measure

Use measure enable to enable the specified measurement feature or all measurement features.

Use measure disable to disable the specified measurement feature or all measurement features.

Use undo measure to restore the default.

Syntax

measure { all | link | neighbor | radio | spectrum | tpc } { disable | enable }

undo measure

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, measurement is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

all: Specifies all measurement features.

link: Specifies link measurement. Link measurement measures RCPI, RSNI, and link redundancy for the requested link.

neighbor: Specifies neighbor measurement. Neighbor measurement measures the channel and BSSID of neighbor APs.

radio: Specifies radio measurement. Radio measurement measures channel load, noise histogram, beacons, frames, station statistics, locations, and transmit streams.

spectrum: Specifies spectrum measurement, which includes basic measurement, Clear Channel Assessment (CCA) measurement, and Receive Power Indication (RPI) measurement.

tpc: Specifies TPC measurement. TPC measurement measures link redundancy and transmission power for clients.

Usage guidelines

You must enable radio resource measurement if you enable link, neighbor, or radio measurement.

You must enable spectrum management if you enable spectrum or TPC measurement. For more information about spectrum management, see WLAN Configuration Guide (AC).

The spectrum and tpc keywords are available only for 5 GHz radios.

Examples

# Enable spectrum measurement for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] measure spectrum enable

# Enable spectrum measurement for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] measure spectrum enable

Related commands

measure-duration

measure-interval

resource-measure

spectrum-management

measure-duration

Use measure-duration to set the measurement duration.

Use undo measure-duration to restore the default.

Syntax

measure-duration time

undo measure-duration

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, the measurement duration is 500 TUs.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

time: Specifies the measurement duration in the range of 1 to 10000 TUs. One TU is equal to 1024 microseconds.

Usage guidelines

When measurement is enabled on an AP, the AP adds the measurement duration in the measurement requests sent to clients.

Examples

# Set the measurement duration to 512 TUs for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] measure-duration 512

# Set the measurement duration to 512 TUs for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] measure-duration 512

Related commands

measure

measure-interval

Use measure-interval to set the measurement interval for an AP to send measurement requests to clients.

Use undo measure-interval to restore the default.

Syntax

measure-interval interval

undo measure-interval

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, the measurement interval is 30 seconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

interval: Specifies the measurement interval in the range of 10 to 60 seconds.

Examples

# Set the measurement interval to 35 seconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] measure-interval 35

# Set the measurement interval to 35 seconds for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] measure-interval 35

Related commands

measure

measure-duration

resource-measure

Use resource-measure enable to enable radio resource measurement.

Use resource-measure disable to disable radio resource measurement.

Use undo resource-measure to restore the default.

Syntax

resource-measure { disable | enable }

undo resource-measure

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, radio resource measurement is disabled.

Views

Radio view

AP group view

Predefined user roles

network-admin

Usage guidelines

When radio measurement is enabled on an AP, the AP sets the Radio Measurement field to 1 in beacons, probe responses, association responses, or reassociation responses. It notifies the clients that they can send measurement requests. These frames also carry measurement capabilities of the AP to inform clients of measurement types that the AP supports.

The AP periodically sends Measurement Pilot frames to help clients fast discover the AP. Measurement Pilot frames are sent more frequently than beacons and carry less information.

Examples

# Enable radio resource measurement for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] resource-measure enable

# Enable radio resource measurement for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] resource-measure enable

rm-capability mode

Use rm-capability mode to set the match mode for client radio resource measurement capabilities.

Use undo rm-capability mode to restore the default.

Syntax

rm-capability mode { all | none | partial }

undo rm-capability mode

Default

In radio view, an AP uses the configuration in AP group view.

In AP group radio view, the match mode is none for client radio resource measurement capabilities.

Views

Radio view

AP group view

Predefined user roles

network-admin

Parameters

all: Specifies the all mode. A client is allowed to associate with an AP only when all its radio resource measurement capabilities match the AP's radio resource measurement capabilities.

none: Specifies the none mode. The AP does not check client radio resource measurement capabilities.

partial: Specifies the partial mode. A client is allowed to associate with an AP as long as one of its radio resource measurement capabilities matches any of the AP's radio resource measurement capabilities.

Usage guidelines

The configuration takes effect only when radio resource measurement is enabled.

Examples

# Set the match mode to partial for client radio resource measurement capabilities for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] resource-measure enable

[Sysname-wlan-ap-ap1-radio-2] rm-capability mode partial

# Set the match mode to partial for client radio resource measurement capabilities for AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] rm-capability mode partial

Related commands

resource-measure

Channel scanning commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

scan channel blacklist

Use scan channel blacklist to configure the channel scanning blacklist.

Use undo scan channel blacklist to remove the specified channels from the channel scanning blacklist.

Syntax

scan channel blacklist channel-list

undo scan channel blacklist { channel-list | all }

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, no channel scanning blacklist exists.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

channel-list: Specifies channels by their channel numbers in the range of 1 to 165.

all: Specifies all channels in the channel scanning blacklist.

Usage guidelines

After you configure the channel scanning blacklist for an AP, the AP will not scan non-working channels in the blacklist. You cannot configure both the channel scanning blacklist and whitelist for the same AP. Before configuring the channel scanning blacklist, remove all channels in the channel scanning whitelist.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Add channels 1 and 6 to the channel scanning blacklist for AP 1.

<Sysname> system-view

[Sysname] wlan ap 1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] scan channel blacklist 1 6

# Add channels 1 and 6 to the channel scanning blacklist for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 2

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-2] scan channel blacklist 1 6

scan channel whitelist

Use scan channel whitelist to configure the channel scanning whitelist.

Use undo scan channel whitelist to remove the specified channels from the channel scanning whitelist.

Syntax

scan channel whitelist channel-list

undo scan channel whitelist { channel-list | all }

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, no channel scanning whitelist exists.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

channel-list: Specifies channels by their channel numbers in the range of 1 to 165.

all: Specifies all channels in the channel scanning whitelist.

Usage guidelines

After you configure the channel scanning whitelist for an AP, the AP will scan only channels in the whitelist and the working channel. You cannot configure both the channel scanning blacklist and whitelist for the same AP. Before configuring the channel scanning whitelist, remove all channels in the channel scanning blacklist.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Add channels 1 and 6 to the channel scanning whitelist for AP 1.

<Sysname> system-view

[Sysname] wlan ap 1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] scan channel whitelist 1 6

# Add channels 1 and 6 to the channel scanning whitelist for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 2

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-2] scan channel whitelist 1 6

scan idle-time

Use scan idle-time to set the service idle timeout timer.

Use undo scan idle-time to restore the default.

Syntax

scan idle-time idle-time

undo scan idle-time

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the service idle timeout timer is 100 milliseconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

idle-time: Specifies the service idle timeout timer in the range of 60 to 5000 milliseconds. The service idle timeout timer cannot be greater than the maximum service period.

Usage guidelines

During a service period, an AP does not begin a new scanning period until the current service period exceeds the scanning period even if the specified service idle timeout expires.

The service idle timeout timer must be a multiple of the beacon interval. The value of the beacon interval is used as the service idle timeout timer if the service idle timeout timer is smaller than the beacon interval.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the service idle timeout timer to 500 milliseconds for AP 1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] scan idle-time 500

# Set the service idle timeout timer to 500 milliseconds for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-1] scan idle-time 500

Related commands

beacon interval

scan max-service-time

Use scan max-service-time to set the maximum service period.

Use undo scan max-service-time to restore the default.

Syntax

scan max-service-time { max-service-time | no-limit }

undo scan max-service-time

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the maximum service period is 5000 milliseconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

max-service-time: Specifies the maximum service period in the range of 100 to 5000 milliseconds.

no-limit: Configures the radio to not limit the service period. Specify this keyword to ensure wireless service quality. The AP does not start a scanning period unless the service idle timeout expires.

Usage guidelines

When the maximum service period for an AP is reached, the AP begins a scanning period regardless of whether it has traffic to forward.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the maximum service period to 3000 milliseconds for AP 1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] scan max-service-time 3000

# Set the maximum service period to 3000 milliseconds for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-1] scan max-service-time 3000

scan mode all

Use scan mode all enable to enable an AP to scan all channels.

Use scan mode all disable to disable an AP from scanning all channels.

Use undo scan mode to restore the default.

Syntax

scan mode all { disable | enable }

undo scan mode

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, a radio does not scan all channels.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to dual-band radios.

After you configure this command for an AP, the AP alternatively scans 2.4 GHz channels and 5 GHz channels at the specified interval.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable AP ap1 to scan all channels.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4330-ACN

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] scan mode all enable

This operation will affect WLAN access and RRM. Are you sure you want to perform

this operation?[Y/N]:Y

# Enable APs with model WA4330-ACN in AP group 10 to scan all channels.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA4330-ACN

[Sysname-wlan-ap-group-10-ap-model-WA4330-ACN] radio 2

[Sysname-wlan-ap-group-10-ap-model-WA4330-ACN-radio-2] scan mode all enable

This operation will affect WLAN access and RRM. Are you sure you want to perform

this operation?[Y/N]:Y

scan mode all interval

Use scan mode all interval to set the interval for an AP to scan all channels.

Use undo scan mode interval to restore the default.

Syntax

scan mode all interval interval-value

undo scan mode all interval

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the interval for an AP to alternatively scan 2.4 GHz channels and 5 GHz channels is 3000 milliseconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the interval for an AP to alternatively scan 2.4 GHz channels and 5 GHz channels, in the range of 2000 to 10000 milliseconds.

Examples

# Set the interval for an AP to alternatively scan 2.4 GHz channels and 5 GHz channels to 5000 milliseconds for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4330-ACN

[Sysname-wlan-ap-ap1] radio 2

[Sysname-wlan-ap-ap1-radio-2] scan mode all interval 5000

# Set the interval for an AP to alternatively scan 2.4 GHz channels and 5 GHz channels to 5000 milliseconds for APs with model WA4330-ACN in AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] ap-model WA4330-ACN

[Sysname-wlan-ap-group-1-WA4330-ACN] radio 2

[Sysname-wlan-ap-group-1-WA4330-ACN-radio-2] scan mode all interval 5000

scan scan-time

Use scan scan-time to set the scanning period.

Use undo scan scan-time to restore the default.

Syntax

scan scan-time scan-time

undo scan scan-time

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, the scanning period is 100 milliseconds.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

scan-time: Specifies the scanning period in the range of 100 to 5000 milliseconds. The scanning period cannot be greater than the maximum service period.

Usage guidelines

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the scanning period to 500 milliseconds for AP 1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] scan scan-time 500

# Set the scanning period to 500 milliseconds for APs with model WA4320i-ACN in AP group 10.

<Sysname> system-view

[Sysname] wlan ap-group 10

[Sysname-wlan-ap-group-10] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-10-ap-model-WA2620-WiNet-radio-1] scan scan-time 500

Band navigation commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

band-navigation

Use band-navigation enable to enable band navigation for an AP or AP group.

Use band-navigation disable to disable band navigation for an AP or AP group.

Use undo band-navigation to restore the default.

Syntax

band-navigation { disable | enable }

undo band-navigation

Default

In AP view, an AP uses the configuration in AP group view.

In AP group view, band navigation is enabled for an AP group.

Views

AP view

AP group view

Predefined user roles

network-admin

Usage guidelines

Band navigation takes effect on an AP only after you enable band navigation both globally and for the AP.

Examples

# Enable band navigation for AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] band-navigation enable

# Enable band navigation for AP group 1.

<Sysname> system-view

[Sysname] wlan ap-group 1

[Sysname-wlan-ap-group-1] band-navigation enable

Related commands

wlan band-navigation enable

wlan band-navigation aging-time

Use wlan band-navigation aging-time to set the client information aging time.

Use undo wlan band-navigation aging-time to restore the default.

Syntax

wlan band-navigation aging-time aging-time

undo wlan band-navigation aging-time

Default

The client information aging time is 180 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the client information aging time in the range of 10 to 600 seconds.

Usage guidelines

When an AP receives an association request from a client, the AP records the client's information and starts the client information aging timer. If the AP receives a probe request or association request from the client before the aging timer expires, the AP refreshes the client information and resets the client information aging timer. If the AP does not receive any probe requests or association requests from the client before the aging timer expires, the AP deletes the client's information.

Configure an appropriate client information aging time to ensure both client association and system resource efficiency.

Examples

# Set the client information aging time to 50 seconds.

<Sysname> system-view

[Sysname] wlan band-navigation aging-time 50

wlan band-navigation balance access-denial

Use wlan band-navigation balance access-denial to set the maximum number of denials for 5 GHz association requests.

Use undo wlan band-navigation balance access-denial to restore the default.

Syntax

wlan band-navigation balance access-denial access-denial

undo wlan band-navigation balance access-denial

Default

The maximum number of denials is 1 for 5 GHz association requests.

Views

System view

Predefined user roles

network-admin

Parameters

access-denial: Specifies the maximum number of denials for 5 GHz association requests, in the range of 1 to 10.

Usage guidelines

If the number of times that a 5 GHz radio rejects a client reaches the specified maximum number, the radio accepts the association request of the client.

Examples

# Set the maximum number of denials to 5 for 5 GHz association requests.

<Sysname> system-view

[Sysname] wlan band-navigation balance access-denial 5

wlan band-navigation balance session

Use wlan band-navigation balance session to configure load balancing for band navigation.

Use undo wlan band-navigation balance session to restore the default.

Syntax

wlan band-navigation balance session session [ gap gap ]

undo wlan band-navigation balance session

Default

Load balancing is disabled for band navigation.

Views

System view

Predefined user roles

network-admin

Parameters

session: Specifies the client number threshold for the 5 GHz radio, in the range of 2 to 40.

gap: Specifies the threshold for the client number gap between the 5 GHz radio and the radio that has the fewest clients. The value range for this argument is 1 to 8 and the default value is 4.

Usage guidelines

If you enable band navigation but do not enable load balancing, the AC directs dual-band clients to the 5 GHz radio.

The AP rejects the 5 GHz association request of a client when the following conditions are met:

· The number of clients on the 5 GHz radio reaches the specified threshold.

· The client number gap between the 5 GHz radio and the radio that has the fewest clients reaches the specified threshold.

Examples

# Enable load balancing for band navigation, and set the client number threshold and session gap threshold to 10 and 5, respectively.

<Sysname> system-view

[Sysname] wlan band-navigation balance session 10 gap 5

wlan band-navigation enable

Use wlan band-navigation enable to enable band navigation globally.

Use undo wlan band-navigation enable to restore the default.

Syntax

wlan band-navigation enable

undo wlan band-navigation enable

Default

Band navigation is disabled globally.

Views

System view

Predefined user roles

network-admin

Usage guidelines

For band navigation to take effect, make sure fast association is disabled for the wireless service that the clients use.

Band navigation takes effect on an AP only when you enable band navigation both globally and for the AP.

Examples

# Enable band navigation globally.

<Sysname> system-view

[Sysname] wlan band-navigation enable

Related commands

band-navigation

quick-association enable

wlan band-navigation rssi-threshold

Use wlan band-navigation rssi-threshold to set the received signal strength indicator (RSSI) threshold for band navigation.

Use undo wlan band-navigation rssi-threshold to restore the default.

Syntax

wlan band-navigation rssi-threshold rssi-threshold

undo wlan band-navigation rssi-threshold

Default

The RSSI threshold for band navigation is 15.

Views

System view

Predefined user roles

network-admin

Parameters

rssi-threshold: Specifies the RSSI threshold for band navigation, in the range of 5 to 100.

Usage guidelines

A client might be detected by multiple radios. A 5 GHz radio rejects the association request of a client if the client's RSSI is lower than the band navigation RSSI threshold.

Examples

# Set the RSSI threshold for band navigation to 40.

<Sysname> system-view

[Sysname] wlan band-navigation rssi-threshold 40

WLAN multicast optimization commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

display wlan ipv6 multicast-optimization entry

Use display wlan ipv6 multicast-optimization entry to display IPv6 multicast optimization entry information.

Syntax

display wlan ipv6 multicast-optimization entry [ client mac-address [ group group-ip [ source source-ip ] ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries.

group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries for the specified client.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command displays information about all IPv6 multicast optimization entries for the specified multicast group to which the specified client belongs.

