Login
- Table of Contents
-
- 12-WLAN Advanced Features Command Reference
- 00-Preface
- 01-WLAN optimization commands
- 02-Hotspot 2.0 commands
- 03-WLAN probe commands
- 04-WSA commands
- 05-Wireless location commands
- 06-WLAN process maintenance commands
- 07-Bonjour gateway commands
- 08-WLAN mesh commands
- 09-AC hierarchy commands
- 10-WLAN forwarding commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-WLAN optimization commands | 307.70 KB |
option broadcast-multicast-buffer
option channel-reuse-optimization
option client hide-node-protection
option directional-antenna-selection
option max-interfer-threshold
option non-local-packet rate-limit cir
option optimize-link-performance
option rx-opportunity-optimize
rrop anti-bmc protocol arp mode
rrop anti-bmc protocol nd mode
rrop anti-bmc upstream client-rate-limit
rrop anti-bmc upstream client-rate-limit enable
rrop anti-bmc upstream client-rate-limit pps
rrop traffic-policy priority tcp
rrop traffic-policy priority udp
rrop ul-arp attack-suppression enable
WLAN optimization commands
option 4-way-handshake resend
Use option 4-way-handshake resend to set the maximum number of retransmissions for an EAPOL-Key packet and the retransmission interval.
Use undo option 4-way-handshake resend to restore the default.
Syntax
option 4-way-handshake resend max-count [ interval interval ]
undo option 4-way-handshake resend
Default
The maximum number of retransmissions for an EAPOL-Key packet is three, and the retransmission interval is 300 milliseconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
resend max-count: Specifies the maximum number of retransmissions for an EAPOL-Key packet, in the range of 0 to 3.
interval interval: Specifies the retransmission interval in the range of 200 to 500 milliseconds.
Usage guidelines
In Robust Security Network Association (RSNA) authentication, an AP and a client use EAPOL-Key packets in the four-way handshake to negotiate the keys. After that, the AP and the client periodically exchange EAPOL-Key packets to update the keys.
During key negotiation or update, the AP keeps retransmitting an EAPOL-Key packet until a response is received or the maximum number of retries for an EAPOL-Key packet is reached.
The system starts to count the retries when the maximum number of retransmissions is reached.
To ensure successful RSN key negotiation or update, you can increase the maximum number of retransmissions and the maximum number of retries for an EAPOL-Key packet.
For more information about RSN key negotiation or update, see "Configuring WLAN security."
Examples
# In service template view, set the maximum number of retransmissions for an EAPOL-Key packet to one and the retransmission interval to 400 milliseconds.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-svervice1] option 4-way-handshake resend 1 interval 400
Related commands
option 4-way-handshake retry
option 4-way-handshake retry
Use option 4-way-handshake retry to set the maximum number of retries for an EAPOL-Key packet and the retry interval.
Use undo option 4-way-handshake retry to restore the default.
Syntax
option 4-way-handshake retry max-count [ interval interval ]
undo option 4-way-handshake retry
Default
The maximum number of retries for an EAPOL-Key packet is three, and the retry interval is 5 seconds.
Views
Service template view
Predefined user roles
network-admin
Parameters
retry max-count: Specifies the maximum number of retries for an EAPOL-Key packet, in the range of 0 to 3.
interval interval: Specifies the retry interval in the range of 2 to 5 seconds.
Usage guidelines
During RSN key negotiation or update, an AP keeps retransmitting an EAPOL-Key packet until a response is received or the maximum number of retries for an EAPOL-Key packet is reached.
The system starts to count the retries when the maximum number of retransmissions is reached.
If you execute this command for multiple times, the most recent configuration takes effect.
Examples
# In service template view, set the maximum number of retries for an EAPOL-Key packet to two and the retry interval to 3 seconds.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] option 4-way-handshake retry 2 interval 3
Related commands
option 4-way-handshake resend
option broadcast-multicast-buffer
Use option broadcast-multicast-buffer enable to enable multicast and broadcast buffering.
Use option broadcast-multicast-buffer disable to disable multicast and broadcast buffering.
Use undo option broadcast-multicast-buffer to restore the default.
Syntax
option broadcast-multicast-buffer { disable | enable [ limit limit ] }
undo option broadcast-multicast-buffer
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, multicast and broadcast buffering is enabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
limit limit: Specifies the maximum number of multicast or broadcast packets that can be buffered. The value range for the limit argument is 1 to 600 and the default value is 100.
Usage guidelines
With this feature enabled, the AC stops sending broadcast and multicast packets and buffers them if an associated client is in sleep state. This mechanism affects the performance of real-time multicast applications.
With this feature disabled, the AC directly sends all broadcast and multicast packets regardless of whether an associated client is in sleep state.
Examples
# Disable multicast and broadcast buffering for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option broadcast-multicast-buffer disable
# Disable multicast and broadcast buffering for APs in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option broadcast-multicast-buffer disable
option capacity-adjust
Use option capacity-adjust enable to enable transmit power adjustment.
Use option capacity-adjust disable to disable transmit power adjustment.
Use undo capacity-adjust to restore the default.
Syntax
option capacity-adjust { disable | enable [ all ] { increase | decrease } value }
undo option capacity-adjust
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, transmit power adjustment is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
all: Configures transmit power adjustment for all rates. If you do not specify this keyword, the command configures transmit power adjustment for mandatory rates.
increase: Increases the transmit power.
decrease: Decreases the transmit power.
value: Specifies the transmit power adjustment value in the range of 1 to 27 dBm.
Usage guidelines
This feature enables an AP to use the adjusted transmit power to transmit packets.
Examples
# Enable transmit power adjustment for AP ap1, and increase the transmit power by 1 dBm for all rates.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option capacity-adjust all increase 1
# Enable transmit power adjustment for APs in AP group apgroup1, and increase the transmit power by 1 dBm for all rates.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option capacity-adjust all increase 1
option channel-reuse-optimization
Use option channel-reuse-optimization enable to enable channel reuse.
Use option channel-reuse-optimization disable to disable channel reuse.
Use undo option channel-reuse-optimization to restore the default.
Syntax
option channel-reuse-optimization { disable | enable level level }
undo option channel-reuse-optimization
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, channel reuse is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
level level: Specifies the channel reuse level in the range of 1 to 10. The recommended channel reuse level is 6.
Usage guidelines
This feature enables an AP to ignore packets with a signal strength lower than the specified channel reuse level. This mechanism enables the AP to obtain more radio resources and improves the performance of APs working on the same channel.
Examples
# Enable channel reuse for AP ap1 and set the channel reuse level to 5.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option channel-reuse-optimization enable level 5
# Enable channel reuse for APs in AP group 1 and set the channel reuse level to 5.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option channel-reuse-optimization enable level 5
option channel-share
Use option channel-share enable to enable channel sharing.
Use option channel-share disable to disable channel sharing.
Use undo channel-share to restore the default.
Syntax
option channel-share { disable | enable power-level power-level }
undo channel-share
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, channel sharing is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
power-level power-level: Specifies the power level for channel sharing, in the range of 1 to 40. The recommended value is 30.
