Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-WLAN access commands | 640.59 KB |
client behavior-local network-flow-forwarding enable
client forwarding-policy enable
client forwarding-policy-name
client preferred-vlan authorized
client-statistics-report smart-maintenance
display wlan ap all client-number
display wlan ap all radio client-number
display wlan ap-group all client-number
display wlan client device-information
display wlan client online-duration
display wlan forwarding-policy
display wlan statistics client
display wlan statistics connect-history
display wlan statistics service template
display wlan statistics vip-client
display wlan virtual-ap-group all client-number
elan service-template (interface view)
elan service-template (system view)
inherit exclude service-template
reset wlan statistics service-template
service-template enable (elan service-template view)
service-template enable (wlan service-template view)
snmp-agent trap enable wlan client
snmp-agent trap enable wlan client-audit
wlan ap-forwarding auto-configuration enable
wlan client bss-load-ie enable
wlan client forwarding enable
wlan client forwarding-policy-name
wlan client reauthentication-period
wlan dynamic-blacklist active-on-ap
wlan dynamic-blacklist lifetime
wlan guest-tunnel flow-distribute enable
wlan static-blacklist mac-address
wlan web-server max-client-entry
WLAN access commands
access-control acl
Use access-control acl to specify an ACL for ACL-based access control.
Use undo access-control acl to restore the default.
Syntax
access-control acl acl-number
undo access-control acl
Default
No ACL is specified.
Views
AP view
Service template view
Predefined user roles
network-admin
Parameters
acl-number: Specifies the number of a Layer 2 ACL, in the range of 4000 to 4999.
Usage guidelines
This feature supports only Layer 2 ACLs and can only use source MAC address as the match criterion. If you specify an ACL of another type, the configuration does not take effect.
This feature controls client access by using the specified ACL rules. When the device receives an association request, it performs the following actions:
· Allows the client to access the WLAN if the MAC address of the client matches the MAC address attribute or MAC address OUI attribute in a rule and the rule action is permit. If multiple clients match the OUI attribute, all these clients are allowed to access the WLAN.
· Denies the client's access to the WLAN if no match is found or the matched rule has a deny statement.
When you configure this feature, follow these restrictions and guidelines:
· If the specified ACL contains a deny statement, configure a permit statement for the ACL to permit all clients. If you do not do so, no clients can come online.
· ACL-based access control configuration takes precedence over whitelist and blacklist configuration.
· You can specify only one ACL. If you execute this command multiple times, the most recent configuration takes effect.
· The configuration in AP view takes precedence over the configuration in service template view.
Examples
# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for service template service1.
<Sysname> system-view
[Sysname] acl mac 4000
[Sysname-acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff
[Sysname-acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000
[Sysname-acl-mac-4000] rule 2 deny
[Sysname-acl-mac-4000] quit
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] access-control acl 4000
# Create ACL 4000 and create ACL rules to permit the client with MAC address 000e-35b2-000e and clients with the specified OUI. Specify ACL 4000 for AP ap1.
<Sysname> system-view
[Sysname] acl mac 4000
[Sysname-acl-mac-4000] rule 0 permit source-mac 000e-35b2-000e ffff-ffff-ffff
[Sysname-acl-mac-4000] rule 1 permit source-mac 000e-35b2-000f ffff-ff00-0000
[Sysname-acl-mac-4000] rule 2 deny
[Sysname-acl-mac-4000] quit
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] access-control acl 4000
accounting-level
Use accounting-level to specify a traffic level for ACL-based accounting.
Use undo accounting-level to remove the accounting configuration for a traffic level.
Syntax
accounting-level level acl { acl-number | ipv6 ipv6-acl-number }
undo accounting-level level
Default
No traffic levels are specified for ACL-based accounting.
Views
Accounting policy view
Predefined user roles
network-admin
Parameters
level: Specifies the traffic level in the range of 1 to 8.
acl-number: Specifies an IPv4 ACL number in the range of 3000 to 3999.
ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 3000 to 3999.
Usage guidelines
An accounting policy takes effect on matching packets no matter whether the ACL action is deny or permit. It does not identify the source address in the ACL. For wireless packets received on an AP, the ACL matches the destination address of the packets. For wireless packets sent by an AP, the ACL matches the source address of the packets.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the traffic level as 1 for packets matching ACL 3000 in accounting policy view of policy abc.
<Sysname> system-view
[Sysname] wlan accounting-policy abc
[Sysname-wlan-acctpolicy-abc] accounting-level 1 acl 3000
Related commands
wlan accounting-policy
aggregation-ac
Use aggregation-ac to specify an aggregation AC for an edge AC.
Use undo aggregation-ac to delete a specified aggregation AC for an edge AC.
Syntax
aggregation-ac ip ipv4-address tunnel-source ip ipv4-address vlan vlan-id-list
undo aggregation-ac { all | ip ipv4-address [ vlan vlan-id-list ] }
Default
No aggregation AC is specified for an edge AC.
Views
Edge AC view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies the IPv4 address of an aggregation AC.
tunnel-source ip ipv4-address: Specifies the source IPv4 address that the edge AC uses to establish a guest tunnel with the aggregation AC.
vlan vlan-id-list: Specifies a space-separated list of up to 10 guest VLAN items. Each VLAN item specifies a VLAN ID or a range of VLAN IDs in the form of start-vlan-id to end-vlan-id. The end VLAN ID must be greater than the start VLAN ID. Valid VLAN IDs are from 1 to 4094.
all: Specifies all aggregation ACs.
Usage guidelines
An edge AC can establish guest tunnels with multiple aggregation ACs, but these tunnels must belong to different VLANs. The maximum number of supported guest tunnels varies by device model.
An edge AC can establish multiple guest tunnels with an aggregation AC, but it must use different source IP addresses to establish tunnels with different aggregation AC interfaces. If you specify multiple IP addresses of an aggregation AC for the same edge AC IP address, the aggregation AC uses only the IP address in the first received keepalive request for tunnel establishment.
Examples
# Specify an aggregation AC with IP address 192.168.2.21 for the edge AC, configure the edge AC to use IP address 192.168.2.20 to establish a guest tunnel with the aggregation AC, and specify the guest VLAN as VLAN 7.
<Sysname> system-view
[Sysname] wlan guest-tunnel edge-ac
[Sysname-wlan-edge-ac] aggregation-ac ip 192.168.2.21 tunnel-source ip 192.168.2.20 vlan 7
Related commands
edge-ac
keep-alive interval
beacon ssid-advertise
Use beacon ssid-advertise to enable Service Set Identifier (SSID) broadcast in beacon frames.
Use undo beacon ssid-advertise to restore the default.
Syntax
beacon ssid-advertise
undo beacon ssid-advertise
Default
An AP hides SSIDs in beacon frames when the maximum number of associated clients is reached.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This feature enables new clients to discover APs even if the number of associated clients reaches the upper limit. However, these clients still cannot associate with the APs.
Examples
# Enable SSID broadcast in beacon frames.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-s1] beacon ssid-advertise
Related commands
client max-count
beacon ssid-hide
Use beacon ssid-hide to enable SSID hidden in beacon frames.
Use undo beacon ssid-hide to restore the default.
Syntax
beacon ssid-hide
undo beacon ssid-hide
Default
SSIDs are not hidden in beacon frames.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command disables a radio from broadcasting SSIDs in the beacon frames and responding to probe requests after the specified service template is bound to the radio.
Examples
# Enable SSID hidden in beacon frames.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] beacon ssid-hide
broadcast-probe reply
Use broadcast-probe reply enable to enable an AP to respond to broadcast probe requests.
Use broadcast-probe reply disable to disable an AP from responding to broadcast probe requests.
Use undo broadcast-probe reply to restore the default.
Syntax
broadcast-probe reply { disable | enable [ rssi-threshold rssi-value ] } [ frequency-band { 2.4 | 5 } ]
undo broadcast-probe reply
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP responds to broadcast probe requests from clients operating at any frequency band.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
rssi-threshold rssi-value: Specifies an RSSI threshold in the range of 1 to 100. If you do not specify this option, the command enables the AP to respond to broadcast probe requests with any RSSIs.
frequency-band: Specifies a frequency band. If you do not specify this keyword, the command enables the AP to respond to broadcast probe requests received at both the 5 GHz and 2.4 GHz bands.
2.4: Specifies the 2.4 GHz band.
5: Specifies the 5 GHz band.
Usage guidelines
Broadcast probe requests do not carry any SSIDs. Upon receiving a broadcast probe request, an AP responds with a probe response that carries service information for the AP.
By default, an AP responds to all broadcast probe requests, which might threat network security and decrease AP performance. However, disabling responding to broadcast probe requests might forbid clients from roaming to the optimal AP in time, affecting client access.
You can perform this task to enable an AP to respond to broadcast requests from a specific frequency band with strong signal strength.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Disable AP ap1 from responding to broadcast probe requests from clients operating at all frequency bands.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] broadcast-probe reply disable
# Disable APs in AP group group1 from responding to broadcast probe requests at all frequency bands.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] broadcast-probe reply disable
classifier acl
Use classifier acl to configure a forwarding rule for a forwarding policy.
Use undo classifier acl to remove a forwarding rule.
Syntax
classifier acl { acl-number | ipv6 ipv6-acl-number } behavior { local | remote }
undo classifier acl { acl-number | ipv6 ipv6-acl-number }
Default
No forwarding rules are configured.
Views
Forwarding policy view
Predefined user roles
network-admin
Parameters
acl-number: Specifies an IPv4 or Layer 2 ACL number in the range of 2000 to 4999.
ipv6 ipv6-acl-number: Specifies an IPv6 ACL number in the range of 2000 to 3999.
behavior: Specifies a forwarding mode for traffic that matches the specified ACL.
local: Specifies the local forwarding mode.
remote: Specifies the centralized forwarding mode.
Usage guidelines
Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.
A forwarding rule takes effect immediately after it is created. You can configure a maximum of 1000 forwarding rules for a forwarding policy.
Examples
# Configure a forwarding rule to locally forward packets that match ACL 2000.
<sysname> system-view
[sysname] wlan forwarding-policy abc
[sysname-wlan-fp-abc] classifier acl 2000 behavior local
client association-location
Use client association-location to enable client association at the AC or APs.
Use undo client association-location to restore the default.
Syntax
client association-location { ac | ap }
undo client association-location
Default
Client association is performed at the AC.
Views
Service template view
Predefined user roles
network-admin
Parameters
ac: Enables client association at the AC.
ap: Enables client association at APs.
Usage guidelines
Make sure the service template is disabled before you execute this command.
Make sure the AC acts as the client authenticator if client association is performed at the AC. For more information about client authenticators, see "WLAN authentication commands."
Examples
# Enable client association at the AC.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client association-location ac
client behavior-local network-flow-forwarding enable
Use client behavior-local network-flow-forwarding enable to enable APs to forward client traffic to the external network when local forwarding is enabled.
Use undo client behavior-local network-flow-forwarding enable to disable APs from forwarding client traffic to the external network when local forwarding is enabled.
Syntax
client behavior-local network-flow-forwarding enable
undo client behavior-local network-flow-forwarding enable
Default
APs drop client packets destined to the external network when local forwarding is enabled.
Views
WLAN forwarding policy view
Predefined user roles
network-admin
Usage guidelines
When local forwarding is enabled, APs drop client packets destined to the external network. This feature enables an AP to replace the destination MAC address of a client packet destined to the external network with the AP's MAC address. Through NAT, the packet's source IP address is converted to an IP address in the same network segment as the AP. This enables APs to forward client traffic to an external network correctly.
This feature is available only on APs that support NAT.
Examples
# Enable APs to forward client packets destined to the external network when local forwarding is enabled.
<Sysname> system-view
[Sysname] wlan forwarding-policy abc
[Sysname-wlan-fp-abc] client behavior-local network-flow-forwarding enable
Related commands
wlan forwarding-policy
client forwarding-location
Use client forwarding-location to specify the client data traffic forwarder.
Use undo client forwarding-location to restore the default.
Syntax
client forwarding-location { ac | ap [ vlan { start-vlan [ to end-vlan ] } ] }
undo client forwarding-location
Default
The AC forwards client data traffic.
Views
Service template view
Predefined user roles
network-admin
Parameters
ac: Enables the AC to forward client data traffic.
ap: Enables APs to forward client data traffic.
vlan start-vlan to end-vlan: Specifies a VLAN ID range. The value range for the start-vlan and end-vlan arguments is 1 to 4094. If you do not specify this option, APs forward client data traffic from all VLANs.
Usage guidelines
Make sure the service template is disabled before you execute this command.
If APs forward client data traffic, you can specify a VLAN or a VLAN range for the APs to forward client data traffic from the specified VLANs. The AC forwards data traffic from other VLANs.
Make sure client traffic forwarding is enabled when the AC is configured as the client traffic forwarder.
Make sure client association is enabled at the AC if you configure the AC to forward client data traffic.
Examples
# Configure APs to forward client data traffic from all VLANs.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client forwarding-location ap
client forwarding-location ac
Use client forwarding-location ac to set the forwarding mode for the ELAN service template.
Use undo client forwarding-location to restore the default.
Syntax
client forwarding-location ac
undo client forwarding-location
Default
The ELAN service template uses the centralized forwarding mode.
Views
ELAN service template view
Predefined user roles
network-admin
Usage guidelines
With this feature configured, the wired AP interfaces to which the template is bound will use centralized forwarding.
ELAN supports only centralized forwarding in the current software version.
Examples
# Set the forwarding mode of ELAN service template elan1 to centralized.
<Sysname> system-view
[System] elan service-template elan1
[Sysname-st-elan1] client forwarding-location ac
client forwarding-policy enable
Use client forwarding-policy enable to enable policy-based forwarding for a service template.
Use undo client forwarding-policy enable to disable policy-based forwarding for a service template.
Syntax
client forwarding-policy enable
undo client forwarding-policy enable
Default
Policy-based forwarding is disabled for a service template.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
Enable policy-based forwarding for a service template for the following forwarding policies to take effect:
· The forwarding policy applied to the service template.
· The forwarding policy applied to a user profile that uses the service template.
Examples
# Enable policy-based forwarding for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client forwarding-policy enable
Related commands
client-security authentication-location
client forwarding-policy-name
Use client forwarding-policy-name to apply a forwarding policy to a service template.
Use undo client forwarding-policy-name to restore the default.
Syntax
client forwarding-policy-name policy-name
undo client forwarding-policy-name
Default
No forwarding policy is applied to a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
Make sure the service template is disabled before you execute this command.
For the forwarding policy to take effect, you must enable policy-based forwarding and enable client association at the AC in the service template.
Make sure the AC and its associated APs are in different network segments.
Examples
# Apply forwarding policy strategy to service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client forwarding-policy-name strategy
Related commands
client forwarding-policy enable
client-security authentication-location
client frame-format
Use client frame-format to set the client data frame format.
Use undo client frame-format to restore the default.
