Академический Документы
Профессиональный Документы
Культура Документы
Abstract This document describes the commands and command syntax options available for the HP A Series products. This document is intended for network planners, field technical support and servicing engineers, and network administrators who work with HP A Series products.
Contents
WLAN interface configuration commands 1 default 1 description 1 display interface wlan-bss 2 display interface wlan-ethernet 4 display interface wlan-radio 5 interface wlan-bss 8 interface wlan-ethernet 9 interface wlan-radio 9 shutdown (WLAN-Radio interface view) 10 shutdown (WLAN-BSS interface view) 10 WLAN configuration commands 12 802.11 MAC configuration commands 12 a-mpdu enable 12 a-msdu enable 13 beacon ssid-hide 13 beacon-interval 14 channel 15 channel band-width 15 client dot11n-only 16 client max-count (service template view) 17 display wlan client 18 display wlan service-template 22 display wlan statistics 23 dtim 25 fragment-threshold 26 long-retry threshold 26 max-power 27 max-rx-duration 27 preamble 28 radio-type 29 reset wlan client 29 reset wlan statistics 30 rts-threshold 30 service-template (WLAN-radio interface view) 31 service-template (service template view) 32 short-gi enable 32 short-retry threshold 33 ssid 34 wlan broadcast-probe reply 34 wlan client idle-timeout 35 wlan client keep-alive 35 wlan country-code 36 wlan service-template 39 WLAN client isolation commands 40 wlan-client-isolation enable 40 SSID-based access control configuration commands 40 wlan permit-ssid 40
iii
WLAN RRM configuration commands 42 autochannel-set avoid-dot11h 42 display wlan rrm 42 dot11b 44 dot11g 45 dot11g protection enable 46 dot11n mandatory maximum-mcs 46 dot11n support maximum-mcs 47 wlan rrm 48 WLAN security configuration commands 49 authentication-method 49 cipher-suite 49 gtk-rekey client-offline enable 50 gtk-rekey enable 51 gtk-rekey method 51 ptk-lifetime 52 security-ie 53 tkip-cm-time 53 wep default-key 54 wep key-id 55 WLAN IDS configuration commands 57 WLAN IDS configuration commands 57 wlan ids 57 WLAN IDS attack detection configuration commands 57 attack-detection enable 57 display wlan ids history 58 display wlan ids statistics 59 reset wlan ids history 61 reset wlan ids statistics 62 WLAN frame filtering configuration commands 63 display wlan blacklist 63 display wlan whitelist 64 dynamic-blacklist enable 65 dynamic-blacklist lifetime 65 reset wlan dynamic-blacklist 66 static-blacklist mac-address 67 whitelist mac-address 67 WLAN QoS configuration commands 69 display wlan wmm 69 reset wlan wmm 73 wmm cac policy 74 wmm edca radio 75 wmm edca client (ac-vo and ac-vi) 76 wmm edca client (ac-be and ac-bk) 77 wmm enable 79 wmm svp map-ac 79 Support and other resources 81 Contacting HP 81 Subscription service 81 Related information 81 Documents 81 Websites 81
iv
Conventions 82
Index 84
default
Description
Use the default command to restore the default settings for a WLAN-BSS, WLAN-Ethernet, or WLANRadio interface.
Syntax
default
View
WLAN-BSS interface view, WLAN-Ethernet interface view, WLAN-Radio interface view.
Default level
2: System level
Parameters
None
Example
# Restore the default settings of WLAN-BSS interface 1.
<Sysname> system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] default This command will restore the default settings. Continue? [Y/N]:y
description
Description
Use the description command to set the description of the current interface. Use the undo description command to restore the default. By default, the description of an interface is interface-name + Interface.
Syntax
description text undo description
View
WLAN-BSS interface view, WLAN-Ethernet interface view, WLAN-Radio interface view.
Default level
2: System level
Parameter
text: Describes the current interface, a string of 1 to 80 characters. The device supports the following types of characters or symbols: standard English characters (numbers and case-sensitive letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard. An interface description can be the mixture of English characters and other Unicode characters. The mixed description cannot exceed the specified length. To use a type of Unicode characters or symbols in an interface description, you must install the corresponding IME and log in to the device through remote login software that supports this character type. Each Unicode character or symbol (non-English characters) takes the space of two regular characters. When the length of a description string reaches or exceeds the maximum line width on the terminal software, the software starts a new line, possibly breaking a Unicode character into two parts. As a result, garbled characters may be displayed at the end of a line.
Example
# Set the description of WLAN-Radio 2/0 to WLAN-Radio2 Interface.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] description WLAN-Radio2 Interface
Syntax
display interface [ wlan-bss] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface wlan-bss interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
interface-number: Specifies a WLAN-BSS interface by its number. brief: Displays brief interface information. If you do not provide this parameter, the command displays detailed interface information.
2
down: Displays down interface information and the cause. If you do not provide this parameter, the command output is not filtered based on the down interface status. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the information of interface WLAN-BSS 1 (assume that the interface supports traffic statistics collection).
<Sysname> display interface wlan-bss 1 WLAN-BSS1 current state: DOWN IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e2c0-0110 Description: WLAN-BSS1 Interface PVID: 1 Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Port priority: 0 Last clearing of counters: Maximum client number: 0 Clients: 0 associating, 0 associated Input (total) : 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes Output (total): 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes Never
Description
Physical link state of a WLAN-BSS interface. Output frame encapsulation type. MAC address of output frames. Description of the interface. Default VLAN ID of the interface. Port link type, which can be access or hybrid. VLANs whose packets are sent through the port with VLAN tag kept. VLANs whose packets are sent through the port with VLAN tag stripped off.
Field
Last clearing of counters: Never
Description
Time when the reset counts interface command was last used to clear statistics on the interface. Never indicates that the reset counts interface command was never used since the device was started. Maximum number of clients allowed to access. This field is available only if the interface supports traffic statistics collection. Number of clients that are associating, number of clients associated. This field is available only if the interface supports traffic statistics collection. Input packet statistics of the interface:
Number of packets, number of bytes Number of unicast packets, number of bytes of unicast
packets
Number of packets, number of bytes Number of unicast packets, number of bytes of unicast
packets
Syntax
display interface [ wlan-ethernet ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface wlan-ethernet interface-number [ brief ] [ | { begin | exclude | include } regularexpression ]
View
Any view
Default level
1: Monitor level
4
Parameters
interface-number: Specifies a WLAN-Ethernet interface by its number. brief: Displays brief interface information. If you do not provide this parameter, the command displays detailed interface information. down: Displays down interface information and the cause. If you do not provide this parameter, the command output is not filtered based on the down interface status. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the information of interface WLAN-Ethernet 1 (assume that the interface supports traffic 1 statistics collection).
<Sysname> display interface wlan-ethernet 11 WLAN-Ethernet11 current state: DOWN Line protocol current state: DOWN The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e212-12f0 Last clearing of counters: Maximum client number: 0 Clients: 0 associating, 0 associated Input (total) : 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes Output (total): 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes Never
For the display interface wlan-ethernet command output description, see Table 1Error! Reference source not found..
Syntax
display interface [ wlan-radio ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]
5
View
Any view
Default level
1: Monitor level
Parameters
interface-number: Specifies a WLAN-Radio interface by its number. brief: Displays brief interface information. If you do not provide this parameter, the command displays detailed interface information. down: Displays down interface information and the cause. If you do not provide this parameter, the command output is not filtered based on the down interface status. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the information of interface WLAN-Radio 2/0.
<Sysname> display interface WLAN-Radio 2/0 WLAN-Radio2/0 current state: UP IP Packet Frame Type: PKTFMT_IEEE_802.11, Hardware Address: 000f-e2c0-0110 Description: WLAN-Radio2/0 Interface Radio-type dot11g, channel auto, power(dBm) 23 Received: 0 authentication frames, 0 association frames Sent out: 0 authentication frames, 0 association frames Stations: 0 associating, 0 associated Input : 30007 packets, 1536614 bytes : 13565 unicasts, 520774 bytes : 16442 multicasts/broadcasts, 1015840 bytes : 0 fragmented : 5687 discarded, 263913 bytes : 0 duplicates, 3054 FCS errors : 2 decryption errors Output: 2032 packets, 468562 bytes : 7 unicasts, 1776 bytes : 312 multicasts/broadcasts, 40114 bytes : 1713 others, 426672 bytes : 0 fragmented : 0 discarded, 0 bytes : 0 failed RTS, 335 failed ACK : 334 transmit retries, 122 multiple transmit retries
Description
Physical link state of the WLAN-Radio interface. Output frame encapsulation type. MAC address of the interface. Description of the interface. WLAN protocol type used by the interface. Channel used by the interface. The parameter auto means the channel is selected automatically, and 11 is the number of the selected channel. If the channel is selected manually, the field is displayed in the format of channel configured-channel. Transmit power of the interface (in dBm). The value 23 is the transmit power configured by the user; auto indicates that the actual power is different from that configured by the user. For more information about the max-power command and the power-constraint command, see WLAN Command Reference. 802.11n protection modes:
channel auto(11)
power(dBm) 23
Number of packets, number of bytes. Number of unicast packets, number of bytes of unicast
packets.
Number of fragmented packets. Number of discarded packets, number of discarded bytes. Number of duplicate frames, number of FCS errors. Number of encryption errors.