Examples

# Display information about all IPv6 multicast optimization entries.

<Sysname> display wlan ipv6 multicast-optimization entry

Total 2 clients reported

Client: 0000-0000-0001

Reported from AP 1 on radio 1

Total number of groups: 1

Group: FF25::1

Version: MLDv2

Mode: Include

Duration: 00h 02m 03s

Sources: 3

Source: 1::1

Duration: 00h 02m 03s

Source: 1::2

Duration: 00h 02m 15s

Source: 1::3

Duration: 00h 02m 45s

Client: 0000-0000-0002

Reported from AP 1 on radio 1

Total number of groups: 1

Group: FF25::2

Version: MLDv2

Mode: Include

Duration: 00h 01m 09s

Sources: 3

Source: 1::1

Duration: 00h 01m 11s

Source: 1::2

Duration: 00h 01m 09s

Source: 1::3

Duration: 00h 01m 45s

Table 52 Command output

Field	Description
Total 2 clients reported	Number of clients in the multicast optimization entry table.
Client	MAC address of the client.
Group	Multicast group address.
Version	Version of the multicast group: · MLDv1. · MLDv2.
Mode	WLAN multicast optimization mode of the multicast group: · Include—Multicast packets destined to the multicast group are converted to unicast packets if the multicast source address exists in the source address list obtained from MLDv2 reports. · Exclude—Multicast packets destined to the multicast group are not converted to unicast packets if the multicast source address does not exist in the source address list obtained from MLDv2 reports. This field always displays Exclude for MLDv1 multicast groups.
Duration	Lifetime of the multicast optimization entry for the multicast group or multicast source.
Source	Multicast source address.

display wlan multicast-optimization entry

Use display wlan multicast-optimization entry to display IPv4 multicast optimization entry information.

Syntax

display wlan multicast-optimization entry [ client mac-address [ group group-ip [ source source-ip ] ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries.

group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries for the specified client.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command displays information about all IPv4 multicast optimization entries for the specified multicast group to which the specified client belongs.

Examples

# Display information about all IPv4 multicast optimization entries.

<Sysname> display wlan multicast-optimization entry

Total 2 clients reported

Client: 0000-0000-0001

Reported from AP 1 on radio 1

Total number of groups: 1

Group: 226.0.0.1

Version: IGMPv3

Mode: Include

Duration: 00h 03m 03s

Sources: 3

Source: 27.0.0.1

Duration: 00h 03m 32s

Source: 27.0.0.2

Duration: 00h 03m 15s

Source: 27.0.0.3

Duration: 00h 03m 03s

Client: 0000-0000-0002

Reported from AP 1 on radio 1

Total number of groups: 2

Group: 226.0.0.1

Version: IGMPv3

Mode: Include

Duration: 00h 02m 15s

Sources: 3

Source: 27.0.0.1

Duration: 00h 02m 32s

Source: 27.0.0.2

Duration: 00h 02m 15s

Source: 27.0.0.3

Duration: 00h 02m 23s

Group: 226.0.0.2

Version: IGMPv3

Mode: Include

Duration: 00h 01m 11s

Sources: 2

Source: 27.0.0.1

Duration: 00h 01m 12s

Source: 27.0.0.2

Duration: 00h 01m 11s

Table 53 Command output

Field	Description
Total 2 clients reported	Number of clients in the multicast optimization entry table.
Client	MAC address of the client.
Group	Multicast group address.
Version	Version of the multicast group: · IGMPv1v2—IGMPv1 or IGMPv2. · IGMPv3.
Mode	WLAN multicast optimization mode of the multicast group: · Include—Multicast packets destined to the multicast group are converted to unicast packets if the multicast source address exists in the source address list obtained from IGMPv3 reports. · Exclude—Multicast packets destined to the multicast group are not converted to unicast packets if the multicast source address does not exist in the source address list obtained from IGMPv3 reports. This field always displays Exclude for IGMPv1 or IGMPv2 multicast groups.
Duration	Lifetime of the multicast optimization entry for the multicast group or multicast source.
Source	Multicast source address.

ipv6 multicast-optimization enable

Use ipv6 multicast-optimization enable to enable IPv6 WLAN multicast optimization.

Use undo ipv6 multicast-optimization enable to disable IPv6 WLAN multicast optimization.

Syntax

ipv6 multicast-optimization enable

undo ipv6 multicast-optimization enable

Default

IPv6 WLAN multicast optimization is disabled.

Views

Service template view

Predefined user roles

network-admin

Examples

# Enable IPv6 WLAN multicast optimization for service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] ipv6 multicast-optimization enable

multicast-optimization enable

Use multicast-optimization enable to enable IPv4 WLAN multicast optimization.

Use undo multicast-optimization enable to disable IPv4 WLAN multicast optimization.

Syntax

multicast-optimization enable

undo multicast-optimization enable

Default

IPv4 WLAN multicast optimization is disabled.

Views

Service template view

Predefined user roles

network-admin

Examples

# Enable IPv4 WLAN multicast optimization for service template 1.

<Sysname> system-view

[Sysname] wlan service-template 1

[Sysname-wlan-st-1] multicast-optimization enable

reset wlan ipv6 multicast-optimization entry

Use reset wlan ipv6 multicast-optimization entry to clear IPv6 multicast optimization entries.

Syntax

reset wlan ipv6 multicast-optimization entry { all | client mac-address [ group group-ip [ source source-ip ] ] }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all IPv6 multicast optimization entries.

client mac-address: Specifies a client by its MAC address.

group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified client.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified multicast group to which the specified client belongs.

Examples

# Clear all IPv6 multicast optimization entries for the client with MAC address 1011-2222-3334.

<Sysname> reset wlan ipv6 multicast-optimization entry client 1011-2222-3334

Related commands

display wlan ipv6 multicast-optimization entry

reset wlan ipv6 multicast-optimization entry group

Use reset wlan ipv6 multicast-optimization entry group to clear IPv6 multicast optimization entries for the specified multicast group.

Syntax

reset wlan ipv6 multicast-optimization entry group group-ip [ source source-ip ]

Views

User view

Predefined user roles

network-admin

Parameters

group-ip: Specifies a multicast group by its IP address.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv6 multicast optimization entries for the specified multicast group.

Examples

# Clear IPv6 multicast optimization entries for the multicast group with IPv6 address FF28::1.

<Sysname> reset wlan ipv6 multicast-optimization entry group FF28::1

reset wlan multicast-optimization entry

Use reset wlan multicast-optimization entry to clear IPv4 multicast optimization entries.

Syntax

reset wlan multicast-optimization entry { all | client mac-address [ group group-ip [ source source-ip ] ] }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all IPv4 multicast optimization entries.

client mac-address: Specifies a client by its MAC address.

group group-ip: Specifies a multicast group by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified client.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified multicast group to which the specified client belongs.

Examples

# Clear all IPv4 multicast optimization entries for the client with MAC address 1011-2222-3334.

<Sysname> reset wlan multicast-optimization entry client 1011-2222-3334

Related commands

display wlan multicast-optimization entry

reset wlan multicast-optimization entry group

Use reset wlan multicast-optimization entry group to clear IPv4 multicast optimization entries for the specified multicast group.

Syntax

reset wlan multicast-optimization entry group group-ip [ source source-ip ]

Views

User view

Predefined user roles

network-admin

Parameters

group-ip: Specifies a multicast group by its address.

source source-ip: Specifies a multicast source by its IP address. If you do not specify this option, the command clears all IPv4 multicast optimization entries for the specified multicast group.

Examples

# Clear IPv4 multicast optimization entries for the multicast group with address 235.1.1.1.

<Sysname> reset wlan multicast-optimization entry group 235.1.1.1

wlan ipv6 multicast-optimization aging-time

Use wlan ipv6 multicast-optimization aging-time to set the aging time for IPv6 multicast optimization entries.

Use undo wlan ipv6 multicast-optimization aging-time to restore the default.

Syntax

wlan ipv6 multicast-optimization aging-time aging-value

undo wlan ipv6 multicast-optimization aging-time

Default

The aging time is 260 seconds for IPv6 multicast optimization entries.

Views

System view

Predefined user roles

network-admin

Parameters

aging-value: Specifies the aging time for IPv6 multicast optimization entries, in the range of 60 to 3600 seconds.

Examples

# Set the aging time to 600 seconds for IPv6 multicast optimization entries.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization aging-time 600

wlan ipv6 multicast-optimization client entry-limit

Use wlan ipv6 multicast-optimization client entry-limit to set the limit for IPv6 multicast optimization entries per client.

Use undo wlan ipv6 multicast-optimization client entry-limit to restore the default.

Syntax

wlan ipv6 multicast-optimization client entry-limit [ limit-value ]

undo wlan ipv6 multicast-optimization client entry-limit

Default

No limit is set for IPv6 multicast optimization entries per client.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the limit for IPv6 multicast optimization entries per client, in the range of 8 to 1024. The default value is 256.

Usage guidelines

Configure this command to limit the number of multicast optimization entries that an AP maintains for each client to prevent a client from occupying excessive system resources.

Examples

# Set the limit to 64 for IPv6 multicast optimization entries per client.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization client entry-limit 64

wlan ipv6 multicast-optimization entry client-limit

Use wlan ipv6 multicast-optimization entry client-limit to configure an IPv6 multicast optimization policy.

Use undo wlan ipv6 multicast-optimization entry client-limit to restore the default.

Syntax

wlan ipv6 multicast-optimization entry client-limit [ limit-value ] [ drop | multicast | unicast ]

undo wlan ipv6 multicast-optimization entry client-limit

Default

No IPv6 multicast optimization policies exist and an AP performs WLAN multicast optimization for all clients.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the threshold for the number of clients that WLAN multicast optimization supports, in the range of 1 to 256. The default value is 8.

drop: Configures an AP to drop a multicast packet when the number of clients to receive the packet exceeds the threshold.

multicast: Configures an AP to forward a multicast packet to all clients when the number of clients to receive the packet exceeds the threshold.

unicast: Configures an AP to process a multicast packet as follows when the number of clients to receive the packet exceeds the threshold:

· Convert the multicast packet to unicast packets.

· Send the unicast packets to only n (n equal to the specified threshold) clients that are randomly selected.

Usage guidelines

Use this command to configure the maximum number of clients that WLAN multicast optimization supports and define the action an AP takes when the limit is reached.

If you do not specify an action, an AP performs unicast forwarding.

Examples

# Set the threshold for the number of clients that WLAN multicast optimization supports to 32, and specify the unicast forwarding mode.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization entry client-limit 32 unicast

wlan ipv6 multicast-optimization global entry-limit

Use wlan ipv6 multicast-optimization global entry-limit to set the limit for IPv6 multicast optimization entries.

Use undo wlan ipv6 multicast-optimization global entry-limit to restore the default.

Syntax

wlan ipv6 multicast-optimization global entry-limit [ limit-value ]

undo wlan ipv6 multicast-optimization global entry-limit

Default

No limit is set for IPv6 multicast optimization entries.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the limit for IPv6 multicast optimization entries, in the range of 8 to 8192. The default value is 1024.

Usage guidelines

When the number of multicast optimization entries reaches the limit, the AP stops creating new entries until the number falls below the limit. This action saves system resources.

Examples

# Set the limit for IPv6 multicast optimization entries to 512.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization global entry-limit 512

wlan ipv6 multicast-optimization packet-rate-limit

Use wlan ipv6 multicast-optimization packet-rate-limit to set the maximum number of MLD packets that can be received from clients within the specified period.

Use undo wlan ipv6 multicast-optimization packet-rate-limit to restore the default.

Syntax

wlan ipv6 multicast-optimization packet-rate-limit [ interval interval-value | threshold threshold-value ] *

undo wlan ipv6 multicast-optimization packet-rate-limit

Default

No limit is set for the number of MLD packets that can be received from clients.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the interval for calculating the incoming MLD packet rate. The value range is 60 to 3600 seconds. The default setting is 60 seconds.

threshold threshold-value: Specifies the threshold on the number of incoming MLD packets over the specified interval. The value range is 1 to 100000. The default threshold is 100.

Usage guidelines

If the number of MLD packets received from clients reaches the threshold within the specified interval, the AP stops receiving MLD packets from clients until the next period.

Examples

# Configure an AP to receive a maximum of 240 MLD packets every 120 seconds.

<Sysname> system-view

[Sysname] wlan ipv6 multicast-optimization packet-rate-limit interval 120 threshold 240

wlan multicast-optimization aging-time

Use wlan multicast-optimization aging-time to set the aging time for IPv4 multicast optimization entries.

Use undo wlan multicast-optimization aging-time to restore the default.

Syntax

wlan multicast-optimization aging-time aging-value

undo wlan multicast-optimization aging-time

Default

The aging time is 260 seconds for IPv4 multicast optimization entries.

Views

System view

Predefined user roles

network-admin

Parameters

aging-value: Specifies the aging time for IPv4 multicast optimization entries, in the range of 60 to 3600 seconds.

Examples

# Set the aging time to 600 seconds for IPv4 multicast optimization entries.

<Sysname> system-view

[Sysname] wlan multicast-optimization aging-time 600

wlan multicast-optimization client entry-limit

Use wlan multicast-optimization client entry-limit to set the limit for IPv4 multicast optimization entries per client.

Use undo wlan multicast-optimization client entry-limit to restore the default.

Syntax

wlan multicast-optimization client entry-limit [ limit-value ]

undo wlan multicast-optimization client entry-limit

Default

No limit is set for IPv4 multicast optimization entries per client.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the limit for IPv4 multicast optimization entries per client, in the range of 8 to 1024. The default value is 256.

Usage guidelines

Configure this command to limit the number of multicast optimization entries that an AP maintains for each client to prevent a client from occupying excessive system resources.

Examples

# Set the limit to 64 for IPv4 multicast optimization entries per client.

<Sysname> system-view

[Sysname] wlan multicast-optimization client entry-limit 64

wlan multicast-optimization entry client-limit

Use wlan multicast-optimization entry client-limit to configure an IPv4 multicast optimization policy.

Use undo wlan multicast-optimization entry client-limit to restore the default.

Syntax

wlan multicast-optimization entry client-limit [ limit-value ] [ drop | multicast | unicast ]

undo wlan multicast-optimization entry client-limit

Default

No IPv4 multicast optimization policies exist and an AP performs WLAN multicast optimization for all clients.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the threshold for the number of clients that WLAN multicast optimization supports, in the range of 1 to 256. The default value is 8.

drop: Configures an AP to drop a multicast packet when the number of clients to receive the packet exceeds the threshold.

multicast: Configures an AP to forward a multicast packet to all clients when the number of clients to receive the packet exceeds the threshold.

unicast: Configures an AP to process a multicast packet as follows when the number of clients to receive the packet exceeds the threshold:

· Convert the multicast packet to unicast packets.

· Send the unicast packets to only n (n equal to the specified threshold) clients that are randomly selected.

Usage guidelines

Use this command to configure the maximum number of clients that WLAN multicast optimization supports and define the action an AP takes when the limit is reached. If you do not specify an action, the AP performs unicast forwarding.

Examples

# Set the threshold for the number of clients that WLAN multicast optimization supports to 32, and specify the unicast forwarding mode.

<Sysname> system-view

[Sysname] wlan multicast-optimization entry client-limit 32 unicast

wlan multicast-optimization global entry-limit

Use wlan multicast-optimization global entry-limit to set the limit for IPv4 multicast optimization entries.

Use undo wlan multicast-optimization global entry-limit to restore the default.

Syntax

wlan multicast-optimization global entry-limit [ limit-value ]

undo wlan multicast-optimization global entry-limit

Default

No limit is set for IPv4 multicast optimization entries.

Views

System view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the limit for IPv4 multicast optimization entries, in the range of 8 to 8192. The default value is 1024.

Usage guidelines

When the number of multicast optimization entries reaches the limit, the AP stops creating new entries until the number falls below the limit. This action saves system resources.

Examples

# Set the limit for IPv4 multicast optimization entries to 512.

<Sysname> system-view

[Sysname] wlan multicast-optimization global entry-limit 512

wlan multicast-optimization packet-rate-limit

Use wlan multicast-optimization packet-rate-limit to set the maximum number of IGMP packets that can be received from clients within the specified period.