Syntax
client frame-format { dot3 | dot11 }
undo client frame-format
Default
Client data frames are encapsulated in 802.3 format.
Views
Service template view
Predefined user roles
network-admin
Parameters
dot3: Specifies the 802.3 format.
dot11: Specifies the 802.11 format.
Usage guidelines
This command takes effect only in centralized forwarding mode.
Make sure the service template is disabled before you execute this command.
Examples
# Configure the client data frames to be encapsulated in 802.11 format.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client frame-format dot11
Related commands
client forwarding-location
client idle-timeout
Use client idle-timeout to set the client idle timeout timer.
Use undo client idle-timeout to restore the default.
Syntax
client idle-timeout timeout
undo client idle-timeout
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the client idle timeout timer is 3600 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
timeout: Specifies the client idle timeout timer in the range of 60 to 86400 seconds.
Usage guidelines
If an online client does not send any frames to the associated AP before the client idle timeout timer expires, the AP logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the client idle timeout timer to 2000 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] client idle-timeout 2000
# Set the client idle timeout timer to 2000 seconds for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client idle-timeout 2000
client keep-alive
Use client keep-alive enable to enable client keepalive.
Use client keep-alive disable to disable client keepalive.
Use undo client keep-alive to restore the default.
Syntax
client keep-alive { disable | enable }
undo client keep-alive
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, client keepalive is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
disable: Disables client keepalive.
enable: Enables client keepalive.
Usage guidelines
This feature enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable client keepalive for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] client keep-alive enable
# Enable client keepalive for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client keep-alive enable
Related commands
client keep-alive interval
client keep-alive interval
Use client keep-alive interval to set the client keepalive interval.
Use undo client keep-alive interval to restore the default.
Syntax
client keep-alive interval interval
undo client keep-alive interval
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, the client keepalive interval is 300 seconds.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval: Specifies the client keepalive interval in the range of 3 to 1800 seconds.
Usage guidelines
Enable client keepalive before you execute this command.
This feature enables an AP to send keepalive packets to clients at the client keepalive interval to determine whether the clients are online. If the AP does not receive any replies from a client within three keepalive intervals, it logs off the client.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Set the keepalive interval to 20 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] client keep-alive 20
# Set the keepalive interval to 20 seconds for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client keep-alive interval 20
Related commands
client keep-alive enable
client max-count
Use client max-count to set the maximum number of associated clients for a radio or a service template.
Use undo client max-count to restore the default.
Syntax
client max-count max-number
undo client max-count
Default
The number of associated clients for a radio or a service template is not limited.
Views
Service template view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of clients in the range of 1 to 512.
Usage guidelines
With this feature configured, new clients cannot access the WLAN and the SSID is hidden when the maximum number is reached.
Examples
# Set the maximum number of associated clients to 38 for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client max-count 38
Related commands
beacon ssid-hide
client preferred-vlan authorized
Use client preferred-vlan authorized to configure clients to prefer the authorization VLAN after roaming.
Use undo client preferred-vlan authorized to configure client VLANs to remain unchanged after client roaming.
Syntax
client preferred-vlan authorized
undo client preferred-vlan authorized
Default
Clients prefer the authorization VLAN after roaming.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This feature takes effect only on 802.1X and MAC authentication clients.
Typically, the VLAN of a client remains unchanged after client roaming. However, if the client triggers a security alert configured on IMC after roams to another AP, the issued authorization VLAN for user isolation takes effect.
Examples
# Configure clients to prefer the authorization VLAN after roaming.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client preferred-vlan authorized
client report-mandatory
Use client report-mandatory to allow locally authenticated clients to come online after successful client information reporting.
Use undo client report-mandatory to allow locally authenticated clients to come online immediately after successful local authentication.
Syntax
client report-mandatory
undo client report-mandatory
Default
Locally authenticated clients come online after successful client information reporting.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
By default, an AP reports information about locally authenticated clients that pass authentication to the AC, and the AC creates client entries and informs the AP to get the clients online. If the CAPWAP tunnel between the AC and the AP operates incorrectly, clients might fail to come online and perform reauthentication repeatedly. To avoid this problem, you can allow clients to come online immediately after successful local authentication so that the AP can forward client traffic when the AC cannot be reached. The AP synchronizes client information to the AC when the tunnel recovers.
Examples
# Allow locally authenticated clients to come online immediately after successful local authentication.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] undo client report-mandatory
client smart-access enable
Use client smart-access enable to enable smart client access.
Use undo client smart-access enable to restore the default.
Syntax
client smart-access enable
undo client smart-access enable
Default
Smart client access is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This feature enables H3C wireless clients to access the WLAN automatically when the AKM mode is set to PSK or when the radio is bound to an empty service template.
Examples
# Enable smart client access.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client smart-access enable
client vlan-alloc
Use client vlan-alloc to set the VLAN allocation method for clients.
Use undo client vlan-alloc to restore the default.
Syntax
client vlan-alloc { dynamic | static | static-compatible }
undo client vlan-alloc
Default
The VLAN allocation method for clients is dynamic.
Views
Service template view
Predefined user roles
network-admin
Parameters
dynamic: Specifies dynamic VLAN allocation.
static: Specifies static VLAN allocation.
static-compatible: Specifies compatible static VLAN allocation.
Usage guidelines
When a client comes online for the first time, the associated AP assigns a random VLAN to it. When the client comes online again, the VLAN assigned to the client depends on the allocation method.
· Static allocation—The client inherits the VLAN that has been assigned to it. If the IP address lease has not expired, the client will use the same IP address. This method helps save IP addresses.
· Dynamic allocation—The radio re-assigns a VLAN to the client. This method balances clients in all VLANs.
· Compatible static allocation—The client inherits the VLAN that has been assigned to it when roaming between Comware 5 and Comware 7 ACs.
Examples
# Set the VLAN allocation method for clients to dynamic.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client vlan-alloc dynamic
Related commands
service-template
client-mac
Use client-mac to add a client to the VIP client group.
Use undo ap-name to remove a client from the VIP client group.
Syntax
client-mac mac-address [ level level ] [ description text ]
undo client-mac mac-address
Default
No clients exist in the VIP client group.
Views
VIP client group view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a client by its MAC address. The MAC address must be in the H-H-H format, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted.
level level: Specifies the VIP client level. The value is 1 or 2. By default, the client level is 1.
description text: Specifies the client description, a case-sensitive string of 1 to 64 characters. If you do not specify this option, no description exists for the client.
Usage guidelines
You can add both online and offline clients to the VIP client group. You can add a maximum of 128 level-1 VIP clients to the VIP client group. The number of supported level-2 VIP clients varies by device model.
Level 1 clients have a higher transmission and access priority than level 2 clients. The system does not rate limit level 1 clients.
When the maximum number of associated clients is reached on a radio and a new client attempts to come online, the system performs the following tasks:
· If the new client is a non-VIP client, the system rejects the client's association request.
· If the new client is a VIP client, the system logs off a non-VIP client or a VIP client of a lower level for the new client to come online.
¡ If non-VIP clients are online, the system logs off a non-VIP client.
¡ If no non-VIP client is online, the system logs off a level 2 VIP client.
¡ If all the online clients are level 1 VIP clients, the system rejects the client's association request.
Clients in the VIP client groups are considered as VIP clients only when they are associated with the AC instead of an AP. If a client is associated with an AP, the client is considered a non-VIP client even if it is in the VIP client group.
Examples
# Add a client with MAC address a0cc-2bca-a305 to the VIP client group.
<Sysname> system-view
[Sysname] wlan vip-client-group
[Sysname-wlan vip-client-group] client-mac a0cc-2bca-a305
client-statistics-report
Use client-statistics-report enable to enable client statistics reporting.
Use client-statistics-report disable to disable client statistics reporting.
Use undo client-statistics-report to restore the default.
Syntax
client-statistics-report { disable | enable [ interval interval ] }
undo client-statistics-report
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, client statistics reporting is enabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
interval interval: Specifies the interval at which client statistics are reported, in the range of 2 to 120 seconds. The interval is 50 seconds by default.
Usage guidelines
This feature enables an AP to report client statistics to the AC at the specified intervals for client entry update. The AC informs the AP to log off a client if the client's information does not exist in the saved entries.
To avoid frequent client re-association, disable this feature when the network is in a bad condition.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable client statistics reporting and set the reporting interval to 20 seconds for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] client-statistics-report enable interval 20
# Enable client statistics reporting and set the reporting interval to 20 seconds for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client-statistics-report enable interval 20
client-statistics-report smart-maintenance
Use client-statistics-report smart-maintenance enable to enable an AP to report client smart O&M statistics to the AC.
Use client-statistics-report smart-maintenance disable to disable an AP from reporting client smart O&M statistics to the AC.
Use undo client-statistics-report smart-maintenance to restore the default.
Syntax
client-statistics-report smart-maintenance { disable | enable }
undo client-statistics-report smart-maintenance
Default
In AP view, an AP uses the configuration in an AP group's AP model view.
In AP group view, an AP reports client smart O&M statistics to the AC.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to report client smart O&M statistics to the AC at intervals specified by the client-statistics-report command. The AC reports the statistics to the cloud platform. Users can view client statistics from the Web interface.
Disable this feature when the network condition is poor.
For VIP client features to take effect, you must enable this feature when any VIP client feature is enabled.
The configuration in AP view takes precedence over the configuration in AP group view.
Examples
# Enable report of client smart O&M statistics for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] client-statistics-report smart-maintenance enable
# Enable report of client smart O&M statistics for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] client-statistics-report smart-maintenance enable
Related commands
client-statistics-report
customlog format wlan
Use customlog format wlan to enable the device to generate client logs in the specified format.
Use undo customlog format wlan to restore the default.
Syntax
customlog format wlan { normal | sangfor }
undo customlog format wlan
Default
The device generates client logs only in H3C format.
Views
System view
Predefined user roles
network-admin
Parameters
normal: Specifies normal format.
sangfor: Specifies sangfor format.
Usage guidelines
By default, the device generates client logs only in H3C format that logs AP name, radio ID, client MAC address, SSID, BSSID, and client online status.
You can configure the device to generate client logs in one of the following formats:
· Normal—Logs AP MAC address, AP name, client IP address, client MAC address, SSID, and BSSID.
· Sangfor—Logs AP MAC address, client IP address, and client MAC address.
This feature does not affect the generation of client logs in H3C format.
Examples
# Enable the device to generate client logs in sangfor format.
<Sysname> system-view
[Sysname] customlog format wlan sangfor
description
Use description to configure a description for a service template.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is configured for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 64 characters.
Examples
# Configure a description for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] description wlanst
display elan interface
Use dispaly elan interface to display AP interfaces bound to an ELAN service template.
Syntax
display elan interface [ ap-name ap-name | ap-id ap-id ] [ brief ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap-name: Specifies the name of an AP, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
ap-id: Specifies an AP ID, which corresponds to a unique AP name. The value range is 1 to 65535.
Examples
# Display AP interfaces bound to an ELAN service template.
<Sysname> display elan interface
AP name :ap1
Interface :GigabitEthernet1/0/1
AP ID :1
Service-template name:elan1
State :UP
AP name :ap2
Interface :GigabitEthernet1/0/2
AP ID :2
Service-template name:elan2
State :UP
# Display AP interfaces on AP ap1 bound to an ELAN service template.
<Sysname> display elan interface ap-name ap1
AP name :ap1
Interface :GigabitEthernet1/0/1
Service-template name:elan1
State :UP
AP ID :1
# Display AP interfaces on AP 2 bound to an ELAN service template.
<Sysname> display elan interface ap-id 2
AP name :ap2
Interface :GigabitEthernet1/0/2
AP ID :2
Service-template name:elan2
State :UP
# Display brief information about AP interfaces bound to an ELAN service template.
<Sysname> display elan interface brief
Interface Status Forwarder
elan1/1-1-1 UP AC
elan1/1-2-1 DOWN AC
Table 1 Command output
|
Field |
Description |
|
State |
ELAN interface status: · UP—The interface is physically up. · DOWN—The interface is physically down. |
|
Forwarder |
Forwarding mode of the ELAN service template: · AC—Centralized forwarding. |
display elan service-template
Use display elan service-template to display information about the specified ELAN service template or all ELAN service templates.
Syntax
display elan service-template [ service-template-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
service-template-name: Specifies the name of the ELAN service template, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all ELAN service templates.
Examples
# Display information about all the ELAN service templates.
<Sysname> display elan service-template
Service template name:elan1
Status :Enabled
Forwarder :AC
Service template name:elan2
Status :Disabled
Forwarder :AC
Table 2 Command output
|
Field |
Description |
|
Service template name |
Name of the ELAN service template. |
|
Status |
Status of the ELAN service template: · Enabled. · Disabled. |
|
Forwarder |
Forwarding mode of the ELAN service template: · AC—Centralized forwarding. |
display wlan ap all client-number
Use display wlan ap all client-number to display the number of online clients.
Syntax
display wlan ap all client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients at both the 2.4 GHz and 5 GHz bands.
<System> display wlan ap all client-number
AP name Clients 2.4GHz 5GHz 6GHz
ap1 2 2 0 0
Table 3 Command output
|
Field |
Description |
|
Clients |
Total number of online clients. |
|
2.4GHz |
Number of online clients at the 2.4 GHz band. |
|
5GHz |
Number of online clients at the 5 GHz band. |
|
6GHz |
Number of online clients at the 6 GHz band. |
display wlan ap all radio client-number
Use display wlan ap all radio client-number to display the number of online clients and channel information for each radio.
Syntax
display wlan ap all radio client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients and channel information for each radio.
<Sysname> display wlan ap all radio client-number
AP name RID Channel Clients
ap1 1 44 12
ap1 2 11 4
display wlan ap-group all client-number
Use display wlan ap-group all client-number to display the number of online clients in each radio group.
Syntax
display wlan ap-group all client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients in each radio group.
<Sysname> display wlan ap-group all client-number
AP group name Group ID Clients 2.4GHz 5GHz 6GHz
default-group 1 150 100 50 0
1 2 250 50 200 0
Table 4 Command output
|
Field |
Description |
|
2.4GHz |
Number of clients at the 2.4 GHz band. |
|
5GHz |
Number of clients at the 5 GHz band. |
|
6GHz |
Number of clients at the 6 GHz band. |
display wlan blacklist
Use display wlan blacklist to display blacklist entries.
Syntax
display wlan blacklist { dynamic | static }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
dynamic: Specifies the dynamic blacklist.
static: Specifies the static blacklist.