Field
Output: 2032 packets, 468562 bytes : 7 unicasts, 1776 bytes : 312 multicasts/broadcasts, 40114 bytes : 1713 others, 426672 bytes : 0 fragmented : 0 discarded, 0 bytes : 0 failed RTS, 335 failed ACK : 334 transmit retries, 122 multiple transmit retries
Description
Output packet statistics of the interface:
Number of other types of packets, bytes. Number of fragmented packets. Number of discarded packets, number of discarded bytes. Number of failed RTS packets, number of failed ACK packets.
interface wlan-bss
Description
Use the interface wlan-bss command to enter WLAN-BSS interface view. If the WLAN-BSS interface identified by the interface-number parameter does not exist, this command creates the WLAN-BSS interface first. Use the undo interface wlan-bss command to remove a WLAN-BSS interface.
Syntax
interface wlan-bss interface-number undo interface wlan-bss interface-number
View
System view
Default level
2: System level
Parameter
interface-number: Specifies a WLAN-BSS interface by its number.
Example
# Create the WLAN-BSS interface numbered 1.
<Sysname> system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1]
interface wlan-ethernet
Description
Use the interface wlan-ethernet command to enter WLAN-Ethernet interface view. If the WLAN-Ethernet interface identified by the interface-number parameter does not exist, this command creates the WLANEthernet interface first. Use the undo interface wlan-ethernet command to remove a WLAN-Ethernet interface.
Syntax
interface wlan-ethernet interface-number undo interface wlan-ethernet interface-number
View
System view
Default level
2: System level
Parameter
interface-number: Specifies a WLAN-Ethernet interface by its number.
Example
# Create the WLAN-Ethernet interface numbered 1.
<Sysname> system-view [Sysname] interface wlan-ethernet 1 [Sysname-WLAN-Ethernet1]
interface wlan-radio
Description
Use the interface wlan-radio command to enter WLAN-Radio interface view.
Syntax
interface wlan-radio interface-number
View
System view
Default level
2: System level
Parameter
interface-number: Specifies a WLAN-Radio interface by its number.
Example
# Enter WLAN-Radio 2/0 interface view.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0]
Syntax
shutdown undo shutdown
View
WLAN-Radio interface view
Default level
2: System level
Parameters
None
Example
# Shut down interface WLAN-Radio 2/0.
<Sysname>system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] shutdown
Syntax
shutdown undo shutdown
View
WLAN-BSS interface view
Default level
2: System level
Parameters
None
10
Example
# Shut down interface WLAN-BSS 1.
<Sysname>system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-Bss1] shutdown
11
A-MSR20
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR30
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR50
Only available for routers with a SIC-WLAN module that supports 802.11n
a-mpdu enable
No
Syntax
a-mpdu enable undo a-mpdu enable
View
WLAN-Radio interface view
Default level
2: System level
Parameters
None
Example
# Disable the A-MPDU function on the current radio interface.
<sysname> system-view [sysname] interface WLAN-Radio 2/0
12
a-msdu enable
Description
Use the a-msdu enable command to enable the A-MSDU function for the radio. Use the undo a-msdu enable command to disable the A-MSDU function for the radio. By default, the A-MSDU function is enabled. This command is only effective on 802.1 radios. If you change the radio type of an 802.1 radio, the 1n 1n default setting for this function of the new radio type is restored. The device only receives but does not send A-MSDU frames. The following matrix shows the command and router compatibility: Command A-MSR900 A-MSR20-1X
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR20
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR30
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR50
Only available for routers with a SIC-WLAN module that supports 802.11n
a-msdu enable
No
Syntax
a-msdu enable undo a-msdu enable
View
WLAN-Radio interface view
Default level
2: System level
Parameters
None
Example
# Disable the A-MSDU function on the current radio interface.
<sysname> system-view [sysname] interface WLAN-Radio 2/0 [sysname-WLAN-Radio2/0] undo a-msdu enable
beacon ssid-hide
Description
Use the beacon ssid-hide command to hide the SSID in beacon frames. Use the undo beacon ssid-hide command to restore the default. By default, the SSID is not hidden in beacon frames.
13
When the SSID in beacon frames is hidden, you must configure the SSID for the clients to associate with the AP. Disabling the advertising of the SSID in beacon frames does little good to wireless security. Allowing the advertising of the SSID in beacon frames enables a client to discover an AP more easily.
Syntax
beacon ssid-hide undo beacon ssid-hide
View
Service template view
Default level
2: System level
Parameters
None
Example
# Hide the SSID in beacon frames.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] beacon ssid-hide
beacon-interval
Description
Use the beacon-interval command to set the interval for sending beacon frames. Beacon frames are transmitted at a regular interval to allow mobile clients to join the network. Use the undo beacon-interval command to restore the default beacon interval. By default, the beacon interval is 100 TUs. Beacon frames are used for the device to communicate with other APs or network control devices to advertise its existence.
Syntax
beacon-interval interval undo beacon-interval
View
WLAN-Radio interface view
Default level
2: System level
Parameter
interval: Specifies the interval for sending beacon frames, ranging from 32 to 8191 TUs.
14
Example
# Specify the beacon interval as 1000 TUs.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] beacon-interval 1000
channel
Description
Use the channel command to specify a channel for the radio. Use the undo channel command to restore the default. By default, auto mode is set. Different radios support different channels. Channels may differ for each country.
Syntax
channel { channel-number | auto } undo channel
View
WLAN-Radio interface view
Default level
2: System level
Parameters
channel-number: Specifies a channel. The working channels depend on the country code and radio mode. The channel list depends on your device model. auto: Specifies that the channel is selected automatically by the device according to the actual environment during system initialization.
Example
# Specify channel 6 for radio interface 2/0.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] radio-type dot11b [Sysname-WLAN-Radio2/0] channel 6
channel band-width
Description
Use the channel band-width command to specify the channel bandwidth of the 802.1 radio. 1n Use the undo channel band-width command to restore the default. By default, the channel bandwidth of the 802.1 1gn radio is 20 MHz. This command is only effective on 802.1 radios. 1n
15
If you change the radio type of an 802.1 radio, the default setting for this function of the new radio 1n type is restored. If the channel bandwidth of the radio is set to 40 MHz, a 40 MHz channel is used as the working channel. If no 40 MHz channel is available, only a 20 MHz channel can be used. The following matrix shows the command and router compatibility: Parameter A-MSR900 A-MSR20-1X
Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR20
Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR30
Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR50
Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n
20
No
40
No
Syntax
channel band-width { 20 | 40 } undo channel band-width
View
WLAN-Radio interface view
Default level
2: System level
Parameters
20: Specifies the channel bandwidth of the 802.1 radio as 20 MHz. 1n 40: Specifies the channel bandwidth of the 802.1 radio as 40 MHz. 1n
Example
# Configure the channel bandwidth of the current radio interface as 20 MHz.
<sysname> system-view [sysname] interface Wlan-radio 2/0 [sysname-WLAN-Radio2/0] radio-type dot11gn [sysname-WLAN-Radio2/0] channel band-width 20
client dot11n-only
Description
Use the client dot1 1n-only command to allow only 802.1 clients to access. 1n Use the undo client dot1 1n-only command to restore the default. By default, an 802.1 1gn radio permits 802.1 1b/g clients to access.
16
The client dot1 1n-only command will prohibit non-802.1 clients from access. Therefore, if you want to 1n provide access for all 802.1 1b/g clients, you need to disable this command. Related commands: dot1 mandatory maximum-mcs. 1n The following matrix shows the command and router compatibility: Command A-MSR900 A-MSR20-1X
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR20
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR30
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR50
Only available for routers with a SIC-WLAN module that supports 802.11n
client dot11n-only
No
Syntax
client dot1 1n-only undo client dot1 1n-only
View
WLAN-Radio interface view
Default level
2: System level
Parameters
None
Example
# Configure the radio to allow only 802.1 clients to access. 1n
<sysname> system-view [sysname] interface Wlan-radio 2/0 [sysname-WLAN-Radio2/0] radio-type dot11gn [sysname-WLAN-Radio2/0] client dot11n-only
Syntax
client max-count max-number undo client max-count
17
View
Service template view
Default level
2: System level
Parameter
max-number: Specifies the maximum number of clients associated to a radio, ranging from 1 to 32.
Example
# Specify the maximum number of clients associated to a radio with SSID service as 10.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid service [Sysname-wlan-st-1] client max-count 10
Syntax
display wlan client { interface wlan-radio [ radio-number ] | mac-address mac-address | servicetemplate service-template-number } [ verbose ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
wlan-radio radio-number: Displays the information of clients attached to the specified radio. The radio number value is 1. mac-address mac-address: Specifies the MAC address of a client. service-template service-template-number: Displays client information based on the specified service template. The service template number ranges from 1 to 1024. verbose: Displays detailed client information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
18
Examples
# Display information about all the clients.
<Sysname> display wlan client Total Number of Clients SSID: office -------------------------------------------------------------------------------MAC Address User Name APID/RID IP Address 1/1 1024/1 103 /1 1.1.1.1 3.0.0.3 FE:11:12:03::11:25:13 VLAN 1 3 1 -------------------------------------------------------------------------------000f-e265-6400 -NA000f-e265-6401 user 000f-e265-6402 mac@office.com : 3 Client Information
Description
SSID with which the client is associated. MAC address of the client. Username of the client:
The field is irrelevant to the portal authentication method. If the client uses the
portal authentication method, the field does not display the portal username of the client.
ID of the AP or radio with which the client is associated. IP address of the client. VLAN to which the client belongs.
19
Short GI for 40MHz Support MCS Set BLOCK ACK-TID 0 QoS Mode RSSI Rx/Tx Rate Client Type Authentication Method AKM Method 4-Way Handshake State Group Key State Encryption Cipher Roam Status Roam Count Up Time (hh:mm:ss)
: Not Supported : 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 : BOTH : WMM : 25 : 48/54 : RSN : Open System : Dot1X : PTKINITDONE : IDLE : CCMP : Normal : 0 : 00:05:15
--------------------------------------------------------------------------
Description
MAC address of the client. Username of the client:
AID Radio Interface SSID BSSID Port VLAN State Power Save Mode
Association ID of the client. WLAN radio interface. SSID of the client. ID of the BSS. WLAN-BSS interface associated with the client. VLAN to which the client belongs. State of the client such as running. Clients power save mode such as active or sleep. Wireless mode such as 802.11b, 802.11g, 802.11gn.