Use undo wlan multicast-optimization packet-rate-limit to restore the default.

Syntax

wlan multicast-optimization packet-rate-limit [ interval interval-value | threshold threshold-value ] *

undo wlan multicast-optimization packet-rate-limit

Default

No limit is set for the number of IGMP packets that can be received from clients within the specified period.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval-value: Specifies the interval for calculating the incoming IGMP packet rate. The value range is 60 to 3600 seconds. The default setting is 60 seconds.

threshold threshold-value: Specifies the threshold on the number of incoming IGMP packets over the specified interval. The value range is 1 to 100000. The default threshold is 100.

Usage guidelines

If the number of IGMP packets received from clients reaches the threshold within the specified interval, the AP stops receiving IGMP packets from clients until the next period.

Examples

# Configure an AP to receive a maximum of 240 IGMP packets from clients every 120 seconds.

<Sysname> system-view

[Sysname] wlan multicast-optimization packet-rate-limit interval 120 threshold 240

Cloud connection commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

cloud-management keepalive

Use cloud-management keepalive to set the keepalive interval for the local device to send keepalive packets to the H3C Oasis server.

Use undo cloud-management keepalive to restore the default.

Syntax

cloud-management keepalive interval

undo cloud-management keepalive

Default

The keepalive interval is 180 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the keepalive interval in the range of 10 to 600 seconds.

Usage guidelines

If the device does not receive a response from the H3C Oasis server within three keepalive intervals, the device sends a registration request to re-establish the cloud connection.

Examples

# Set the keepalive interval to 360 seconds.

<Sysname> system-view

[Sysname] cloud-management keepalive 360

cloud-management server domain

Use cloud-management server domain to configure the domain name of the H3C Oasis server.

Use undo cloud-management server domain to restore the default.

Syntax

cloud-management server domain domain-name

undo cloud-management server domain

Default

The domain name of the H3C Oasis server is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the domain name of the H3C Oasis server, a case-sensitive string of 1 to 253 characters.

Usage guidelines

Before you configure the domain name of the H3C Oasis server, make sure a DNS server is configured to translate the domain name.

If you execute the command multiple times, the most recent configuration takes effect.

Examples

# Configure the domain name of the H3C Oasis server as lvzhouv3.h3c.com.

<Sysname> system-view

[Sysname] cloud-management server domain lvzhouv3.h3c.com

cloud-management ping

Use cloud-management ping to set the interval at which the local device sends ping packets to the H3C Oasis server.

Use undo cloud-management ping to restore the default.

Syntax

cloud-management ping interval

undo cloud-management ping

Default

The local device sends ping packets to the H3C Oasis server at intervals of 60 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which the local device sends ping packets to the H3C Oasis server, in the range of 10 to 600 seconds.

Usage guidelines

After the connection to the H3C Oasis server is established, the local device sends ping packets to the server periodically to prevent NAT entry aging. Reduce the interval value if the network condition is poor or the NAT entry aging time is short.

The H3C Oasis server does not respond to ping packets.

Examples

# Configure the local device to send ping packets to the H3C Oasis server at intervals of 120 seconds.

<Sysname> system-view

[Sysname] cloud-management ping 120

display cloud-management state

Use display cloud-management state to display cloud connection state information.

Syntax

display cloud-management state

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display cloud connection state information.

<Sysname> display cloud-management state

Cloud connection state : Established

Device state : Request_success

Cloud server address : 10.1.1.1

Cloud server domain name : lvzhouv3.h3c.com

Local port : 443

Connected at : Wed Jan 27 14:18:40 2016

Duration : 00d 00h 02m 01s

Process state : DNS not parsed

Failure reason : DNS parse failed

Table 54 Command output

Field	Description
Cloud connection state	Cloud connection state: Unconnected, Request, and Established.
Device state	Local device state: · Idle—In idle state. · Connecting—Connecting to the H3C Oasis server. · Request_CAS_url—Sent a central authentication service (CAS) URL request. · Request_CAS_url_success—Requesting CAS URL succeeded. · Request_CAS_TGT—Sent a ticket granting ticket (TGT) request. · Request_CAS_TGT_success—Requesting TGT succeeded. · Request_CAS_ST—Sent a service ticket (ST) request. · Request_CAS_ST_success—Requesting ST succeeded. · Request_cloud_auth—Sent an authentication request. · Request_cloud_auth_success—Authentication succeeded. · Register—Sent a registration request. · Register_success—Registration succeeded. · Request—Sent a handshake request. · Request_success—Handshake succeeded.
Cloud server address	IP address of the H3C Oasis server.
Cloud server domain name	Domain name of the H3C Oasis server.
Local port	TCP port number used to establish cloud connections.
Connected at	Time when the cloud connection was established.
Duration	Duration since the establishment of the cloud connection.
Process state	Cloud connection processing state: · DNS not parsed. · DNS parsed. · Message not sent. · Message sent. · Message not received. · Message received.
Failure reason	Cloud connection failure reason: · DNS parse failed. · Socket connection failed. · SSL creation failed. · Sending CAS url request failed. · Sending CAS TGT failed. · Sending CAS ST failed. · Sending cloud auth failed. · Sending register failed. · Processing CAS url response failed. · Processing CAS TGT response failed. · Processing CAS ST response failed. · Processing cloud auth response failed. · Processing register response failed. · Sending handshake request failed. · Processing handshake failed. · Sending websocket request failed. · Processing websocket packet failed.

WLAN RRM commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

adjacency-factor

Use adjacency-factor to set the adjacency factor.

Use undo adjacency-factor to restore the default.

Syntax

adjacency-factor neighbor

undo adjacency-factor

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the adjacency factor is 3.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

neighbor: Specifies the adjacency factor in the range of 1 to 16.

Usage guidelines

The adjacency factor defines the quantity of manageable detected radios that trigger TPC and the ranking of the RSSI used for comparison with the power adjustment threshold. An AC can manage only radios associated with it.

For example, if the adjacency factor is 3, the AC performs TPC for a radio when the radio detects 3 other manageable radios. After ranking the radio's RSSIs detected by other manageable radios in descending order, the AC selects the third largest RSSI to compare with the power adjustment threshold.

Examples

# Set the adjacency factor to 7 for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] adjacency-factor 7

# Set the adjacency factor to 7 for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] adjacency-factor 7

adjacency-factor radio-selection

Use adjacency-factor radio-selection to specify the type of radios to participate in TPC calculation.

Use undo adjacency-factor radio-selection to restore the default.

Syntax

adjacency-factor radio-selection { all-channel | overlapping-channel }

undo adjacency-factor radio-selection

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, all-channel radios participate in TPC calculation.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

all-channel: Specifies radios detected on all channels.

overlapping-channel: Specifies radios detected on overlapping channels.

Usage guidelines

Radios that can participate in the TPC calculation for a radio include the following types:

· All-channel radios—Include all radios that detect the radio and are managed by the same AC as the radio. TPC based on all-channel radios can better control the signal coverage.

· Overlapping-channel radios—Include radios that detect the radio on a channel overlapping with the radio's transmit channel and are managed by the same AC as the radio. TPC based on overlapping-channel radios can expand signal coverage without increasing interference.

Examples

# Specify the type of radios to participate in TPC calculation as overlapping-channel for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] adjacency-factor radio-selection overlapping-channel

# Specify the type of radios to participate in TPC calculation as overlapping-channel for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] adjacency-factor radio-selection overlapping-channel

ap name

Use ap name to add a radio to an RRM holddown group.

Use undo ap name to remove one or all radios from an RRM holddown group.

Syntax

ap name ap-name radio radio-id

undo ap { name ap-name [ radio radio-id ] | all }

Default

No radios exist in an RRM holddown group.

Views

RRM holddown group view

Predefined user roles

network-admin

Parameters

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can contain letters, numbers, underlines (_), left brackets ([), right brackets (]), slashes (/), and hyphens (-). The specified AP must already exist.

radio-id: Specifies a radio by its ID. The value range for this argument varies by device model.

all: Specifies all radios.

Usage guidelines

A radio can belong to only one RRM holddown group. Adding a radio to a new RRM holddown group removes the radio from the old RRM holddown group.

Examples

# Add radio 2 of AP ap1 to RRM holddown group 10.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10] ap name ap1 radio 2

calibrate-channel mode

Use calibrate-channel mode to set the auto-DFS mode.

Use undo calibrate-channel mode to restore the default.

Syntax

calibrate-channel mode { periodic | scheduled }

undo calibrate-channel mode

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the auto-DFS mode is periodic.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

periodic: Specifies periodic auto-DFS.

scheduled: Specifies scheduled auto-DFS.

Usage guidelines

In periodic auto-DFS mode, the AC automatically performs DFS for a radio at the channel calibration interval.

In scheduled auto-DFS mode, the AC performs DFS at the specified time in a time range. Use this mode when interference is severe to avoid affecting ongoing wireless services.

Examples

# Set the auto-DFS mode to scheduled for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel mode scheduled

# Set the auto-DFS mode to scheduled for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel self-decisive enable

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel mode scheduled

Related commands

calibrate-channel monitoring time-range

calibrate-channel pronto

wlan rrm calibration-channel interval

calibrate-channel monitoring time-range

Use calibrate-channel monitoring time-range to specify a time range for channel monitoring.

Use undo calibrate-channel monitoring time-range to delete the specified time range for channel monitoring.

Syntax

calibrate-channel monitoring time-range time-range-name

undo calibrate-channel monitoring time-range

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, no time range is specified for channel monitoring.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

time-range-name: Specifies the name of a time range, a case-insensitive string of 1 to 32 characters. The string must start with a letter and cannot be all.

Usage guidelines

In scheduled auto-DFS, the AC collects statistics in the specified time range to generate channel reports and neighbor reports.

Examples

# Specify a time range for channel monitoring for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel monitoring time-range time1

# Specify a time range for channel monitoring for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel monitoring time-range time1

Related commands

time-range

calibrate-channel pronto

Use calibrate-channel pronto to execute scheduled auto-DFS.

Syntax

calibrate-channel pronto

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Examples

# Create a job and assign commands to the job for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] scheduler job calibration1

[Sysname-job-calibration1] command 1 system-view

[Sysname-job-calibration1] command 2 wlan ap ap1

[Sysname-job-calibration1] command 3 radio 1

[Sysname-job-calibration1] command 4 rrm

[Sysname-job-calibration1] command 5 calibrate-channel pronto

# Create a job and assign commands to the job for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] scheduler job calibration2

[Sysname-job-calibration2] command 1 system-view

[Sysname-job-calibration2] command 2 wlan ap-group g1

[Sysname-job-calibration2] command 3 ap-model WA2620-WiNet

[Sysname-job-calibration2] command 4 radio 1

[Sysname-job-calibration2] command 5 rrm

[Sysname-job-calibration2] command 6 calibrate-channel pronto

calibrate-channel self-decisive

Use calibrate-channel self-decisive enable to enable auto-DFS.

Use calibrate-channel self-decisive disable to disable auto-DFS.

Use undo calibrate-channel self-decisive to restore the default.

Syntax

calibrate-channel self-decisive { disable | enable }

undo calibrate-channel self-decisive

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, auto-DFS is disabled.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Examples

# Enable auto-DFS for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable

# Enable auto-DFS for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel self-decisive enable

Related commands

calibrate-channel mode

calibrate-power min

Use calibrate-power min to set the minimum transmit power for a radio after TPC is performed.

Use undo calibrate-power min to restore the default.

Syntax

calibrate-power min tx-power

undo calibrate-power min

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the minimum transmit power of a radio is 1 dBm after TPC is performed.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

tx-power: Specifies the minimum transmit power for a radio, in the range of 1 to 20 dBm.

Usage guidelines

This command ensures that the transmit power of a radio can still meet network requirements after TPC is performed.

Examples

# Set the minimum transmit power to 10 dBm for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power min 10

# Set the minimum transmit power to 10 dBm for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-power min 10

calibrate-power mode

Use calibrate-power mode to set the TPC mode.

Use undo calibrate-power mode to restore the default.

Syntax

calibrate-power mode { coverage | custom | density }

undo calibrate-power mode

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the TPC mode is custom.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

coverage: Specifies the coverage mode.

custom: Specifies the custom mode.

density: Specifies the density mode.

Usage guidelines

To avoid interference among APs, use the density mode. To increase signal coverage performance, use the coverage mode. If these two modes cannot meet your network requirements, use the custom mode to customize power adjustment settings.

In either density or coverage mode, power adjustment settings are defined by the system and cannot be changed.

Examples

# Set the TPC mode to coverage for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power mode coverage

# Set the TPC mode to density for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-power mode density

calibrate-power self-decisive

Use calibrate-power self-decisive enable to enable periodic auto-TPC for the AC to perform TPC at the power calibration interval.

Use calibrate-power self-decisive disable to disable periodic auto-TPC.

Use undo calibrate-power self-decisive to restore the default.

Syntax

calibrate-power self-decisive { disable | enable }

undo calibrate-power self-decisive

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, periodic auto-TPC is disabled.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Examples

# Enable periodic auto-TPC for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power self-decisive enable

# Enable periodic auto-TPC for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-power self-decisive enable

Related commands

wlan rrm calibration-power interval

calibrate-channel self-decisive sensitivity

Use calibrate-channel self-decisive sensitivity to set the DFS sensitivity mode.

Use calibrate-channel self-decisive sensitivity to restore the default.

Syntax

calibrate-channel self-decisive sensitivity { custom | high | low | medium }

undo calibrate-channel self-decisive sensitivity

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the DFS sensitivity mode is custom.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

custom: Specifies the custom sensitivity mode.

high: Specifies the high sensitivity mode.

low: Specifies the low sensitivity mode.

medium: Specifies the medium sensitivity mode.

Usage guidelines

DFS configured with a higher sensitivity can be triggered more easily.

DFS trigger parameters will be restored to the default if you change the sensitivity mode. The default settings vary by sensitivity mode. Record the configured DFS trigger parameters if necessary before you change the sensitivity mode from custom to low, medium, or high.

You can configure DFS trigger parameters only when the sensitivity mode is custom.

Examples

# Set the DFS sensitivity mode to low for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive sensitivity low

# Set the DFS sensitivity mode to high for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel self-decisive sensitivity high

Related commands

crc-error-threshold

interference-threshold

tolerance-level

calibrate-channel suppression

Use calibrate-channel suppression enable to enable DFS suppression.

Use calibrate-channel suppression disable to disable DFS suppression.

Use undo calibrate-channel suppression to restore the default.

Syntax

calibrate-channel suppression { disable | enable [ client-number number ] }

undo calibrate-channel suppression

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, DFS suppression is disabled.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

client-number number: Specifies the online client threshold in the range of 1 to 124. The value is 124 by default.

Usage guidelines

This feature takes effect only when periodic auto-DFS is configured.

For wireless service stability, you can configure DFS suppression to suppress periodic auto-DFS when the online client quantity reaches the specified threshold.

Examples

# Enable DFS suppression for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel self-decisive enable

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel mode periodic

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-channel suppression enable

# Disable DFS suppression for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel self-decisive enable

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel mode periodic

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-channel suppression disable

calibrate-power threshold

Use calibrate-power threshold to set the power adjustment threshold.

Use undo calibrate-power threshold to restore the default.

Syntax

calibrate-power threshold value

undo calibrate-power threshold

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the power adjustment threshold is 65.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

value: Specifies the power adjustment threshold in the range of 50 to 90. The value range indicates that the power of the radio is in the range of –90 dBm to –50 dBm.

Usage guidelines

As a best practice to avoid interference among radios, set the power adjustment threshold to –80 dBm for high-density WLANs.

Examples

# Set the power adjustment threshold to 70 for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] calibrate-power threshold 70

# Set the power adjustment threshold to 70 for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] calibrate-power threshold 70

channel holddown-time

Use channel holddown-time to set the channel holddown time.

Use undo channel holddown-time to restore the default.

Syntax

channel holddown-time minutes

undo channel holddown-time

Default

The channel holddown time is 720 minutes.