Examples
# Display static blacklist entries.
<Sysname> display wlan blacklist static
Total number of clients: 3
MAC addresses:
000e-35b2-000e
0019-5b8e-b709
001c-f0bf-9c92
# Display dynamic blacklist entries.
<Sysname> display wlan blacklist dynamic
Total number of clients: 3
MAC address APID RID Lifetime Duration Reason
000f-e2cc-0001 1 1 300s 10m 46s WIPS countermeasure
000f-e2cc-0002 2 1 300s 08m 46s WIPS countermeasure
000f-e2cc-0003 3 1 300s 08m 22s WIPS countermeasure
Table 5 Command output
|
Field |
Description |
|
MAC address |
Client MAC address. |
|
APID |
ID of the AP that detects the rogue client. |
|
RID |
ID of the radio that detects the rogue client. |
|
Lifetime |
Lifetime of the entry in seconds. |
|
Duration |
Duration for the entry since the entry was added to the dynamic blacklist. |
|
Reason |
Reson that the dynamic denylist was generated: · WIPS countermeasure. · Reauthentication rejection. · Password failure limit. · Others. |
display wlan bss
Use display wlan bss to display basic service set (BSS) information.
Syntax
display wlan bss { all | ap ap-name | bssid bssid } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all BSSs.
ap ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
bssid bssid: Specifies a BSS by its ID. The value is a 48-bit hexadecimal number in the format of H-H-H.
verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.
Examples
# Display brief information about all BSSs.
<Sysname> display wlan bss all
Current BSS number: 4
Max BSS number: 32768
Bound BSS Number: 5
AP name RID SSID BSSID
ap1 1 SSID1 001c-f08f-f804
ap1 2 SSID1 001c-f08f-f806
ap2 1 SSID1 001c-f0bf-9c92
ap2 2 SSID1 001c-f0bf-9c94
Table 6 Command output
|
Field |
Description |
|
Current BSS number |
Number of current BSSs. |
|
Max BSS number |
Maximum number of supported BSSs. |
|
Bound BSS Number |
Number of BSSs that can be created or number of radios bound with a service template. This field might have a larger value than the Max BSS number field. |
# Display detailed information about the BSS with ID 001c-f08f-f804 on member device 1.
<Sysname> display wlan bss bssid 001c-f08f-f804 slot 1 verbose
AP name : ap1
BSSID : 001c-f08f-f804
Radio ID : 1
Service template name : servcie1
SSID : SSID1
VLAN ID : 1
AKM mode : Not configured
User authentication mode : Bypass
Table 7 Command output
|
Field |
Description |
|
AKM mode |
AKM mode: · 802.1X. · PSK. · Not configured. |
|
User authentication mode |
User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI. |
display wlan bss count
Use display wlan bss count to display BSS quantity information.
Syntax
display wlan bss count
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display BSS quantity information.
<Sysname> display wlan bss count
Current BSS number: 4
Max BSS number: 6144
Bound BSS number: 5
Table 8 Command output
|
Field |
Description |
|
Current BSS number |
Number of current BSSs. |
|
Max BSS number |
Maximum number of supported BSSs. |
|
Bound BSS number |
Number of BSSs that can be generated by binding service templates to radios. The bound BSS number might exceed the max BSS number. |
display wlan client
Use display wlan client to display client information.
Syntax
display wlan client [ ap ap-name [ radio radio-id ] | mac-address mac-address | service-template service-template-name | frequency-band { 2.4 | 5 } | vlan vlan-id ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Displays information about clients that are connected to the specified AP. The AP name is a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Displays information about clients that are connected to the specified radio. The value range for the radio-id argument varies by device model. If you do not specify this option, the command displays information about all clients that are connected to the specified AP.
mac-address mac-address: Specifies a client by its MAC address.
service-template service-template-name: Displays information about clients that are associated with the specified service template. The service template name is a case-insensitive string of 1 to 63 characters.
frequency-band: Displays information about clients working on the specified band.
2.4: Specifies the 2.4 GHz band.
5: Specifies the 5 GHz band.
verbose: Displays detailed client information. If you do not specify this keyword, the command displays brief client information.
vlan vlan-id: Displays information about clients in the specified VLAN. The VLAN ID is in the range of 1 to 4094.
Examples
# Display brief information about all clients.
<Sysname> display wlan client
Total number of clients: 3
MAC address Username AP name R IP address VLAN
000f-e265-6400 N/A ap1 1 1.1.1.1 100
000f-e265-6401 user ap2 1 3.0.0.3 200
84db-ac14-dd08 N/A ap1 1 5.5.5.3 1
Table 9 Command output
|
Field |
Description |
|
MAC address |
Client MAC address. |
|
Username |
Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client. |
|
AP name |
Name of the AP that the client is associated with. |
|
R |
ID of the radio that the client is associated with. |
|
IP address |
IPv4 address of the client. |
|
VLAN ID |
ID of the VLAN to which the client belongs. |
# Display detailed information about the client with MAC address 000f-e265-6400.
<Sysname> display wlan client mac-address 000f-e265-6400 verbose
Total number of clients: 1
MAC address : 000f-e265-6400
IPv4 address : 10.1.1.114
IPv6 address : 2001::1234:5678:0102:0304
Username : N/A
AID : 1
AP ID : 1
AP name : ap1
Radio ID : 1
Channel : 36
SSID : office
BSSID : 0026-3e08-1150
VLAN ID : 3
Sleep count : 3
Wireless mode : 802.11gn
Channel bandwidth : 20MHz
SM power save : Enabled
Short GI for 20MHz : Supported
Short GI for 40MHz : Supported
Short GI for 80MHz : Supported
Short GI for 160/80+80MHz : Not supported
STBC RX capability : Not supported
STBC TX capability : Not supported
LDPC RX capability : Not supported
SU beamformee capability : Not supported
MU beamformee capability : Not supported
Beamformee STS capability : N/A
Block Ack : TID 0 In
Supported VHT-MCS set : NSS1 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
NSS2 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Supported HT MCS set : 0, 1, 2, 3, 4, 5, 6, 7,
8, 9, 10, 11, 12, 13, 14,
15
Supported rates : 1, 2, 5.5, 6, 9, 11,
12, 18, 24, 36, 48, 54 Mbps
QoS mode : WMM
Listen interval : 10
RSSI : 62
Rx/Tx rate : 130/195 Mbps
Speed : N/A
Authentication method : Open system
Security mode : PRE-RSNA
AKM mode : Not configured
Cipher suite : N/A
User authentication mode : Bypass
WPA3 status : Disabled
SAE PWE Method : None
Authorization ACL ID : 3001(Not effective)
Authorization user profile : N/A
Authorization CAR :
Average input rate : 102400 bps
Average output rate : 102400 bps
Roam status : N/A
Key derivation : SHA1
PMF status : Enabled
Forwarding policy name : Not configured
Online time : 0days 0hours 1minutes 13seconds
FT status : Inactive
BTM status : Disabled
Authorization user group : N/A
Table 10 Command output
|
Field |
Description |
|
MAC address |
Client MAC address. |
|
IPv4 address |
Client IPv4 address. |
|
IPv6 address |
Client IPv6 address. |
|
Username |
Client username: · The field displays the client username if the client uses 802.1X or MAC authentication. · The field displays N/A if the client does not use 802.1X or MAC authentication. NOTE: If the client uses portal authentication, this field does not display the portal username of the client. |
|
AID |
Association ID. |
|
AP ID |
ID of the AP that the client is associated with. |
|
AP name |
Name of the AP that the client is associated with. |
|
Radio ID |
ID of the radio that the client is associated with. |
|
Channel |
Channel with which the client is associated. |
|
SSID |
SSID with which the client is associated. |
|
VLAN ID |
ID of the VLAN to which the client belongs. |
|
Sleep count |
Client sleep times. |
|
Wireless mode |
Wireless mode: · 802.11a. · 802.11b. · 802.11g. · 802.11gn. · 802.11an. · 802.11ac. · 802.11gac. · 802.11ax. · 802.11gax. · 802.11eax. · 802.11be. · 802.11abe. · 802.11gbe. |
|
Channel bandwidth |
Channel bandwidth: · 20 MHz. · 40 MHz. · 80 MHz. · 160 MHz. · 320 MHz. |
|
20/40 BSS Coexistence Management |
Whether the client supports 20/40MHz channel bandwidth coexistence. |
|
SM Power Save |
SM Power Save status: · Enabled—Only one antenna of a client operates in active state, and others operate in sleep state to save power. · Disabled. |
|
Short GI for 20MHz |
Whether the client supports short GI when its channel bandwidth is 20 MHz: · Supported. · Not supported. |
|
Short GI for 40MHz |
Whether the client supports short GI when its channel bandwidth is 40 MHz: · Supported. · Not supported. |
|
Short GI for 80MHz |
Whether the client supports short GI when its channel bandwidth is 80 MHz: · Supported. · Not supported. |
|
Short GI for 160/80+80MHz |
Whether the client supports short GI when its channel bandwidth is 160 MHz or 80 + 80 MHz: · Supported. · Not supported. |
|
STBC Rx Capability |
Client STBC receive capability; · Not supported. · Supported. |
|
STBC Tx Capability |
Client STBC transmission capability: · Not supported. · Supported. |
|
LDPC Rx capability |
Client LDPC receive capability; · Not supported. · Supported. |
|
SU beamformee capability |
Client SU beamformee capability: · Not supported. · Supported. |
|
MU beamformee capability |
Client MU beamformee capability: · Not supported. · Supported. |
|
Beamformee STS capability |
Supported spatial stream quantity if the client is a beamformee receiver, in the range of 0 to 7 (the maximum spatial stream quantity specified by the MIMO mode minus one). This field displays N/A if the client cannot act as a beamformee receiver. |
|
Number of Sounding Dimensions |
Supported spatial stream quantity if the client is a beamformee transmitter, in the range of 0 to 7 (the maximum spatial stream quantity specified by the MIMO mode minus one). This field displays N/A if the client cannot act as a beamformee transmitter. |
|
Block Ack |
Negotiation result of Block ACK with TID: · TID 0 In—Sends Block ACK for inbound traffic. · TID 0 Out—Sends Block ACK for outbound traffic. · TID 0 Both—Sends Block ACK for both inbound and outbound traffic. · N/A—Does not send Block ACK for both inbound and outbound traffic. |
|
Supported VHT-MCS set |
VHT-MCS supported by the client. |
|
Supported HT MCS set |
HT-MCS supported by the client. |
|
2.4G 40MHz Channel bandwidth |
Client support for 2.4G 40 MHz channel bandwidth: · Not Supported. · Supported. |
|
5G 40And80MHz Channel bandwidth |
Client support for 5G 40 MHz and 80 MHz channel bandwidth: · Not Supported. · Supported. |
|
5G 160MHz Channel bandwidth |
Client support for 5G 160 MHz channel bandwidth: · Not Supported. · Supported. |
|
5G 8080MHz Channel bandwidth |
Client support for 5G 80+80 MHz channel bandwidth: · Not Supported. · Supported. |
|
6G 320MHz Channel bandwidth |
Client support for 6G 320 MHz channel bandwidth: · Not Supported. · Supported. |
|
OFDMA random access RUs |
Support for OFDMA random selection of RUs. · Not supported. · Supported. |
|
Supported HE80MHz-MCS set |
Supported 80 MHz HE-MCS sets. |
|
Supported HE160MHz-MCS set |
Supported 160 MHz HE-MCS sets. |
|
Supported HE 8080MHz-MCS set |
Supported 80+80 MHz HE-MCS sets. |
|
Supported EHT 80MHz-MCS set |
Supported 80 MHz EHT-MCS sets. |
|
Supported EHT160MHz-MCS set |
Supported 160 MHz EHT-MCS sets. |
|
Supported EHT 320MHz-MCS set |
Supported 320 MHz EHT-MCS sets. |
|
TWT scheduled |
Whether the client is a TWT scheduled client. A TWT scheduled client can calculate and negotiate TWT scheduling information. · Yes. · No. |
|
QoS mode |
QoS mode: · N/A—WMM is not supported. · WMM—WMM is supported. WMM information negotiation is carried out between an AP and a client that both support WMM. |
|
Listen interval |
Interval at which the client wakes up to listen for beacon frames. It is counted by beacon interval. |
|
RSSI |
Received signal strength indication. This value indicates the client signal strength detected by the AP. |
|
Rx/Tx rate |
Sending and receiving rates of data, management, and control frames. |
|
Speed |
Sending and receiving rates in the past 2 minutes in Kbps, rounded to three decimal places. This field displays N/A if both the sending and receiving rates are 0. |
|
Authentication method |
Authentication method: · Open system. · Shared key. · SAE. |
|
Security mode |
Security mode: · RSN—Beacons and probe responses carry RSN IE. · WPA—Beacons and probe responses carry WPA IE. · PRE-RSNA—Beacons and probe responses do not carry RSN IE or WPA IE. |
|
AKM mode |
AKM mode: · 802.1X. · PSK. · OWE. · Not configured. |
|
Cipher suite |
Cipher suite: · N/A. · WEP40. · WEP104. · WEP128. · CCMP. · TKIP. · GCMP. |
|
User authentication mode |
User authentication mode: · Bypass—No client authentication. · MAC. · 802.1X. · OUI. |
|
WPA3 status |
WPA3 status: · Disabled. · Enabled. · N/A. |
|
Authorization ACL ID |
Authorized ACL number: · This field displays the ACL number if the authorized ACL takes effect. · This field displays ACL number(Not effective) if the authorized ACL does not take effect. · This field displays N/A if the authentication server is configured without any authorized ACL. |
|
Authorization user profile |
Name of the authorized user profile: · This field displays the authorized user profile name if the authorized user profile takes effect. · This field displays authorized user profile name + Not effective if the authorized user profile does not take effect. · This field displays N/A if the authentication server is configured without any authorized user profile. |
|
SAE PWE Method |
PWE deriving method at the SAE phase: · None—PWE deriving is not required. · Hash-to-Element(H2E)—Use the Hash-to-Element method to derive PWEs. · Hunting-and-Pecking(HnP)—Use the Hunting-and-Pecking method to derive PWEs. |
|
Authorization CAR |
Authorization CAR: · Average input rate—Average uplink rate in bps. · Average output rate—Average downlink rate in bps. · N/A—This field displays N/A if the authentication server is not configured with authorization CAR for users. |
|
Roam status |
Roam status: · Roaming in progress. · Inter-AC roam. · Intra-AC roam. · This field displays N/A if the client stays in one BSS after coming online. |
|
Key derivation |
Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · SHA384—Uses the HMAC-SHA384 hash algorithm. · N/A—No key derivation algorithm is involved for the authentication type. |
|
PMF status |
PMF status: · Enabled—Management frame protection is enabled. · Disabled—Management frame protection is disabled. · N/A—Management frame protection is not involved. |
|
Forwarding policy name |
WLAN forwarding policy name: · Not configured. · Policy-name. |
|
Online time |
Client online duration. |
|
FT status |
Fast BSS transition (FT): · Active—FT is enabled. · Inactive—FT is disabled. |
|
BTM status |
BTM status: · Disabled. · Enabled. |
display wlan client device-information
Use display wlan client device-information to display device information for a client.
Syntax
display wlan client device-information [ mac-address mac-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, this command displays device information for all clients.