Usage guidelines
When this feature is enabled, an AP sends or does not send packets according to whether the detected signals are stronger or weaker than the specified power level. This mechanism avoids channel collision and interference.
Examples
# Enable channel sharing for AP ap1 and set the power level to 30.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option channel-share enable power-level 30
# Enable channel sharing for APs in AP group apgroup1 and set the power level to 30.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option channel-share enable power-level 30
option client fast-forwarding
Use option client fast-forwarding enable to enable fast forwarding of AP-to-client data frames.
Use option client fast-forwarding disable to disable fast forwarding of AP-to-client data frames.
Use undo option client fast-forwarding to restore the default.
Syntax
option client fast-forwarding { ap-setting | disable | enable level level-value }
undo option client fast-forwarding
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the default AP setting is used.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
ap-setting: Uses the default AP setting.
level level-value: Specifies the fast forwarding level in the range of 1 to 4.
Usage guidelines
This feature enables an AP to forward data frames to clients without extra processing (such as verification and counting) to improve processing efficiency.
With this feature configured, if the level changes, the AP restarts for the change to take effect.
Examples
# Enable fast forwarding of AP-to-client data frames for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option client fast-forwarding enable level 1
[Sysname-wlan-ap-ap1-radio-1] After changing the fast-forward level, the AP will reboot and apply the new configuration. Continue? [Y/N]:
[Sysname-wlan-ap-ap1-radio-1] Y
# Enable fast forwarding of AP-to-client data frames for APs in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client fast-forwarding enable level 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] After changing the fast-forward level, the AP will reboot and apply the new configuration. Continue? [Y/N]:
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] Y
option client hide-node-protection
Use option client hide-node-protection enable to enable hidden node protection.
Use option client hide-node-protection disable to disable hidden node protection.
Use undo option client hide-node-protection to restore the default.
Syntax
option client hide-node-protection { disable | enable }
undo option client hide-node-protection
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, hidden node protection is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only on 802.11g, 802.11n, 802.11ac, and 802.11ax clients.
This feature enables clients to send RTS or CTS frames before transmitting frames to avoid interference from hidden nodes.
Examples
# Enable hidden node protection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option client hide-node-protection enable
# Enable hidden node protection for APs in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client hide-node-protection enable
option client reconnect
Use option client reconnect enable to enable AP-triggered client reassociation.
Use option client reconnect disable to disable AP-triggered client reassociation.
Use undo option client reconnect to restore the default.
Syntax
option client reconnect { disable | enable [ rssi rssi-value ] [ interval interval ] }
undo option client reconnect
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the configuration in the AP group's global radio view is used.
In an AP group's global radio view, AP-triggered client reassociation is disabled.
Views
Radio view
AP group's radio view
AP group's global radio view
Predefined user roles
network-admin
Parameters
rssi rssi-value: Specifies the RSSI threshold in the range of 5 to 100. The default and recommended RSSI thresholds are 10 and 20, respectively.
interval interval: Specifies the interval at which an AP detects the signal strength of the clients. The value range for the interval argument is 3 to 10 seconds and the default interval is 3 seconds.
Usage guidelines
This feature enables an AP to send deauthentication frames to a client when the AP detects that the signal strength of the client is lower than the specified RSSI threshold. Then, the client can reassociate with the AP or roam to another AP.
Examples
# Enable AP-triggered client reassociation for AP ap1. Set the RSSI threshold and detection interval to 30 and 5 seconds, respectively.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option client reconnect enable rssi 30 interval 5
# Enable AP-triggered client reassociation for APs in AP group 1. Set the RSSI threshold and detection interval to 30 and 5 seconds, respectively.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client reconnect enable rssi 30 interval 5
# Enable AP-triggered client reassociation for 2.4GHz radios in AP group 1. Set the RSSI threshold and detection interval to 30 and 5 seconds, respectively.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] radio 2.4g
[Sysname-wlan-ap-group-1-radio-2.4g] option client reconnect enable rssi 30 interval 5
option client reject
Use option client reject enable to enable an AP to reject weak-signal clients.
Use option client reject disable to disable an AP from rejecting weak-signal clients.
Use undo option client reject to restore the default.
Syntax
option client reject { disable | enable [ rssi rssi-value ] }
undo option client reject
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the configuration in the AP group's global radio view is used.
In an AP group's global radio view, a radio does not reject weak-signal clients.
Views
Radio view
AP group's radio view
AP group's global radio view
Predefined user roles
network-admin
Parameters
rssi rssi-value: Specifies the RSSI threshold in the range of 5 to 100. Both the default and recommended RSSI thresholds are 10.
Usage guidelines
This feature enables an AP to reject clients with an RSSI lower than the specified threshold to release channel resources and enhance WLAN performance.
After you enable this feature, wireless clients with an RSSI lower than the threshold might fail to access the WLAN.
After a client accesses the WLAN, an AP will not log off the client with an RSSI lower than the threshold but will reject the client after it disconnects from the network.
Examples
# Enable AP ap1 to reject clients with an RSSI lower than 30 dBm.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option client reject enable rssi 30
# Enable APs in AP group 1 to reject clients with an RSSI lower than 30 dBm.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option client reject enable rssi 30
# Enable 2.4 GHz radios in AP group 1 to reject clients with an RSSI lower than 30 dBm.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] radio 2.4g
[Sysname-wlan-ap-group-1-radio-2.4g] option client reject enable rssi 30
option directional-antenna-selection
Use option directional-antenna-selection enable to enable dynamic directional antenna selection.
Use option directional-antenna-selection disable to disable dynamic directional antenna selection.
Use undo option directional-antenna-selection to restore the default.
Syntax
option directional-antenna-selection { disable | enable }
undo option directional-antenna-selection
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, dynamic directional antenna selection is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to dynamically adjust its signal transmitting mode based on the signal transmitting mode and signal strength of the CPEs to improve user experience.
Examples
# Enable dynamic directional antenna selection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA2620X
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option directional-antenna-selection enable
# Enable dynamic directional antenna selection for APs in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA2620X
[Sysname-wlan-ap-group-1-ap-model-WA2620X] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA2620X-radio-1] option directional-antenna-selection enable
option dot11n-restraint
Use option dot11n-restraint enable to enable 802.11n packet suppression.
Use option dot11n-restraint disable to disable 802.11n packet suppression.
Use undo dot11n-restraint to restore the default.
Syntax
option dot11n-restraint { disable | enable packet-number packet-number packet-length packet-length [ inbound | outbound ] [ tid tid-number ] }
undo option dot11n-restraint
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, 802.11n packet suppression is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
packet-number packet-number: Specifies the maximum number of MPDUs that can be aggregated into an A-MPDU, in the range of 1 to 64. The recommended value is 8.
packet-length packet-length: Specifies the maximum A-MPDU length, in the range of 2000 to 380000 bytes. The recommended value is 6000.
inbound: Specifies 802.11n packet suppression in the inbound direction.
outbound: Specifies 802.11n packet suppression in the outbound direction.
tid tid-number: Specifies a traffic identifier, in the range of 0 to 7. The queue type varies by TID value.
· 0 and 3—AC-BE queue.
· 1 and 2—AC-BK queue.
· 4 and 5—AC-VI queue.