Views

RRM holddown group view

Predefined user roles

network-admin

Parameters

minutes: Specifies the channel holddown time in the range of 10 to 1440 minutes.

Usage guidelines

Each time the channel of a radio in the RRM holddown group changes, the system starts the channel holddown timer for the radio. The channel for every radio in the RRM holddown group remains unchanged during the specified channel holddown time.

Examples

# Set the channel holddown time to 600 minutes for RRM holddown group 10.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10] channel holddown-time 600

channel-capability mode

Use channel-capability mode to set the client channel capability match mode.

Use undo channel-capability mode to restore the default.

Syntax

channel-capability mode { all | none | partial }

undo channel-capability mode

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, client channel capabilities are not checked.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

all: Specifies the all mode. A client is allowed to associate with a radio only when all its supported channels match the radio's supported channels.

none: Specifies the none mode. Client channel capabilities are not checked.

partial: Specifies the partial mode. A client is allowed to associate with a radio as long as one of its supported channels matches any one of the radio's supported channels.

Usage guidelines

The following matrices show the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-LM/810-10-PoE/810-LM-HK	Yes
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	No

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	No

This command is available only for 5 GHz radios.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the client channel capability match mode to all for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

[Sysname-wlan-ap-ap1-radio-1] channel-capability mode all

# Set the client channel capability match mode to all for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel-capability mode all

Related commands

spectrum-management

channel-switch mode

Use channel-switch mode to set the channel switch mode.

Use undo channel-switch mode to restore the default.

Syntax

channel-switch mode { continuous | suspend }

undo channel-switch mode

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, all online clients stop sending frames during channel switch.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

continuous: Configures the online clients to continue sending frames during channel switch.

suspend: Configures the online clients to stop sending frames during channel switch until channel switch is complete.

Usage guidelines

The following matrices show the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-LM/810-10-PoE/810-LM-HK	Yes
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	No

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	No

This command takes effect on a radio only when the radio operates in 5 GHz mode and is enabled with spectrum management.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the channel switch mode to continuous for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

[Sysname-wlan-ap-ap1-radio-1] channel-switch mode continuous

# Set the channel switch mode to continuous for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] channel-switch mode continuous

Related commands

spectrum-management

crc-error-threshold

Use crc-error-threshold to set the CRC error threshold.

Use undo crc-error-threshold to restore the default.

Syntax

crc-error-threshold percent

undo crc-error-threshold

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the CRC error threshold is 20%.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

percent: Specifies the CRC error threshold in the range of 1% to 100%.

Usage guidelines

When the AC detects that the proportion of CRC-error packets in all 802.11 packets reaches the CRC error threshold on a radio, it performs DFS for the radio.

Examples

# Set the CRC error threshold to 50% for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] crc-error-threshold 50

# Set the CRC error threshold to 50% for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] crc-error-threshold 50

description

Use description to set a description for an RRM holddown group.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is set for an RRM holddown group.

Views

RRM holddown group view

Predefined user roles

network-admin

Parameters

text: Specifies the RRM holddown group description, a case-sensitive string of 1 to 64 characters.

Examples

# Set the description for RRM holddown group 10 to office.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10] description office

display wlan rrm baseline

Use display wlan rrm baseline to display radio baseline information.

Syntax

display wlan rrm baseline { all | name baseline-name } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all radio baselines.

name baseline-name: Specifies a radio baseline by its name, a case-insensitive string of 1 to 32 characters.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief radio baseline information.

Usage guidelines

You cannot display information about a radio baseline if you do not have the right to manage radios with the location identifier in the radio baseline.

Examples

# Display brief radio baseline information.

<Sysname> display wlan rrm baseline all

Baseline name : apbaseline

Radio range : AP

Created at : 2015-06-22 19:56:31

Baseline name : groupbaseline

Radio range : AP group

Created at : 2015-06-22 19:56:12

Baseline name : globalbaseline

Radio range : Global

Created at : 2015-06-22 19:55:12

Table 55 Command output

Field

Description

Radio range

Range of radios saved in the baseline:

· AP—Radios on an AP.

· AP group—Radios on APs in an AP group.

· Global—Radios on all APs associated with the AC.

Created at

Time and date when the baseline was created.

# Display detailed radio baseline information.

<Sysname> display wlan rrm baseline all verbose

--------------------------------------------------------------------------------

Baseline name : apbaseline

Radio range : AP

Created at : 2015-06-22 19:56:31

--------------------------------------------------------------------------------

APName RadioID RadioType Bandwidth Channel Power RegionCode

--------------------------------------------------------------------------------

ap1 2 dot11gn 20 13 20 CN

--------------------------------------------------------------------------------

Baseline name : groupbaseline

Radio range : AP group

Created at : 2015-06-22 19:56:12

--------------------------------------------------------------------------------

APName RadioID RadioType Bandwidth Channel Power RegionCode

--------------------------------------------------------------------------------

ap1 1 dot11an 40 157 20 CN

ap2 1 dot11an 40 149 20 CN

--------------------------------------------------------------------------------

Baseline name : globalbaseline

Radio range : Global

Created at : 2015-06-22 19:55:12

--------------------------------------------------------------------------------

APName RadioID RadioType Bandwidth Channel Power RegionCode

--------------------------------------------------------------------------------

ap1 1 dot11an 40 149 20 CN

ap1 2 dot11gn 20 13 20 CN

ap2 1 dot11an 40 149 20 CN

ap2 2 dot11gn 20 1 20 CN

--------------------------------------------------------------------------------

Table 56 Command output

Field	Description
Radio range	Range of radios saved in the baseline: · AP—Radios on an AP. · AP group—Radios on all APs in an AP group. · Global—Radios on all APs associated with the AC.
Created at	Time and date when the baseline was created.
Power	Transmit power of the radio in dBm.
RegionCode	Region code of the AP.

display wlan rrm baseline apply-history

Use display wlan rrm baseline apply-history to display the history records of radio baseline application.

Syntax

display wlan rrm baseline apply-history [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

Usage guidelines

This command displays information about the most recent ten baseline applications.

Examples

# Display the brief history records of radio baseline application.

<Sysname> display wlan rrm baseline apply-history

Name : global1

Applied at : 2016-01-23 12:19:50

Applied to : global

# Display the detailed history records of radio baseline application.

<Sysname> display wlan rrm baseline apply-history verbose

Name : global1

Applied at : 2016-01-23 12:19:50

Applied to : global

Radios : 6

Success : 4

Failure : 2

Failure reason

Radio doesn't exist : 0

Radio is down : 0

Mismatching radio type : 0

Mismatching region code : 1

Ineffective service template : 0

Illegal channel : 0

Mismatching bandwidth : 1

Channel locked : 0

Channel fixed : 0

Within channel holddown time : 0

Mismatching channel gap policy: 0

Power locked : 0

Within power holddown time : 0

Power lower than min. power : 0

Power greater than max. power : 0

Table 57 Command output

Field	Description
Name	Radio baseline name.
Applied at	Time at which the radio baseline was applied.
Applied to	Radio baseline application range: · ap—Applied to an AP. · apgroup—Applied to an AP group. · global—Applied to all APs.
Radio count	Number of radios in the radio baseline.
Success	Number of successful applications.
Failure	Number of failed applications.
Mismatching radio type	The radio mode saved in the baseline does not match the actual radio mode.
Mismatching region code	The region code saved in the baseline does not match the actual region code of the AP.
Ineffective service template	No service template is bound to a radio in the baseline or the bound service template is disabled.
Mismatching channel gap policy	The channel in the baseline does not match the specified channel gap.
Power lower than min. power	The transmit power in the baseline is lower than the specified minimum transmit power for the radio.
Power greater than max. power	The transmit power in the baseline is higher than the specified maximum transmit power for the radio.

Related commands

wlan rrm baseline apply

display wlan rrm-calibration-group

Use display wlan rrm-calibration-group to display RRM holddown group information.

Syntax

display wlan rrm-calibration-group { all | group-id }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all RRM holddown groups.

group-id: Specifies an RRM holddown group by its ID, in the range of 1 to 128.

Examples

# Display information about RRM holddown group 10.

<Sysname> display wlan rrm-calibration-group 10

RRM Calibration Group Information

--------------------------------------------------------------------------------

Group ID : 10

Description : office

Channel holddown time : 720 minutes

Power holddown time : 60 minutes

Location name : default-location

Group members : ap4-radio2, ap3-radio2

--------------------------------------------------------------------------------

Table 58 Command output

Field	Description
Group ID	ID of the RRM holddown group.
Description	Description for the RRM holddown group.
Channel holddown time	Channel holddown time.
Power holddown time	Power holddown time.
Location name	Name of the location identifier assigned to the RRM holddown group.
Group members	Radios in the RRM holddown group.

display wlan rrm-history ap

Use display wlan rrm-history ap to display historical channel and power adjustment information.

Syntax

display wlan rrm-history ap { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), left brackets ([), right brackets (]), slashes (/), and minus signs (-).

Usage guidelines

You can use this command to display detailed information about the most recent three channel and power adjustments. The detailed information includes adjustment time, cause, power, and interference.

Examples

# Display historical channel and power adjustment information for radios of AP ap1.

<Sysname> display wlan rrm-history ap name ap1

AP RRM History

--------------------------------------------------------------------------

Flags : I - Interference, P - Packets discarded, F - Retransmission,

R - Radar, C - Coverage, O - Others

--------------------------------------------------------------------------

AP RRM History : ap1

--------------------------------------------------------------------------

Radio : 1 Basic BSSID : 000f-e2ff-7700

--------------------------------------------------------------------------

Ch Power Load Util Intf PER Retry Reason Date Time

(dBm) (%) (%) (%) (%) (%) (yyyy-mm-dd) (hh:mm:ss)

--------------------------------------------------------------------------

Before 6 20 24 2 21 11 18 -P---- 2014-07-07 17:31:50

After 1 20 9 0 8 0 27 - - -

--------------------------------------------------------------------------

Before 1 20 54 1 53 11 15 IP---- 2014-07-08 12:19:50

After 6 20 10 0 10 3 29 - - -

--------------------------------------------------------------------------

Before 6 20 29 1 28 21 20 -P---- 2014-07-08 12:59:50

After 1 20 30 0 29 2 24 - - -

--------------------------------------------------------------------------

Table 59 Command output

Field	Description
Radio	Radio ID.
Basic BSSID	Basic service set identifier.
Ch	Working channel of the radio.
Power	Transmit power of the radio.
Load	Channel load in percentage.
Util	Channel usage in percentage.
Intf	Interference detected on the channel, in percentage.
PER	Bit error rate detected on the channel, in percentage.
Retry	Retransmission rate detected on the channel, in percentage.
Reason	Channel or power adjustment reason.
Date	Channel or power adjustment date.
Time	Channel or power adjustment time.

display wlan rrm-status ap

Use display wlan rrm-status ap to display detailed RRM information.

Syntax

display wlan rrm-status ap { all | name ap-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all APs.

Usage guidelines

If both channel adjustment and power adjustment are disabled, this command displays only the working channel and power level for radios on the AP.

Examples

# Display detailed information about channel and power adjustments for radios of AP ap1.

<Sysname> display wlan rrm-status ap name ap1

AP RRM Profile : ap1

--------------------------------------------------------------------------------

Radio : 1 Basic BSSID : 70f9-6d31-2fe0

Channel : 157 Tx Power (dBm) : 18

--------------------------------------------------------------------------------

Ch Nbrs Load Util Intf PER Retry Radar

(%) (%) (%) (%) (%)

--------------------------------------------------------------------------------

36 0 0 - 0 0 - -

40 0 0 - 0 0 - -

44 0 0 - 0 0 - -

48 0 0 - 0 0 - -

52 0 0 - 0 0 - -

56 0 0 - 0 0 - -

60 0 0 - 0 0 - -

64 0 0 - 0 0 - -

100 0 0 - 0 0 - -

104 0 0 - 0 0 - -

108 0 0 - 0 0 - -

112 0 0 - 0 0 - -

116 0 0 - 0 0 - -

132 0 0 - 0 0 - -

136 0 0 - 0 0 - -

140 0 0 - 0 0 - -

149 1 0 - 0 0 - -

153 4 0 - 0 0 - -

157 0 0 0 0 0 0 -

161 2 0 - 0 0 - -

165 0 0 - 0 0 - -

--------------------------------------------------------------------------------

Nbr-MACAddress Ch Intf SignalStrength Type

(%) (dBm)

--------------------------------------------------------------------------------

000f-e212-ff01 161 0 -60 Unmanaged

5866-ba74-e461 153 0 -72 Unmanaged

70f9-6d30-9020 153 0 -40 Managed

70f9-6d31-3080 149 0 -54 Managed

70f9-6d31-34e0 161 0 -59 Managed

7425-8a86-bbe0 153 0 -48 Unmanaged

7425-8a86-c720 153 0 -63 Unmanaged

--------------------------------------------------------------------------------

Radio : 2 Basic BSSID : 70f9-6d31-2ff0

Channel : 1 Tx Power (dBm) : 19

--------------------------------------------------------------------------------

Ch Nbrs Load Util Intf PER Retry Radar

(%) (%) (%) (%) (%)

--------------------------------------------------------------------------------

1 6 4 0 4 0 0 -

6 4 2 - 2 0 - -

11 6 2 - 2 0 - -

--------------------------------------------------------------------------------

Nbr-MACAddress Ch Intf SignalStrength Type

(%) (dBm)

--------------------------------------------------------------------------------

000f-e212-ff11 1 49 -77 Unmanaged

0023-89e1-ed00 11 0 -87 Unmanaged

006a-55f6-ae10 1 57 -88 Unmanaged

5866-ba64-aa31 1 10 -60 Unmanaged

5866-ba74-e471 6 0 -76 Unmanaged

5866-baa9-a610 11 0 -62 Unmanaged

70f9-6d30-9030 6 0 -63 Managed

70f9-6d31-3090 1 51 -86 Managed

70f9-6d31-34f0 6 0 -85 Managed

7425-8a86-bbf0 6 0 -73 Unmanaged

7425-8a86-c731 11 0 -93 Unmanaged

80f6-2ec0-3330 11 0 -76 Unmanaged

80f6-2ec0-3331 11 0 -73 Unmanaged

80f6-2edd-d2d0 1 40 -60 Unmanaged

80f6-2edd-d2d1 1 44 -68 Unmanaged

80f6-2ede-0b30 11 0 -74 Unmanaged

Table 60 Command output

Field	Description
Radio	Radio ID.
Basic BSSID	Basic service set identifier.
Channel	Working channel of the radio.
Tx Power	Transmit power of the radio.
Ch	Channels supported by the radio.
Nbrs	Number of detected radios.
Load	Load detected on the channel, in percentage. Channel load refers to the ratio between the outbound packets and the inbound packets as well as the interferences. Interferences refer to the error packets that are received by the radio.
Util	Channel usage in percentage. Channel usage refers to the ratio between the outbound packets and the inbound packets.
Intf	Interference detected on the channel, in percentage.
PER	Bit error rate detected on the channel, in percentage.
Retry	Retransmission rate detected on the channel, in percentage.
Radar	Radar detection status: · –: No radar signals are detected on the channel. · Detected: Radar signals have been detected on the channel.
Nbr-MACAddress	MAC address of the detected radio.
SignalStrength	Signal strength of the radio, in dBm.
Type	Type of the radio: · Unmanaged—Radios that can be detected by the radio but are not managed by the same AC. · Managed—Radios that can be detected by the radio and are managed by the same AC.

interference-threshold

Use interference-threshold to set the channel interference threshold.

Use undo interference-threshold to restore the default.

Syntax

interference-threshold percent

undo interference-threshold

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the channel interference threshold is 50%.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

percent: Specifies the channel interference threshold in the range of 1% to 100%.

Usage guidelines

When the AC detects that the proportion of interference packets in all data packets reaches the interference threshold on a radio, it performs DFS for the radio. Interference packets are packets sent to other radios.

Examples

# Set the channel interference threshold to 60% for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] interference-threshold 60

# Set the channel interference threshold to 60% for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] interference-threshold 60

power holddown-time

Use power holddown-time to set the power holddown time.

Use undo power holddown-time to restore the default.