Examples
# Display device information for all clients.
<Sysname> display wlan client device-information
Total number of clients: 2
MAC_Address : 0000-0000-0001
Vendor Name : Oppo
Host Name : OPPO-Find-X2-Pro
MAC_Address : 0000-0000-0002
Vendor Name : Oppo
Host Name : OPPO-Find-X2
Table 11 Command output
|
Field |
Description |
|
MAC address |
MAC address of the client. |
|
Vendor Name |
Vendor of the client. If the client uses an IOS operating system or has random MAC configured, this field displays Unknown. |
|
Host Name |
Name of the client. If the client uses an IOS operating system, this field displays Unknown. |
display wlan client ipv6
Use display wlan client ipv6 to display information about client IPv6 addresses.
Syntax
display wlan client ipv6
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display brief status information about the specified client.
<Sysname> display wlan client ipv6
MAC address AP name IPv6 address VLAN
84db-ac14-dd08 ap1 1::2:0:0:3 300
Table 12 Command output
|
Field |
Description |
|
MAC address |
Client MAC address. |
|
IPv6 address |
Client IPv6 address. |
|
VLAN |
Client VLAN. |
display wlan client online-duration
Use display wlan client online-duration to display client online duration.
Syntax
display wlan client online-duration [ ap ap-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
Examples
# Display brief information about client online duration.
<Sysname> display wlan client online-duration
Total number of online clients: 2
MAC address IPv4 address Online duration
a4c1-5b79-fa5b-1d62 192.168.11.123 0days 0hours 2minutes 23seconds
22d3-c5b7-a4b5-96fa 192.168.11.234 0days 0hours 5minutes 34seconds
Table 13 Command output
|
Field |
Description |
|
MAC address |
Client MAC address. |
|
IPv4 address |
Client IPv4 address. |
|
Online duration |
Client online duration. |
display wlan client status
Use display wlan client status to display client status information.
Syntax
display wlan client status [ mac-address mac-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H. If you do not specify this option, the command displays status information about all clients.
verbose: Displays detailed client status information. If you do not specify this keyword, the command displays brief client status information.
Examples
# Display brief status information about the specified client.
<Sysname> display wlan client status mac-address 001c-f08f-f804
Total number of clients: 1
MAC address RSSI Rx/Tx rate(bps) Speed(bps) Discard AP name RID
001c-f08f-f804 0 39/117Mbps N/A 0.00 ap2 2
# Display brief status information about all clients.
<Sysname> display wlan client status
Total number of clients: 2
MAC address RSSI Rx/Tx rate(bps) Speed(bps) Discard AP name RID
000b-c002-9d09 65 39/117Mbps N/A 0.00% ap2 2
000f-e265-6401 62 130/195Mbps N/A 0.00% ap1 1
Table 14 Command output
|
Field |
Description |
|
MAC address |
Client MAC address. |
|
RSSI |
RSSI of the client. |
|
Rx/Tx rate(bps) |
Rates at which the client receives and sends data, management packets, and control packets. |
|
Speed(bps) |
Rates at which the client receives and sends packets in the past 2 minutes, rounded to one decimal place. If a rate is smaller than 1 Mbps, the value is displayed in Kbps. If a rate equals 1 Mbps or is larger than 1 Mbps, the value is displayed in Mbps. This field displays N/A if both the sending and receiving rates are 0. |
|
Discard |
Ratio of packets discarded by the client. |
|
AP name |
Name of the AP with which the client is associated. |
|
RID |
ID of the radio with which the client is associated. |
# Display detailed status information about the specified client.
<Sysname> display wlan client status mac-address 001c-f08f-f804 verbose
Total number of clients: 1
MAC address : 001c-f08f-f804
AP name : ap2
Radio ID : 2
RSSI : 0
Rx/Tx rate : 39/117 Mbps
Speed : N/A
Received:
Retransmitted packets : 84
Retransmitted packet ratio : 64.12%
Sent:
Retransmitted packets : 0
Retransmitted packet ratio : 0.00%
Discarded:
Discarded packets : 0
Discarded packet ratio : 0.00%
Table 15 Command output
|
Field |
Description |
|
MAC address |
Client MAC address. |
|
AP name |
Name of the AP that the client is associated with. |
|
Radio ID |
ID of the radio that the client is associated with. |
|
RSSI |
RSSI of the client. |
|
Rx/Tx rate |
Rates at which the client receives and sends data, management packets, and control packets. |
|
Speed |
Sending and receiving rates in the past 2 minutes in Kbps, rounded to three decimal places. This field displays N/A if both the sending and receiving rates are 0. |
|
Received |
Statistics about packets received by the AP: · Retransmitted packets. · Retransmitted packet ratio. |
|
Sent |
Statistics about packets sent by the AP: · Retransmitted packets. · Retransmitted packet ratio. |
|
Discarded |
Statistics about packets discarded by the client: · Discarded packets. · Discarded packet ratio. |
display wlan forwarding-policy
Use display wlan forwarding-policy to display WLAN forwarding policy information.
Syntax
display wlan forwarding-policy [ policy-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameter
policy-name: Specifies a WLAN forwarding policy by its name, a case-insensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all WLAN forwarding policies.
Examples
# Display information about all WLAN forwarding policies.
<Sysname> display wlan forwarding-policy
Total number of forwarding policies: 2
Forwarding policy name: fwd1
Classifier ACL 2000: Local
Classifier ACL 2004: Local
Classifier IPv6 ACL 2001: Remote
Classifier IPv6 ACL 2002: Remote
Forwarding policy name: fwd2
Classifier ACL 4021: Local
Classifier IPv6 ACL 2000: Remote
Classifier IPv6 ACL 3024: Remote
Table 16 Command output
|
Field |
Description |
|
IPv4 packet forwarding mode: · Local—Local forwarding. · Remote—Centralized forwarding. |
|
|
Classifier IPv6 ACL number |
IPv6 packet forwarding mode: · Local—Local forwarding. · Remote—Centralized forwarding. |
Related commands
wlan forwarding-policy
display wlan guest-tunnel
Use display wlan guest-tunnel to display guest tunnel information on the AC.
Syntax
display wlan guest-tunnel { all | ip ipv4-address }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays information about all guest tunnels.
ip ipv4-address: Displays information about the guest tunnel with the specified peer IPv4 address.
Examples
# Display information about all guest tunnels on an edge AC.
<Sysname> display wlan guest-tunnel all
Guest access tunnel information
Local mode: Edge AC Tunnels: 2
Peer IP address Local IP address VLANs State Interface
2.2.2.2 5.5.5.1 4 Up WLAN-Tunnel9
2.2.2.3 5.5.5.1 5 Down WLAN-Tunnel10
# Display information about all guest tunnels on an aggregation AC.
<Sysname> display wlan guest-tunnel all
Guest access tunnel information
Local mode: Aggregation AC Tunnels: 2
Peer IP address VLANs State Interface
1.1.1.1 4-5 Down WLAN-Tunnel9
1.1.1.2 6 Down WLAN-Tunnel10
# Display information about the guest tunnel established with peer IPv4 address 1.1.1.1.
<Sysname> display wlan guest-tunnel ip 1.1.1.1
Guest access tunnel information
Local mode: Edge AC
Peer IP address : 1.1.1.1
Local IP address : 1.1.1.2
VLANs : 4
State : Down
Interface : WLAN-Tunnel9
Online duration : 00:32:05
Table 17 Command output
|
Field |
Description |
|
Local mode |
AC role: · Edge AC. · Aggregation AC. |
|
Tunnels |
Number of guest tunnels. |
|
VLANs |
Guest VLAN ID. |
|
State |
Guest tunnel state: · Up. · Down. |
|
Interface |
Local interface created during guest tunnel establishment. This field displays N/A if the AC fails to create the guest tunnel interface. |
|
Online duration |
Tunnel uptime. |
display wlan service-template
Use display wlan service-template to display service template information.
Syntax
display wlan service-template [ service-template-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all service templates.
verbose: Displays detailed service template information.
Examples
# Display brief information about all service templates.
[Sysname] display wlan service-template
Total number of service templates: 2
Service template name SSID Status
1 2333 Enabled
2 3222 Enabled
# Display detailed information about all service templates.
<Sysname> display wlan service-template verbose
Service template name : service1
Description : Not configured
SSID : wuxianfuwu
SSID-hide : Disabled
User-isolation : Disabled
Service template status : Disabled
Maximum clients per BSS : 64
Frame format : Dot3
Seamless roam status : Disabled
Seamless roam RSSI threshold : 50
Seamless roam RSSI gap : 20
VLAN ID : 1
AKM mode : PSK
Security IE : RSN
Cipher suite : CCMP
WEP key ID : 1
TKIP countermeasure time : 100 sec
PTK lifetime : 43200 sec
PTK rekey : Enabled
GTK rekey : Enabled
GTK rekey method : Time-based
GTK rekey time : 86400 sec
GTK rekey client-offline : Enabled
WPA3 status : Disabled
SAE PWE method : Hash-to-Element(H2E)
WPA3 transit to WPA2 disable indication : Disabled
PPSK : Disabled
PPSK Fail Permit : Disabled
Enhanced-open status : Enabled
Enhanced-open transition-mode service-template : N/A
User authentication mode : Bypass
Intrusion protection : Disabled
Intrusion protection mode : Temporary-block
Temporary block time : 180 sec
Temporary service stop time : 20 sec
Fail VLAN ID : 1
802.1X handshake : Enabled
802.1X handshake secure : Disabled
802.1X domain : my-domain
MAC-auth domain : Not configured
Max 802.1X users per BSS : 4096
Max MAC-auth users per BSS : 4096
802.1X re-authenticate : Enabled
Authorization fail mode : Online
Accounting fail mode : Online
Authorization : Permitted
Key derivation : SHA1
PMF status : Optional
Hotspot policy number : Not configured
Forwarding policy status : Disabled
Forwarding policy name : Not configured
Forwarder : AP
FT status : Disabled
QoS trust : Port
QoS priority : 0
BTM status : Disabled
Table 18 Command output
|
Field |
Description |
|
SSID |
SSID of the service template. |
|
SSID-hide |
Whether the SSID is hidden in beacons: · Disabled. · Enabled. |
|
User-isolation |
Use isolation: · Disabled. · Enabled. |
|
Service template status |
Service template status: · Disabled. · Enabled. |
|
Maximum clients per BSS |
Maximum number of clients that the BSS supports. |
|
Frame format |
Client data frame encapsulation format: · Dot3—802.3 format. · Dot11—802.11 format. |
|
Seamless roam status |
Seamless roaming status: · Disabled. · Enabled. |
|
Seamless roam RSSI threshold |
Seamless roaming RSSI threshold. |
|
Seamless roam RSSI gap |
Seamless roaming RSSI gap. |
|
VLAN ID |
ID of the VLAN to which clients belong after they come online through the service template. |
|
AKM mode |
AKM mode: · 802.1X. · PSK. |
|
Security IE |
Security IE: · RSN. · WPA. |
|
Cipher suite |
Cipher suite: · WEP40. · WEP104. · WEP128. · TKIP. · CCMP. · GCMP. |
|
TKIP countermeasure time |
TKIP countermeasure time. The value 0 indicates no countermeasures are taken. |
|
PTK rekey |
Whether PTK rekey is enabled: · Enabled. · Disabled. |
|
GTK rekey |
Whether GTK rekey is enabled: · Enabled. · Disabled. |
|
GTK rekey method |
GTK rekey method: · Time-based. · Packet-based. |
|
GTK rekey time |
GTK rekey interval. |
|
GTK rekey packets |
Number of packets that can be transmitted before the GTK is refreshed. |
|
GTK rekey client-offline |
Whether client-off GTK rekey is enabled: · Enabled. · Disabled. |
|
WPA3 status |
WPA3 security mode: · Disabled. · Mandatory. · Optional. |
|
PPSK |
Whether PPSK is enabled: · Disabled. · Enabled. |
|
PPSK Fail Permit |
Whether PPSK fail permit is enabled: · Disabled. · Enabled. |
|
SAE PWE method |
PWE deriving method at the SAE phase: · Hash-to-Element(H2E)—Supports using the H2E method. · Hunting-and-Pecking(HnP)—Supports using the HnP method. · Hash-to-Element and Hunting-and-Pecking support(Both-h2e-hnp)—Supports using the H2E or HnP method. |
|
WPA3 transit to WPA2 disable indication |
Status of anti-downgrade of the WPA3 security mode: · Disabled. · Enabled. |
|
Enhanced-open status |
Whether enhanced open system authentication is enabled: · Disabled. · Enabled. |
|
Enhanced-open transition-mode service-template |
Recommended service template in transition mode. If no service template is specified, this field displays N/A. |
|
User authentication mode |
Authentication mode: · Bypass—No authentication. · MAC. · MAC-or-802.1X—MAC authentication is performed first. If MAC authentication fails, 802.1X authentication is performed. · 802.1X. · 802.1X-or-MAC—802.1X authentication is performed first. If 802.1X authentication fails, MAC authentication is performed. · OUI-or-802.1X—OUI authentication is performed first. If OUI authentication fails, 802.1X authentication is performed. |
|
Intrusion protection |
Whether intrusion protection is enabled: · Enabled. · Disabled. |
|
Intrusion protection mode |
Intrusion protection mode: · Temporary-block—Temporarily adds intruders to the block list. · Service-stop—Stops all services provided by the BSS that receives illegal packets until it resets. · Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets. |
|
Temporary block time |
Temporary block time in seconds. |
|
Temporary service stop time |
Temporary service stop time in seconds. |
|
Fail VLAN ID |
ID of the VLAN to which clients are added if they cannot pass the authentication when the authentication server can be reached. This field displays Not configured if the fail VLAN ID is not configured. |
|
Critical VLAN ID |
ID of the VLAN to which clients are added if they cannot pass the authentication because the authentication server cannot be reached. This field displays Not configured if the critical VLAN ID is not configured. |
|
802.1X handshake |
Whether 802.1X handshake is enabled: · Enabled. · Disabled. |
|
802.1X handshake secure |
Whether secure 802.1X handshake is enabled: · Enabled. · Disabled. |
|
802.1X domain |
802.1X authentication domain. This field displays Not configured if the domain is not configured. |
|
MAC-auth domain |
MAC authentication domain. This field displays Not configured if the domain is not configured. |
|
Max 802.1X users per BSS |
Maximum number of supported 802.1X users in a BSS. |
|
Max MAC-auth users per BSS |
Maximum number of supported users that pass the MAC authentication in a BSS. |
|
802.1X re-authenticate |
Whether 802.1X reauthentication is enabled: · Enabled. · Disabled. |
|
Authorization fail mode |
Authorization fail mode: · Offline—Clients are logged off when authorization fails. · Online—Clients are not logged off when authorization fails. |
|
Accounting fail mode |
Accounting fail mode: · Offline—Clients are logged off when accounting fails. · Online—Clients are not logged off when accounting fails. |
|
Authorization |
Authorization information: · Permitted—Applies the authorization information issued by the RADIUS server or the local device. · Ignored—Ignores the authorization information issued by the RADIUS server or the local device. |
|
Key derivation |
Key derivation type: · SHA1—Uses the HMAC-SHA1 hash algorithm. · SHA256—Uses the HMAC-SHA256 hash algorithm. · SHA1-AND-SHA256—Uses the HMAC SHA1 and SHA256 hash algorithm. |
|
PMF status |
PMF status: · Disabled—Management frame protection is disabled. · Optional—Management frame protection in optional mode is enabled. · Mandatory—Management frame protection in mandatory mode is enabled. |
|
Hotspot policy number |
Hotspot 2.0 policy number. |
|
Forwarding policy status |
WLAN forwarding policy status: · Disabled. · Enabled. |
|
Forward policy name |
WLAN forwarding policy name: · Not configured—No WLAN forwarding policy is configured. · policy-name. |
|
Forwarder |
Client traffic forwarder: · AC—AC in a non-AC hierarchical network and local AC in an AC hierarchical network. · AP. · Central AC. |
|
FT status |
FT status: · Disabled. · Enabled. |
|
FT method |
FT method: · over-the-air. · over-the-ds. |
|
FT reassociation deadline |
FT reassociation timeout timer in seconds. |
|
QoS trust |
QoS priority trust mode: · Port—Port priority trust mode. · Dot11e—802.11e priority trust mode. |
|
QoS priority |
Port priority in the range of 0 to 7. |
|
BTM status |
BTM status: · Disabled. · Enabled. |
display wlan statistics client
Use display wlan statistics client to display client statistics.