· 6 and 7—AC-VO queue.
If you do not specify this option, 802.11n packet suppression applies to all types of packets.
Usage guidelines
Perform this task to suppress 802.11n packets by defining the maximum number of aggregated MPDUs and the maximum A-MPDU length. The two thresholds take effect at the same time. If either threshold is reached, the AP stops aggregation and sends the A-MPDU.
Examples
# Enable 802.11n packet suppression for AP ap1. Set the maximum number of MPDUs that can be aggregated into an A-MPDU and the maximum A-MPDU length to 30 and 10000 bytes, respectively.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option dot11n-restraint enable packet-number 30 packer-length 10000
# Enable 802.11n packet suppression for APs in AP group apgroup1. Set the maximum number of MPDUs that can be aggregated into an A-MPDU and the maximum A-MPDU length to 30 and 10000 bytes, respectively.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option dot11n-restraint enable packet-number 30 packer-length 10000
option immediate-transmit
Use option immediate-transmit enable to enable immediate packet sending.
Use option immediate-transmit disable to disable immediate packet sending.
Use undo immediate-transmit to restore the default.
Syntax
option immediate-transmit { disable | enable }
undo immediate-transmit
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, immediate packet sending is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
When you enable this feature, APs do not detect channel collision before sending packets to save system resources and improve network throughput. Enabling this feature might cause hidden node problems. When you disable this feature, wireless devices send RTS/CTS packets to avoid channel collision.
Examples
# Disable immediate packet sending for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option immediate-transmit disable
# Disable immediate packet sending for APs in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option immediate-transmit disable
option keep-active
Use option keep-active enable to enable decreasing the sleep interval of wireless clients.
Use option keep-active disable to disable decreasing the sleep interval of wireless clients.
Use undo option keep-active to restore the default.
Syntax
option keep-active { disable | enable }
undo option keep-active
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, decreasing the sleep interval of wireless clients is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
A wireless client in sleep state listens for traffic indication map (TIM) information in beacon frames to determine whether the associated AP has buffered packets for it. This feature enables an AP to modify the TIM information in beacon frames to decrease the sleep interval of wireless clients to improve transmission efficiency.
Examples
# Enable decreasing the sleep interval of wireless clients for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option keep-active enable
# Enable decreasing the sleep interval of wireless clients for APs in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model- WA6320-radio-1] option keep-active enable
option max-interfer-threshold
Use option max-interfer-threshold enable to set the maximum interference threshold.
Use option max-interfer-threshold disable to remove the configuration.
Use undo max-interfer-threshold to restore the default.
Syntax
option max-interfer-threshold { disable | enable value }
undo max-interfer-threshold
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the maximum interference threshold is not set.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
value: Specifies the maximum interference threshold in the range of 20 to 120 dBm. The recommended value is 50.
Examples
# Set the maximum interference threshold to 30 dBm for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option max-interfer-threshold enable 30
# Set the maximum interference threshold to 30 dBm for APs in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option max-interfer-threshold enable 30
option non-local-packet rate-limit cir
Use option non-local-packet rate-limit cir to set a rate limit for packets destined to radios on other APs.
Use undo option non-local-packet rate-limit cir to restore the default.
Syntax
option non-local-packet rate-limit cir cir
undo option non-local-packet rate-limit cir
Default
No rate limit is set for packets destined to radios on other APs.
Views
Radio view
Predefined user roles
network-admin
Parameters
cir cir: Specifies the CIR for packets destined to radios on other APs, in the range of 1 to 1300000 Kbps.
Usage guidelines
After you enable the scanning service (such as wireless probing, WLAN location, and WIPS) for an AP, a radio on the AP might receive packets destined to radios on a different AP than the radio. Such packets will increase the CPU usage and decrease the processing efficiency for packets destined to radios on the AP.
To address this issue, configure this command to set a rate limit for packets destined to radios on other APs.
Examples
# Set the CIR to 8 Kbps for packets destined to radios on other APs.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option non-local-packet rate-limit cir 8000
option optimize-link-performance
Use option optimize-link-performance { inbound | outbound } enable to enable link performance optimization.
Use option optimize-link-performance { inbound | outbound } disable to disable link performance optimization.
Use undo optimize-link-performance to restore the default.
Syntax
option optimize-link-performance { inbound | outbound } { disable | enable } [ value ]
undo optimize-link-performance { inbound | outbound }
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, link performance optimization is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
inbound: Optimizes downlink performance.
outbound: Optimizes uplink performance.
value: Specifies the packet fragmentation threshold in the range of 1 to 2048 bytes.
Examples
# Enable uplink performance optimization for AP ap1 and set the packet fragmentation threshold to 100 bytes.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option optimize-link-performance outbound enable 100
# Enable uplink performance optimization for APs in AP group apgroup1 and set the packet fragmentation threshold to 100 bytes.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model- WA6320-radio-1] option optimize-link-performance outbound enable 100
option power-supply
Use option power-supply enable to specify a power supply mode for an AP to adjust the transmit power.
Use option power-supply disable to disable this feature.
Use undo power-supply to restore the default.
Syntax
option power-supply { disable | enable { local | poe | poeplus } }
undo power-supply
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, APs do not adjust the transmit power according to the power supply mode.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
local: Specifies the local power supply mode.
poe: Specifies the PoE power supply mode.
poeplus: Specifies the PoE+ power supply mode.
Examples
# Configure AP ap1 to use the transmit power corresponding to the PoE+ power supply mode.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option power-supply enable poeplus
# Configure APs in AP group apgroup1 to use the transmit power corresponding to the PoE+ power supply mode.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option power-supply enable poeplus
option probe-response-try
Use option probe-response-try enable to set the maximum number of probe response attempts.
Use option probe-response-try disable to remove the configuration.
Use undo probe-response-try to restore the default.
Syntax
option probe-response-try { disable | enable number }
undo probe-response-try
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the maximum number of probe response attempts is not limited.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of probe response attempts, in the range of 1 to 16.
Usage guidelines
Perform this task to reduce the number of probe responses sent by a radio to save resources and improve network performance.
Examples
# Set the maximum number of probe response attempts to 10 for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option probe-response-try enable 10
# Set the maximum number of probe response attempts to 10 for APs in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option probe-response-try enable 10
option rate-algorithm emr
|
|
IMPORTANT: This command might decrease the network throughput. |
Use option rate-algorithm emr enable to enable the EMR algorithm.
Use option rate-algorithm emr disable to disable the EMR algorithm.
Use undo option rate-algorithm emr to restore the default.
Syntax
option rate-algorithm emr { disable | enable }
undo option rate-algorithm emr
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the EMR algorithm is disabled. A radio uses a rate that ensures the maximum throughput.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to use the ensure minimum rate (EMR) algorithm to ensure the connection reliability.
Examples
# Enable the EMR algorithm for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option rate-algorithm emr enable
# Enable the EMR algorithm for APs in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option rate-algorithm emr enable
option roam-navigation
Use option roam-navigation enable to enable roaming navigation.
Use option roam-navigation disable to disable roaming navigation.
Use undo option roam-navigation to restore the default.