Syntax

power holddown-time minutes

undo power holddown-time

Default

The power holddown time is 60 minutes.

Views

RRM holddown group view

Predefined user roles

network-admin

Parameters

minutes: Specifies the power holddown time in the range of 10 to 1440 minutes.

Usage guidelines

Each time the power of a radio in the RRM holddown group changes, the system starts the power holddown timer for the radio. The power for every radio in the RRM holddown group remains unchanged during the specified power holddown time.

Examples

# Set the power holddown time to 600 minutes for RRM holddown group 10.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10] power holddown-time 600

power-capability mode

Use power-capability mode to set the transmit power capability match mode.

Use undo power-capability mode to restore the default.

Syntax

power-capability mode { all | none | partial }

undo power-capability mode

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, client transmit power capabilities are not checked.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

all: Specifies the all mode. A client is allowed to associate with a radio only when all its transmit power capabilities match the radio's transmit power capabilities.

none: Specifies the none mode. Client transmit power capabilities are not checked.

partial: Specifies the partial mode. A client is allowed to associate with a radio as long as one of its transmit power capabilities matches the radio's transmit power capabilities.

Usage guidelines

The following matrices show the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-LM/810-10-PoE/810-LM-HK	Yes
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	No

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	No

This command takes effect only when you enable spectrum management or radio resource measurement. For more information about radio resource measurement, see WLAN Configuration Guide (AC).

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the client power capability match mode to all for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

[Sysname-wlan-ap-ap1-radio-1] power-capability mode all

# Set the client power capability match mode to all for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] power-capability mode all

Related commands

resource-measure

spectrum-management

power-constraint mode

Use power-constraint mode to set the power constraint mode.

Use undo power-constraint mode to restore the default.

Syntax

power-constraint mode { auto [ anpi-interval anpi-interval-value ] | manual power-constraint }

undo power-constraint mode

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, the power constraint mode is auto.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Parameters

auto: Specifies the auto mode.

anpi-interval anpi-interval-value: Adds a value to the average noise power indicator (ANPI) for the device to calculate the power constraint value, in the range of 0 to 30 in dBm. The default value is 10 dBm.

manual power-constraint: Specifies the power constraint value in the range of 0 to 30 dBm.

Usage guidelines

The following matrices show the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-LM/810-10-PoE/810-LM-HK	Yes
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	No

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	No

This command is available only for 5 GHz radios.

If you specify the auto mode, the device calculates the power constraint value by using this formula: power-constraint = Received Channel Power Indicator (RCPI) minus (ANPI + anpi-interval-value).

This command takes effect only when you enable spectrum management or radio resource measurement. For more information about radio resource measurement, see WLAN Configuration Guide (AC).

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Set the power constraint mode to manual and set the power constraint value to 5 dBm for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

[Sysname-wlan-ap-ap1-radio-1] power-constraint mode manual 5

# Set the power constraint mode to manual and set the power constraint value to 5 dBm for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] power-constraint mode manual 5

Related commands

resource-measure

spectrum-management

rrm

Use rrm to enter Radio Resource Management (RRM) view.

Syntax

rrm

Default

No RRM view exists.

Views

Radio view

Predefined user roles

network-admin

Examples

# Enter RRM view.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

scan-only

Use scan-only enable to enable radio scanning.

Use scan-only disable to disable radio scanning.

Use undo scan-only to restore the default.

Syntax

scan-only { disable | enable }

undo scan-only

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, radio scanning is disabled.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Usage guidelines

This feature enables APs to scan the WLAN environment and report collected statistics to the AC at the specified interval. The AC uses the statistics to generate channel reports and neighbor reports.

To view the channel reports and neighbor reports, use the display wlan rrm-status ap command.

If you have configured periodic auto-DFS, scheduled auto-DFS, or periodic auto-TPC, you do not need to enable this feature.

Examples

# Enable radio scanning for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] scan-only enable

# Enable radio scanning for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] scan-only enable

Related commands

display wlan rrm-status ap

snmp-agent trap enable wlan rrm

Use snmp-agent trap enable wlan rrm to enable SNMP notifications for WLAN RRM.

Use undo snmp-agent trap enable wlan rrm to disable SNMP notifications for WLAN RRM..

Syntax

snmp-agent trap enable wlan rrm

undo snmp-agent trap enable wlan rrm

Default

SNMP notifications are disabled for WLAN RRM.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN RRM events to an NMS, enable SNMP notifications for WLAN RRM. For WLAN RRM event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for WLAN RRM.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan rrm

spectrum-management

Use spectrum-management enable to enable spectrum management.

Use spectrum-management disable to disable spectrum management.

Use undo spectrum-management to restore the default.

Syntax

spectrum-management { disable | enable }

undo spectrum-management

Default

In radio view, the configuration in AP group view is used.

In AP group radio view, spectrum management is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Usage guidelines

The following matrices show the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-LM/810-10-PoE/810-LM-HK	Yes
MSR810-W/810-W-DB/810-W-LM/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	No

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	No

This command is available only for 5 GHz radios.

The configuration in radio view takes precedence over the configuration in AP group radio view.

Examples

# Enable spectrum management for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] spectrum-management enable

# Enable spectrum management for radio 1 of APs with model WA2620-WiNet in AP group apgroup1.

<Sysname> system-view

[Sysname] wlan ap-group apgroup1

[Sysname-wlan-ap-group-apgroup1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-apgroup1-ap-model-WA2620-WiNet-radio-1] spectrum-management enable

tolerance-level

Use tolerance-level to set the tolerance level.

Use undo tolerance-level to restore the default.

Syntax

tolerance-level percent

undo tolerance-level

Default

In RRM view, the configuration in AP group view is used.

In AP group RRM view, the tolerance level is 20%.

Views

RRM view

AP group RRM view

Predefined user roles

network-admin

Parameters

percent: Specifies the tolerance level in the range of 1% to 45%.

Usage guidelines

The AC selects an optimal channel for a radio when the CRC error threshold, interference threshold, or retransmission threshold is reached on the current channel. The AC does not apply the optimal channel to the radio until the quality gap between the optimal channel and the current channel exceeds the tolerance level.

Examples

# Set the tolerance level to 25% for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA2620-WiNet

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] rrm

[Sysname-wlan-ap-ap1-radio-1-rrm] tolerance-level 25

# Set the tolerance level to 25% for radio 1 of APs with model WA2620-WiNet in AP group group1.

<Sysname> system-view

[Sysname] wlan ap-group group1

[Sysname-wlan-ap-group-group1] ap-model WA2620-WiNet

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet] radio 1

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1] rrm

[Sysname-wlan-ap-group-group1-ap-model-WA2620-WiNet-radio-1-rrm] tolerance-level 25

wlan calibrate-channel pronto ap all

IMPORTANT:

This command consumes system resources. Use it with caution.

Use wlan calibrate-channel pronto ap all to execute on-demand DFS for radios of all APs.

Syntax

wlan calibrate-channel pronto ap all

Default

RRM does not execute on-demand DFS for radios.

Views

System view

Predefined user roles

network-admin

Examples

# Execute on-demand DFS for radios of all APs.

<Sysname> system-view

[Sysname] wlan calibrate-channel pronto ap all

wlan calibrate-power pronto ap all

IMPORTANT:

This command consumes system resources. Use it with caution.

Use wlan calibrate-power pronto ap all to execute on-demand TPC for radios of all APs.

Syntax

wlan calibrate-power pronto ap all

Default

RRM does not execute on-demand TPC for radios.

Views

System view

Predefined user roles

network-admin

Examples

# Execute on-demand TPC for radios of all APs.

<Sysname> system-view

[Sysname] wlan calibrate-power pronto ap all

wlan rrm baseline apply

Use wlan rrm baseline apply to apply a radio baseline.

Syntax

wlan rrm baseline apply name baseline-name

Views

System view

Predefined user roles

network-admin

Parameters

name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

You cannot apply a radio baseline when one of the following conditions is met:

· You do not have the right to manage radios with the location identifier in the radio baseline.

· The name of the radio baseline is start_config_baseline.csv.

Examples

# Apply radio baseline bl.

<Sysname> system-view

[Sysname] wlan rrm baseline apply name bl

Related commands

display wlan rrm baseline apply-history

wlan rrm baseline save

wlan rrm baseline remove

Use wlan rrm baseline remove to delete a radio baseline.

Syntax

wlan rrm baseline remove name baseline-name

Views

System view

Predefined user roles

network-admin

Parameters

name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

You cannot delete a radio baseline if you do not have the right to manage radios with the location identifier in the radio baseline.

Examples

# Delete radio baseline bl.

<Sysname> system-view

[Sysname] wlan rrm baseline remove name bl

Related commands

wlan rrm baseline save

Use wlan rrm baseline save to create a radio baseline by saving the current radio settings.

Syntax

wlan rrm baseline save name baseline-name { ap ap-name [ radio radio-id ] | ap-group group-name [ ap-model ap-model ] [ radio radio-id ] | global }

Views

System view

Predefined user roles

network-admin

Parameters

name baseline-name: Specifies a baseline name, a case-insensitive string of 1 to 32 characters.

ap ap-name: Specifies an AP name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-). Make sure the AP is online.

radio radio-id: Specifies a radio ID. If you do not specify this option, the command saves the current settings of all radios on the specified AP or on APs in the specified AP group.

ap-group group-name: Specifies an AP group name, a case-insensitive string of 1 to 31 characters. Make sure the AP group already exists.

ap-model ap-model: Specifies an AP model. If you do not specify this option, the command saves the current settings of radios on all APs in the specified AP group.

global: Specifies all radios.

Usage guidelines

A radio baseline saves the working channel, transmit rate, and other radio attributes for a radio or several radios. You can create a radio baseline by saving the current radio settings and apply the baseline to use these settings.

A radio baseline is saved in a .csv file in the file system on the AC.

Examples

# Save the settings of radio 1 on AP ap1 and create radio baseline ap1-1.

<Sysname> system-view

[Sysname] wlan rrm baseline save name ap1-1 ap ap1 radio 1

# Save the settings of radio 1 of APs with model WA2620-WiNet in AP group group1 and create radio baseline ap1g1-1.

<Sysname> system-view

[Sysname] wlan rrm baseline save name ap1g1-1 ap-group group1 ap-model WA2620-WiNet radio 1

# Save the settings of all radios and create radio baseline global.

<Sysname> system-view

[Sysname] wlan rrm baseline save name global global

wlan rrm calibration-channel interval

Use wlan rrm calibration-channel interval to set the channel calibration interval.

Use undo wlan rrm calibration-channel interval to restore the default.

Syntax

wlan rrm calibration-channel interval minutes

undo wlan rrm calibration-channel interval

Default

The channel calibration interval is 8 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Specifies the channel calibration interval, in the range of 3 to 1440 minutes.

Examples

# Set the channel calibration interval to 10 minutes.

<Sysname> system-view

[Sysname] wlan rrm calibration-channel interval 10

Related commands

calibrate-channel self-decisive

wlan rrm-calibration-group

Use wlan rrm-calibration-group to create an RRM holddown group and enter its view, or enter the view of an existing RRM holddown group.

Use undo wlan rrm-calibration-group to remove an RRM holddown group.

Syntax

wlan rrm-calibration-group group-id

undo wlan rrm-calibration-group { all | group-id }

Default

No RRM holddown groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

all: Specifies all RRM holddown groups.

group-id: Specifies an RRM holddown group ID in the range of 1 to 128.

Examples

# Create RRM holddown group 10.

<Sysname> system-view

[Sysname] wlan rrm-calibration-group 10

[Sysname-wlan-rrm-calibration-group-10]

wlan rrm calibration-power interval

Use wlan rrm calibration-power interval to set the power calibration interval.

Use undo wlan rrm calibration-power interval to restore the default.

Syntax

wlan rrm calibration-power interval minutes

undo wlan rrm calibration-power interval

Default

The power calibration interval is 8 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Specifies the power calibration interval, in the range of 3 to 180 minutes.

Examples

# Set the power calibration interval to 10 minutes.

<Sysname> system-view

[Sysname] wlan rrm calibration-power interval 10

Related commands

calibrate-power self-decisive

WLAN IP snooping commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

client ip-snooping http-learning enable

Use client ip-snooping http-learning enable to enable snooping HTTP requests redirected to the portal server.

Use undo client ip-snooping http-learning enable to disable snooping HTTP requests redirected to the portal server.

Syntax

client ip-snooping http-learning enable

undo client ip-snooping http-learning enable

Default

Snooping HTTP requests is disabled.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

An AC can use this method to learn IP addresses of clients performing portal authentication. For more information about portal authentication, see Security Configuration Guides.

The priorities for learning IP addresses through snooping DHCP packets, ARP or ND packets, and HTTP requests are in descending order.

Make sure the service template is disabled when you execute this command.

Examples

# Enable snooping HTTP requests.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client ip-snooping http-learning enable

client ipv4-snooping arp-learning enable

Use client ipv4-snooping arp-learning enable to enable snooping ARP packets.

Use undo client ipv4-snooping arp-learning enable to disable snooping ARP packets.

Syntax

client ipv4-snooping arp-learning enable

undo client ipv4-snooping arp-learning enable

Default

Snooping ARP packets is enabled.

Views

Service template view

Predefined user roles

network-admin

Examples

# Disable snooping ARP packets.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client ipv4-snooping arp-learning enable

client ipv4-snooping dhcp-learning enable

Use client ipv4-snooping dhcp-learning enable to enable snooping DHCPv4 packets.

Use undo client ipv4-snooping dhcp-learning enable to disable snooping DHCPv4 packets.

Syntax

client ipv4-snooping dhcp-learning enable

undo client ipv4-snooping dhcp-learning enable

Default

Snooping DHCPv4 packets is enabled.

Views

Service template view

Predefined user roles

network-admin

Examples

# Disable snooping DHCPv4 packets.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client ipv4-snooping dhcp-learning enable

client ipv6-snooping dhcpv6-learning enable

Use client ipv6-snooping dhcpv6-learning enable to enable snooping DHCPv6 packets.

Use undo client ipv6-snooping dhcpv6-learning enable to disable snooping DHCPv6 packets.

Syntax

client ipv6-snooping dhcpv6-learning enable

undo client ipv6-snooping dhcpv6-learning enable

Default

Snooping DHCPv6 packets is disabled.

Views

Service template view

Predefined user roles

network-admin

Examples

# Disable snooping DHCPv6 packets.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] client ipv6-snooping dhcpv6-learning enable

client ipv6-snooping nd-learning enable

Use client ipv6-snooping nd-learning enable to enable snooping ND packets.

Use undo client ipv6-snooping nd-learning enable to disable snooping ND packets.

Syntax

client ipv6-snooping nd-learning enable

undo client ipv6-snooping nd-learning enable

Default

Snooping ND packets is disabled.

Views

Service template view

Predefined user roles

network-admin

Examples

# Disable snooping ND packets.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client ipv6-snooping nd-learning enable

client ipv6-snooping snmp-nd-report enable

Use client ipv6-snooping snmp-nd-report enable to enable SNMP to obtain client IPv6 addresses learned from ND packets.

Use undo client ipv6-snooping snmp-nd-report enable to disable SNMP from obtaining client IPv6 addresses learned from ND packets.

Syntax

client ipv6-snooping snmp-nd-report enable

undo client ipv6-snooping snmp-nd-report enable

Default

SNMP obtains client IPv6 addresses learned from both DHCPv6 and ND packets.

Views

Service template view

Predefined user roles

network-admin

Usage guidelines

Make sure the service template is disabled when you execute this command.

Examples

# Disable SNMP from obtaining client IPv6 addresses learned from ND packets.

<Sysname> system-view

[Sysname] wlan service-template service1

[Sysname-wlan-st-service1] undo client ipv6-snooping snmp-nd-report enable

WLAN load balancing commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

ap radio

Use ap radio to add a radio to a load balancing group.

Use undo ap to remove one or all radios from a load balancing group.

Syntax

ap name ap-name radio radio-id

undo ap { name ap-name [ radio radio-id ] | all }

Default

No radio exists in a load balancing group.