Syntax
display wlan statistics client [ mac-address mac-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command displays statistics for all clients.
Examples
# Display statistics for all clients.
<Sysname> display wlan statistics client
MAC address : 0014-6c8a-43ff
AP name : ap1
Radio ID : 1
SSID : office
BSSID : 000f-e2ff-7700
RSSI : 31
Sent frames:
Back ground : 0/0 (frames/bytes)
Best effort : 9/1230 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 2/76 (frames/bytes)
Received frames:
Back ground : 0/0 (frames/bytes)
Best effort : 18/2437 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 7/468 (frames/bytes)
Discarded frames:
Back ground : 0/0 (frames/bytes)
Best effort : 0/0 (frames/bytes)
Video : 0/0 (frames/bytes)
Voice : 5/389 (frames/bytes)
Table 19 Command output
|
Field |
Description |
|
SSID |
SSID of the service template. |
|
MAC address |
Client MAC address. |
|
Back ground |
AC-BK queue. |
|
Best effort |
AC-BE queue. |
|
Video |
AC-VI queue. |
|
Voice |
AC-VO queue. |
display wlan statistics connect-history
Use display wlan statistics connect-history to display client connection history.
Syntax
display wlan statistics connect-history { ap { all | name ap-name } | service-template service-template-name }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ap: Specifies APs.
all: Specifies all APs.
name ap-name: Specifies an AP by its name, a case-sensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
service-template service-template-name: Specifies a service template by its name.
Examples
# Display the connection history for service template 1.
<Sysname> display wlan statistics connect-history service-template 1
AP name : ap1
Radio ID : 1
Associations : 132
Association failures : 3
Reassociations : 30
Rejections : 12
Abnormal disassociations : 2
Current associations : 57
# Display the connection history for AP ap1.
<Sysname> display wlan statistics connect-history ap name ap1
AP name : ap1
Associations : 1
Reassociations : 0
Failures : 0
Rejections : 0
Abnormal disassociations : 0
Current associations : 1
display wlan statistics service template
Use display wlan statistics service-template to display service template statistics.
Syntax
display wlan statistics service-template service-template-name
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
service-template service-template-name: Specifies a service template by its name.
Examples
# Display statistics for service template 1.
<Sysname> display wlan statistics service-template 1
AP name : ap1
Radio ID : 1
Received:
Frame count : 1713
Frame bytes : 487061
Data frame count : 1683
Data frame bytes : 485761
Association request count : 2
Sent:
Frame count : 62113
Frame bytes : 25142076
Data frame count : 55978
Data frame bytes : 22626600
Association response count : 2
display wlan statistics vip-client
Use display wlan statistics vip-client to display VIP client statistics that an AP reports to the AC.
Syntax
display wlan statistics vip-client [ mac-address mac-address ] [ history-record ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address: Specifies a client by its MAC address. The MAC address must be in the H-H-H format, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted.
history-record: Displays the history records for the VIP client. If you do not specify this keyword, the most recent statistics about the VIP client are displayed.
Usage guidelines
A maximum of 300 history records can be displayed for a VIP client.
Examples
# Display VIP client statistics that an AP reports to the AC.
<Sysname> display wlan statistics vip-client mac-address 1234-4321-1234
Total number of configured VIP clients: 1
Total number of online VIP clients: 1
MAC address : 1234-4321-1234
Data reporting time : 2018-8-15 12:20:15
AP name : ap1
Radio ID : 1
SSID : val-problem
Rx/Tx rate : 114.2/120.2 Mbps
Rx/Tx traffic : 16584/901021 Bytes
RSSI : 33
Clients on radio : 5
Channel utilization : 20%
Packet loss rate : 0.25%
Packet error rate : 0.01%
Retransmission rate : 1.29%
Delay : 5us
VIP client level : 1
Table 20 Command output
|
Field |
Description |
|
MAC address |
MAC address of the VIP client. |
|
Data reporting time |
Time at which the AP reported VIP client statistics to the AC. |
|
AP name |
Name of the AP associated with the VIP client. |
|
Radio ID |
ID of the radio associated with the VIP client. |
|
SSID |
SSID associated with the VIP client. |
|
Rx/Tx rate |
Rx/Tx rate for packets from the VIP client, including data, management, and control packets. |
|
Rx/Tx traffic |
Traffic received and sent by the VIP client within the report interval, in Bytes. |
|
RSSI |
RSSI of the VIP client. |
|
Clients on radio |
Number of clients associated with the radio. |
|
Delay |
AP-to-VIP client packet sending delay in microseconds. |
|
VIP client level |
Level of the VIP client. For more information, see the client-mac command. |
Related commands
client-mac
wlan vip-client-group
display wlan virtual-ap-group all client-number
Use display wlan virtual-ap-group all client-number to display the number of online clients in each virtual AP group.
Syntax
display wlan virtual-ap-group all client-number
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the number of online clients in each virtual AP group.
<Sysname> display wlan virtual-ap-group all client-number
AP group name Group ID Clients 2.4GHz 5GHz 6GHz
default-virtualapgroup 1 150 100 50 0
1 2 250 50 200 0
Table 21 Command output
|
Field |
Description |
|
AP group name |
Virtual AP group name. |
|
Group ID |
Virtual AP group ID, the unique identifier of a virtual AP group on an AC. |
|
Clients |
Total number of online clients in the group. |
|
2.4GHz |
Number of online 2.4 GHz clients in the group. |
|
5GHz |
Number of online 5 GHz clients in the group. |
|
6GHz |
Number of online 6 GHz clients in the group. |
display wlan whitelist
Use display wlan whitelist to display whitelist entries.
Syntax
display wlan whitelist
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display whitelist entries.
<Sysname> display wlan whitelist
Total number of clients: 3
MAC addresses:
000e-35b2-000e
0019-5b8e-b709
001c-f0bf-9c92
edge-ac
Use edge-ac to specify an edge AC for an aggregation AC.
Use undo edge-ac to delete an edge AC for an aggregation AC.
Syntax
edge-ac ip ipv4-address vlan vlan-id-list
undo edge-ac { all | ip ipv4-address [ vlan vlan-id-list ] }
Default
No edge AC is specified for an aggregation AC.
Views
Aggregation AC view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies the IPv4 address of an edge AC.
vlan vlan-id-list: Specifies a space-separated list of up to 10 guest VLAN items. Each VLAN item specifies a VLAN ID or a range of VLAN IDs in the form of start-vlan-id to end-vlan-id. The end VLAN ID must be greater than the start VLAN ID. Valid VLAN IDs are from 1 to 4094.
all: Specifies all edge ACs.
Usage guidelines
An edge AC can establish guest tunnels with multiple aggregation ACs, but these tunnels must belong to different VLANs. The maximum number of supported guest tunnels varies by device model.
An edge AC can establish multiple guest tunnels with an aggregation AC, but it must use different source IP addresses to establish tunnels with different aggregation AC interfaces.
Examples
# Specify an edge AC with IP address 192.168.2.20 for the aggregation AC, and specify the guest VLAN as VLAN 7.
<Sysname> system-view
[Sysname] wlan guest-tunnel aggregation-ac
[Sysname-wlan-aggregation-ac] edge-ac ip 192.168.2.20 vlan 7
Related commands
aggregation-ac
elan service-template (interface view)
Use elan service-template to bind an ELAN service template to a wired AP interface.
Use undo elan service-template to unbind an ELAN service template from a wired AP interface.
Syntax
elan service-template service-template-name
undo elan service-template
Default
No ELAN service template is bound to a wired AP interface.
Views
Interface view in an AP group's AP model view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies the name of the ELAN service template, a case-insensitive string of 1 to 63 characters.
Usage guidelines
For the binding operation to succeed, make sure the specified ELAN service template already exists and the wired AP interface is not bound to another ELAN service template.
Examples
# Bind an ELAN service template to a wired AP interface.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] ap-model WA6320H
[Sysname-wlan-ap-group-group1-ap-model-WA6320H] GigabitEthernet 1
[Sysname-wlan-ap-group-group1-ap-model-WA6320H-gigabitEthernet-1] elan service-template elan1
elan service-template (system view)
Use elan service-template to create an ELAN service template and enter its view or enter the view of an existing ELAN service template.
Use undo elan service-template to delete an ELAN service template.
Syntax
elan service-template service-template-name
undo elan service-template service-template-name
Default
No ELAN service template exists.
Views
System view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies the name of the ELAN service template, a case-insensitive string of 1 to 63 characters.
Usage guidelines
To delete an ELAN service template that has been bound to a wired AP interface, you must first unbind the service template and then delete the service template.
Examples
# Create ELAN service template elan1 and enter its view.
<Sysname> system-view
[System] elan service-template elan1
inherit exclude service-template
Use inherit exclude service-template to configure an AP to not inherit the specified service template from the AP group to which it belongs.
Use undo inherit exclude service-template to restore the default.
Syntax
inherit exclude service-template service-template-name
undo inherit exclude service-template service-template-name
Default
An AP inherits the service template bound to an AP group.
Views
Radio view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Examples
# Configure AP ap1 to not inherit service template st from an AP group.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-ap-ap1] radio 1
[Sysname-ap-ap1-radio-1] inherit exclude service-template st
keep-alive interval
Use keep-alive interval to set the guest tunnel keepalive interval.
Use undo keep-alive interval to restore the default.
Syntax
keep-alive interval interval
undo keep-alive interval
Default
The guest tunnel keepalive interval is 10 seconds.
Views
Edge AC view
Predefined user roles
network-admin
Parameters
interval: Specifies the guest tunnel keepalive interval in the range of 5 to 80 seconds.
Usage guidelines
After you specify an aggregation AC for an edge AC, the edge AC starts to send keepalive requests to the aggregation AC at the specified intervals. A guest tunnel is established once the edge AC receives a keepalive response from the aggregation AC.
After tunnel establishment, the edge AC keeps sending keepalive requests to examine the tunnel connectivity. If the edge AC fails to receive a keepalive response within three keepalive intervals, the edge AC terminates the tunnel. If the aggregation AC fails to receive a keepalive request within three keepalive intervals, the aggregation AC terminates the tunnel.
Examples
# Set the guest tunnel keepalive interval to 7 seconds.
<Sysname> system-view
[Sysname] wlan guest-tunnel edge-ac
[Sysname-wlan-edge-ac] keep-alive interval 7
map-configuration
Use map-configuration to deploy a configuration file to an AP.
Use undo map-configuration to restore the default.
Syntax
map-configuration filename
undo map-configuration
Default
No configuration file is deployed to an AP.
Views
AP view
AP group's AP model view
Predefined user roles
network-admin
Parameters
filename: Specifies a configuration file by its name, a case-insensitive string of 1 to 63 characters. The string cannot contain number signs (#). Make sure the configuration file is stored in the storage medium of the AC.
Usage guidelines
Contents in the configuration file must be complete commands.
The configuration file takes effect when the CAPWAP tunnel to the AC is in Run state. It does not survive an AP reboot.
An AP can only use its main IP address to establish a CAPWAP tunnel to the AC if the AP is configured by using a configuration file.
Examples
# Deploy configuration file downconfig.txt to AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] map-configuration downconfig.txt
# Deploy configuration file downconfig.txt to APs in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] map-configuration downconfig.txt
nas-id
Use nas-id to set the network access server identifier (NAS ID).
Syntax
nas-id nas-id
undo nas-id
Default
In AP group view, the configuration in global configuration view applies.
In virtual AP view, the configuration in virtual AP group view applies. If no configuration exists in virtual AP group view, the virtual AP uses the configuration in global configuration view.
In virtual AP group view, the configuration in global configuration view applies.
In global configuration view, no NAS ID is specified.
Views
AP view
AP group view
Virtual AP view
Virtual AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
nas-id: Specifies a NAS ID, a case-sensitive string of 1 to 63 characters.
Usage guidelines
After coming online, a client sends a RADIUS request that carries the NAS ID to notify the RADIUS server of its network access server.
You can set a NAS ID by executing this command in different views or when you bind a service template to a radio.
· The NAS ID specified when you bind a service template has the highest priority.
· If you do not specify a NAS ID when you bind a service template, the NAS ID specified by using this command in the view that has the highest priority takes effect. The following are views available for execution of this command, in descending order of priority:
¡ AP view.
¡ AP group view.
¡ Global view.
You can set a NAS ID by executing this command in different views or when you bind a service template to a radio.
· The NAS ID specified when you bind a service template has the highest priority.
· If you do not specify a NAS ID when you bind a service template, the NAS ID specified by using this command in the view that has the highest priority takes effect. The following are views available for execution of this command, in descending order of priority:
¡ Virtual AP view.
¡ Virtual AP group view.
¡ Global view.
You can also use the following methods to specify a NAS-ID:
· Specify NAS-ID in the NAS-ID profile bound to the user access VLAN.
· Specify a NAS-ID in ISP domain view.
These methods are in descending order of priority. If you have not specified a NAS-ID by executing this command or when you bind a service template to a radio, the NAS-ID specified by using the highest-priority method takes effect.
If no NAS-ID configuration exists, the device uses the device name configured by using the sysname command as the NAS-ID.