Syntax
option roam-navigation { disable | enable rssi rssi-value { beacon-power power-value | probe-response-power power-value } }
undo option roam-navigation
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, roaming navigation is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
rssi rssi-value: Specifies the RSSI threshold in the range of 1 to 50. The recommended RSSI threshold is 20.
beacon-power power-value: Specifies the transmit power for beacon frames, in the range of 1 to 30 dBm. The recommended transmit power is 10 dBm.
probe-response-power power-value: Specifies the transmit power for probe response frames, in the range of 1 to 30 dBm. The recommended transmit power is 10 dBm.
Usage guidelines
If you set the transmit power for beacons or probe responses, the system uses the default transmit power to transmit other packets.
Examples
# Enable roaming navigation for AP ap1. Set the RSSI threshold to 10 and the transmit power for beacon frames to 10 dBm.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option roam-navigation enable rssi 10 beacon-power 10
# Enable roaming navigation for APs in AP group apgroup1. Set the RSSI threshold to 10 and the transmit power for probe response frames to 10 dBm.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model- WA6320-radio-1] option roam-navigation enable rssi 10 probe-response-power 10
option rx-broadcast-all
Use option rx-broadcast-all enable to enable an AP to receive all broadcast packets.
Use option rx-broadcast-all disable to disable an AP to receive all broadcast packets.
Use undo rx-broadcast-all to restore the default.
Syntax
option rx-broadcast-all { disable | enable }
undo rx-broadcast-all
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, receiving all broadcast packets is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
The system detects spoofing attacks by listening for broadcast deauthentication and disassociation packets. Perform this task to enable an AP to receive all broadcasts so that the AP can detect spoofing attacks.
This feature is not applicable to 5 GHz radios of 802.11ac APs.
Examples
# Enable AP ap1 to receive all broadcast packets.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option rx-broadcast-all enable
# Enable APs in AP group apgroup1 to receive all broadcast packets.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option rx-broadcast-all enable
option rx-opportunity-optimize
Use option rx-opportunity-optimize enable to enable packet receiving timing adjustment.
Use option rx-opportunity-optimize disable to disable packet receiving timing adjustment.
Use undo option rx-opportunity-optimize to restore the default.
Syntax
option rx-opportunity-optimize { disable | enable }
undo option rx-opportunity-optimize
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, packet receiving timing adjustment is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
This feature enables an AP to adjust the timing for receiving packet to achieve the optimal receiving effect.
Examples
# Enable packet receiving timing adjustment for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option rx-opportunity-optimize enable
# Enable packet receiving timing adjustment for APs in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option rx-opportunity-optimize enable
option signal-ignore
Use option signal-ignore enable to enable an AP to ignore weak signals.
Use option signal-ignore disable to disable an AP from ignoring weak signals.
Use undo option signal-ignore to restore the default.
Syntax
option signal-ignore { disable | enable rssi rssi-value }
undo option signal-ignore
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, a radio does not ignore weak signals.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
rssi rssi-value: Specifies the RSSI threshold in the range of 1 to 30. The recommended RSSI threshold is 10.
Usage guidelines
This feature enables an AP to ignore packets with a signal strength lower than the specified RSSI threshold. Enabling this feature might cause collisions and interference among devices on the same channel.
Examples
# Enable AP ap1 to ignore weak signals and set the RSSI threshold to 10.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option signal-ignore enable rssi 10
# Enable APs in AP group 1 to ignore weak signals and set the RSSI threshold to 10.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option signal-ignore enable rssi 10
option smart-chip-protection
Use option smart-chip-protection enable to enable smart chip protection.
Use option smart-chip-protection disable to disable smart chip protection.
Use undo option smart-chip-protection to restore the default.
Syntax
option smart-chip-protection { disable | enable interval interval }
undo option smart-chip-protection
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, smart chip protection is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
interval interval: Specifies the interval at which smart chip protection is enabled, in the range of 1 to 24 hours.
Examples
# Enable smart chip protection for AP ap1 and set the enabling interval to 10 hours.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option smart-chip-protection enable interval 10
# Enable smart chip protection for APs and set the enabling interval to 10 hours.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] option smart-chip-protection enable interval 10
option subway-band-width
Use option subway-band-width enable to enable the narrow bandwidth feature.
Use option subway-band-width disable to disable the narrow bandwidth feature.
Use undo subway-band-width to restore the default.
Syntax
option subway-band-width { disable | enable { 5 | 10 } }
undo subway-band-width
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the narrow bandwidth feature is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
5: Configures the radio to operate in 5 MHz bandwidth mode.
10: Configures the radio to operate in 10 MHz bandwidth mode.
Usage guidelines
When the bandwidth decreases, the signal strength is improved, and the risks of signal interference are reduced.
Examples
# Enable the narrow bandwidth feature for AP ap1, and set the bandwidth to 5 MHz.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option subway-band-width enable 5
# Enable the narrow bandwidth feature for APs in AP group apgroup1, and set the bandwidth to 5 MHz.
<Sysname> system-view
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-1] option subway-band-width enable 5
option tpc
Use option tpc enable to enable per-packet transmit power control.
Use option tpc disable to disable per-packet transmit power control.
Use undo option tpc to restore the default.
Syntax
option tpc { disable | enable [ minpower minpower | powerstep powerstep | rssistep rssistep | rssithreshold rssithreshold ] }
undo option tpc
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, per-packet transmit power control is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
minpower minpower: Specifies the minimum transmit power in the range of 1 to 27. The default value is 10.
powerstep powerstep: Specifies the step value for transmit power decrease, in the range of 1 to 15. The default value is 5.
rssistep rssistep: Specifies the step value for RSSI adjustment, in the range of 1 to 20. The default value is 10.
rssithreshold rssithreshold: Specifies the RSSI threshold for per-packet transmit power control, in the range of 20 to 95. The default value is 65.
Usage guidelines
This feature enables an AP to dynamically perform transmit power control on a per packet basis. For example, the AP reduces the transmit power when it sends packets to a client with high RSSI. This feature can reduce power consumption, radiation, and interference to improve user experience.
This feature is not applicable to 5 GHz radios of 802.11ac APs.
Examples
# Enable per-packet transmit power control for AP ap1, and set the minimum transmit power to 20.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 2
[Sysname-wlan-ap-ap1-radio-2] option tpc enable minpower 20
# Enable per-packet transmit power control for APs in AP group apgroup1, and set the minimum transmit power to 20.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA6320
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320] radio 2
[Sysname-wlan-ap-group-apgroup1-ap-model-WA6320-radio-2] option tpc enable minpower 20
option x-share quiet
Use option x-share quiet enable to enable the quiet mode.
Use option x-share quiet disable to disable the quiet mode.
Use undo option x-share quiet to restore the default.
Syntax
option x-share quiet { disable | enable }
undo option x-share quiet
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the quiet mode is disabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Usage guidelines
This feature is applicable only to X-share APs. When you enable the quiet mode for an X-share AP, the AP sends every packet by using only one antenna to save resources and reduce radiation.