Views

Load balancing group view

Predefined user roles

network-admin

Parameters

ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The name can include letters, numbers, underscores (_), left brackets ([), right brackets (]), slashes (/), and minus signs (-). The AP must already exist.

radio-id: Specifies a radio by its ID. The value range for this argument varies by device model.

all: Specifies all radios.

Usage guidelines

You can add a radio to only one load balancing group.

If you do not specify a radio in the undo ap command, the command removes all radios on the specified AP from the load balancing group.

Examples

# Add radio 2 of AP ap1 to load balancing group 10.

<Sysname> system-view

[Sysname] wlan load-balance group 10

[Sysname-wlan-lb-group-10] ap name ap1 radio 2

description

Use description to set a description for a load balancing group.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is set for a load balancing group.

Views

Load balancing group view

Predefined user roles

network-admin

Parameters

text: Specifies a description for a load balancing group, a case-sensitive string of 1 to 64 characters.

Examples

# Set the description for load balancing group 10 to marketing.

<Sysname> system-view

[Sysname] wlan load-balance group 10

[Sysname-wlan-lb-group10] description marketing

display wlan load-balance group

Use display wlan load-balance group to display load balancing group information.

Syntax

display wlan load-balance group { group-id | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a load balancing group by its ID. The value range for this argument is 1 to 65535.

all: Specifies all load balancing groups.

Examples

# Display information about load balancing group 1.

<Sysname> display wlan load-balance group 1

WLAN load balance group information

--------------------------------------------------------------------------------

Group ID : 1

Description :

Group members : ap3-radio2,

ap2-radio1,

ap1-radio1,

--------------------------------------------------------------------------------

# Display information about all load balancing groups.

<Sysname> display wlan load-balance group all

WLAN load balance group information

--------------------------------------------------------------------------------

Group ID : 1

Description :

Group members : ap3-radio2,

ap2-radio1,

ap1-radio1,

--------------------------------------------------------------------------------

Group ID : 2

Description : marketing

Group members : ap3-radio1,

--------------------------------------------------------------------------------

Table 61 Command output

Field	Description
Group members	List of radios in the load balancing group.

display wlan load-balance status service-template

Use display wlan load-balance status service-template to display load balancing information for radios that are bound to a service template.

Syntax

display wlan load-balance status service-template template-name { client mac-address | group group-id }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.

group-id: Displays information about radios in a load balancing group. The group-id argument represents the ID of the load balancing group. The value range for this argument is 1 to 65535.

mac-address: Displays information about radios that have detected a client. The mac-address argument represents the MAC address of the client and is in H-H-H format.

Examples

# Display load balancing information for radios that are bound to service template st1 and are in load balancing group 1.

<Sysname> display wlan load-balance status service-template st1 group 1

Current load balancing mode (threshold/gap): session (2/1)

Total radios: 4

APID/RID Group ID Session Bandwidth(Mbps) Traffic(%) Balance(Y/N)

----------------------------------------------------------------------------------------

1/1 1 2 100 5 Y

1/2 1 10 50 10 N

2/1 1 2 10 1 Y

2/2 1 2 0 0 Y

# Display load balancing information for radios that are bound to service template st1 and that detect the client with MAC address 702d-2249-33bf.

<Sysname> display wlan load-balance status service-template st1 client 702d-2249-33bf

Current load balancing mode (threshold/gap): session (2/1)

Load balancing group exist: Yes

Total radios: 4

APID/RID Group ID Session Bandwidth(Mbps) Traffic(%) Balance(Y/N)

----------------------------------------------------------------------------------------

3/1 0 2 100 5 Y

1/2 1 10 50 10 N

4/1 1 2 10 1 Y

4/2 0 2 0 0 Y

Table 62 Command output

Field	Description
Load-balance group exist	Whether load balancing groups exist: Yes or No.
Group ID	Load balancing group ID. The value of 0 indicates that the radio is not in a load balancing group.
Session	Number of clients associated with the radio.
Bandwidth(Mbps)	Bandwidth of the radio in Mbps.
Traffic(%)	Percentage of the traffic on the radio to the maximum bandwidth of the radio.
Balance(Y/N)	Load balancing status: · Y—The radio has been load balanced. · N—The radio has not been load balanced.

snmp-agent trap enable wlan load-balance

Use snmp-agent trap enable wlan load-balance to enable SNMP notifications for WLAN load balancing.

Use undo snmp-agent trap enable wlan load-balance to disable SNMP notifications for WLAN load balancing.

Syntax

snmp-agent trap enable wlan load-balance

undo snmp-agent trap enable wlan load-balance

Default

SNMP notifications for WLAN load balancing are disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical WLAN load balancing events to an NMS, enable SNMP notifications for WLAN load balancing. For WLAN load balancing event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.

Examples

# Enable SNMP notifications for WLAN load balancing.

<Sysname> system-view

[Sysname] snmp-agent trap enable wlan load-balance

wlan load-balance access-denial

Use wlan load-balance access-denial to set the maximum number of denials for association requests.

Use undo wlan load-balance access-denial to restore the default.

Syntax

wlan load-balance access-denial access-denial

undo wlan load-balance access-denial

Default

The maximum number of denials is 10 for association requests.

Views

System view

Predefined user roles

network-admin

Parameters

access-denial: Specifies the maximum number of denials for association requests, in the range of 2 to 10.

Usage guidelines

If the number of times that an AP rejects a client reaches the maximum number of denials for association requests, the AP accepts the association request from the client.

Examples

# Set the maximum number of denials to 4 for association requests.

<Sysname> system-view

[Sysname] wlan load-balance access-denial 4

wlan load-balance enable

Use wlan load-balance enable to enable WLAN load balancing.

Use undo wlan load-balance enable to disable WLAN load balancing.

Syntax

wlan load-balance enable

undo wlan load-balance enable

Default

WLAN load balancing is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable WLAN load balancing.

<Sysname> system-view

[Sysname] wlan load-balance enable

wlan load-balance group

Use wlan load-balance group to create a load balancing group and enter its view, or enter the view of an existing load balancing group.

Use undo wlan load-balance group to remove one or all load balancing groups.

Syntax

wlan load-balance group group-id

undo wlan load-balance group { group-id | all }

Default

No load balancing group exists.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a load balancing group by its ID. The value range for this argument is 1 to 65535.

all: Specifies all load balancing groups.

Usage guidelines

To perform load balancing among specific APs, you can add the radios of these APs to a load balancing group. The AC does not perform load balancing on radios that do not belong to the load balancing group.

Examples

# Create load balancing group 10 and enter its view.

<Sysname> system-view

[Sysname] wlan load-balance group 10

[Sysname-wlan-lb-group-10]

Related commands

ap radio

wlan load-balance mode bandwidth

Use wlan load-balance mode bandwidth to configure bandwidth-mode load balancing.

Use undo wlan load-balance mode to restore the default.

Syntax

wlan load-balance mode bandwidth value [ gap gap-value ]

undo wlan load-balance mode

Views

System view

Default

Session-mode load balancing is used.

Predefined user roles

network-admin

Parameters

value: Specifies the bandwidth threshold in the range of 1 to 500 Mbps.

gap gap-value: Specifies the bandwidth gap threshold in the range of 1 to 200 Mbps. The default bandwidth gap threshold is 20 Mbps.

Usage guidelines

The AC performs bandwidth-mode load balancing when the following conditions are met:

· The bandwidth of an AP reaches the bandwidth threshold.

· The bandwidth gap between the AP and the AP that has the smallest bandwidth reaches the bandwidth gap threshold.

Examples

# Set the load balancing mode to bandwidth mode, and set the bandwidth threshold and bandwidth gap threshold to 100 Mbps and 20 Mbps, respectively.

<Sysname> system-view

[Sysname] wlan load-balance mode bandwidth 100 gap 20

wlan load-balance mode session

Use wlan load-balance mode session to configure session-mode load balancing.

Use undo wlan load-balance mode to restore the default.

Syntax

wlan load-balance mode session value [ gap gap-value ]

undo wlan load-balance mode

Default

Session-mode load balancing is used and the session threshold is 20.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the session threshold in the range of 1 to 60.

gap gap-value: Specifies the session gap threshold in the range of 1 to 12. The default session gap threshold is 4.

Usage guidelines

The AC performs session-mode load balancing when the following conditions are met:

· The number of clients associated with an AP reaches the session threshold.

· The session gap between the AP and the AP that has the fewest clients reaches the session gap threshold.

Examples

# Set the load balancing mode to session mode, and set the session threshold and session gap threshold to 7 and 5, respectively.

<Sysname> system-view

[Sysname] wlan load-balance mode session 7 gap 5

wlan load-balance mode traffic

Use wlan load-balance mode traffic to configure traffic-mode load balancing.

Use undo wlan load-balance mode to restore the default.

Syntax

wlan load-balance mode traffic value [ gap gap-value ]

undo wlan load-balance mode

Default

Session-mode load balancing is used.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the traffic threshold in the ratio between the traffic and the maximum bandwidth of an AP. The value range for this argument is 1% to 80%.

gap gap-value: Specifies the traffic gap threshold in the ratio between the traffic gap and the maximum bandwidth of an AP. The value range for this argument is 10% and 40%. The default traffic gap threshold is 20%.

Usage guidelines

The AC performs traffic-mode load balancing when the following conditions are met:

· The traffic of an AP reaches the traffic threshold.

· The traffic gap between the AP and the AP that has the least traffic reaches the traffic gap threshold.

Examples

# Set the load balancing mode to traffic mode, and set the traffic threshold and traffic gap threshold to 25% and 20%, respectively.

<Sysname> system-view

[Sysname] wlan load-balance mode traffic 25 gap 20

wlan load-balance rssi-threshold

Use wlan load-balance rssi-threshold to set the received signal strength indicator (RSSI) threshold.

Use undo wlan load-balance rssi-threshold to restore the default.

Syntax

wlan load-balance rssi-threshold rssi-threshold

undo wlan load-balance rssi-threshold

Default

The RSSI threshold is 25.

Views

System view

Predefined user roles

network-admin

Parameters

rssi-threshold: Specifies the RSSI threshold in the range of 5 to 100.

Usage guidelines

An AP determines that a client not detected if the client's RSSI is lower than the load balancing RSSI threshold. If only one AP can detect the client, the AP increases the access probability for the client by decreasing the maximum number of denials to 1 for the client.

Examples

# Set the RSSI threshold to 40.

<Sysname> system-view

[Sysname] wlan load-balance rssi-threshold 40

WLAN probe commands

The following routers can function as ACs:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

The term "AC" in this document refers to MSR routers that can function as ACs.

client-proximity-sensor

Use client-proximity-sensor enable to enable WLAN probe.

Use client-proximity-sensor disable to disable WLAN probe.

Use undo client-proximity-sensor to restore the default.

Syntax

client-proximity-sensor { disable | enable }

undo client-proximity-sensor

Default

In radio view, a radio uses the configuration in AP group radio view.

In AP group radio view, WLAN probe is disabled.

Views

Radio view

AP group radio view

Predefined user roles

network-admin

Examples

# Enable WLAN probe for radio 1 of AP ap1.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-wlan-ap-ap1] radio 1

[Sysname-wlan-ap-ap1-radio-1] client-proximity-sensor enable

# Enable WLAN probe for radio 1 of APs with model WA4320i-ACN in AP group aaa.

<Sysname> system-view

[Sysname] wlan ap-group aaa

[Sysname-wlan-ap-group-aaa] ap-model WA4320i-ACN

[Sysname -wlan-ap-group-aaa-ap-model-WA4320i-ACN] radio 1

[Sysname -wlan-ap-group-aaa-ap-model-WA4320i-ACN-radio-1] client-proximity-sensor enable

client-proximity-sensor ap-timer

Use client-proximity-sensor ap-timer to set the AP entry timers.

Use undo client-proximity-sensor ap-timer to restore the default.

Syntax

client-proximity-sensor ap-timer inactive inactive-value aging aging-value

undo client-proximity-sensor ap-timer

Default

The inactivity timer and aging timer for AP entries are 300 seconds and 600 seconds, respectively.

Views

System view

Predefined user roles

network-admin

Parameters

inactive inactive-value: Specifies the inactivity timer for AP entries, in the range of 60 to 1200 seconds.

aging aging-value: Specifies the aging timer for AP entries, in the range of 120 to 86400 seconds.

Examples

# Set the inactivity timer and aging timer for AP entries to 120 seconds and 360 seconds, respectively.

<Sysname> system-view

[Sysname] client-proximity-sensor ap-timer inactive 120 aging 360

client-proximity-sensor ap-udp-server

Use client-proximity-sensor ap-udp-server to specify a UDP server to receive wireless device information.

Use undo client-proximity-sensor udp-server to restore the default.

Syntax

client-proximity-sensor ap-udp-server ip-address port port-number [ interval interval | preshared-key [ cipher | simple ] key-string ] *

undo client-proximity-sensor ap-udp-server

Default

No UDP server is specified.

Views

AP view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IPv4 address of the UDP server.

port port-number: Specifies the port number of the UDP server, in the range of 1 to 65534.

interval interval: Specifies the interval at which the sensor sends device information to the UDP server, in the range of 1 to 600 seconds. The default interval is 30 seconds.

preshared-key: Specifies a preshared key.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form.

key-string: Specifies the key. Its plaintext form is a case-sensitive string of 8 to 63 characters. Its encrypted form is a case-sensitive string of 41 to 117 characters.

Examples

# Specify the UDP server with IP address 10.152.3.209 and port number 443 to receive wireless device information.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-ap-ap1] client-proximity-sensor ap-udp-server 10.152.3.209 port 443

client-proximity-sensor client-timer

Use client-proximity-sensor client-timer to set the client entry timers.

Use undo client-proximity-sensor client-timer to restore the default.

Syntax

client-proximity-sensor client-timer inactive inactive-value aging aging-value

undo client-proximity-sensor client-timer

Default

The inactivity timer and aging timer for client entries are 300 seconds and 600 seconds, respectively.

Views

System view

Predefined user roles

network-admin

Parameters

inactive inactive-value: Specifies the inactivity timer for client entries, in the range of 60 to 1200 seconds.

aging aging-value: Specifies the aging timer for client entries, in the range of 120 to 86400 seconds.

Examples

# Set the inactivity timer and aging timer for client entries to 120 seconds and 360 seconds, respectively.

<Sysname> system-view

[Sysname] client-proximity-sensor client-timer inactive 120 aging 360

client-proximity-sensor coordinates

Use client-proximity-sensor coordinates to set the longitude and latitude of a sensor.

Use undo client-proximity-sensor coordinates to remove the configuration.

Syntax

client-proximity-sensor coordinates longitude longitude-value latitude latitude-value

undo client-proximity-sensor coordinates

Default

The longitude and latitude are not set for a sensor.

Views

AP view

Predefined user roles

network-admin

Parameters

longitude longitude-value: Specifies the longitude of the sensor, in XXX-XX-XX.X format. The value ranges for XXX and XX are 0 to 180 and 0 to 60, respectively. The value of X can be e or w and is case insensitive.

latitude latitude-value: Specifies the latitude of the sensor, in XXX-XX-XX.X format. The value ranges for XXX and XX are 0 to 90 and 0 to 60, respectively. The value of X can be s or n and is case insensitive.

Usage guidelines

After you configure this command for a sensor, the longitude and latitude information for the sensor is reported together with the information about wireless devices detected by the sensor.

Examples

# Set the longitude and latitude for sensor ap1 to 123-40-40.e and 80-30-30.n, respectively.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-ap-ap1] client-proximity-sensor coordinates longitude 123-40-40.e latitude 80-30-30.n

client-proximity-sensor filter-list

Use client-proximity-sensor filter-list to configure the MAC address filtering list. The AC does not report information about devices with MAC addresses in the list.

Use undo client-proximity-sensor filter-list to remove the configuration.

Syntax

client-proximity-sensor filter-list list

undo client-proximity-sensor filter-list { list | all }

Default

No MAC address filtering list is configured.

Views

System view

Predefined user roles

network-admin

Parameters

list: Specifies a MAC address or a class of MAC addresses in H-H-H format. For example, if you specify 0400-0000-0000, you specify MAC addresses whose third bit in the first byte is 1.

all: Specifies all MAC addresses.