Examples
# Set the NAS ID to abc123 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] nas-id abc123
# Set the NAS ID to abc123 for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] nas-id abc123
# Set the NAS ID to abc123 for virtual AP ap1.
<Sysname> system-view
[Sysname] wlan virtual-ap ap1 model WA6320
[Sysname-wlan-virtual-ap-ap1] nas-id abc123
# Set the NAS ID to abc123 for virtual AP group group1.
<Sysname> system-view
[Sysname] wlan virtual-ap-group group1
[Sysname-wlan-virtual-ap-group-group1] nas-id abc123
# Set the global NAS ID to abc123.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] nas-id abc123
nas-port-id
Use nas-port-id to set the network access server port identifier (NAS port ID).
Use the undo nas-port-id to restore the default.
Syntax
nas-port-id nas-port-id
undo nas-port-id
Default
In AP view, the configuration in AP group view applies. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.
In AP group view, the configuration in global configuration view applies.
In virtual AP view, the configuration in virtual AP group view applies. If no configuration exists in virtual AP group view, the AP uses the configuration in global configuration view.
In virtual AP group view, the configuration in global configuration view applies.
In global configuration view, no NAS port ID is specified.
Views
AP view
AP group view
Virtual AP view
Virtual AP group view
Global configuration view
Predefined user roles
network-admin
Parameters
nas-port-id: Specifies a NAS port ID, a case-sensitive string of 1 to 63 characters.
Usage guidelines
After coming online, a client sends a RADIUS request that carries the NAS port ID to notify the RADIUS server of its network access server.
The priorities for the configuration in AP view, AP group view, and global configuration view are in descending order. You can also set the NAS port ID when binding a service template to a radio. If you have specified a NAS port ID when binding a service template to a radio, the AP uses the NAS port ID specified for the service template.
You can set a NAS port ID by executing this command in different views or when you bind a service template to a radio.
· The NAS port ID specified when you bind a service template has the highest priority.
· If you do not specify a NAS port ID when you bind a service template, the NAS port ID specified by using this command in the view that has the highest priority takes effect. The following are views available for execution of this command, in descending order of priority:
¡ AP view.
¡ AP group view.
¡ Global view.
You can set a NAS port ID by executing this command in different views or when you bind a service template to a radio.
· The NAS port ID specified when you bind a service template has the highest priority.
· If you do not specify a NAS port ID when you bind a service template, the NAS port ID specified by using this command in the view that has the highest priority takes effect. The following are views available for execution of this command, in descending order of priority:
¡ Virtual AP view.
¡ Virtual AP group view.
¡ Global view.
Examples
# Set the NAS port ID to abcd1234 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] nas-port-id abcd1234
# Set the NAS port ID to abcd1234 for AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] nas-port-id abcd1234
# Set the NAS port ID to abcd1234 for virtual AP ap1.
<Sysname> system-view
[Sysname] wlan virtual-ap ap1 model WA6320
[Sysname-wlan-virtual-ap-ap1] nas-port-id abc123
# Set the NAS port ID to abcd1234 for virtual AP group group1.
<Sysname> system-view
[Sysname] wlan virtual-ap-group group1
[Sysname-wlan-virtual-ap-group-group1] nas-port-id abc123
# Set the global NAS port ID to abcd1234.
<Sysname> system-view
[Sysname] wlan global-configuration
[Sysname-wlan-global-configuration] nas-port-id abcd1234
nas-port-type
Use nas-port-type to set the NAS port type attribute in RADIUS requests.
Use the undo nas-port-type to restore the default.
Syntax
nas-port-type value
undo nas-port-type
Default
The NAS port type is Wireless-IEEE 802.11.
Views
Service template view
Predefined user roles
network-admin
Parameters
value: Specifies a NAS port type by its code value in the range of 0 to 255. Table 22 lists the most commonly used NAS port types and their code values.
Table 22 Common NAS port types and their code values
|
NAS port type |
Code value |
|
Async |
0 |
|
Sync |
1 |
|
ISDN Sync |
2 |
|
ISDN Async V.120 |
3 |
|
ISDN Async V.110 |
4 |
|
Virtual |
5 |
|
PIAFS |
6 |
|
HDLC Clear Channel |
7 |
|
X.25 |
8 |
|
X.75 |
9 |
|
G.3 Fax |
10 |
|
SDSL |
11 |
|
ADSL-CAP |
12 |
|
ADSL-DMT |
13 |
|
IDSL |
14 |
|
Ethernet |
15 |
|
xDSL |
16 |
|
Cable |
17 |
|
Wireless-Other |
18 |
|
Wireless-IEEE 802.11 |
19 |
Usage guidelines
You can execute this command to set the NAS port type attribute in RADIUS requests for 802.11X and MAC-authenticated clients.
Make sure the service template is disabled before you execute this command.
Examples
# Set the NAS port type in RADIUS requests to 15 (Ethernet).
<Sysname> system-view
[Sysname] wlan service-template 1
[Sysname-wlan-st-1] nas-port-type 15
nas-vlan
Use nas-vlan to set the network access server VLAN identifier (NAS VLAN ID) and enable the AC to encapsulate the VLAN ID in RADIUS requests.
Use undo nas-vlan to restore the default.
Syntax
nas-vlan vlan-id
undo nas-vlan
Default
No NAS VLAN ID is set. Authentication requests sent to the RADIUS server do not contain the NAS VLAN ID field.
Views
AP view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a NAS VLAN ID in the range of 1 to 4096.
Usage guidelines
When the NAS VLAN ID is set, the AC encapsulates the VLAN ID in RADIUS requests sent to the RADIUS server to indicate clients' network access server.
Set the NAS VLAN ID on H3C devices when a third-party Security Accounting Management (SAM) server is used as the RADIUS server.
Examples
# Set the NAS VLAN ID to 1234 for the AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] nas-vlan 1234
non-vip limit rate
Use non-vip limit rate to configure non-VIP client rate limit.
Use undo non-vip limit rate to remove the configuration.
Syntax
non-vip limit rate { inbound | outbound } [ mode { dynamic [ min min-cir ] [ max max-cir ] | static } ] cir cir
undo non-vip limit rate { inbound | outbound } cir
Default
Non-VIP client rate limit is not configured.
Views
VIP client group view
Predefined user roles
network-admin
Parameters
inbound: Limits the rate of incoming traffic.
outbound: Limits the rate of outgoing traffic.
dynamic: Specifies the dynamic rate limit mode. In this mode, the limited rate for each client is the total CIR divided by the number of clients.
min min-cir: Specifies the minimum CIR for a client, in the range of 16 to 1700000 kbps.
max max-cir: Specifies the maximum CIR for a client, in the range of 16 to 1700000 kbps. The maximum CIR must be larger than the minimum CIR.
static: Specifies the static rate limit mode. In this mode, the limited rate for each client is a fixed value.
cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000.
Usage guidelines
With non-VIP client rate limit configured, all non-VIP clients associated with a radio are rate limited when the radio has associated VIP clients. When all VIP clients associated with the radio go offline or if the radio does not have associated VIP clients, non-VIP clients are not rate limited.
If dynamic rate limit is configured, the limited rate for a client is the total limited rate divided by the number of clients. If the value is smaller than the minimum CIR, the minimum CIR takes effect. If the value is larger than the maximum CIR, the maximum CIR takes effect.
If both radio-based client rate limit and non-VIP client rate limit are configured, VIP clients are not rate limited and rate limit takes effect for non-VIP clients as follows:
· If the configured rate limit modes are different, the non-VIP rate limit configuration takes effect.
· If the configured rate limit modes are the same:
¡ In static mode, the rate of the non-VIP clients takes the smaller value.
¡ In dynamic mode, the non-VIP rate limit configuration takes effect.
You can rate limit both inbound and outbound traffic.
Examples
# Configure non-VIP client rate limit in VIP client group view: enable static rate limit and set the CIR to 500 Kbps for incoming traffic, and enable dynamic rate limit and set the CIR to 100 Kbps for outgoing traffic.
<Sysname> system-view
[Sysname] wlan vip-client-group
[Sysname-wlan vip-client-group] non-vip limit rate inbound mode static cir 500
[Sysname-wlan vip-client-group] non-vip limit rate outbound mode dynamic cir 100
Related commands
client-rate-limit (radio view/AP group radio view)
quick-association enable
Use quick-association to enable quick association.
Use undo quick-association to disable quick association.
Syntax
quick-association enable
undo quick-association enable
Default
Quick association is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command disables APs from performing load balancing or band navigation on clients associated with the specified service template.
Examples
# Enable quick association for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] quick-association enable
report-interval
Use report-interval to set the interval at which an AP reports VIP client statistics to the AC.
Use undo report-interval to restore the default.
Syntax
report-interval interval
undo report-interval
Default
An AP reports VIP client statistics to the AC at intervals of 20 seconds.
Views
VIP client group view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval at which an AP reports VIP client statistics to the AC, in the range of 10 to 120 seconds.
Usage guidelines
This feature takes effect only on level-1 VIP clients.
The AC sends VIP client statistics to the cloud platform at the specified intervals (interval set by this command plus 10 in seconds).
Examples
# Set the interval at which an AP reports VIP client statistics to the AC to 36 seconds.
<Sysname> system-view
[Sysname] wlan vip-client-group
[Sysname-wlan vip-client-group] report-interval 36
reset wlan client
Use reset wlan client to log off a client or all clients.
Syntax
reset wlan client { all | mac-address mac-address }
View
User view
Predefined user roles
network-admin
Parameters
all: Specifies all clients.
mac-address mac-address: Specifies a client by its MAC address.
Examples
# Log off all clients.
<Sysname> reset wlan client all
Related commands
display wlan client
reset wlan dynamic-blacklist
Use reset wlan dynamic-blacklist to remove the specified client or all clients from the dynamic blacklist.
Syntax
reset wlan dynamic-blacklist [ mac-address mac-address ]
Views
User view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist.
Examples
# Remove all clients from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist
# Remove the specified client from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist mac-address b8ca-32a2-df69
Related commands
display wlan blacklist
reset wlan guest-tunnel
Use reset wlan guest-tunnel to delete the specified guest tunnel or all guest tunnels.
Syntax
reset wlan guest-tunnel { all | ip ipv4-address }
View
User view
Predefined user roles
network-admin
Parameters
all: Specifies all guest tunnels.
ip ipv4-address: Specifies a guest tunnel by its peer IPv4 address.
Examples
# Delete all guest tunnels.
<Sysname> reset wlan guest-tunnel all
reset wlan statistics client
Use reset wlan statistics client to clear client statistics.
Syntax
reset wlan statistics client { all | mac-address mac-address }
View
User view
Predefined user roles
network-admin
Parameters
all: Specifies all clients.
mac-address mac-address: Specifies a client by its MAC address.
Examples
# Clear statistics about all clients.
<Sysname> reset wlan statistics client all
Related commands
display wlan statistics
reset wlan statistics service-template
Use reset wlan statistics service-template to clear service template statistics.
Syntax
reset wlan statistics service-template service-template-name
View
User view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Examples
# Clear statistics about service template service1.
<Sysname> reset wlan statistics service-template service1
Related commands
display wlan statistics
service-template
Use service-template to bind a service template to a radio.
Use undo service-template to unbind a service template from a radio.
Syntax
service-template service-template-name [ vlan vlan-id1 | vlan-group vlan-group-name ] [ ssid-hide ] [ nas-port-id nas-port-id ] [ nas-id nas-id ]
undo service-template service-template-name
Default
In radio view, an AP uses the configuration in an AP group's radio view or an AP group's global radio view.
In an AP group's radio view, no service template is bound to a radio.
In an AP group's global radio view, no service template is bound to a radio.
In a virtual AP's radio view, the configuration in its virtual AP group's radio view applies.
In a virtual AP group's radio view, no service template is bound to a radio.
Views
Radio view
AP group's radio view
AP group's global radio view
Virtual AP's radio view
Virtual AP group's radio view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
vlan vlan-id1: Specifies a VLAN ID in the range of 1 to 4094.
vlan-group vlan-group-name: Specifies a VLAN group name, a case-insensitive string of 1 to 31 characters. If you do not specify this option, the radio uses the VLAN configured for the service template. For more information about configuring VLAN groups, see VLAN commands in Network Connectivity Command Reference.
ssid-hide: Hides SSIDs in beacon frames.
nas-port-id nas-port-id: Specifies a NAS port ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.
nas-id nas-id: Specifies a NAS ID, a case-insensitive string of 1 to 63 characters that do not contain spaces.
Usage guidelines
Before you bind a service template to a radio or a radio interface, you must create the service template.
If you specify a non-existent VLAN, the AC creates the VLAN when a client comes online. The outer VLAN takes effect only when centralized forwarding is enabled.
The VLAN ID or VLAN group configured using this command takes precedence over the VLAN ID configured for a service template.
The configuration in radio view takes precedence over the configuration in an AP group's radio view or an AP group's global radio view.
You cannot bind service templates to both AP group's radio view and AP group's global radio view of the same AP group. The configuration in an AP group's radio view has the same priority as the configuration in an AP group's global radio view.
The configuration in a virtual AP's radio view takes precedence over the configuration in a virtual AP group's radio view.
Restrictions and guidelines
The 6 GHz radio can only be bound to a wireless service template with either of the following features enabled:
· Use the enhanced-open enable command to enable enhanced open system authentication.
· Use the wpa3 personal mandatory command to enable the WPA3-SAE mandatory mode, and use the akm sae pwe h2e command to configure using the H2E mode to derive PWEs.
For more information about the above features, see WLAN Security Command Reference.
Examples
# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radio.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-ap-ap1] radio 1
[Sysname-ap-ap1-radio-1] service-template service1 vlan-group vg1
# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radios in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] service-template service1 vlan-group vg1
# Bind service template service1 to radio 1 and specify VLAN group vg1 for 5 GHz radios in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] radio 5g
[Sysname-wlan-ap-group-apgroup1-radio-5g] service-template service1 vlan-group vg1
# Bind service template service1 to radio 1 on virutal AP ap1 and specify VLAN group vg1 for the radio.
<Sysname> system-view
[Sysname] wlan virtual-ap ap1
[Sysname-virtual-ap-ap1] radio 1
[Sysname-virtual-ap-ap1-radio-1] service-template service1 vlan-group vg1
# Bind service template service1 to radio 1 and specify VLAN group vg1 for the radios in virtual AP group apgroup1.
<Sysname> system-view
[Sysname] wlan virtual-ap-group apgroup1
[Sysname-wlan-virtual-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-virtual-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-virtual-ap-group-apgroup1-ap-model-WA6320-radio-1] service-template service1 vlan-group vg1
service-template enable (elan service-template view)
Use service-template enable to enable the ELAN service template.
Use undo service-template enable to disable the ELAN service template.
Syntax
service-template enable
undo service-template enable
Default
The ELAN service template is disabled.
Views
ELAN service template view
Predefined user roles
network-admin
Examples
# Enable ELAN service template elan1.
<Sysname> system-view
[System] elan service-template elan1
[Sysname-st-elan1] service-template enable
service-template enable (wlan service-template view)
Use service-template enable to enable a service template.