Wireless Mode
IMPORTANT: Support for the wireless mode depends on the device model. Channel bandwidth, 20 MHz or 40 MHz. SM Power Save enables a client to have one antenna in the active state, and others in sleep state to save power.
Channel Band-width
20
Field
Short GI for 20MHz Short GI for 40MHz Support MCS Set
Description
Indicates whether the client supports short GI when its channel bandwidth is 20 MHz. Indicates whether the client supports short GI when its channel bandwidth is 40 MHz. MCS supported by the client BLOCK ACK is negotiated based on traffic identifier (TID) 0:
BLOCK ACK-TID 0
OUT: Outbound direction. IN: Inbound direction. BOTH: Both outbound and inbound directions.
WMM indicates that the WMM function is supported; None indicates that the WMM function is not supported. WMM information negotiation is carried out between an AP and a client that both support WMM. Number of times the client has waken up to listen to beacon frames. Received signal strength indication. This value indicates the client signal strength detected by the AP. Represents the receiving and sending rates of the frames such as data, management, and control frames. Station type such as RSN, WPA, or Pre-RSN. Authentication method such as open system or shared key. AKM suite used such as Dot1X or PSK. Displays either of the 4-way handshake states:
QoS Mode
Listen Interval(Beacon Interval) RSSI Rx/Tx Rate Station Type Authentication Method AKM Method
IDLE: Displayed in initial state. PTKSTART: Displayed when the 4way handshake is initialized. PTKNEGOTIATING: Displayed after sending valid message 3. PTKINITDONE: Displayed when the 4-way handshake is successful.
Displays the group key state such as: Group Key State
IDLE: Displayed in initial state. REKEYNEGOTIATE: Displayed after the AC sends the initial message to
the client.
21
Syntax
display wlan service-template [ service-template-number ] [ | { begin | exclude | include } regularexpression ]
View
Any view
Default level
1: Monitor level
Parameters
service-template-number: Specifies the number of a service template, ranging from 1 to 1024. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the configuration information of service template 1.
<Sysname> display wlan service-template 1 Service Template Parameters -------------------------------------------------------------------------Service Template Number SSID Service Template Type Security IE Authentication Method SSID-hide Cipher Suite WEP Key Index WEP Key Mode WEP Key TKIP Countermeasure Time(s) PTK Life Time(s) GTK Rekey GTK Rekey Method GTK Rekey Packets Service Template Status Maximum clients per BSS 1 : 1 : nsw-nsw : Crypto : RSN WPA : Open System : Disabled : TKIP CCMP : WEP40 : ASCII : 12345 : 60 : 180 : Enabled : Packet-based : 5000 : Enabled : 35
22
--------------------------------------------------------------------------
Description
Current service template number Service set identifier associated with the client Service template type crypto or clear Security IE such as WPA and RSN Type of authentication used: open system or shared key Enabled or disabled Cipher suite such as CCMP, TKIP, WEP40, WEP104 or WEP128 Key index to encrypt or decrypt frames WEP key format
Syntax
display wlan statistics client { all | mac-address mac-address } [ | { begin | exclude | include } regularexpression ]
View
Any view
Default level
1: Monitor level
Parameters
client: Displays client statistics. all: Displays the statistics of all clients. mac-address mac-address: Displays the statistics of the client with the specified MAC address.
23
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the statistics of all the clients.
<Sysname> display wlan statistics client all Client Statistics -------------------------------------------------------------------------AP Name Radio Id SSID BSSID MAC Address RSSI Transmitted Frames: Back Ground (Frames/Bytes) Best Effort (Frames/Bytes) Video (Frames/Bytes) Voice (Frames/Bytes) Received Frames: Back Ground (Frames/Bytes) Best Effort (Frames/Bytes) Video (Frames/Bytes) Voice (Frames/Bytes) Discarded Frames: Back Ground (Frames/Bytes) Best Effort (Frames/Bytes) Video (Frames/Bytes) Voice (Frames/Bytes) : 0/0 : 0/0 : 0/0 : 5/389 : 0/0 : 18/2437 : 0/0 : 7/468 : 0/0 : 9/1230 : 0/0 : 2/76 : ap1 : 1 : 123 : 000f-e2ff-7700 : 0014-6c8a-43ff : 31
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Description
Access Point name. Radio ID. SSID to which the client is associated. ID of the BSS. MAC address of the client. Received Signal Strength Indicator. It indicates the client signal strength detected by the AP. 24
Field
Transmitted Frames Back Ground(Frames/Bytes) Best Effort(Frames/Bytes) Video(Frames/Bytes) Voice(Frames/Bytes) Received Frames Discarded Frames
Description
Transmitted Frames. Statistics of background traffic. Statistics of best effort traffic. Statistics of video traffic. Statistics of voice traffic. Received frames. Discarded frames.
Statistics for background, best effort, video, and voice traffic are only for QoS-capable clients. For QoSincapable clients, only best effort traffic statistics are available (including SVP packets) and may be inconsistent with the real physical output queues because the priority-queue statistics can only identify priorities carried in Dot1 and WMM packets. Otherwise, statistics of received packets cannot be 1E collected.
dtim
Description
Use the dtim command to set the DTIM counter for an AP waits before it sends buffered multicast and broadcast frames. The AP sends buffered broadcast/multicast frames when the DTIM counter reaches the configured value. Use the undo dtim command to restore the default. By default, the DTIM counter is 1.
Syntax
dtim counter undo dtim
View
WLAN-Radio interface view
Default level
2: System level
Parameter
counter: Specifies the number of beacon intervals between DTIM transmissions. The value ranges from 1 to 31.
Example
# Set the DTIM counter to 10.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] dtim 10
25
fragment-threshold
Description
Use the fragment-threshold command to specify the fragment threshold (maximum length of frames that can be transmitted without fragmentation). When the length of a frame exceeds the specified fragment threshold value, it is fragmented. Use the undo fragment-threshold command to restore the default value. By default, the fragment threshold is 2346 bytes. Frames that exceed 2346 bytes are fragmented.
Syntax
fragment-threshold size undo fragment-threshold
View
WLAN-Radio interface view
Default level
2: System level
Parameter
size: Specifies the maximum frame length without fragmentation. The value ranges from 256 to 2346 bytes, and must be an even number.
Example
# Specify the fragment threshold as 2048 bytes.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] fragment-threshold 2048
long-retry threshold
Description
Use the long-retry threshold command to set the number of retransmission attempts for frames larger than the RTS threshold. Use the undo long-retry threshold command to restore the default. By default, the long retry threshold is 4.
Syntax
long-retry threshold count undo long-retry threshold
View
WLAN-Radio interface view
Default level
2: System level
26
Parameter
count: Specifies the number of retransmission attempts for frames larger than the RTS threshold, ranging from 1 to 15.
Example
# Specify the long-retry threshold as 10.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] long-retry threshold 10
max-power
Description
Use the max-power command to configure the maximum transmission power on the radio. Use the undo max-power command to restore the default. By default, the maximum radio power varies with country codes, channels, AP models, radio types and antenna types. If 802.1 is adopted, the maximum radio power also depends on the bandwidth mode. 1n Related commands: wlan country-code and radio type.
Syntax
max-power radio-power undo max-power
View
WLAN-Radio interface view
Default level
2: System level
Parameter
radio-power: Specifies the maximum radio transmission power in dBm, which varies with country codes and radio types.
Example
# Specify the max transmission power of radio 2/0 as 5.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] radio-type dot11b [Sysname-WLAN-Radio2/0] max-power 5
max-rx-duration
Description
Use the max-rx-duration command to specify the interval for the AP to hold a received frame. An AP holds received packets in its buffer memory. Use the undo max-rx-duration command to restore the default.
27
Syntax
max-rx-duration interval undo max-rx-duration
View
WLAN-Radio interface view
Default level
2: System level
Parameter
interval: Specifies the interval for which a frame received by an AP can stay in the buffer memory. The value ranges from 500 to 250,000 milliseconds.
Example
# Set the max-rx-duration as 5000 milliseconds.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] max-rx-duration 5000
preamble
Description
Use the preamble command to specify the type of preamble an AP can support. Preamble is a pattern of bits at the beginning of a frame so that the receiver can sync up and be ready for the real data. There are two different kinds of preambles, short and long. By default, the short preamble is supported.
Syntax
preamble { long | short } undo preamble
View
WLAN-Radio interface view
Default level
2: System level
Parameters
long: Indicates that only frames with long preamble can be transmitted. short: Indicates that frames with either short preamble or long preamble can be transmitted.
Example
# Configure the AP to support long preamble.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0
28
radio-type
Description
Use the radio-type command to specify the radio type to be used by a radio. Use the undo radio-type command to restore the default. The default radio type depends on the device model. WLAN allows you to modify the default radio type for different types of AP. The following matrix shows the command and router compatibility: Parameter
dot11b dot11g
A-MSR900
Yes Yes
A-MSR20-1X
Yes Yes Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR20
Yes Yes Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR30
Yes Yes Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR50
Yes Yes Only available for routers with a SIC-WLAN module that supports 802.11n
dot11gn
No
Syntax
radio-type { dot1 | dot1 | dot1 1b 1g 1gn } undo radio-type
View
WLAN radio interface view
Parameters
dot 1 1b: Indicates the wireless radio type is 802.1 1b. dot 1 1g: Indicates the wireless radio type is 802.1 1g. dot1 1gn: Indicates the wireless radio type is 802.1 1gn (2.4 GHz).