Examples
# Enable the quiet mode for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-X
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] option x-share quiet enable
# Enable the quiet mode for APs in AP group apgroup1.
<Sysname> system-view
[Sysname] wlan ap-group apgroup1
[Sysname-wlan-ap-group-apgroup1] ap-model WA4320i-X
[Sysname-wlan-ap-group-apgroup1-ap-model-WA4320i-X] radio 1
[Sysname-wlan-ap-group-apgroup1-ap-model- WA4320i-X-radio-1] option x-share quiet enable
rrop anti-bmc default-action
Use rrop anti-bmc default-action permit to configure an AP to forward broadcast and multicast packets through radio interfaces.
Use rrop anti-bmc default-action deny to configure an AP to discard broadcast and multicast packets.
Use undo rrop anti-bmc default-action to restore the default.
Syntax
rrop anti-bmc default-action { deny | permit }
undo rrop anti-bmc default-action
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP forwards broadcast and multicast packets through radio interfaces.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
After you execute the rrop anti-bmc default-action permit command on an AP, the AP forwards all received broadcast and multicast packets.
After you execute the rrop anti-bmc default-action deny command on an AP, the AP discards all received broadcast and multicast packets.
If you execute this command together with the rrop anti-bmc network enable command, the rrop anti-bmc network enable command takes effect.
This command is applicable only when software forwarding is used.
Examples
# Configure AP ap1 to discard broadcast and multicast packets.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop anti-bmc default-action deny
# Configure APs in AP group 10 to discard broadcast and multicast packets.
<Sysname> system-view
[Sysname] wlan ap-group 10
[Sysname-ap-group10] rrop anti-bmc default-action deny
Related commands
rrop anti-bmc network
rrop anti-bmc network
Use rrop anti-bmc network enable to enable basic broadcast and multicast packet control.
Use rrop anti-bmc network disable to disable basic broadcast and multicast packet control.
Use undo rrop anti-bmc network to restore the default.
Syntax
rrop anti-bmc network { disable | { ipv4-simple | ipv6-simple | ipv4-and-ipv6-simple } enable }
undo rrop anti-bmc network
Default
In AP view, an AP uses the configuration in AP group view. In no configuration exists in AP group view, an AP uses the configuration in system view.
In AP group view, an AP uses the configuration in system view.
In system view, basic broadcast and multicast packet control is enabled.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
ipv4-simple: Specify basic IPv4 network packets.
ipv6-simple: Specify basic IPv6 network packets.
ipv4-and-ipv6-simple: Specify basic IPv4 and IPv6 network packets.
Usage guidelines
After this feature is enabled in an IPv4 network, the AP performs the following tasks for the requests received from the AC:
· Answers ARP requests.
· Discards DHCP requests.
· Processes other IPv4 basic broadcast and multicast packets as follows:
¡ If the rrop anti-bmc default-action deny command is not executed, the AP processes other IPv4 basic broadcast and multicast packets normally.
¡ If the rrop anti-bmc default-action deny command is executed, the AP discards other IPv4 basic broadcast and multicast packets.
After this feature is enabled in an IPv6 network, the AP performs the following tasks for the requests received from the AC:
· Discards RS messages and DHCPv6 requests.
· Forwards RA messages through unicast.
· Answers NS messages.
· Processes other IPv6 basic broadcast and multicast packets as follows:
¡ If neither the rrop anti-bmc default-action deny nor the rrop anti-bmc protocol ipv6 deny command is executed, the AP processes other IPv6 basic broadcast and multicast packets normally.
¡ If either the rrop anti-bmc default-action deny or the rrop anti-bmc protocol ipv6 deny command is executed, the AP discards other IPv6 basic broadcast and multicast packets.
This command is applicable only when software forwarding is used.
Examples
# Enable basic broadcast and multicast packet control for AP ap1 in an IPv4 network.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop anti-bmc network ipv4-simple enable
# Enable basic broadcast and multicast packet control for APs in AP group group1 in an IPv4 network.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc network ipv4-simple enable
# Enable basic broadcast and multicast packet control in an IPv4 network.
<Sysname> system-view
[Sysname] rrop anti-bmc network ipv4-simple enable
rrop anti-bmc protocol arp mode
Use rrop anti-bmc protocol arp mode to configure the action to take on ARP packets.
Use undo rrop anti-bmc protocol arp to restore the default.
Syntax
rrop anti-bmc protocol arp mode { proxy-reply | unicast-forward }
undo rrop anti-bmc protocol arp
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP uses the configuration in system view.
In system view, APs convert ARP packets to unicast packets and then forward them.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
proxy-reply: Enables APs to reply to ARP packets.
unicast-forward: Enables APs to convert ARP packets to unicast packets and then forward them.
Usage guidelines
Configure this feature to reduce ARP packets in the WLAN.
· With the proxy-reply keyword specified, an AP sends an ARP response instead of forwarding the ARP request if the target IP address in the ARP request matches the client entry on the AP. The sender address in the response is the target IP address. The sender MAC address and the source MAC address at the data link layer both are the MAC address bound to the target IP address in the client entry.
· With the unicast-forward keyword specified, an AP changes the target MAC address in the ARP request and the destination MAC address at the data link layer to the MAC address bound to the target IP address in the client entry. Then the AP converts the ARP packet to a unicast packet and forwards it.
This feature takes effect only after you use the rrop anti-bmc network ipv4-simple enable command to enable basic broadcast and multicast packet control for the IPv4 network.
Examples
# Configure AP ap1 to reply to received wired ARP packets.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-wlan-ap-ap1] rrop anti-bmc protocol arp mode proxy-reply
# Configure APs in AP group group1 to reply to received wired ARP packets.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc protocol arp mode proxy-reply
# Configure all APs to reply to received wired ARP packets.
<Sysname> system-view
[Sysname] rrop anti-bmc protocol arp mode proxy-reply
Related commands
rrop anti-bmc network
rrop anti-bmc protocol ipv6
Use rrop anti-bmc protocol ipv6 continue to configure an AP to take the default action specified by the rrop anti-bmc default-action command on IPv6 multicast packets.
Use rrop anti-bmc protocol ipv6 deny to configure an AP to discard IPv6 multicast packets.
Use undo rrop anti-bmc protocol ipv6 to restore the default.
Syntax
rrop anti-bmc protocol ipv6 { continue | deny }
undo rrop anti-bmc protocol ipv6
Default
An AP takes the default action specified by the rrop anti-bmc default-action command on IPv6 multicast packets.
Views
System view
Predefined user roles
network-admin
Usage guidelines
After you execute the rrop anti-bmc protocol ipv6 continue command on an AP, the AP continue to execute the configuration of the rrop anti-bmc default-action command.
After you execute the rrop anti-bmc protocol ipv6 deny command on an AP, the AP discards all broadcast and multicast packets. If you execute the rrop anti-bmc protocol ipv6 deny and rrop anti-bmc network enable commands together, the rrop anti-bmc network enable command takes effect.
Examples
# Configure AP ap1 to discard IPv6 multicast packets.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop anti-bmc protocol ipv6 deny
# Configure APs in AP group group1 to discard IPv6 multicast packets.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc protocol ipv6 deny
Related commands
rrop anti-bmc default-action
rrop anti-bmc network
rrop anti-bmc protocol nd mode
Use rrop anti-bmc protocol nd mode to configure the action to take on ND packets.