Examples

# Add MAC addresses whose third bit in the first byte is 1 to the MAC address filtering list.

<Sysname> system-view

[Sysname] client-proximity-sensor filter-list 0400-0000-0000

client-proximity-sensor random-mac-report enable

Use client-proximity-sensor random-mac-report enable to enable reporting of information about Apple terminals that use a random MAC address.

Use undo client-proximity-sensor random-mac-report enable to disable reporting of information about Apple terminals that use a random MAC address

Syntax

client-proximity-sensor random-mac-report enable

undo client-proximity-sensor random-mac-report enable

Default

Information about Apple terminals that use a random MAC address is not reported.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Apple terminals send probe requests by using a random MAC address whose second bit in the first byte is 1 and cause sensors to detect non-existent wireless devices. Enable or disable this command as appropriate.

Examples

# Enable reporting of information about Apple terminals that use a random MAC address.

<Sysname> system-view

[Sysname] client-proximity-sensor random-mac-report enable

client-proximity-sensor report-ac enable

Use client-proximity-sensor report-ac enable to enable sensors to report information about detected devices to the AC.

Use undo client-proximity-sensor report-ac enable to disable sensors from reporting information about detected devices to the AC.

Syntax

client-proximity-sensor report-ac enable

undo client-proximity-sensor report-ac enable

Default

Sensors do not report information about detected devices to the AC.

Views

System view

Predefined user roles

network-admin

Examples

# Enable sensors to report information about detected devices to the AC.

<Sysname> system-view

[Sysname] client-proximity-sensor report-ac enable

client-proximity-sensor report-ac-interval

Use client-proximity-sensor report-ac-interval to set the interval at which sensors report information about detected devices to the AC.

Use undo client-proximity-sensor report-ac interval to restore the default.

Syntax

client-proximity-sensor report-ac interval interval

undo client-proximity-sensor report-ac interval

Default

Sensors report information about detected devices to the AC every 3000 milliseconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which sensors report information about detected devices to the AC, in the range of 100 to 60000 milliseconds.

Examples

# Configure sensors to report information about detected devices to the AC every 2000 milliseconds.

<Sysname> system-view

[Sysname] client-proximity-sensor report-ac interval 2000

client-proximity-sensor report-ap enable

Use client-proximity-sensor report-ap enable to enable reporting of AP information to the UDP server.

Use undo client-proximity-sensor report-ap enable to disable reporting of AP information to the UDP server.

Syntax

client-proximity-sensor report-ap enable

undo client-proximity-sensor report-ap enable

Default

AP information is not reported to the UDP server.

Views

System view

Predefined user roles

network-admin

Examples

# Enable reporting of AP information to the UDP server.

<Sysname> system-view

[Sysname] client-proximity-sensor report-ap enable

client-proximity-sensor report-oasis client

Use client-proximity-sensor report-oasis client to set the report interval and the number of client entries that the AC sends to the Oasis platform in each report.

Use undo client-proximity-sensor report-oasis to restore the default.

Syntax

client-proximity-sensor report-oasis client interval interval number number

undo client-proximity-sensor report-oasis client

Default

The AC reports 10 client entries to the Oasis platform every 1000 milliseconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval: Specifies the interval at which the AC reports client information to the Oasis platform, in the range of 100 to 60000 milliseconds.

number number: Specifies the number of client entries that the AC sends to the Oasis platform in each report, in the range of 1 to 100.

Examples

# Configure the AC to report 50 client entries to the Oasis platform every 500 milliseconds.

<Sysname> system-view

[Sysname] client-proximity-sensor report-oasis client interval 500 number 50

client-proximity-sensor report-oasis disable

Use client-proximity-sensor report-oasis disable to disable the AC from reporting wireless device information to the Oasis platform.

Use undo client-proximity-sensor report-oasis disable to restore the default.

Syntax

client-proximity-sensor report-oasis disable

undo client-proximity-sensor report-oasis disable

Default

The AC reports wireless device information to the Oasis platform.

Views

System view

Predefined user roles

network-admin

Examples

# Disable the AC from reporting wireless device information to the Oasis platform.

<Sysname> system-view

[Sysname] client-proximity-sensor report-oasis disable

client-proximity-sensor report-oasis rssi-change-threshold

Use client-proximity-sensor report-oasis rssi-change-threshold to set the RSSI difference threshold for reporting client information to the Oasis platform.

Use undo client-proximity-sensor report-oasis rssi-change-threshold to restore the default.

Syntax

client-proximity-sensor report-oasis rssi-change-threshold threshold-value

undo client-proximity-sensor report-oasis rssi-change-threshold

Default

The RSSI difference threshold is 100.

Views

System view

Predefined user roles

network-admin

Parameters

rssi-change-threshold threshold-value: Specifies the RSSI difference threshold for reporting client information to the Oasis platform, in the range of 1 to 100.

Usage guidelines

The AC does not report the client information received from a sensor to the Oasis platform when the following conditions are met:

· The client has already been detected before.

· The RSSI difference of the client between the most recent two reports does not reach the specified threshold.

Examples

# Set the RSSI difference threshold to 50 for reporting client information to the Oasis platform.

<Sysname> system-view

[Sysname] client-proximity-sensor report-oasis rssi-change-threshold 50

client-proximity-sensor rssi-threshold

Use client-proximity-sensor rssi-threshold to set the RSSI threshold for clients or APs.

Use undo client-proximity-sensor rssi-threshold to restore the default.

Syntax

client-proximity-sensor rssi-threshold { ap ap-rssi-value | client client-rssi-value }

undo client-proximity-sensor rssi-threshold { ap | client }

Default

The RSSI thresholds for clients and APs are not set.

Views

System view

Predefined user roles

network-admin

Parameters

ap ap-rssi-value: Specifies the RSSI threshold for APs, in the range of 1 to 100.

client client-rssi-value: Specifies the RSSI threshold for clients, in the range of 1 to 100.

Usage guidelines

Sensors do not ignore any wireless devices by default. After you configure this command, sensors will ignore wireless devices with an RSSI lower than the specified RSSI threshold.

Examples

# Configure sensors to ignore APs with an RSSI lower than 30.

<Sysname> system-view

[Sysname] client-proximity-sensor rssi-threshold ap 30

client-proximity-sensor rt-report enable

Use client-proximity-sensor rt-report enable to enable real-time reporting of wireless device information to the UDP server.

Use undo client-proximity-sensor rt-report enable to disable real-time reporting of wireless device information to the UDP server.

Syntax

client-proximity-sensor rt-report enable

undo client-proximity-sensor rt-report enable

Default

Information about wireless devices is reported to the UDP server at the specified interval.

Views

System view

Predefined user roles

network-admin

Examples

# Enable real-time reporting of wireless device information to the UDP server.

<Sysname> system-view

[Sysname] client-proximity-sensor rt-report enable

client-proximity-sensor server

Use client-proximity-sensor server to specify an HTTPS server to receive wireless device information.

Use undo client-proximity-sensor server to restore the default.

Syntax

client-proximity-sensor server string [ window-time window-time-value | partner partner-value ] *

undo client-proximity-sensor server

Default

No HTTPS server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

string: Specifies an HTTPS server by its address, a case-sensitive string of 8 to 127 characters. The address must start with https://.

window-time window-time-value: Specifies the window time in the range of 10 to 60 seconds. The default window time is 30 seconds.

partner partner-value: Specifies the partner flag value. The default partner flag value is 11.

Examples

# Specify the HTTPS server with address https://10.152.3.209:443/xxx/yy to receive wireless device information.

[Sysname] client-proximity-sensor server https://10.152.3.209:443/xxx/yy

client-proximity-sensor timezone-offset

Use client-proximity-sensor timezone-offset to set the timezone offset between the AC and a sensor.

Use undo client-proximity-sensor timezone-offset to restore the default.

Syntax

client-proximity-sensor timezone-offset { add | minus } timevalue

undo client-proximity-sensor timezone-offset

Default

The timezone offset between the AC and a sensor is not set.

Views

AP view

Predefined user roles

network-admin

Parameters

add: Configures a positive timezone offset between the sensor and the AC.

minus: Configures a negative timezone offset between the sensor and the AC.

timevalue: Specifies the timezone offset between the sensor and the AC in hh: mm: ss format.

Examples

# Configure a positive timezone offset of 11 hours between sensor ap1 and the AC, which means that the time of sensor ap1 is the AC' s time plus 11 hours.

<Sysname> system-view

[Sysname] wlan ap ap1 model WA4320i-ACN

[Sysname-ap-ap1] client-proximity-sensor timezone-offset add 11:00:00

client-proximity-sensor udp-server

Use client-proximity-sensor udp-server to specify a UDP server to receive wireless device information.

Use undo client-proximity-sensor udp-server to restore the default.

Syntax

client-proximity-sensor udp-server ip-address port port-number [ interval interval | preshared-key [ cipher | simple ] key-string ] *

undo client-proximity-sensor udp-server

Default

No UDP server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IPv4 address of the UDP server.

port port-number: Specifies the port number of the UDP server, in the range of 1 to 65534.

interval interval: Specifies the interval at which the AC sends device information to the UDP server, in the range of 1 to 600 seconds. The default interval is 30 seconds.

preshared-key: Specifies a preshared key.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form.

key-string: Specifies the key. Its plaintext form is a case-sensitive string of 8 to 63 characters. Its encrypted form is a case-sensitive string of 41 to 117 characters.

Examples

# Specify the UDP server with IP address 10.152.3.209 and port number 443 to receive wireless device information.

<Sysname> system-view

[Sysname] client-proximity-sensor udp-server 10.152.3.209 port 443

display client-proximity-sensor device

Use display client-proximity-sensor device to display information about wireless devices detected by sensors.

Syntax

display client-proximity-sensor device [ ap | client | mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ap: Displays information about detected APs.

client: Displays information about detected clients.

mac-address mac-address: Displays information about the wireless device with the specified MAC address. The mac-address argument is in H-H-H format.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

Examples

# Display brief information about wireless devices detected by sensors.

<Sysname> display client-proximity-sensor device

Total 3 detected devices

MAC address Type Duration Sensors Channel Status

0AFB-423B-893C AP 00h 10m 46s 1 11 Active

0AFB-423B-893D AP 00h 10m 46s 1 6 Active

0AFB-423B-893E AP 00h 10m 46s 1 1 Active

Table 63 Command output

Field	Description
MAC address	MAC address of the wireless device.
Type	Wireless device type: · AP. · Client.
Duration	Time elapsed since the wireless device entered the current status.
Sensors	Number of sensors that detected the wireless device.
Channel	Channel on which the wireless device was most recently detected.
Status	Wireless device status: · Active. · Inactive.

# Display detailed information about wireless devices detected by sensors.

<Sysname> display client-proximity-sensor device verbose

Total 2 detected devices

AP: 0AFB-423B-893C

Status: Active

Status duration: 00h 27m 57s

Vendor: Not found

SSID: service

Radio type: 802.11ac

Security: None

Encryption method: None

Authentication method: None

Broadcast SSID: Yes

QoS supported: No

Beacon interval: 100 TU

Up duration: 00h 27m 57s

Channel bandwidth supported: 20/40/80MHz

Total number of reported APs: 1

AP 1:

AP ID: 3

AP name: 1

Radio ID: 1

RSSI: 15

Channel: 419

First reported time: 2016-04-03/09:05:51

Last reported time: 2016-04-03/09:05:51

Total number of associated clients: 1

01: 80EA-9656-AAAB

Client: 80EA-9656-AAAB

Last detected associated AP: 0AFB-423B-893C

Last associated AP (not detected): None

Status: Active

Status duration: 00h 00m 02s

Vendor: Not found

Radio type: 802.11a

Total number of reported APs: 1

AP 1:

AP ID: 2

AP name: 1

Radio ID: 1

RSSI: 50

Channel: 116

First reported time: 2016-04-03/14:52:56

Last reported time: 2016-04-03/14:52:56

Reported associated AP: 0AFB-423B-893C

Table 64 Command output

Field	Description
Total number detected devices	Number of detected wireless devices.
AP	MAC address of the detected AP.
Client	MAC address of the detected client.
Last detected associated AP	MAC address of the AP with which the client most recently associated. The MAC address is the BSSID of the AP.
Last associated AP (not detected)	MAC address of the AP with which the client most recently communicated. This AP has not been detected, and the MAC address of the AP is obtained from packets exchanged between the client and the AP.
Status	Wireless device status: · Active. · Inactive.
Status duration	Time elapsed since the wireless device entered the current status.
Vendor	OUI of the wireless device. This field displays Not found if no OUIs are imported or the OUI of the device does not match any of the imported OUIs.
Security	Security method: · WEP. · WPA. · WPA2. · None.
Encryption method	Encryption method: · TKIP. · CCMP. · WEP. · None.
Authentication method	Authentication method: · PSK. · 802.1X. · Others—Authentication methods except for PSK authentication and 802.1X authentication. · None.
Broadcast SSID	Whether the AP broadcasts SSIDs. If the AP does not broadcast SSIDs, the SSID field in the output is null.
Beacon interval	Beacon interval in TU. One TU is equal to 1024 microseconds.
Up duration	Time elapsed since the AP started.
Total number of reported APs	Number of sensors that detected the client.
AP n	Sensor that detected the wireless device. n represents the number of the sensor and is automatically assigned by the system.
AP ID	AP ID of the sensor.
AP name	Name of the sensor that detected the wireless device.
Radio ID	ID of the radio that detected the wireless device.
RSSI	RSSI of the sensor.
Channel	Channel on which the sensor most recently detected the wireless device.
First reported time	Time when the sensor detected the wireless device for the first time.
Last reported time	Time when the sensor most recently detected the wireless device.
Total number of associated clients	Number of clients that are associated with the AP.
n:H-H-H	MAC address of the wireless client associated with the AP. n is the number of the wireless client and is automatically assigned by the system.
Reported associated AP	AP with which the wireless client is associated.

display client-proximity-sensor sensor

Use display client-proximity-sensor sensor to display information about sensors.

Syntax

display client-proximity-sensor sensor

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about sensors.

<Sysname> display client-proximity-sensor sensor

Total number of sensors: 1

Sensor ID Sensor name Radio ID

3 ap1 1

display client-proximity-sensor statistics receive

Use display client-proximity-sensor statistics receive to display statistics received from sensors.

Syntax

display client-proximity-sensor statistics receive

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display statistics received from sensors

<Sysname> display client-proximity-sensor statistics receive

Information from sensor 1

Statistics information for received messages:

Detected AP updated messages: 7

Detected client updated messages: 5

Detected AP deleted messages: 3

Detected client deleted messages: 0

Detected all device deleted messages: 0

Information from sensor 2

Statistics information for received messages:

Detected AP updated messages: 6

Detected client updated messages: 5

Detected AP deleted messages: 3

Detected client deleted messages: 2

Detected all device deleted messages: 0

Table 65 Command output

Field	Description
Information from sensor n	Information collected from sensor n, where n represents the ID of the sensor.
Detected AP updated messages	Number of AP update messages.
Detected client updated messages	Number of client update messages.
Detected AP deleted messages	Number of AP delete messages.
Detected client deleted messages	Number of client delete messages.
Detected all device deleted messages	Number of device delete messages

Related commands

reset client-proximity-sensor statistics

reset client-proximity-sensor device

Use reset client-proximity-sensor device to clear wireless device information.

Syntax

reset client-proximity-sensor device { ap | client | mac-address mac-address | all }

Views

User view

Predefined user roles

network-admin

Parameters

ap: Specifies detected APs.

client: Specifies detected clients.

mac-address mac-address: Specifies a wireless device by its MAC address, in H-H-H format.

all: Specifies all detected devices.

Examples

# Clear information about detected clients.

<Sysname> reset client-proximity-sensor device client

# Clear information about the wireless device with MAC address 0023-1212-2323.

<Sysname> reset client-proximity-sensor device mac-address 0023-1212-2323

Related commands

display client-proximity-sensor entry

reset client-proximity-sensor statistics

Use reset client-proximity-sensor statistics to clear statistics received from sensors.

Syntax

reset client-proximity-sensor statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear statistics received from sensors.