Example
# Specify the radio type as 802.1 for interface WLAN-Radio 2/0. 1g
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] radio-type dot11g
Syntax
reset wlan client { all | mac-address mac-address }
View
User view
Default level
2: System level
Parameters
all: Cuts off all clients. mac address mac-address: Cuts off the client with the MAC address.
Example
# Cut off the client with MAC address 000f-e2cc-8501.
<Sysname> reset wlan client mac-address 000f-e2cc-8501
Syntax
reset wlan statistics client { all | mac-address mac-address }
View
User view
Default level
2: System level
Parameters
all: Clears the statistics of all clients. mac-address: Clears the statistics of the client.
Example
# Clear the radio statistics of all clients.
<Sysname> reset wlan statistics client all
rts-threshold
Description
Use the rts-threshold command to specify the RTS threshold length. If a frame is larger than this value, the RTS mechanism is used. Use the undo rts-threshold command to restore the default. By default, the RTS threshold is 2346 bytes.
30
RTS is used to avoid data sending collisions in a WLAN. You need to set a rational value. A small value causes RTS packets to be sent more often, consuming more of the available bandwidth. However, the more often RTS packets are sent, the quicker the system can recover from interference or collisions.
Syntax
rts-threshold size undo rts-threshold
View
WLAN-Radio interface view
Default level
2: System level
Parameter
size: Specifies the length of frames for which the RTS method is used. The value ranges from 0 to 2346 bytes.
Example
# Specify the RTS threshold as 2046 bytes.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] rts-threshold 2046
Syntax
service-template service-template-number interface wlan-bss wlan-bss-number undo service-template service-template-number
View
WLAN-Radio interface view
Default level
2: System level
Parameters
service-template-number: Specifies the number of a service template, ranging from 1 to 1024. wlan-bss-number: Specifies the number of a WLAN-BSS interface, ranging from 0 to 1023.
31
Example
# Map service template 1 to interface WLAN-BSS 1 on interface WLAN-Radio 2/0.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] service-template 1 interface WLAN-BSS 1
Syntax
service-template { disable | enable }
View
Service template view
Default level
2: System level
Parameters
disable: Disables the service template. enable: Enables the service template.
Example
# Enable service template 1.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid clear [Sysname-wlan-st-1] authentication-method open-system [Sysname-wlan-st-1] service-template enable
short-gi enable
Description
Use the short-gi enable command to enable the short GI function. Use the undo short-gi enable command to disable the short GI function. By default, the short GI function is enabled. This command is only effective on 802.1 radios. 1n If you change the radio type of an 802.1 radio, the default setting for this function of the new radio 1n type is restored. Delays may occur during receiving radio signals due to factors like multi-path reception. Therefore, a subsequently sent frame may interfere with a previously sent frame. Use the GI function to avoid such interference.
32
The GI interval in 802.1 1a/g is 800 us. The short GI function can be configured for 802.1 1n. This can shorten the GI interval to 400 ns, which increases the data speed by 10 percent.
Syntax
short-gi enable undo short-gi enable
View
WLAN-Radio interface view
Default level
2: System level
Parameters
None
Example
# Disable the short GI function.
<sysname> system-view [sysname] interface WLAN-Radio2/0 [sysname-WLAN-Radio2/0] undo short-gi enable
short-retry threshold
Description
Use the short-retry threshold command to specify the maximum number of attempts to transmit a frame less than the RTS threshold. Use the undo short-retry threshold command to restore the default. By default, the short retry threshold is 7.
Syntax
short-retry threshold count undo short-retry threshold
View
WLAN-Radio interface view
Default level
2: System level
Parameter
count: Specifies the number of times the AP can send a short unicast frame (less than the RTS threshold) if no acknowledgment is received for it. The value ranges from 1 to 15.
Example
# Specify the short retry threshold as 10.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0
33
ssid
Description
Use the ssid command to set the SSID for the current service template. Use the undo ssid command to remove the SSID. By default, no SSID is set for the service template. An SSID should be as unique as possible. For security, the company name should not be contained in the SSID. Meanwhile, it is not recommended to use a long random string as the SSID, because a long random string only adds payload to the header field, without any improvement to wireless security.
Syntax
ssid ssid-name undo ssid
View
Service template view
Default level
2: System level
Parameter
ssid-name: Specifies the name of the service set identifier, a case-sensitive string of 1 to 32 characters that can contain letters, digits, and underlines, with spaces included.
Example
# Set the SSID as firstfloor for service template 1.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid firstfloor
Syntax
wlan broadcast-probe reply undo wlan broadcast-probe reply
34
View
System view
Default level
2: System level
Parameters
None
Example
# Enable the AP to respond to probe requests with SSID null sent by the client.
<Sysname> system-view [Sysname] wlan broadcast-probe reply
Syntax
wlan client idle-timeout interval undo wlan client idle-timeout
View
System view
Default level
2: System level
Parameter
interval: Specifies the maximum interval for which the link between the AP and a client ( power-save or awake ) can be idle. The value ranges from 60 to 86,400 seconds.
Example
# Specify the client idle timeout as 600 seconds.
<Sysname> system-view [Sysname] wlan client idle-timeout 600
Use the undo client keep-alive command to disable the client keep-alive functionality. By default, the client keep-alive functionality is disabled. The keep-alive mechanism is used to detect clients segregated from the system due to various reasons such as power failure or crash, and disconnect them from the AP.
Syntax
wlan client keep-alive interval undo wlan client keep-alive
View
System view
Default level
2: System level
Parameter
interval: Specifies the interval between keep alive requests, ranging from 3 to 1800 seconds.
Example
# Specify the client keep-alive interval as 60 seconds.
<Sysname> system-view [Sysname] wlan client keep-alive 60
wlan country-code
Description
Use the wlan country-code command to specify the country code. Use the undo wlan country-code command to restore the default. By default, the country code value is CN. The country code determines characteristics such as the power level, total number of channels. You must set the correct country code or area code before configuring an AP. If you change the country code for an AP that has a radio card not supported by the new country code, the corresponding WLAN-radio interface will have its configurations of the service template, maximum power, and channels removed automatically. The country code for North American models cannot be modified, and that for other models can be modified at the CLI.
Syntax
wlan country-code code undo wlan country-code
View
System view
Default level
2: System level
36
Parameter
code: Specifies a country code. See Table 7. Table 7 Country code information Country
Andorra United Arab Emirates Albania Armenia Australia Argentina Australia Azerbaijan Bosnia and Herzegovina Belgium Bulgaria Bahrain Brunei Darussalam Bolivia Brazil Bahamas Belarus Belize Canada Switzerland Cote d'ivoire Chile China Colombia Costarica Serbia Cyprus Czech Republic Germany Denmark Dominica Algeria
Code
AD AE AL AM AU AR AT AZ BA BE BG BH BN BO BR BS BY BZ CA CH CI CL CN CO CR RS CY CZ DE DK DO DZ 37
Country
Korea, Republic of Korea Kenya Kuwait Kazakhstan Lebanon Liechtenstein Sri Lanka Lithuania Luxembourg Latvia Libyan Morocco Monaco Moldova Macedonia Macau Martinique Malta Mauritius Mexico Malay Archipelago Namibia Nigeria Nicaragua Netherlands Norway New Zealand Oman Panama Peru Poland Philippines
Code
KR KE KW KZ LB LI LK LT LU LV LY MA MC MD MK MO MQ MT MU MX MY NA NG NI NL NO NZ OM PA PE PL PH
Country
Ecuador Estonia Egypt Spain Faroe Islands Finland France Britain Georgia Gibraltar Greenland Guadeloupe Greece Guatemala Guyana Honduras Hong Kong Croatia Hungary Iceland India Indonesia Ireland Israel Iraq Italy Iran Jamaica Jordan Japan Democratic People's Republic of Korea
Code
EC EE EG ES FO FI FR GB GE GI GL GP GR GT GY HN HK HR HU IS IN ID IE IL IQ IT IR JM JO JP KP
Country
Pakistan Puerto Rico Portugal Paraguay Qatar Romania Russian Federation Saudi Arabia Sweden Singapore Slovenia Slovak San Marino Salvador Syrian Thailand Tunisia Turkey Trinidad and Tobago Taiwan, Province of China Ukraine United States of America Uruguay Uzbekistan The Vatican City State Venezuela Virgin Islands Vietnam Yemen South Africa Zimbabwe
Code
PK PR PT PY QA RO RU SA SE SG SI SK SM SV SY TH TN TR TT TW UA US UY UZ VA VE VI VN YE ZA ZW
Example
# Specify the country code as US.
<Sysname> system-view
38
wlan service-template
Description
Use the wlan service-template command to create a service template and enter service template view. If the service template exists, then you can directly enter service template view. Use the undo wlan service-template command to delete the service template, and related configurations. If the specified service template is mapped to a radio, it cannot be directly deleted before it is unmapped. By default, no service template is configured. You cannot change an existing service template to another type. To do so, you must delete the existing service template, and configure a new service template with the new type.
Syntax
wlan service-template service-template-number { clear | crypto } undo wlan service-template service-template-number
View
System view
Default level
2: System level
Parameters
service-template-number: Specifies the number of the service template, ranging from 1 to 1024. clear: Sets the current service template type to clear, which means data is sent in clear text after the template is mapped to an AP. crypto: Sets the current service template type to crypto, which means data is sent in cipher text after the template is mapped to an AP.