Use undo rrop anti-bmc protocol nd to restore the default.
Syntax
rrop anti-bmc protocol nd mode { proxy-reply | unicast-forward }
undo rrop anti-bmc protocol nd
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP uses the configuration in system view.
In system view, APs convert ARP packets to unicast packets and then forward them.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
proxy-reply: Enables APs to reply to ND packets.
unicast-forward: Enables APs to convert ND packets to unicast packets and then forward them.
Usage guidelines
Configure this feature to reduce ND packets in the WLAN.
· With the proxy-reply keyword specified, an AP sends an ND response instead of forwarding the ARP request if the target IP address in the ND request matches the client entry on the AP. The sender address in the response is the target IP address. The sender MAC address and the source MAC address at the data link layer both are the MAC address bound to the target IP address in the client entry.
· With the unicast-forward keyword specified, an AP changes the target MAC address in the ND request and the destination MAC address at the data link layer to the MAC address bound to the target IP address in the client entry. Then the AP converts the ND packet to a unicast packet and forwards it.
This feature takes effect only after you use the rrop anti-bmc network ipv6-simple enable command to enable basic broadcast and multicast packet control for the IPv6 network.
Examples
# Configure AP ap1 to reply to received wired ND packets.
<Sysname> system-view
[Sysname] wlan ap ap1
[Sysname-wlan-ap-ap1] rrop anti-bmc protocol nd mode proxy-reply
# Configure APs in AP group group1 to reply to received wired ND packets.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc protocol nd mode proxy-reply
# Configure all APs to reply to received wired ND packets.
<Sysname> system-view
[Sysname] rrop anti-bmc protocol nd mode proxy-reply
Related commands
rrop anti-bmc network
rrop anti-bmc rate-limit
Use rrop anti-bmc rate-limit enable to enable rate limiting for downlink broadcast or multicast packets.
Use rrop anti-bmc rate-limit disable to disable rate limiting for downlink broadcast or multicast packets.
Use undo rrop anti-bmc rate-limit to restore the default.
Syntax
rrop anti-bmc { broadcast | multicast } rate-limit { disable | enable }
undo rrop anti-bmc { broadcast | multicast } rate-limit
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, rate limitingg is disabled for downlink broadcast or multicast packets.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
broadcast: Specifies broadcast packets.
multicast: Specifies multicast packets.
Examples
# On AP ap1, enable rate limiting for downlink broadcast packets.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop anti-bmc broadcast rate-limit enable
# In AP group group1, enable rate limiting for downlink broadcast packets.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc broadcast rate-limit enable
Related commands
rrop anti-bmc rate-limit pps
rrop anti-bmc rate-limit pps
Use rrop anti-bmc rate-limit pps to set the maximum sending rate of downlink broadcast or multicast packets.
Use undo rrop anti-bmc rate-limit pps to restore the default.
Syntax
rrop anti-bmc { broadcast | multicast } rate-limit pps max-pps
undo rrop anti-bmc { broadcast | multicast } rate-limit pps
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, no limit is configured on the sending rate of downlink broadcast or multicast packets.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
broadcast: Specifies broadcast packets.
multicast: Specifies multicast packets.
pps max-pps: Specifies the maximum sending rate of downlink broadcast or multicast packets. The value range is 1 to 1410000. The AP discards the broadcast or multicast packets exceeding the specified sending rate limit.
Usage guidelines
This command takes effect only after you enable rate limiting for downlink broadcast or multicast packets.
Examples
# On AP ap1, set the maximum sending rate of downlink broadcast packets to 1024.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop anti-bmc broadcast rate-limit enable
[Sysname-wlan-ap-ap1] rrop anti-bmc broadcast rate-limit pps 1024
# In AP group group1, set the maximum sending rate of downlink broadcast packets to 1024.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc broadcast rate-limit enable
[Sysname-ap-group-group1] rrop anti-bmc broadcast rate-limit pps 1024
Related commands
rrop anti-bmc rate-limit
rrop anti-bmc upstream client-rate-limit
Use rrop anti-bmc upstream client-rate-limit enable to enable rate limiting for uplink broadcast or multicast packets.
Use rrop anti-bmc upstream client-rate-limit disable to disable rate limiting for uplink broadcast or multicast packets.
Use undo rrop anti-bmc upstream client-rate-limit to restore the default.
Syntax
rrop anti-bmc { broadcast | multicast } upstream client-rate-limit { disable | enable }
undo rrop anti-bmc { broadcast | multicast } upstream client-rate-limit
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP group uses the configuration in system view.
In system view, rate limiting is disabled for uplink broadcast or multicast packets.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
broadcast: Specifies broadcast packets.
multicast: Specifies multicast packets.
Usage guidelines
When an AP receives a large number of broadcast or multicast packets from wireless clients, the related gateway might be interrupted. To avoid this issue, use this command to enable rate limiting for uplink broadcast or multicast packets.
Examples
# On AP ap1, enable rate limiting for uplink broadcast packets.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop anti-bmc broadcast upstream client-rate-limit enable
# In AP group group1, enable rate limiting for uplink broadcast packets.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc broadcast upstream client-rate-limit enable
# In system view, enable rate limiting for uplink broadcast packets.
<Sysname> system-view
[Sysname] rrop anti-bmc broadcast upstream client-rate-limit enable
Related commands
rrop anti-bmc upstream rate-limit pps
rrop anti-bmc upstream client-rate-limit enable
Use rrop anti-bmc upstream client-rate-limit enable to enable rate limiting for uplink broadcast or multicast packets.
Use undo rrop anti-bmc upstream client-rate-limit to restore the default.
Syntax
rrop anti-bmc { broadcast | multicast } upstream client-rate-limit enable
undo rrop anti-bmc { broadcast | multicast } upstream client-rate-limit
Default
Rate limiting is disabled for uplink broadcast or multicast packets.
Views
System view
Predefined user roles
network-admin
Parameters
broadcast: Specifies broadcast packets.
multicast: Specifies multicast packets.
Usage guidelines
When an AP receives a large number of broadcast or multicast packets from wireless clients, the related gateway might be interrupted. To avoid this issue, use this command to enable rate limiting for uplink broadcast or multicast packets.
Examples
# Enable rate limiting for uplink broadcast packets.
<Sysname> system-view
[Sysname] rrop anti-bmc broadcast upstream client-rate-limit enable
Related commands
rrop anti-bmc upstream rate-limit pps
rrop anti-bmc upstream client-rate-limit pps
Use rrop anti-bmc upstream client-rate-limit pps to set the maximum sending rate of uplink broadcast or multicast packets.
Use undo rrop anti-bmc upstream client-rate-limit pps to restore the default.
Syntax
rrop anti-bmc { broadcast | multicast } upstream client-rate-limit pps max-pps
undo rrop anti-bmc { broadcast | multicast } upstream client-rate-limit pps
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP group uses the configuration in system view.
In system view, no limit is configured on the sending rate of uplink broadcast or multicast packets.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
broadcast: Specifies broadcast packets.
multicast: Specifies multicast packets.
pps max-pps: Specifies the maximum sending rate of uplink broadcast or multicast packets. The value range is 1 to 1410000. The AP discards the broadcast or multicast packets exceeding the specified sending rate limit.