Use undo service-template enable to disable a service template.
Syntax
service-template enable
undo service-template enable
Default
A service template is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
If the number of BSSs on a device exceeds the limit, you cannot enable a new service template.
Examples
# Enable service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] service-template enable
snmp-agent trap enable wlan client
Use snmp-agent trap enable wlan client to enable SNMP notification for client access.
Use undo snmp-agent trap enable wlan client to disable SNMP notification for client access.
Syntax
snmp-agent trap enable wlan client
undo snmp-agent trap enable wlan client
Default
SNMP notification is disabled for client access.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device sends a client status change notification to an NMS every time the status of a client changes. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notification for client access.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan client
snmp-agent trap enable wlan client-audit
Use snmp-agent trap enable wlan client-audit to enable SNMP notification for client audit.
Use undo snmp-agent trap enable wlan client-audit to disable SNMP notification for client audit.
Syntax
snmp-agent trap enable wlan client-audit
undo snmp-agent trap enable wlan client-audit
Default
SNMP notification is disabled for client audit.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device sends a client status change notification to an NMS when a client comes online, goes offline, roams to another AP, or obtains an IP address. For the notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.
Examples
# Enable SNMP notification for client audit.
<Sysname> system-view
[Sysname] snmp-agent trap enable wlan client-audit
ssid
Use ssid to set an SSID for a service template.
Use undo ssid to restore the default.
Syntax
ssid ssid-name
undo ssid
Default
No SSID is configured for a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
Disable the service template before you execute this command.
Examples
# Set the SSID to lynn for service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] ssid lynn
unknown-client
Use unknown-client to set the way that an AP processes traffic from unknown clients.
Use undo unknown-client to restore the default.
Syntax
unknown-client { deauthenticate | drop }
undo unknown-client
Default
An AP drops packets from unknown clients and deauthenticates these clients.
Views
Service template view
Predefined user roles
network-admin
Parameters
deauthenticate: Drops packets from unknown clients and deauthenticates these clients.
drop: Drops packets from unknown clients.
Examples
# Configure APs that use service template example to drop packets from unknown clients but not deauthenticate these clients.
<Sysname> system-view
[Sysname] wlan service-template example
[Sysname-wlan-st-example] unknown-client drop
vip limit rate
Use vip limit rate to enable VIP client rate limit.
Use undo vip limit rate to disable VIP client rate limit.
Syntax
vip limit rate level level { inbound | outbound } mode { dynamic [ min min-cir ] [ max max-cir ] | static } cir cir
undo vip limit rate level level { inbound | outbound }
Default
VIP client rate limit is disabled.
Views
VIP client group view
Predefined user roles
network-admin
Parameters
level level: Specifies the VIP client level. Only 2 is available.
inbound: Limits the rate of incoming traffic.
outbound: Limits the rate of outgoing traffic.
dynamic: Specifies the dynamic rate limit mode. In this mode, the limited rate for each client is the total CIR divided by the number of clients.
min min-cir: Specifies the minimum CIR for each client, in the range of 16 to 1700000 Kbps. If you do not specify this option, the command does not limit the minimum total CIR.
max max-cir: Specifies the maximum CIR for each client, in the range of 16 to 1700000 Kbps. The maximum CIR must be larger than the minimum CIR. If you do not specify this option, the command does not limit the maximum total CIR.
static: Specifies the static rate limit mode. In this mode, the limited rate for each client is a fixed value.
cir cir: Specifies the CIR in Kbps. The value range for the cir argument is 16 to 1700000 Kbps.
Usage guidelines
If a large number of VIP clients are online, you can perform this task to rate limit VIP clients to guarantee bandwidth for each client and ensure good user experience.
If you specify both the minimum and maximum CIRs for dynamic rate limit, the feature operates as follows:
· If the specified CIR divided by the total number of clients is smaller than the minimum CIR, the minimum CIR takes effect for each client.
· If the specified CIR divided by the total number of clients is larger than the maximum CIR, the maximum CIR takes effect for each client.
· If the specified CIR divided by the total number of clients is between the minimum and maximum CIRs, the specified CIR divided by the total number of clients takes effect for each client.
You can execute this command multiple times to limit the rates of both the incoming and outgoing traffic.
If you configure both VIP client rate limit and radio-based client rate limit, the configuration that takes effect depends on the rate limit modes (static or dynamic):
· If different rate limit modes are configured, VIP client rate limit takes effect.
· If the static mode is configured, the smaller CIR takes effect.
· If the dynamic mode is configured, VIP client rate limit takes effect.
Examples
# Configure static VIP client rate limit: set the CIR to 500 Kbps for incoming traffic and set the CIR to 100 Kbps for outgoing traffic.
<Sysname> system-view
[Sysname] wlan vip-client-group
[Sysname-vip-client-group] vip limit rate level 2 inbound mode static cir 500
[Sysname-vip-client-group] vip limit rate level 2 outbound mode static cir 100
Related commands
client-rate-limit (radio view/AP group radio view)
vlan
Use vlan to assign clients coming online through a service template to the specified VLAN.
Use undo vlan to restore the default.
Syntax
vlan vlan-id
undo vlan [ vlan-id ]
Default
Clients are assigned to VLAN 1 after coming online through a service template.
Views
Service template view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its VLAN ID, in the range of 1 to 4094. If the specified VLAN does not exist, this command creates the VLAN when clients come online.
Usage guidelines
Disable the service template before you execute this command.
If the specified VLAN does not exist, this command creates the VLAN when clients come online.
Examples
# Assign clients coming online through service template service1 to VLAN 2.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] vlan 2
wlan accounting-policy
Use wlan accounting-policy to create an accounting policy and enter its view or enter the view of an existing accounting policy.
Use undo wlan accounting-policy to delete an accounting policy.
Syntax
wlan accounting-policy policy-name
undo wlan accounting-policy policy-name
Default
No accounting policies exist.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the policy name, a case-insensitive string of 1 to 31 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
For the accounting server to perform differentiated accounting on different client traffic, specify multiple traffic levels for an accounting policy.
The number of accounting policies that can be created varies by device model.
Examples
# Create accounting policy abc and enter its view.
<Sysname> system-view
[Sysname] wlan accounting-policy abc
[Sysname-wlan-acctpolicy-abc]
Related commands
accounting-level
wlan apply accounting-policy
wlan ap-forwarding auto-configuration enable
Use wlan ap-forwarding auto-configuration enable to enable automatic configuration for local forwarding.
Use undo wlan ap-forwarding auto-configuration enable to disable automatic configuration for local forwarding.
Syntax
wlan ap-forwarding auto-configuration enable
undo wlan ap-forwarding auto-configuration enable
Default
Automatic configuration is enabled for local forwarding.
Views
System view
Predefined user roles
network-admin
Usage guidelines
With this feature enabled, the AC will deploy settings for local forwarding of client data frames to the uplink interface on the onboarding AP, including the port link-type trunk and port trunk permit vlan all commands. Editing and deploying these two commands to an AP by enabling remote configuration synchronization or by deploying a configuration file might affect this feature. Please be cautious.
For the configuration to take effect, you must restart the AP.
Examples
# Enable automatic configuration for local forwarding.
<Sysname> system-view
[Sysname] wlan ap-forwarding auto-configuration enable
For the configuration to take effect, you must reset APs.
Related commands
map-configuration (AP and WT Management Command Reference)
remote-configuration (AP and WT Management Command Reference)
wlan apply accounting-policy
Use wlan apply accounting-policy to apply an accounting policy to a user profile.
Use undo wlan apply accounting-policy to restore the default.
Syntax
wlan apply accounting-policy policy-name
undo wlan apply accounting-policy
Default
No accounting policy is applied to a user profile.
Views
User profile view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the policy name, a case-insensitive string of 1 to 31 characters. The string can contain letters, digits, underscores (_), dots (.), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
Usage guidelines
This feature enables APs to perform client traffic accounting based on the accounting policy applied to the user profile. Upon client association, the authentication server deploys the user profile bound to the client account to the client authenticator (AC or AP). If the AC is the authenticator, it deploys the user profile to the AP.
If no accounting policy is applied to a user profile, the system performs AAA accounting.
Accounting policy changes, including deletion, for a user profile do not affect online clients.
Examples
# Apply accounting policy abc to user profile 123.
<Sysname> system-view
[Sysname] user-profile 123
[Sysname-user-profile-123] wlan apply accounting-policy abc
Related commands
wlan accounting-policy
wlan association optimization
Use wlan association optimization to set the index for optimizing client association ratios.
Use undo wlan association optimization to restore the default.
Syntax
wlan association optimization value
undo wlan association optimization
Default
The index is 0. The device does not optimize client association ratios.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the index for optimizing client association ratios, in the range of 900 to 1000. The smaller the index is, the smaller the calculated association success ratio will be and the larger the calculated congestion ratio and abnormal disassociation ratio will be.
Usage guidelines
This feature enables the device to recalculate the client association success ratio, association congestion ratio, and abnormal disassociation ratio by using the specified index to get smaller ratio values.
The client association success ratio is the number of successful client associations divided by the total number of client association attempts. The client association congestion ratio is the number of failed client associations caused by AP overloading divided by the total number of client association attempts. The client abnormal disassociation ratio is the number of abnormal disassociations divided by the sum of successful associations and online clients.
Examples
# Set the index for optimizing client association ratios to 950.
<Sysname> system-view
[Sysname] wlan association optimization 950
wlan client bss-load-ie enable
Use wlan client bss-load-ie enable to enable beacon frames and probe responses to carry the BSS load IE.
Use undo wlan client bss-load-ie enable to disable beacon frames and probe responses from carrying the BSS load IE.
Syntax
wlan client bss-load-ie enable [ update-interval interval ]
undo wlan client bss-load-ie enable
Default
Beacon frames and probe responses do not carry the BSS load IE.
Views
System view
Predefined user roles
network-admin
Parameters
update-interval interval: Specifies the update interval for BSS load IEs, in the range of 5 to 30 seconds. The default value is 15.
Usage guidelines
A BSS load IE contains information about the number of online clients in the BSS, channel usage, and remaining media time.
As a best practice, enable this feature in Hotspot 2.0 networks or networks configured with WLAN roaming to help clients identify the optimal WLAN.
Examples
# Enable beacon frames and probe responses to carry the BSS load IE.
<Sysname> system-view
[Sysname] wlan client bss-load-ie enable
wlan client forwarding enable
Use wlan client forwarding enable to enable client traffic forwarding.
Use undo wlan client forwarding enable to disable client traffic forwarding.
Syntax
wlan client forwarding enable
undo wlan client forwarding enable
Default
Client traffic forwarding is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You must enable this feature if you configure the AC as the client traffic forwarder.
In an AC hierarchy network, if you enable this feature only on the central AC or local ACs, APs associated with such an AC cannot forward client traffic even if the associated AC fails. For APs to take over the traffic forwarding service, you must disable and then enable the service templates for the APs.
For more information about AC hierarchy, see WLAN Advanced Features Configuration Guide.
Examples
# Disable client traffic forwarding.
<Sysname> system-view
[Sysname] undo wlan client forwarding enable
Related commands
client forwarding-location
wlan client forwarding-policy-name
Use wlan client forwarding-policy-name to apply a forwarding policy to a user profile.
Use undo wlan client forwarding-policy-name to restore the default.
Syntax
wlan client forwarding-policy-name policy-name
undo wlan client forwarding-policy-name
Default
No forwarding policy is applied to a user profile.
Views
User profile view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
For the AC to perform policy-based forwarding for clients that use a user profile, apply a forwarding policy to the user profile. After a client passes authentication, the authentication server sends the user profile name specified for the client to the AC. The AC will forward traffic of the client based on the forwarding policy applied to the user profile.
For the forwarding policy applied to a user profile to take effect, perform the following tasks for the service template that the user profile uses:
· Enable policy-based forwarding.
· Specify the AC to perform client authentication.
If you modify or delete the applied forwarding policy, the change takes effect when the client comes online again.
The AC preferentially uses the forwarding policy applied to a user profile to direct client traffic forwarding. If the user profile of a client does not have a forwarding policy applied, the AC uses the forwarding policy applied to the service template.
Make sure the AC and its associated APs are in different network segments.
Examples
# Apply forwarding policy policyname to user profile profilename.
<Sysname> system-view
[Sysname] user-profile profilename
[Sysname-user-profile-profilename] wlan client forward-policy-name policyname
Related commands
client forwarding-policy enable
client-security authentication-location
wlan client reauthentication-period
Use wlan client reauthentication-period to set the idle period before client reauthentication.
Use undo wlan client reauthentication-period to restore the default.
Syntax
wlan client reauthentication-period [ period-value ]
undo wlan client reauthentication-period
Default
The idle period before client reauthentication is not set.
Views
System view
Predefined user roles
network-admin
Parameters
period-value: Specifies the idle period in the range of 1 to 3600 seconds.
Usage guidelines
When URL redirection for WLAN MAC authentication is enabled, an AP redirects clients whose information is not recorded on the RADIUS server to the specified URL for Web authentication. Clients passing Web authentication are logged off and must perform MAC reauthentication to come online. However, MAC reauthentication fails if the IP addresses assigned to the clients have not expired.
Perform this task to add these clients to the dynamic blacklist for the specified idle period after they pass Web authentication to reduce reauthentication failures.
Examples
# Set the idle period before client reauthentication to 100 seconds.
<Sysname> system-view
[Sysname] wlan client reauthentication-period 100
wlan 6g-discovery enable
|
|
NOTE: Support for this command depends on the AP model. |
Use wlan out-band 6g-discovery enable to enable 6 GHz wireless service discovery.
Use undo wlan out-band 6g-discovery enable to restore the default.
Syntax
wlan out-band 6g-discovery enable
undo wlan out-band 6g-discovery enable
Default
Out-of-band 6 GHz wireless service discovery is enabled.
Views
Global configuration view
Predefined user roles
network-admin
Parameters
out-band: Specifies out-of-band discovery for 6 GHz clients to discover 6 GHz wireless services from packets sent by 2.4 GHz and 5 GHz radios.
Usage guidelines
This configuration takes effect only on 6 GHz devices.
With this feature enabled, clients that support the 6 GHz band can discover available 6 GHz wireless services through APs' 6 GHz radios. Clients can discover 6 GHz wireless services by reading the messages sent by an AP' 2.4 GHz or 5 GHz radio. To use this method, make sure the 2.4 GHz or 5 GHz radio on the AP is enabled.
Examples
# Enable out-of-band 6 GHz wireless service discovery.
<System> system-view
[Sysname] wlan global-configuraiton
[Sysname-wlan-global-configuraiton] wlan out-band 6g-discovery enable
wlan dynamic-blacklist active-on-ap
Use wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on APs.
Use undo wlan dynamic-blacklist active-on-ap to configure the dynamic blacklist to take effect on the AC.