Example
# Create service template 1.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1]
39
Syntax
wlan-client-isolation enable undo wlan-client-isolation enable
View
System view
Default level
2: System level
Parameters
None
Example
# Disable WLAN client isolation.
<Sysname> system-view [Sysname] undo wlan-client-isolation enable
Syntax
wlan permit-ssid ssid-name undo wlan permit-ssid [ ssid-name ]
40
View
User profile view
Default level
2: System level
Parameter
ssid-name: Name of a permitted SSID, a case-sensitive string of 1 to 32 characters that can contain letters, digits, underscores, and spaces. The maximum number of permitted SSIDs in a user profile varies depending on the device model.
Example
# Specify permitted SSID VIPguest for user profile management.
<System> system-view [System] user-profile management [System-user-profile-management] wlan permit-ssid VIPguest
41
autochannel-set avoid-dot11h
Description
Use the autochannel-set avoid-dot1 command to set the channel set to non-dot1 channels. Only the 1h 1h non-dot1 channels of the country code are scanned during initial channel selection and one of them is 1h selected. Use the undo autochannel-set command to restore the default. By default, all channels of the country code are scanned.
Syntax
autochannel-set avoid-dot1 1h undo autochannel-set
View
WLAN RRM view
Default level
2: System level
Parameters
None
Example
# Set the channel set to non-dot1 channels. 1h
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm] autochannel-set avoid-dot11h
Syntax
display wlan rrm [ | { begin | exclude | include } regular-expression ]
View
Any view
42
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display RRM configuration information.
<Sysname> display wlan rrm RRM Configuration -------------------------------------------------------------------------11b Configured Rates (Mbps) Mandatory Supported Disabled 11g Configured Rates (Mbps) Mandatory Supported Disabled 11g Protection 11h Configuration Spectrum Management Power Constraint (dBm) Channel Set : Enabled : 0 : Non-dot11h : 1, 2, 5.5, 11 : 6, 9, 12, 18, 24, 36, 48, 54 : -NA: Enabled : 1, 2 : 5.5, 11 : -NA-
--------------------------------------------------------------------------
Description
802.11b radio rates. The field has the same meaning for 802.11g.
Rates that at least one of the APs is required to support. Additional rates supported by the client or AP. Rates at which an AP does not transmit data. Enabled with the dot11g protection enable command. 802.11h configuration. Spectrum management function, enabled or disabled. Power constraint for all 802.11a radios. The router does not support this field, and the field is 0 in the output.
43
Field
Channel Set
Description
All or Non-dot11h.
dot11b
Description
Use the dot1 command to configure 802.1 rates. 1b 1b Use the undo dot1 command to restore the default rates. 1b By default: Mandatory rates: 1 and 2 Supported rates: 5.5 and 1 1 Disabled rates: none
Syntax
dot1 { disabled-rate | mandatory-rate | supported-rate } rate-value 1b undo dot1 { disabled-rate | mandatory-rate | supported-rate } 1b
View
WLAN RRM view
Default level
2: System level
Parameters
disabled-rate: Specifies disabled rate(s). mandatory-rate: Specifies mandatory rate(s). supported-rate: Specifies supported rate(s). rate-value: The following rates can be specified: 1 Mbps 2 Mbps 5.5 Mbps 1 Mbps 1
Example
# Configure 802.1 rates (disabled: 1; supported: 1 1b 1).
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11b disabled-rate 1 [Sysname-wlan-rrm] dot11b supported-rate 11
44
dot11g
Description
Use the dot1 command to configure 802.1 rates. 1g 1g Use the undo dot1 command to restore the default rates. 1g By default: Mandatory rates: 1, 2, 5.5 and 1 1. Supported rates: 6, 9, 12, 18, 24, 36, 48 and 54. Disabled rates: none.
Syntax
dot1 { disabled-rate | mandatory-rate | supported-rate } rate-value 1g undo dot1 { disabled-rate | mandatory-rate | supported-rate } 1g
View
WLAN RRM view
Default level
2: System level
Parameters
disabled-rate: Specifies disabled rates. mandatory-rate: Specifies mandatory rates. supported-rate: Specifies supported rates. rate-value: The following rates can be specified. 1 Mbps 2 Mbps 5.5 Mbps 6 Mbps 9 Mbps 1 Mbps 1 12 Mbps 18 Mbps 24 Mbps 36 Mbps 48 Mbps 54 Mbps
Example
# Configure 802.1 rates (disabled: 2, 36; supported: 54). 1g
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11g disabled-rate 2 36
45
Syntax
dot1 protection enable 1g undo dot1 protection enable 1g
View
WLAN RRM view
Default level
2: System level
Parameters
None
Example
# Enable 802.1 protection. 1g
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11g protection enable
A-MSR20
Only available for routers with a SICWLAN module that supports 802.11n
A-MSR30
Only available for routers with a SICWLAN module that supports 802.11n
A-MSR50
Only available for routers with a SICWLAN module that supports 802.11n
No
Syntax
dot1 mandatory maximum-mcs index 1n undo dot1 mandatory maximum-mcs 1n
View
RRM view
Default level
2: System level
Parameter
index: Specifies the maximum MCS index for 802.1 mandatory rates, ranging from 0 to 76. 1n
Example
# Specify the maximum MCS index for 802.1 mandatory rates as 15. 1n
<sysname> system-view [sysname] wlan rrm [sysname-wlan-rrm] dot11n mandatory maximum-mcs 15
A-MSR20
Only available for routers with a SICWLAN module that supports 802.11n
A-MSR30
Only available for routers with a SICWLAN module that supports 802.11n
A-MSR50
Only available for routers with a SICWLAN module that supports 802.11n
No
Syntax
dot1 support maximum-mcs index 1n undo dot1 support maximum-mcs 1n
View
RRM view
47
Default level
2: System level
Parameter
index: Specifies the maximum MCS index for 802.1 supported rates, ranging from 0 to 76. 1n
Example
# Specify the maximum MCS index for 802.1 supported rates as 25. 1n
<sysname> system-view [sysname] wlan rrm [sysname-wlan-rrm] dot11n support maximum-mcs 25
wlan rrm
Description
Use the wlan rrm command to enter WLAN RRM view.
Syntax
wlan rrm
View
System view
Default level
2: System level
Parameters
None
Example
# Enter WLAN RRM view.
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm]
48
authentication-method
Description
Use the authentication-method command to enable an 802.1 authentication method. You can enable 1 open system authentication, shared key authentication or both. Use the undo authentication-method command to disable the selected authentication method. By default, the open system authentication method is enabled.
Syntax
authentication-method { open-system | shared-key } undo authentication-method { open-system | shared-key }
View
Service template view
Default level
2: System level
Parameters
open-system: Enables open system authentication. shared-key: Enables shared key authentication.
Examples
# Enable open system authentication.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] authentication-method open-system
cipher-suite
Description
Use cipher-suite command to select the cipher suite used in the encryption of frames. The cipher suites supported are CCMP, TKIP, WEP40, WEP104, and WEP128. Use the undo cipher-suite command to disable the selected cipher suite.
49
Syntax
cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }* undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }*
View
Service template view (crypto)
Default level
2: System level
Parameters
ccmp: Enables the CCMP cipher suite. CCMP is based on the CCM of the AES encryption algorithm. tkip: Enables the TKIP cipher suite. TKIP is based on the RC4 algorithm and dynamic key management. wep40: Enables the WEP-40 cipher suite. WEP is based on the RC4 algorithm and shared-key management. wep104: Enables the WEP-104 cipher suite. wep128: Enables the WEP-128 cipher suite.
Example
# Enable the TKIP cipher suite.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] cipher-suite tkip
Syntax
gtk-rekey client-offline enable undo gtk-rekey client-offline
View
Service template view (crypto)
Default level
2: System level
Parameters
None
50
Example
# Enable GTK rekeying when a client goes off line.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] gtk-rekey client-offline enable
gtk-rekey enable
Description
Use the gtk-rekey enable command to enable GTK rekey. Use undo gtk-rekey enable command to disable GTK rekey. By default, GTK rekey is enabled.
Syntax
gtk-rekey enable undo gtk-rekey enable
View
Service template view (crypto)
Default level
2: System level
Parameters
None
Example
# Disable GTK rekey.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] undo gtk-rekey enable
gtk-rekey method
Description
Use the gtk-rekey method command to select a mechanism for re-keying the GTK. If you select option time-based, the GTK is refreshed after a specified period of time. If you select option packet-based, the GTK is refreshed after a specified number of packets are transmitted. Use the undo gtk-rekey method command to restore the default. By default, the GTK rekeying method is time-based, and the interval is 86,400 seconds. The method that is configured later will overwrite the previous. For example, if you configure the packetbased method and then configure the time-based method, the time-based method is enabled.
Syntax
gtk-rekey method { packet-based [ packet ] | time-based [ time ] }
51
View
Service template view (crypto)
Default level
2: System level
Parameters
packet-based: Indicates the GTK is refreshed after a specified number of packets are transmitted. packet: Number of packets (including multicasts and broadcasts) that are transmitted before the GTK is refreshed. The value ranges from 5000 to 4,294,967,295, and defaults to 10,000,000. time-based: Indicates the GTK is refreshed based on time. time: Specifies the time after which the GTK is refreshed. The value ranges from 180 to 604,800 seconds and defaults to 86,400 seconds.
Example
# Enable packet-based GTK rekeying and set the packet number at 60,000.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] gtk-rekey method packet-based 60000
ptk-lifetime
Description
Use the ptk-lifetime command to configure the PTK lifetime. Use the undo ptk-lifetime command to restore the default. By default, the PTK lifetime is 43,200 seconds.
Syntax
ptk-lifetime time undo ptk-lifetime
View
Service template view (crypto)
Default level
2: System level
Parameter
time: Specifies the time, ranging from 180 to 604,800 seconds.