Usage guidelines
This command takes effect only after you enable rate limiting for uplink broadcast or multicast packets.
Examples
# On AP ap1, set the maximum sending rate of uplink broadcast packets to 1024.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop anti-bmc broadcast upstream client-rate-limit pps 1024
# In AP group group1, set the maximum sending rate of uplink broadcast packets to 1024.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop anti-bmc broadcast upstream client-rate-limit pps 1024
# In system view, set the maximum sending rate of uplink broadcast packets to 1024.
<Sysname> system-view
[Sysname] rrop anti-bmc broadcast upstream client-rate-limit pps 1024
Related commands
rrop anti-bmc upstream rate-limit
rrop arp ap-proxy-gateway
Use rrop arp ap-proxy-gateway enable to enable an AP to reply ARP requests of clients on behalf of the gateway.
Use rrop arp ap-proxy-gateway disable to disable an AP from replying ARP requests of clients on behalf of the gateway.
Use undo rrop arp ap-proxy-gateway enable to restore the default.
Syntax
rrop arp ap-proxy-gateway { disable | enable [ count count ] }
undo rrop arp ap-proxy-gateway enable
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP uses the configuration in system view.
In system view, APs do not reply ARP requests of clients on behalf of the gateway.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
count count: Specifies the maximum number of ARP requests that the AP can reply on behalf of the gateway in a reply period. The value range for the count argument is 1 to 4096, and the default value is 10.
Usage guidelines
Perform this task to enable the AP to reply ARP requests of clients on behalf of the gateway. If the MAC address of the gateway changes during a reply period, ARP failures might occur. To resolve this issue, you can specify a limit for the number of ARP requests that the AP can reply on behalf of the gateway in a reply period. When the number of ARP requests that the AP has replied reaches the limit, the AP will forward an ARP request to the gateway and perform either of the following tasks:
· If the gateway replies to the ARP request, the AP starts a new reply period with the new MAC address of the gateway.
· If the gateway does not reply to the ARP request, the AP starts a new reply period with the original MAC address of the gateway.
As a best practice to reduce the gateway's service load, enable this feature when the gateway's service load is heavy or the network condition is poor.
Examples
# Enable AP ap1 to reply ARP requests of clients on behalf of the gateway.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop arp ap-proxy-gateway enable
# Enable APs in AP group group1 to reply ARP requests of clients on behalf of the gateway.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop arp ap-proxy-gateway enable
# Enable APs to reply ARP requests of clients on behalf of the gateway.
<Sysname> system-view
[Sysname] rrop arp ap-proxy-gateway enable
rrop client fast-keep-alive
Use rrop client fast-keep-alive enable to enable client fast keepalive.
Use rrop client fast-keep-alive disable to disable client fast keepalive.
Use undo rrop client fast-keep-alive to restore the default.
Syntax
rrop client fast-keep-alive { disable | enable [ count count-value ] }
undo rrop client fast-keep-alive
Default
In radio view, a radio uses the configuration in the AP group's radio view.
In an AP group's radio view, the client fast keepalive feature is enabled.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
count count-value: Specifies the maximum number of keepalive packets that an AP can send to a client, in the range of 128 to 2048. The default value is 450.
Usage guidelines
To quickly determine whether clients are online and save radio resources, execute this command to set the maximum number of keepalive packets that an AP can send to a client. The AP logs off a client if it does not receive any replies from the client after sending the specified number of keepalive packets to the client.
This command is mainly used in scenarios with high client mobility. If the network quality is poor, reduce the maximum number of keepalive packets that an AP can send to a client. As a best practice, use the default setting in scenarios with stable clients.
The configuration in radio view takes precedence over the configuration in an AP group's radio view.
Examples
# Enable client fast keepalive for AP ap1 and set the maximum number of keepalive packets to 300.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrop client fast-keep-alive enable count 300
# Enable client fast keepalive for APs in AP group group1 and set the maximum number of keepalive packets to 300.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] rrop client fast-keep-alive enable count 300
Related commands
client keep-alive (WLAN Access Command Reference)
rrop flow-schedule mode
Use rrop flow-schedule mode to set the traffic scheduling mode for APs.
Use undo rrop flow-schedule mode to restore the default.
Syntax
rrop flow-schedule mode { balanced | quick-speed | intelligent [ channel-usage-threshold threshold-value ] [ max max-value ] [ min min-value ] }
undo rrop flow-schedule mode
Views
Radio view
AP group's radio view
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the traffic scheduling mode is quick-speed.
Predefined user roles
network-admin
Parameters
balanced: Specifies the balanced mode. In this mode, the bandwidth is evenly distributed among the clients.
quick-speed: Specifies the quick-speed mode. In this mode, clients compete for bandwidth based on their own traffic.
intelligent: Specifies the intelligent mode. In this mode, the bandwidth is evenly distributed among the clients. Idle clients allocate their idle bandwidth to high-traffic clients based on an algorithm while ensuring their own bandwidth.
channel-usage-threshold threshold-value: Specifies the channel usage threshold in intelligent scheduling mode, in the range of 1 to 99. When the channel usage drops below the threshold-value, the system disables the intelligent mode and uses the quick-speed mode. When the channel usage reaches or exceeds the threshold-value, the intelligent mode resumes. If you do not specify the threshold, the intelligent mode will remain enabled regardless of the actual channel usage.
max max-value: Specifies the maximum client rate in the range of 16 to 1700000 in Kbps.
min min-value: Specifies the minimum client rate in the range of 16 to 1700000 in Kbps. The maximum value must be greater than the minimum value.
Usage guidelines
Applicable scenarios
As a best practice, use the balanced mode in scenarios where fairness must be ensured, such as office environments. In scenarios with a small number of clients or where the performance of high-traffic clients must be ensured, use the high-speed mode. In scenarios with a large number of clients and a significant number of idle clients, use the intelligent mode to improve the bandwidth usage.
Operating mechanism
After you specify the AP group-based flow scheduling mode, the AC calculates the available total bandwidth based on factors such as channel usage, maximum speed, and number of clients. The AC then allocates available bandwidth to the clients associated with the AP based on the mode.
This feature has a lower priority than radio-based client rate limit. When both features are configured, radio-based client rate limit configured by using the client-rate-limit enable command takes effect.
Examples
# Specify the balanced flow scheduling mode for AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1]ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320]radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] rrop flow-schedule mode balanced
# Specify the quick-speed flow scheduling mode for radio 1 on AP 1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] rrop flow-schedule mode quick-speed
rrop software-retry
Use rrop software-retry enable to enable software retransmission and set the maximum number of software retransmissions.
Use rrop software-retry disable to disable software retransmission.
Use undo rrop software-retry to restore the default.
Syntax
rrop software-retry { unicast [ eap ] | broadcast-multicast } enable count count
rrop software-retry { unicast [ eap ] | broadcast-multicast } disable
undo rrop software-retry { unicast [ eap ] | broadcast-multicast }
Default
In radio view, a radio uses the configuration in an AP group's radio view.