Syntax
wlan dynamic-blacklist active-on-ap
undo wlan dynamic-blacklist active-on-ap
Default
The dynamic blacklist takes effect on APs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If you configure the dynamic blacklist to take effect on the AC, all APs connected to the AC will reject the client in the dynamic blacklist. If you configure the dynamic blacklist to take effect on APs, the AP associated with the client in the dynamic blacklist will reject the client, but the client can still associate with other APs connected to the AC. As a best practice, configure the dynamic blacklist to take effect on the AC in high-density environments.
Examples
# Configure the dynamic blacklist to take effect on the AC.
<Sysname> system-view
[Sysname] undo wlan dynamic-blacklist active-on-ap
wlan dynamic-blacklist lifetime
Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries.
Use undo wlan dynamic-blacklist lifetime to restore the default.
Syntax
wlan dynamic-blacklist lifetime lifetime
undo wlan dynamic-blacklist lifetime
Default
The aging time is 300 seconds for dynamic blacklist entries.
Views
System view
Predefined user roles
network-admin
Parameters
lifetime: Specifies the aging time in the range of 1 to 3600 seconds.
Usage guidelines
The configured aging time takes effect only on entries added to the dynamic blacklist after this command is executed.
The aging time for dynamic blacklist entries only applies to rogue client entries.
Examples
# Set the aging time for dynamic blacklist entries to 3600 seconds.
<Sysname> system-view
[Sysname] wlan dynamic-blacklist lifetime 3600
wlan forwarding-policy
Use wlan forwarding-policy to create a forwarding policy and enter its view, or enter the view of an existing forwarding policy.
Use undo wlan forwarding-policy to delete a forwarding policy.
Syntax
wlan forwarding-policy policy-name
undo wlan forwarding-policy policy-name
Default
No forwarding policies are created.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a forwarding policy name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
Actions defined in ACL rules do not take effect in wireless packet forwarding. All matched packets are forwarded based on the forwarding mode.
You can create a maximum of 1000 forwarding policies.
Examples
# Create forwarding policy abc and enter its view.
<Sysname> system-view
[Sysname] wlan forwarding-policy abc
[Sysname-wlan-fp-abc]
wlan guest-tunnel
Use wlan guest-tunnel { aggregation-ac | edge-ac } to set the AC role and enter its view or directly enter the view of an edge AC or aggregation AC.
Use undo wlan guest-tunnel to restore the default.
Syntax
wlan guest-tunnel { aggregation-ac | edge-ac }
undo wlan guest-tunnel
Default
An AC is neither an aggregation AC nor an edge AC.
Views
Any view
Predefined user roles
network-admin
Parameters
aggregation-ac: Specifies the AC as an aggregation AC.
edge-ac: Specifies the AC as an edge AC.
Usage guidelines
To change the role of an AC, you must first restore the default AC role.
Restoring the default AC role removes all the guest tunnel settings on the AC.
Examples
# Set the AC role to aggregation and enter its view.
<Sysname> system-view
[Sysname] wlan guest-tunnel aggregation-ac
[Sysname-wlan-aggregation-ac]
wlan guest-tunnel flow-distribute enable
Use wlan guest-tunnel flow-distribute enable to enable guest tunnel flow distribution.
Use undo wlan guest-tunnel flow-distribute enable to disable guest tunnel flow distribution.
Syntax
wlan guest-tunnel flow-distribute enable
undo wlan guest-tunnel flow-distribute enable
Default
Guest tunnel flow distribution is disabled.
Views
Edge AC view
Aggregation AC view
Predefined user roles
network-admin
Usage guidelines
This feature enables the device to distribute guest tunnel flows to different CPUs before they are encrypted by IPsec to improve forwarding efficiency.
Enable this feature only when IPsec is configured for guest tunnels.
This feature must be enabled or disabled at the same time on the edge AC and the aggregation AC of a guest tunnel.
Examples
# Enable guest tunnel flow distribution on an edge AC.
<Sysname> system-view
[Sysname] wlan guest-tunnel edge-ac
[Sysname-wlan-edge-ac] wlan guest-tunnel flow-distribute enable
wlan link-test
Use wlan link-test to test wireless link quality.
Syntax
wlan link-test mac-address
Views
Any view
Predefined user roles
network-admin
Parameters
mac-address: Specifies the client MAC address in the H-H-H format.
Usage guidelines
Wireless link quality detection enables an AP to test the quality of the link to a wireless client. The AP sends empty data frames to the client at each supported rate. Then it calculates link quality information such as RSSI, packet retransmissions, and RTT based on the responses from the client.
The timeout timer for wireless link quality detection is 10 seconds. If wireless link detection is not completed within the timeout timer, test results cannot be obtained.
This function does not take effect on APs with client data fast forwarding level 3. You can use the option client fast-forwarding enable command to modify the client fast forwarding level of the AP
Examples
# Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0.
<Sysname> wlan link-test 60a4-4cda-eff0
Testing link to 60a4-4cda-eff0. Press CTRL + C to break.
Link Status
-----------------------------------------------------------------------
MAC address: 60a4-4cda-eff0
-----------------------------------------------------------------------
HE-MCS Rate(Mbps) Tx packets Rx packets RSSI Retries RTT(ms)
-----------------------------------------------------------------------
NSS = 1
-----------------------------------------------------------------------
0 36 5 5 85 2 1
1 72.1 5 5 86 3 1
2 108.1 5 5 86 3 1
3 144.1 5 5 82 6 2
4 216.2 5 5 81 10 27
5 288.2 5 5 82 10 4
6 324.3 5 5 86 4 18
7 360.3 5 5 83 5 3
8 432.4 5 5 83 10 2
9 480.4 5 5 83 2 2
10 540.4 5 5 84 5 2
11 600.5 5 5 83 4 23
-----------------------------------------------------------------------
NSS = 2
-----------------------------------------------------------------------
0 72.1 5 5 81 1 1
1 144.1 5 5 82 4 1
2 216.2 5 5 83 3 11
3 288.2 5 5 84 7 24
4 432.4 5 5 81 1 3
5 576.5 5 5 83 4 1
6 648.5 5 5 81 4 1
7 720.6 5 5 81 8 12
8 864.7 5 5 83 16 7
9 960.8 5 5 81 10 1
10 1080.9 5 5 84 4 63
11 1201 5 5 82 0 49
Table 23 Command output
|
Field |
Description |
|
No./MCS/VHT-MCS/HE-MCS |
· No.—Rate number for link quality test on 802.11a, 802.11b, or 802.11g clients. · MCS—MCS index for link quality test on 802.11n clients. · VHT-MCS—VHT-MCS index for link quality test on 802.11ac clients. · HE-MCS—HE-MCS index for link quality test on 802.11ax clients. |
|
Rate(Mbps) |
Rate at which the AP sends wireless link quality detection frames. |
|
Tx packets |
Number of wireless link quality detection frames sent by the AP. |
|
Rx packets |
Number of responses received by the AP. |
|
RSSI |
RSSI of the client detected by the AP. |
|
Retries |
Number of wireless link quality retransmission frames sent by the AP. |
|
RTT(ms) |
Round trip time for link quality test frames from the AP to the client. |
|
NSS |
Number of spatial streams for link quality test on 802.11n, 802.11ac, or 802.11ax clients. |
wlan nas-port-id format
Use wlan nas-port-id format to set the format of NAS port IDs for wireless clients.
Use undo wlan nas-port-id format to restore the default.
Syntax
wlan nas-port-id format { 2 | 4 }
undo wlan nas-port-id format
Default
Clients use format 2 to generate NAS port IDs.
Views
System view
Predefined user roles
network-admin
Parameters
2: Specifies the SlotID00IfNOVlanID format.
· SlotID—Slot ID for client access, a string of two characters.
· IfNO—Interface number for client access, a string of three characters.
· VlanID—VLAN ID for client access, a string of nine characters.
4: Specifies the slot=**;subslot=**;port=**;vlanid=**;vlanid2=** format. The vlanid2 field is available only for clients accessing the WLAN through an interface configured with VLAN termination.
Usage guidelines
802.1X and MAC-authenticated clients fill NAS port IDs in the specified format in RADIUS packets.
If a NAS port ID has been specified by using the nas-port-id command, clients use the specified NAS port ID.
Examples
# Set the NAS port ID format to format 4.
<Sysname> system-view
[Sysname] wlan nas-port-id format 4
Related commands
nas-port-id
wlan permit-ap-group
Use wlan permit-ap-group to specify a permitted AP group for client association.
Use undo permit-ap-group to delete a permitted AP group.
Syntax
wlan permit-ap-group ap-group-name
undo wlan permit-ap-group [ ap-group-name ]
Default
No permitted AP group is specified for client association.
Views
User profile view
Predefined user roles
network-admin
Parameters
ap-group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
If no permitted AP group is specified for client association, client access is not restricted.
If you specify a permitted AP group for client association, clients can only associate with APs in the AP group.
The undo form of the command deletes all permitted AP groups if you do not specify the ap-group-name argument.
Examples
# Specify AP group group1 as the permitted AP group for client association.
<Sysname> system-view
[Sysname] user-profile profile1
[Sysname-user-profile-profile1] wlan permit-ap-group group1
wlan permit-ssid
Use wlan permit-ssid to specify a permitted SSID for client association.
Use undo permit-ssid to delete a permitted SSID.
Syntax
wlan permit-ssid ssid-name
undo wlan permit-ssid [ ssid-name ]
Default
No permitted SSID is specified for client association.
Views
User profile view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
If no permitted SSID is specified for client association, client association is not restricted.
If you specify a permitted SSID for client association, clients can only associate with WLANs through the SSID.
The undo form of the command deletes all permitted SSIDs if you do not specify the ssid-name argument.
Examples
# Specify SSID ssid1 as the permitted SSID for client access.
<Sysname> system-view
[Sysname] user-profile profile1
[Sysname-user-profile-profile1] wlan permit-ssid ssid1
wlan service-template
Use wlan service-template to create a service template and enter its view, or enter the view of an existing service template.
Use undo wlan service-template to delete a service template.
Syntax
wlan service-template service-template-name
undo wlan service-template service-template-name
Default
No service template exists.
Views
System view
Predefined user roles
network-admin
Parameters
service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
You cannot delete a service template that has been bound to a radio.
Examples
# Create service template service1 and enter its view.
<Sysname> system-view
[Sysname] wlan service-template service1
wlan static-blacklist mac-address
Use wlan static-blacklist mac-address to add a client to the static blacklist.
Use undo wlan static-blacklist mac-address to remove a client from the static blacklist.
Syntax
wlan static-blacklist mac-address mac-address
undo wlan static-blacklist [ mac-address mac-address ]
Default
No clients exist in the static blacklist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.
Usage guidelines
If you add an online client to the static blacklist, the command logs off the client.
You cannot add a client to both the whitelist and the static blacklist.
The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.
Do not add multicast or broadcast MAC addresses to the static blacklist.
Examples
# Add MAC address 001c-f0bf-9c92 to the static blacklist.
<Sysname> system-view
[Sysname] wlan static-blacklist mac-address 001c-f0bf-9c92
Related commands
display wlan blacklist
wlan vip-client-group
Use wlan vip-client-group to create the VIP client group and enter its view or enter the view of the existing VIP client group.
Use undo wlan vip-client-group to delete the VIP client group.
Syntax
wlan vip-client-group
undo wlan vip-client-group
Default
No VIP client group exists.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You can view information about online clients in the VIP client group from the cloud platform.
Examples
# Create the VIP client group.
<Sysname> system-view
[Sysname] wlan vip-client-group
[Sysname-wlan vip-client-group]
wlan web-server api-path
Use wlan web-server api-path to specify the path of the Web server to which client information is reported.
Use undo wlan web-server api-path to restore the default.
Syntax
wlan web-server api-path path
undo wlan web-server api-path
Default
The path of the Web server is not specified.
Views
System view
Predefined user roles
network-admin
Parameters
path: Specifies a path, a case-sensitive string of 1 to 256 characters.
Usage guidelines
The Web server accepts client information only when the server's host name, port number, and path are specified.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the path of the Web server as /wlan/dev-cfg (the Web server URL is https://www.example.com:668/wlan/dev-cfg).
<Sysname> system-view
[Sysname] wlan web-server api-path /wlan/dev-cfg
Related commands
wlan web-server host
wlan web-server max-client-entry
wlan web-server host
Use wlan web-server host to specify the host name and port number of the Web server to which client information is reported.
Use undo wlan web-server host to restore the default.
Syntax
wlan web-server host host-name port port-number
undo wlan web-server host
Default
The host name and port number of the Web server are not specified.
Views
System view
Predefined user roles
network-admin
Parameters
host host-name: Specifies a host name, a case-insensitive string of 3 to 127 characters that can contain letters, digits, hyphens (-), underscores (_), and dots (.).
port port-number: Specifies a port number in the range of 1 to 65534.
Usage guidelines
The Web server accepts client information only when the server's host name, port number, and path are specified.
Client information changes are reported to the Web server in real time.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the host name and port number of the Web server as www.example.com and 668, respectively.
<Sysname> system-view
[Sysname] wlan web-server host www.example.com port 668
Related commands
wlan web-server api-path
wlan web-server max-client-entry
wlan web-server max-client-entry
Use wlan web-server max-client-entry to set the maximum number of client entries that can be reported at a time.
Use undo wlan web-server max-client-entry to restore the default.
Syntax
wlan web-server max-client-entry number
undo wlan web-server max-client-entry
Default
A maximum of ten client entries can be reported at a time.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies a maximum number of client entries that can be reported at a time, in the range of 1 to 25.
Examples
# Set the maximum of client entries that can be reported at a time to 12.
<Sysname> system-view
[Sysname] wlan web-server max-client-entry 12
Related commands
wlan web-server api-path
wlan web-server host
wlan whitelist mac-address
Use wlan whitelist mac-address to add a client to the whitelist.
Use undo wlan whitelist mac-address to remove a client from the whitelist.
Syntax
wlan whitelist mac-address mac-address
undo wlan whitelist [ mac-address mac-address ]
Default
No clients exist in the whitelist.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address mac-address: Specifies a client by its MAC address in the format of H-H-H.
Usage guidelines
When you add the first client to the whitelist, the system asks you whether to disconnect all online clients. Enter Y at the prompt to configure the whitelist.
If you remove an online client from the whitelist, the command logs off the client. If you remove all clients from the whitelist, online clients will not be logged off.
You cannot add a client to both the whitelist and the static blacklist.
The undo form of the command removes all clients from the whitelist if you do not specify the mac-address mac-address option.
Do not add multicast or broadcast MAC addresses to the whitelist.
Examples
# Add MAC address 001c-f0bf-9c92 to the whitelist.
<Sysname> system-view
[Sysname] wlan whitelist mac-address 001c-f0bf-9c92
This command will disconnect all clients. Continue? [Y/N]:
Related commands
display wlan whitelist