Example
# Specify the PTK lifetime as 86,400 seconds.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] ptk-lifetime 86400
52
security-ie
Description
Use the security-ie command to enable the WPA IE, RSN IE or both in the beacon and probe responses. Use the undo security-ie command to disable the WPA IE or RSN IE in the beacon and probe responses. By default, both WPA IE and RSN IE are disabled.
Syntax
security-ie { rsn | wpa } undo security-ie { rsn | wpa }
View
Service template view (crypto)
Default level
2: System level
Parameters
rsn: Enables the RSN IE in the beacon and probe response frames sent by the AP. The RSN IE advertises the RSN capabilities of the AP. wpa: Enables the WPA Information element in the beacon and probe response frames sent by the AP. The WPA IE advertises the WPA capabilities of the AP.
Example
# Enable the WPA IE in the beacon and probe responses.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] security-ie wpa
tkip-cm-time
Description
Use the tkip-cm-time command to set the TKIP countermeasure time. Use the undo tkip-cm-time command to restore the default. By default, the TKIP counter measure time is 0 seconds. No counter measures are taken. After countermeasures are enabled, if more than two MIC failures occur within a certain time, the TKIP associations are disassociated, and new associations are allowed to establish only after the specified TKIP counter measure time expires.
Syntax
tkip-cm-time time undo tkip-cm-time
View
Service template view (crypto)
53
Default level
2: System level
Parameter
time: Specifies the TKIP counter measure time in seconds. The value ranges from 0 to 3600 seconds.
Example
# Set the TKIP counter measure time to 90 seconds.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] tkip-cm-time 90
wep default-key
Description
Use the wep default-key command to configure the WEP default key. Use the undo wep default-key command to delete the configured WEP default key. By default, the WEP default key index number is 1.
Syntax
wep default-key key-index { wep40 | wep104 | wep128} { pass-phrase | raw-key } [ cipher | simple ] key undo wep default-key key-index
View
Service template view (crypto)
Default level
2: System level
Parameters
key-index: Specifies the key index values can be: 1: Configures the 1st WEP default key. 2: Configures the 2nd WEP default key. 3: Configures the 3rd WEP default key. 4: Configures the 4th WEP default key. wep40: Indicates the WEP40 key option. wep104: Indicates the WEP104 key option. wep128: Indicates the WEP128 key option. pass-phrase: Enables the pass-phrase option. Then a string of alphanumeric characters is used as the key. If you select WEP40, enter 5 alphanumeric characters as the pass-phrase. If you select WEP104, enter 13 alphanumeric characters as the pass-phrase. If you select WEP128, enter 16 alphanumeric characters as the pass-phrase. The length of a pass-phrase is fixed.
54
raw-key: Enables the raw-key option. The key is entered as a hexadecimal number: a 10-digit hexadecimal number for WEP40, a 26-digit hexadecimal number for WEP104 and a 32-digit hexadecimal number for WEP128. The length of the raw-key is fixed. key: Key. Specifies the key lengths for different combinations are as follows: For wep40 pass-phrase, the key length is 5 alphanumeric characters. For wep104 pass-phrase, the key length is 13 alphanumeric characters. For wep128 pass-phrase, the key length is 16 alphanumeric characters. For wep40 raw-key, the key length is a 10-digit hexadecimal number. For wep104 raw-key, the key length is a 26-digit hexadecimal number. For wep128 raw-key, the key length is a 32-digit hexadecimal number.
cipher key: Specifies a cipher-text key, which is displayed in cipher text. The key is a case-sensitive string of 24 to 88 characters. simple key: Specifies a simple-text key, which is displayed in simple text. The key is a case-sensitive string and the value range depends on the key option selected. If the simple or cipher parameter is not specified, a simple-text key is set and the key is displayed in cipher text. The value range of the key is the same as the simple-text key.
Examples
# Configure the WEP default key 1 (WEP40) as hello.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] wep default-key 1 wep40 pass-phrase simple hello
# Specify the first WEP default key as a cipher-text key, which is displayed in cipher text.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] wep default-key 1 wep40 pass-phrase cipher -_'PV5%9O`CQ=^Q`
wep key-id
Description
Use the wep key-id command to specify the default WEP key used in the encryption and decryption of broadcast and multicast frames. There are 4 static keys in WEP. The key index can be 1, 2, 3 or 4. The key corresponding to the specified key index is used for encrypting and decrypting broadcast and multicast frames. Use the undo wep keyid command to restore the default. By default, the key index number is 1. Related commands: wep default-key.
Syntax
wep key-id { 1 | 2 | 3 | 4 } undo wep key-id
View
Service template view (crypto)
55
Default level
2: System level
Parameters
1: Specifies the key index 1. 2: Specifies the key index 2. 3: Specifies the key index 3. 4: Specifies the key index 4.
Example
# Specify the index of the key for broadcast/multicast encryption and decryption as 2.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] wep key-id 2
56
Syntax
wlan ids
View
System view
Default level
2: System level
Parameters
None
Example
# Enter WLAN IDS view.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids]
57
Syntax
attack-detection enable { all | flood | weak-iv | spoof | all } undo attack-detection enable
View
WLAN IDS view
Default level
2: System level
Parameters
all: Enables detection of all kinds of attacks. flood: Enables detection of flood attacks. spoof: Enables detection of spoof attacks. weak-iv: Enables weak-IV detection.
Example
# Enable spoof attack detection.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] attack-detection enable spoof
Syntax
display wlan ids history [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
58
Example
# Display the history of attacks.
<Sysname> display wlan ids history Total Number of Entries: 5 Flags: act = Action Frame aur = Authentication Request dar = Disassociation Request pbr = Probe Request asr = Association Request daf = Deauthentication Frame ndf = Null Data Frame rar = Reassociation Request
saf = Spoofed Disassociation Frame sdf = Spoofed Deauthentication Frame wiv = Weak IV Detected AT - Attack Type, Ch - Channel Number, AR - Average RSSI WIDS History Table -------------------------------------------------------------------------MAC Address 0027-E699-CA71 0015-E9A4-D7F4 0027-E699-CA71 003d-B5A6-539F 0015-E9A4-D7F4 AT asr wiv asr pbr wiv Ch 8 8 8 8 8 AR 44 45 20 43 50 Detected Time 2011-06-12/19:47:54 2011-06-12/19:45:28 2011-06-12/19:18:17 2011-06-12/19:10:48 2011-06-12/19:01:28 AP ap12 ap48 ap12 ap56 ap48 --------------------------------------------------------------------------
--------------------------------------------------------------------------
Description
In case of spoof attacks, this field provides the BSSID that was spoofed. In case of other attacks, this field provides the MAC address of the device that initiated the attack. Type of attack. Channel in which the attack was detected. Average RSSI of the attack frames. Time at which this attack was detected. Name of the AP that detected this attack.
AT Ch AR Detected time AP
Syntax
display wlan ids statistics [ | { begin | exclude | include } regular-expression ]
59
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display WLAN IDS statistics.
<Sysname> display wlan ids statistics Current attack tracking since: 2007-06-21/12:46:33 ---------------------------------------------------------------------Type Probe Request Frame Flood Attack Authentication Request Frame Flood Attack Deauthentication Frame Flood Attack Association Request Frame Flood Attack Disassociation Request Frame Flood Attack Reassociation Request Frame Flood Attack Action Frame Flood Attack Null Data Frame Flood Attack Weak IVs Detected Spoofed Deauthentication Frame Attack Spoofed Disassociation Frame Attack Current 2 0 0 1 4 0 0 0 12 0 0 Total 7 0 0 1 8 0 0 0 21 0 2 ----------------------------------------------------------------------
----------------------------------------------------------------------
Current
This field provides the total count of the attacks detected since the system startup. Number of probe request frame flood attacks detected. 60
Field
Authentication Request Frame Flood Attack Deauthentication Frame Flood Attack Association Request Frame Flood Attack Disassociation Request Frame Flood Attack Reassociation Request Frame Flood Attack Action Frame Flood Attack Null Data Frame Flood Attack Weak IVs Detected Spoofed Deauthentication Frame Attack Spoofed Disassociation Frame Attack
Description
Number of authentication request frame flood attack detected. Number of deauthentication frame flood attacks detected. Number of association request frame flood attacks detected. Number of disassociation request frame flood attacks detected. Number of reassociation request frame flood attacks detected. Number of action frame flood attacks detected. Number of null data frame flood attacks detected. Number of weak IVs detected. Number of spoofed deauthentication frame attacks detected. Number of spoofed disassociation frame attacks detected.
Syntax
reset wlan ids history
View
User view
Default level
1: Monitor level
Parameters
None
Example
# Clear all history information of attacks.
<Sysname> reset wlan ids history
61
Syntax
reset wlan ids statistics
View
User view
Default level
1: Monitor level
Parameters
None
Example
# Clear WLAN IDS statistics.
<Sysname>reset wlan ids statistics
62
Syntax
display wlan blacklist { static | dynamic } [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
2: System level
Parameters
static: Displays static blacklist entries. dynamic: Displays dynamic blacklist entries. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display the information of the static blacklist.
<Sysname> display wlan blacklist static Total Number of Entries: 3 Static Blacklist -------------------------------------------------------------------------MAC-Address -------------------------------------------------------------------------0014-6c8a-43ff 0016-6F9D-61F3 0019-5B79-F04A --------------------------------------------------------------------------
Description
MAC addresses of clients 63
Description
MAC address of the device inserted into the dynamic blacklist Lifetime of the corresponding entry in seconds Time elapsed since the entry was last updated Reason why the entry was added into the dynamic blacklist
Syntax
display wlan whitelist [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the white list.