<Sysname> reset client-proximity-sensor statistics

Related commands

display client-proximity-sensor statistics receive

Index

A B C D E F G H I K L M N O P Q R S T U V W

ac,1

access-control acl,156

access-scan enable,253

adjacency-factor,407

adjacency-factor radio-selection,408

akm mode,218

a-mpdu,99

a-msdu,100

ani,101

antenna type,101

ap,2

ap name,409

ap radio,448

ap-channel-change,253

ap-classification rule,254

ap-flood,254

ap-impersonation,255

ap-model,3

apply ap-classification rule,256

apply classification policy,257

apply countermeasure policy,257

apply detect policy,258

apply signature policy,258

apply signature rule,259

ap-rate-limit,259

ap-spoofing,260

ap-timer,261

association-table-overflow,261

authentication,262

band-navigation,384

bandwidth-guarantee,347

bandwidth-guarantee service-template,348

beacon ssid-hide,157

beacon-interval,102

block mac-address,262

broadcast-probe reply,158

cac policy,349

calibrate-channel mode,409

calibrate-channel monitoring time-range,410

calibrate-channel pronto,411

calibrate-channel self-decisive,412

calibrate-channel self-decisive sensitivity,416

calibrate-channel suppression,417

calibrate-power min,413

calibrate-power mode,414

calibrate-power self-decisive,415

calibrate-power threshold,418

channel,103

channel auto-select,104

channel band-width,105

channel holddown-time,419

channel-capability mode,419

channel-switch mode,420

channel-usage measure,107

cipher-suite,219

classification policy,263

classifier acl,158

client association-location,159

client cache aging-time,160

client dot11ac-only,108

client dot11b-forbidden,109

client dot11n-only,110

client forwarding-location,160

client forwarding-policy enable,161

client forwarding-policy-name,162

client frame-format,162

client idle-timeout,163

client ip-snooping http-learning enable,444

client ipv4-snooping arp-learning enable,444

client ipv4-snooping dhcp-learning enable,445

client ipv6-snooping dhcpv6-learning enable,445

client ipv6-snooping nd-learning enable,446

client ipv6-snooping snmp-nd-report enable,446

client keep-alive,164

client keep-alive interval,164

client max-count,110

client max-count,165

client preferred-vlan authorized,166

client report-mandatory,167

client url-redirect enable,233

client vlan-alloc,167

client-online,264

client-proximity-sensor,457

client-proximity-sensor ap-timer,458

client-proximity-sensor ap-udp-server,458

client-proximity-sensor client-timer,459

client-proximity-sensor coordinates,459

client-proximity-sensor filter-list,460

client-proximity-sensor random-mac-report enable,461

client-proximity-sensor report-ac enable,461

client-proximity-sensor report-ac-interval,462

client-proximity-sensor report-ap enable,462

client-proximity-sensor report-oasis client,463

client-proximity-sensor report-oasis disable,463

client-proximity-sensor report-oasis rssi-change-threshold,464

client-proximity-sensor rssi-threshold,464

client-proximity-sensor rt-report enable,465

client-proximity-sensor server,466

client-proximity-sensor timezone-offset,466

client-proximity-sensor udp-server,467

client-rate-limit,264

client-rate-limit (radio view/AP group radio view),350

client-rate-limit (service template view),351

client-rate-limit { disable | enable },352

client-rate-limit enable,353

client-security accounting-delay time,234

client-security accounting-start trigger,234

client-security accounting-update trigger,236

client-security authentication critical-vlan,237

client-security authentication fail-vlan,237

client-security authentication-location,238

client-security authentication-mode,239

client-security authorization-fail offline,240

client-security ignore-authentication,240

client-security ignore-authorization,241

client-security intrusion-protection action,242

client-security intrusion-protection enable,243

client-security intrusion-protection timer temporary-block,244

client-security intrusion-protection timer temporary-service-stop,244

client-spoofing,265

client-statistics-report,168

client-timer,265

cloud-management keepalive,403

cloud-management ping,404

cloud-management server domain,403

continuous-mode,111

control-address,3

control-address enable,4

countermeasure adhoc,266

countermeasure attack all,267

countermeasure attack deauth-broadcast,267

countermeasure attack disassoc-broadcast,268

countermeasure attack honeypot-ap,268

countermeasure attack hotspot-attack,269

countermeasure attack ht-40-mhz-intolerance,269

countermeasure attack malformed-packet,270

countermeasure attack man-in-the-middle,270

countermeasure attack omerta,271

countermeasure attack power-save,271

countermeasure attack soft-ap,272

countermeasure attack unencrypted-trust-client,272

countermeasure attack weak-iv,273

countermeasure attack windows-bridge,273

countermeasure external-ap,274

countermeasure mac-address,274

countermeasure misassociation-client,275

countermeasure misconfigured-ap,275

countermeasure policy,276

countermeasure potential-authorized-ap,276

countermeasure potential-external-ap,277

countermeasure potential-rogue-ap,277

countermeasure rogue-ap,278

countermeasure unauthorized-client,278

countermeasure uncategorized-ap,279

countermeasure uncategorized-client,279

crc-error-threshold,421

custom-antenna gain,112

customlog format wlan,169

data-tunnel encryption,5

deauthentication-broadcast,280

deauth-spoofing,280

delete file,6

description,169

description,449

description,422

description (AP group view),7

description (AP view),7

description (AP's VLAN view),8

detect policy,281

detect signature,282

disassociation-broadcast,282

discovered-ap,283

discovery-response,9

display client-proximity-sensor device,467

display client-proximity-sensor sensor,471

display client-proximity-sensor statistics receive,471

display cloud-management state,405

display wips sensor,284

display wips statistics,284

display wips virtual-security-domain countermeasure record,288

display wips virtual-security-domain device,289

display wlan ap,10

display wlan ap address,20

display wlan ap all client-number,170

display wlan ap all radio client-number,170

display wlan ap association-failure-record,21

display wlan ap connection-record,22

display wlan ap continuous-mode,113

display wlan ap files,23

display wlan ap gps,23

display wlan ap group,24

display wlan ap online-time,26

display wlan ap radio,114

display wlan ap radio channel,115

display wlan ap radio type,116

display wlan ap radio-statistics,117

display wlan ap reboot-log,26

display wlan ap region-code,183

display wlan ap running-configuration,27

display wlan ap tunnel latency,29

display wlan ap tunnel-down-record,30

display wlan ap unauthenticated,31

display wlan ap-distribution,40

display wlan ap-distribution ap-name,41

display wlan ap-group,42

display wlan ap-group all client-number,171

display wlan ap-model,43

display wlan blacklist,172

display wlan bss,172

display wlan client,174

display wlan client ipv6,179

display wlan client online-duration,180

display wlan client status,181

display wlan client-security block-mac,245

display wlan forwarding-policy,182

display wlan ipv6 multicast-optimization entry,389

display wlan license,45

display wlan load-balance group,449

display wlan load-balance status service-template,450

display wlan measure-report,369

display wlan mobility roam-track mac-address,367

display wlan multicast-optimization entry,390

display wlan nat-detect,294

display wlan rrm baseline,423

display wlan rrm baseline apply-history,425

display wlan rrm-calibration-group,426

display wlan rrm-history ap,427

display wlan rrm-status ap,428

display wlan service-template,184

display wlan statistics,189

display wlan whitelist,191

display wlan wmm,354

distance,124

dns domain,45

dns server,46

dot11ac mandatory maximum-nss,125

dot11ac multicast-nss,126

dot11ac support maximum-nss,127

dot11g protection,128

dot11n mandatory maximum-mcs,129

dot11n multicast-mcs,130

dot11n protection,131

dot11n support maximum-mcs,132

dot1x domain,246

dot1x eap,247

dot1x handshake enable,248

dot1x handshake secure enable,248

dot1x max-user,249

dot1x re-authenticate enable,250

download file,47

dtim,133

echo-interval,48

edca client (ac-be and ac-bk),357

edca client (ac-vi and ac-vo),358

edca radio,359

export oui,294

firmware-upgrade,48

flood association-request,295

flood authentication,296

flood beacon,296

flood block-ack,297

flood cts,298

flood deauthentication,299

flood disassociation,299

flood eap-failure,300

flood eapol-logoff,301

flood eapol-start,302

flood eap-success,302

flood null-data,303

flood probe-request,304

flood reassociation-request,304

flood rts,305

fragment-size,50

fragment-threshold,134

frame-type,306

gateway,50

gigabitethernet,51

green-energy-management,135

gtk-rekey client-offline enable,220

gtk-rekey enable,220

gtk-rekey method,221

honeypot-ap,307

hotspot-attack,307

ht-40mhz-intolerance,308

ht-greenfield,309

hybrid-remote-ap,52

if-match ip,53

if-match ipv6,53

ignorelist,309

import hotspot,310

import oui,310

inherit exclude service-template,191

interference-threshold,431

invalid-oui-classify illegal,311

ip address,54

ipv6 address,55

ipv6 multicast-optimization enable,392

key-derivation,222

ldpc,136

led-mode,56

long-retry threshold,137

mac-address,312

mac-address (AP group view),56

mac-address (AP view),57

mac-authentication domain,251

mac-authentication max-user,251

malformed duplicated-ie,312

malformed fata-jack,313

malformed illegal-ibss-ess,314

malformed invalid-address-combination,314

malformed invalid-assoc-req,315

malformed invalid-auth,316

malformed invalid-deauth-code,316

malformed invalid-disassoc-code,317

malformed invalid-ht-ie,318

malformed invalid-ie-length,318

malformed invalid-pkt-length,319

malformed large-duration,320

malformed null-probe-resp,320

malformed overflow-eapol-key,321

malformed overflow-ssid,322

malformed redundant-ie,322

man-in-the-middle,323

manual-classify mac-address,324

map-configuration,192

match all (AP classification rule view),324

match all (signature view),325

max-power,138

measure,372

measure-duration,373

measure-interval,374

mimo,139

multicast-optimization enable,393

mu-txbf,140

name,58

nas-id,193

nas-port-id,194

nas-vlan,195

omerta,325

oui,326

pattern,327

permit-channel,327

pmf,223

pmf association-comeback,223

pmf saquery retrycount,224

pmf saquery retrytimeout,225

port access vlan,59

port hybrid pvid,60

port hybrid vlan,61

port link-type,62

port trunk permit vlan,64

port trunk pvid,65

power holddown-time,432

power-capability mode,433

power-constraint mode,434

power-level default,66

power-lock,141

power-save,328

preamble,142

preshared-key,225

priority,68

prohibited-channel,329

protection-mode,142

protection-threshold,144

provision,68

provision auto-recovery,69

provision auto-update,70

ptk-lifetime,226

ptk-rekey enable,227

qos priority,360

qos trust,361

quick-association enable,195

radio,145

radio,144

random-mac-scan enable,330

rate,146

region-code,196

region-code-lock,199

remote-configuration,71

reset client-proximity-sensor device,472

reset client-proximity-sensor statistics,473

reset wips embedded-oui,330

reset wips statistics,330

reset wips virtual-security-domain,331

reset wips virtual-security-domain countermeasure record,331

reset wlan ap,72

reset wlan ap provision,72

reset wlan ap radio-statistics,147

reset wlan ap reboot-log,73

reset wlan ap unauthenticated,73

reset wlan client,200

reset wlan dynamic-blacklist,200

reset wlan ipv6 multicast-optimization entry,393

reset wlan ipv6 multicast-optimization entry group,394

reset wlan multicast-optimization entry,394

reset wlan multicast-optimization entry group,395

reset wlan nat-detect,332

reset wlan statistics client,200

reset wlan statistics service-template,201

reset wlan tunnel latency ap,74

reset wlan wmm,362

resource-measure,374

retransmit-count,74

retransmit-interval,75

rm-capability mode,375

rrm,435

rssi,332

save wlan ap provision,76

scan channel blacklist,377

scan channel whitelist,378

scan idle-time,379

scan max-service-time,380

scan mode all,380

scan mode all interval,381

scan scan-time,382

scan-only,435

security,333

security-ie,227

select sensor all,334

seq-number,334

serial-id (AP group view),77

serial-id (AP view),78

service-template,201

service-template enable,203

short-gi,148

short-retry threshold,148

signature policy,335

signature rule,335

smart-antenna,149

smart-antenna policy,150

smartrate-ethernet,78

snmp-agent trap enable wlan ap,79

snmp-agent trap enable wlan capwap,79

snmp-agent trap enable wlan client,203

snmp-agent trap enable wlan client-audit,204

snmp-agent trap enable wlan load-balance,451

snmp-agent trap enable wlan mobility,368

snmp-agent trap enable wlan rrm,436

snmp-agent trap enable wlan usersec,228

soft-ap,336

spectrum-management,437

ssid,204

ssid (AP classification rule view),336

ssid (signature view),337

ssid-length,338

statistics-interval,80

stbc,151

su-txbf,152

svp map-ac,362

tkip-cm-time,229

tolerance-level,437

trust mac-address,338

trust oui,339

trust ssid,339

tunnel encryption,81

tunnel latency-detect,82

type,153

unencrypted-authorized-ap,340

unencrypted-trust-client,340

unknown-client,205

up-duration,341

usb,82

virtual-security-domain,342

vlan,205

vlan,83

weak-iv,342

wep key,229

wep key-id,230

wep mode dynamic,231

windows-bridge,343

wips (radio view),344

wips (system view),343

wips virtual-security-domain,344

wireless-bridge,345

wlan ap,84

wlan ap-authentication,85

wlan ap-authentication acl,86

wlan ap-authentication domain,87

wlan ap-authentication enable,87

wlan ap-authentication import,88

wlan ap-authentication method,89

wlan ap-authentication permit-unauthenticated,89

wlan apdb,90

wlan apdb file,91

wlan ap-group,92

wlan auto-ap enable,92

wlan auto-ap persistent,93

wlan auto-persistent enable,93

wlan band-navigation aging-time,385

wlan band-navigation balance access-denial,385

wlan band-navigation balance session,386

wlan band-navigation enable,387

wlan band-navigation rssi-threshold,387

wlan calibrate-channel pronto ap all,438

wlan calibrate-power pronto ap all,439

wlan capwap discovery-policy unicast,94

wlan client forwarding enable,206

wlan client forwarding-policy-name,206

wlan client reauthentication-period,207

wlan client-rate-limit,363

wlan detect-anomaly enable,94

wlan dynamic-blacklist active-on-ap,208

wlan dynamic-blacklist lifetime,209

wlan forwarding-policy,209

wlan global-configuration,95

wlan image-load filepath,95

wlan ipv6 multicast-optimization aging-time,395

wlan ipv6 multicast-optimization client entry-limit,396

wlan ipv6 multicast-optimization entry client-limit,396

wlan ipv6 multicast-optimization global entry-limit,397

wlan ipv6 multicast-optimization packet-rate-limit,398

wlan link-test,210

wlan load-balance access-denial,452

wlan load-balance enable,453

wlan load-balance group,453

wlan load-balance mode bandwidth,454

wlan load-balance mode session,454

wlan load-balance mode traffic,455

wlan load-balance rssi-threshold,456

wlan max-bandwidth,364

wlan multicast-optimization aging-time,398

wlan multicast-optimization client entry-limit,399

wlan multicast-optimization entry client-limit,400

wlan multicast-optimization global entry-limit,400

wlan multicast-optimization packet-rate-limit,401

wlan nat-detect,346

wlan permit-ap-group,211

wlan permit-ssid,212

wlan radio,154

wlan re-group,96

wlan rename-ap,97

wlan rrm baseline apply,439

wlan rrm baseline remove,440

wlan rrm baseline save,440

wlan rrm calibration-channel interval,441

wlan rrm calibration-power interval,442

wlan rrm-calibration-group,442

wlan service-template,213

wlan static-blacklist mac-address,213

wlan tcp mss,97

wlan web-server api-path,214

wlan web-server host,215

wlan web-server max-client-entry,215

wlan whitelist mac-address,216

wmm,365

15-WLAN AC Command Reference

description (AP's VLAN view)

display wlan ap connection-record

power-level default

provision auto-recovery

wlan capwap discovery-policy unicast

wlan image-load filepath

display wlan ap continuous-mode

dot11n multicast-mcs

preamble

rate

reset wlan ap radio-statistics