In an AP group's radio view, the maximum number of software retransmissions varies by device model.
Views
Radio view
AP group's radio view
Predefined user roles
network-admin
Parameters
unicast: Configures software retransmission for unicast packets.
eap: Configures software retransmission for EAP packets.
broadcast-multicast: Configures software retransmission for broadcast and multicast packets.
count count: Specifies the maximum number of software retransmissions, in the range of 0 to 16.
Examples
# Set the maximum number of software retransmissions for EAP packets to the default for radio 1 of AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] radio 1
[Sysname-wlan-ap-ap1-radio-1] undo rrop software-retry unicast eap
# Set the maximum number of software retransmissions for broadcast and multicast packets to the default for radio 1 of APs in AP group 1.
<Sysname> system-view
[Sysname] wlan ap-group 1
[Sysname-wlan-ap-group-1] ap-model WA6320
[Sysname-wlan-ap-group-1-ap-model-WA6320] radio 1
[Sysname-wlan-ap-group-1-ap-model-WA6320-radio-1] undo rrop software-retry broadcast-multicast
rrop traffic-policy priority tcp
Use rrop traffic-policy priority tcp to specify a DSCP value for TCP packets with the specified port numbers.
Use undo rrop traffic-policy priority tcp to delete the DSCP value for TCP packets with the specified port numbers.
Syntax
rrop traffic-policy priority tcp port-num-list dscp value
undo rrop traffic-policy priority tcp { port-num-list | all }
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, no DSCP value is specified for TCP packets.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
port-num-list: Specifies a list of up to 20 TCP ports. The port number range is 1 to 65535.
dscp value: Specifies a DSCP value in the range of 0 to 63.
all: Deletes all the DSCP values specified for TCP packets.
Usage guidelines
A greater DSCP value represents a higher packet priority.
This command takes effect only on downstream packets.
If you execute this command with the same DSCP value multiple times, you can specify the DSCP value for up to 20 TCP ports.
If you execute this command with different DSCP values multiple times, the most recent configuration takes effect.
Examples
# Configure AP ap1 to use 50 as the DSCP value for TCP packets with port numbers 8001 and 8002.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop traffic-policy priority tcp 8001 8002 dscp 50
# Configure APs in AP group 1 to use 50 as the DSCP value for TCP packets with port numbers 8001 and 8002.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] rrop traffic-policy priority tcp 8001 8002 dscp 50
rrop traffic-policy priority udp
Use rrop traffic-policy priority udp to specify a DSCP value for UDP packets with the specified port numbers.
Use undo rrop traffic-policy priority udp tcp to delete the DSCP value for UDP packets with the specified port numbers.
Syntax
rrop traffic-policy priority udp port-num-list dscp value
undo rrop traffic-policy priority udp { port-num-list | all }
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, no DSCP value is specified for UDP packets.
Views
AP view
AP group view
Predefined user roles
network-admin
Parameters
port-num-list: Specifies a list of up to 20 UDP ports. The port number range is 1 to 65535.
dscp value: Specifies a DSCP value in the range of 0 to 63.
all: Deletes all the DSCP values specified for UDP packets.
Usage guidelines
A greater DSCP value represents a higher packet priority.
This command takes effect only on downstream packets.
If you execute this command with the same DSCP value multiple times, you can specify the DSCP value for up to 20 UDP ports.
If you execute this command with different DSCP values multiple times, the most recent configuration takes effect.
Examples
# Configure AP ap1 to use 50 as the DSCP value for UDP packets with port numbers 8001 and 8002.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop traffic-policy priority udp 8001 8002 dscp 50
# Configure APs in AP group 1 to use 50 as the DSCP value for UDP packets with port numbers 8001 and 8002.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-wlan-ap-group-group1] rrop traffic-policy priority udp 8001 8002 dscp 50
rrop ul-arp attack-suppression enable
Use rrop ul-arp attack-suppression enable to enable upstream ARP packet suppression.
Use rrop ul-arp attack-suppression disable to disable upstream ARP packet suppression.
Use undo rrop ul-arp attack-suppression enable to restore the default.
Syntax
rrop ul-arp attack-suppression { disable | enable [ threshold threshold-value ] [ block-time time ] }
undo rrop ul-arp attack-suppression enable
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, an AP uses the configuration in system view.
In system view, upstream ARP packet suppression is disabled.
Views
AP view
AP group view
System view
Predefined user roles
network-admin
Parameters
threshold threshold-value: Specifies the threshold for triggering upstream ARP packet suppression. If the number of ARP packets that an AP receives from a client in one second reaches the threshold, the AP discards all ARP packets from the client within the specified suppression period. The value range for the threshold-value argument is 2 to 4096, and the default value is 10.
block-time time: Specify the upstream ARP packet suppression period in the range of 10 to 6000 seconds. The default suppression period is 60 seconds.
Usage guidelines
Execute this command to protect APs against ARP flooding attacks. If the number of ARP packets that a client sends to an AP in one second reaches the specified threshold, the AP discards all ARP packets from the client within the specified time period.
This command does not take effect on ARP requests for the gateway.
Examples
# Enable upstream ARP packet suppression for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] rrop ul-arp attack-suppression enable
# Enable upstream ARP packet suppression for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] rrop ul-arp attack-suppression enable
# Enable upstream ARP packet suppression for all APs.
<Sysname> system-view
[Sysname] rrop ul-arp attack-suppression enable
rrop ul-bpdu forward enable
Use rrop ul-bpdu forward enable to enable uplink STP BPDUs to pass through on APs.
Use undo rrop ul-bpdu forward to restore the default.
Syntax
rrop ul-bpdu forward enable
undo rrop ul-bpdu forward
Default
Uplink STP BPDUs cannot pass through on APs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
In most networks, wireless devices are deployed at the edge and do not participate in STP calculations. Some devices send STP BPDUs proactively, which affects network STP calculations, so APs normally discard client STP BPDUs sent to the wired network.
In special networks, if such packets need to pass through, you can enable this feature. APs will allow client STP BPDUs to pass to the wired side.
This feature does not affect STP BPDUs in mesh networks.
Examples
# Enable uplink STP BPDUs to pass through on APs.
<Sysname> system-view
[Sysname] rrop ul-bpdu forward enable
wlan client inspect
Use wlan client inspect enable to enable client inspection.
Use wlan client inspect disable to disable client inspection.
Use undo wlan client inspect to restore the default.
Syntax
wlan client inspect { disable | enable }
undo wlan client inspect
Default
In AP view, an AP uses the configuration in AP group view.
In AP group view, client inspection is disabled.
Views
AP view
AP group view
Predefined user roles
network-admin
Usage guidelines
The client inspection feature enables you to view information about packets exchanged and time consumed in each stage of the client association process.
In the current software version, the client inspection feature supports only client association, client association failure, and IP address lease extension events.
Examples
# Enable client inspection for AP ap1.
<Sysname> system-view
[Sysname] wlan ap ap1 model WA6320
[Sysname-wlan-ap-ap1] wlan client inspect enable
# Enable client inspection for APs in AP group group1.
<Sysname> system-view
[Sysname] wlan ap-group group1
[Sysname-ap-group-group1] wlan client inspect enable