<Sysname> display wlan whitelist Total Number of Entries: 3 Whitelist
64
Description
MAC addresses of clients in the white list
dynamic-blacklist enable
Description
Use the dynamic-blacklist enable command to enable the dynamic blacklist feature. Use the undo dynamic-blacklist enable command to disable the dynamic blacklist feature. By default, the dynamic blacklist feature is disabled. With this feature, a WLAN device, upon detecting flood attacks from a device, adds the device to the dynamic blacklist, and denies any packets from this device until the dynamic blacklist entry ages out.
Syntax
dynamic-blacklist enable undo dynamic-blacklist enable
View
WLAN IDS view
Default level
2: System level
Parameter
enable: Enables the dynamic blacklist feature.
Example
# Enable the dynamic blacklist feature.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] dynamic-blacklist enable
dynamic-blacklist lifetime
Description
Use the dynamic-blacklist lifetime command to set the lifetime for dynamic blacklist entries. Use the undo dynamic-blacklist lifetime command to restore the default.
65
By default, the lifetime is 300 seconds. If a dynamic blacklist entry is not detected within the lifetime, the entry is removed from the dynamic blacklist.
Syntax
dynamic-blacklist lifetime lifetime undo dynamic-blacklist lifetime
View
WLAN IDS view
Default level
2: System level
Parameter
lifetime: Interval, ranging from 60 to 3600 seconds.
Example
# Specify a lifetime of 1200 seconds for dynamic blacklist entries.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] dynamic-blacklist lifetime 1200
Syntax
reset wlan dynamic-blacklist { mac-address mac-address | all }
View
User view
Default level
1: Monitor level
Parameters
mac-address mac-address: Removes an entry with the specified MAC address from the dynamic blacklist. all: Removes all entries from the dynamic blacklist.
Example
# Remove a client with MAC address 001d-0f31-87d from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist mac-address 001d-0f31-87d
66
static-blacklist mac-address
Description
Use the static-blacklist mac-address command to add a client with a specified MAC address to the static blacklist. Use the undo static-blacklist command to remove the client with the specified MAC address or all clients from the static blacklist. Clients in the static blacklist cannot get associated with the AP. The maximum number of entries in the static blacklist is 64.
Syntax
static-blacklist mac-address mac-address undo static-blacklist { mac-address mac-address | all }
View
WLAN IDS view
Default level
2: System level
Parameters
mac-address: Adds/deletes a client to/from the static blacklist. all: Deletes all entries from the static blacklist.
Example
# Add the client with MAC address 0014-6c8a-43ff to the static blacklist.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] static-blacklist mac-address 0014-6c8a-43ff
whitelist mac-address
Description
Use the whitelist mac-address command to add a client with a specified MAC address to the white list. Use the undo whitelist command to remove the client with the specified MAC address or all clients from the white list. Clients in the white list can be associated with the AP. The maximum number of entries in the white list is 256.
Syntax
whitelist mac-address mac-address undo whitelist { mac-address mac-address | all }
View
WLAN IDS view
67
Default level
2: System level
Parameters
mac-address: Adds/deletes the client with the MAC address to/from the white list. all: Deletes all entries from the white list.
Example
# Add the client with MAC address 001c-f0bf-9c92 to the white list.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] whitelist mac-address 001c-f0bf-9c92
68
Syntax
display wlan wmm { radio [ interface wlan-radio wlan-radio-number ] | client { all | interface wlan-radio wlan-radio-number | mac-address mac-address } } [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
2: System level
Parameters
radio: Displays radio WMM information. client: Displays client WMM information. all: Displays WMM information about all clients. interface wlan-radio wlan-radio-number: Specifies a WLAN-radio interface. If the option is used with the radio parameter, this command displays the WMM information of the radio connected to the WLANradio interface. If the option is used with the client parameter, this command displays the WMM information of the client connected to the WLAN-radio interface. mac-address mac-address: Specifies a client by its MAC address. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display the WMM information of all radios.
<Sysname> display wlan wmm radio
69
-------------------------------------------------------------------------Radio interface : WLAN-Radio2/0 -------------------------------------------------------------------------Client EDCA update count : 1 QoS Mode Radio chip max AIFSN CAC Information Client accepted Voice Video Total request mediumtime(us) Voice(us) Video(us) : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : WMM : 255 Radio chip QoS mode Radio chip max ECWmin Radio chip max ECWmax : WMM : 10 : 10
Calls rejected due to insufficient resource Calls rejected due to invalid parameters Calls rejected due to invalid mediumtime Calls rejected due to invalid delaybound QoS Mode Admission Control Policy Threshold users count CAC-Free's AC Request Policy CAC Unauthed Frame Policy CAC Medium Time Limitation(us) CAC AC-VO's Max Delay(us) CAC AC-VI's Max Delay(us) SVP packet mapped AC number Radio's WMM Parameters: AC-BK ECWmin ECWmax AIFSN TXOPLimit AckPolicy Client's WMM Parameters: AC-BK ECWmin ECWmax AIFSN TXOPLimit CAC 4 10 7 0 Disable AC-BE 4 10 3 0 Disable 4 10 7 0 Normal AC-BE 4 6 3 0 Normal : WMM : Users : 20
: Response Success : Downgrade : 100000 : 50000 : 300000 : Disabled AC-VI 3 4 1 94 Normal AC-VI 3 4 2 94 Disable AC-VO 2 3 1 47 Normal AC-VO 2 3 2 47 Disable
--------------------------------------------------------------------------
Description
WLAN-radio interface.
70
Field
QoS mode Client EDCA update count Radio chip WMM support Radio chip max AIFSN Radio chip max ECWMIN Radio chip max TXOPLimit Radio chip max ECWMAX Station accepted Voice Mediumtime in use(microsecond per second) Video Mediumtime in use(microsecond per second) Voice calls in progress Video calls in progress Calls rejected due to insufficient resource Calls rejected due to invalid parameters Calls rejected due to invalid mediumtime Calls rejected due to invalid delaybound Admission Control Policy Threshold users count CAC-Free's AC Request Policy CAC Unauthed Frame Policy CAC Medium Time Limitation(us) CAC AC-VO's Max Delay(us) CAC AC-VI's Max Delay(us) SVP packet mapped AC number ECWmin ECWmax AIFSN 71
Description
QoS mode: WMM indicates that the WMM function is supported; none indicates that the WMM function is not supported. Number of client EDCA parameters updates. Indicates whether the radio chip supports the WMM function. Maximum AIFSN allowed by the radio chip. Maximum ECWmin allowed by the radio chip. Maximum TXOPLimit allowed by the radio chip. Maximum ECWmax allowed by the radio chip. Number of stations that have been admitted to access the radio. Total medium time of voice traffic (in microseconds per second). Total medium time of video traffic (in microseconds per second). Number of voice calls in progress. Number of video calls in progress. Number of requests rejected due to insufficient resources. Number of requests rejected due to invalid parameters. Number of requests rejected due to invalid medium time. Number of requests rejected due to invalid delay bound. Admission control policy. Threshold used by the admission control policy. Response policy used for CAC-incapable ACs. Policy of processing frames unauthorized by CAC. Maximum medium time allowed by the CAC policy (in microseconds). Maximum voice traffic delay allowed by the CAC policy (in microseconds). Maximum video traffic delay allowed by the CAC policy (in microseconds). The AC queue to which SVP packets are mapped. ECWmin value. ECWmax value. AIFSN value.
Field
TXOPLimit Ack Policy
Description
TXOPLimit value. ACK policy used by an AC queue. Indicates whether an AC queue is controlled by CAC. Disabled indicates that the AC queue is not controlled by CAC. Enabled indicates that the AC queue is controlled by CAC.
CAC
APSD information : Max SP Length : all L: Legacy AC State Assoc State CAC T: Trigger AC-BK T|D T|D AC-BE L L : 0 : 0 : 0 : 0 : AC-VO : 1 : 0 : 39.108 : : : 0 : 0 5s 5s Downlink TS packets Downlink TS bytes : 0 : 0 D: Delivery AC-VI T|D T|D AC-VO L T|D Downlink CAC packets Downlink CAC bytes Discard packets Discard bytes User Priority Direction : 0 : 0 : 0 : 0 : 7 : Bidirectional : 1500 : 2.000
information :
Uplink CAC packets Uplink CAC bytes Downgrade packets Downgrade bytes AC TID PSB Medium Time(ms) Create TS time Update TS time Uplink TS packets Uplink TS bytes
Surplus Bandwidth Allowance : 1.0000 Nominal MSDU Size(bytes) Minimum PHY Rate(Mbps)
Description
MAC address of a station. Service set ID associated with the client. QoS mode: WMM indicates that QoS mode is enabled; None indicates that QoS mode is not enabled.
72
Field
Max sp length AC
Description
Maximum service period. Access category. APSD attribute of an AC queue, which can be T, D, or L. T indicates that the AC queue is trigger-enabled; D indicates that the AC queue is delivery-enabled; T | D indicates that the AC queue is both trigger-enabled and delivery-enabled; L indicates that the AC queue is of legacy attributes. APSD attributes of the four AC queues specified when a client accesses the AP. Number of uplink CAC packets. Number of uplink CAC bytes. Number of downlink CAC packets. Number of downlink CAC bytes. Number of downgraded packets. Number of downgraded bytes. Number of dropped packets. Number of dropped bytes. Traffic direction. User priority. Traffic identifier. Power saving mode banner. Average MSDU size (in bytes). Average data transmission rate (in kbps). Minimum physical transmission rate (in Mbps). Surplus bandwidth allowance. Medium time (in microseconds). Time from when the TS was created to now. Time from when the TS was updated to now. Number of uplink TS packets. Number of uplink TS bytes. Number of downlink TS packets. Number of downlink TS bytes.
State
Assoc State Uplink CAC packets Uplink CAC bytes Downlink CAC packets Downlink CAC bytes Downgrade packets Downgrade bytes Discard packets Discard bytes Direction User Priority TID PSB Nominal MSDU Size(bytes) Mean Data Rate(kbps) Minimum PHY Rate(Mbps) Surplus Bandwidth Allowance Medium Time(ms) Create TS time Update TS time Uplink TS packets Uplink TS bytes Downlink TS packets Downlink TS bytes
Use the reset wlan wmm client command to clear the WMM statistics of the client identified by the specified MAC address, of the clients associated with the specified radio, or of all clients.
Syntax
reset wlan wmm { radio [ interface wlan-radio wlan-radio-number ] | client { all | interface wlan-radio wlan-radio-number | mac-address mac-address } }
View
User view
Default level
2: System level
Parameters
radio: Clears the WMM statistics information of radios. interface wlan-radio wlan-radio-number: Specifies a WLAN-radio interface by its number. If you use the option with the radio parameter, this command clears the WMM statistics of the radio connected to the WLAN-radio interface. If you use the option with the client parameter, this command clears the WMM statistics of the client connected to the WLAN-radio interface. client: Clears the WMM statistics information of clients. all: Clears the WMM statistics information of all clients. mac-address mac-address: Specifies a client by its MAC address.
Example
# Clear the WMM statistics information of all the radios.
<Sysname> reset wlan wmm radio all
Syntax
wmm cac policy { channelutilization [ channelutilization-value ] | users [ users-number ] } undo wmm cac policy
View
WLAN-radio interface view
Default level
2: System level
74
Parameters
channelutilization: Uses the channel utilization-based admission policy for CAC. channelutilization-value: Specifies the maximum channel utilization rate, which specifies the valid time of the accepted AC-VO traffic and AC-VI traffic to the total time during the unit time. This parameter ranges from 0 to 100. It is 65 by default. The unit is % (percentage). The valid time refers to the time available for transmitting and receiving data. users: Uses the users-based admission policy for CAC. users-number: Specifies the maximum number of clients allowed to be connected, which ranges from 0 to 64. This parameter is 20 by default. A client is counted only once, even if it is using both the AC-VO and AC-VI queues.
Example
# Configure CAC to use the channel utilization-based admission policy, with the channel utilization rate being 70%.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm cac policy channelutilization 70
AIFSN
7 3 1 1
ECWmin
4 4 3 2
ECWmax
10 6 4 3
TXOP Limit
0 0 94 47
For more information about each EDCA parameter, see WLAN Configuration Guide. ECWmin must be no greater than ECWmax. The two parameters must be enabled or disabled simultaneously. When an AP uses 802.1 radio cards, HP recommends that you set TXOPLimit values of the AC-BK, AC1b BE, AC-VI, and AC-VO queues to 0, 0, 188, and 102, respectively.
Syntax
wmm edca radio { ac-vo | ac-vi | ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value | noack } * undo wmm edca radio { ac-vo | ac-vi | ac-be | ac-bk } { aifsn | ecw | txoplimit | noack | all }
75
View
WLAN-radio interface view
Default level
2: System level
Parameters
ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue. all: Specifies all the EDCA parameters. noack: Specifies the AC queue to use the No ACK policy. The protocol defines two ACK policies: Normal ACK and No ACK. txoplimit-value: Specifies the TXOPLimit parameter of EDCA, which ranges from 0 to 65,535 (in units of 32 microseconds), and is also restricted by the capability of the radio chip. The TXOP value of 0 indicates that only one MPDU can be transmitted. ecwmin-value: Specifies the ECWmin parameter of EDCA, which ranges from 0 to 15, and is also restricted by the capability of the radio chip. ecwmax-value: Specifies the ECWmax parameter of EDCA, which ranges from 0 to 15, and is also restricted by the capability of the radio chip. aifsn-value: Specifies the AIFSN parameter of EDCA, which ranges from 1 to 15, and is also restricted by the capability of the radio chip.
Example
# Set AIFSN to 2 for the AC-VO queue of the radio.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm edca radio ac-vo aifsn 2
AIFSN
2 2
ECWmin
3 2
ECWmax
4 3
TXOP Limit
94 47
For more information about each EDCA parameter, see WLAN Configuration Guide.
76
ECWmin must not be greater than ECWmax. The two parameters must be enabled or disabled simultaneously. When all the clients are 802.1 terminals, HP recommends that you set the TXOPLimit to 188 and 102 1b for the AC-VI and AC-VO queues, respectively. If both 802.1 and 802.1 clients are present, HP recommends that you use the default TXOPLimit 1b 1g settings in Table 17. If CAC is enabled for an AC queue, CAC is also enabled for AC queues with higher priority. For example, if you use the wmm edca client command to enable CAC for the AC-VI queue, CAC is also enabled for the AC-VO queue. However, enabling CAC for the AC-VO queue does not enable CAC for the AC-VI queue.
Syntax
wmm edca client { ac-vo | ac-vi } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value | cac } * undo wmm edca client { ac-vo | ac-vi } { aifsn | ecw | txoplimit | cac | all }
View
WLAN-radio interface view
Default level
2: System level
Parameters
ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. all: Specifies all the EDCA parameters. cac: Enables CAC. The AC-VO and AC-VI queues support CAC, which is disabled by default. The AC-BE and AC-BK queues do not support CAC. aifsn-value: Specifies the AIFSN parameter of EDCA, which ranges from 2 to 15. ecwmin-value: Specifies the ECWmin parameter of EDCA, which ranges from 0 to 15. ecwmax-value: Specifies the ECWmax parameter of EDCA, which ranges from 0 to 15. txoplimit-value: Specifies the TXOPLimit parameter of EDCA, which ranges from 0 to 65,535 (in units of 32 microseconds). The TXOP value of 0 indicates that only one MPDU can be transmitted.
Example
# Set AIFSN to 3 for the AC-VO queue.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm edca client ac-vo aifsn 3
77
Use the undo wmm edca client command to restore the default of the specified or all EDCA parameters for the specified AC queue. The following table lists the default EDCA parameter settings for the AC-BK and AC-BE queues for clients. Table 18 Default EDCA parameter settings for clients AC queue
AC-BK queue AC-BE queue
AIFSN
7 3
ECWmin
4 4
ECWmax
10 10
TXOP Limit
0 0
For more information about each EDCA parameter, see WLAN Configuration Guide. ECWmin must not be greater than ECWmax. The two parameters must be enabled or disabled simultaneously. When all the clients are 802.1 terminals, HP recommends that you set the TXOPLimit value to 0 for both 1b the AC-BK and AC-BE queues. If both 802.1 and 802.1 clients are present, HP recommends that you use the default TXOPLimit 1b 1g settings for the AC-BK and AC-BE queues.
Syntax
wmm edca client { ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmaxvalue | txoplimit txoplimit-value } * undo wmm edca client { ac-be | ac-bk } { aifsn | ecw | txoplimit | all }
View
WLAN-radio interface view
Default level
2: System level
Parameters
ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue. all: Specifies all the EDCA parameters. aifsn-value: Specifies the AIFSN parameter of EDCA, which ranges from 2 to 15. ecwmin-value: Specifies the ECWmin parameter of EDCA, which ranges from 0 to 15. ecwmax-value: Specifies the ECWmax parameter of EDCA, which ranges from 0 to 15. txoplimit-value: Specifies the TXOPLimit parameter of EDCA, which ranges from 0 to 65,535 (in units of 32 microseconds). The TXOP value of 0 indicates that only one MPDU can be transmitted.
Example
# Set AIFSN to 3 for the AC-BE queue.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm edca client ac-be aifsn 5
78
wmm enable
Description
Use the wmm enable command to enable the WMM function. Use the undo wmm enable command to disable the WMM function. The WMM function is enabled by default. The 802.1 protocol stipulates that all 802.1 clients support WLAN QoS. Therefore, when the radio 1n 1n works in 802.1 1an or 802.1 1gn mode, you should enable WMM. Otherwise, the associated 802.1 1n clients may fail to communicate.
Syntax
wmm enable undo wmm enable
View
WLAN-radio interface view
Default level
2: System level
Parameters
None
Example
# Disable the WMM function.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] undo wmm enable
Syntax
wmm svp map-ac { ac-vo | ac-vi | ac-be | ac-bk } undo wmm svp map-ac
View
WLAN-radio interface view
Default level
2: System level
79
Parameters
ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue.
Example
# Map SVP packets to the AC-VO queue.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm svp map-ac ac-vo
80
Subscription service
HP recommends that you register your product at the Subscriber's Choice for Business website: http://www.hp.com/go/wwalerts After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources.
Related information
Documents
To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. For a complete list of acronyms and their definitions, see HP A-Series Acronyms.
Websites
HP.com http://www.hp.com HP Networking http://www.hp.com/go/networking HP manuals http://www.hp.com/support/manuals HP download drivers and software http://www.hp.com/support/downloads HP software depot http://www.software.hp.com
81
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention
Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... } * [ x | y | ... ] * &<1-n> #
Description
Bold text represents commands and keywords that you enter literally as shown. Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which you select one. Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none. Asterisk-marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one. Asterisk-marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none. The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times. A line that starts with a pound (#) sign is comments.
GUI conventions
Convention
Boldface >
Description
Window names, button names, field names, and menu items are in bold text. For example, the New User window appears; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Symbols
Convention
WARNING CAUTION IMPORTANT NOTE TIP
Description
An alert that calls attention to important information that if not understood or followed can result in personal injury. An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information. An alert that contains additional or supplementary information. An alert that provides helpful information.
82
83
Index
ABCDFGILMPRSTW
A a-mpdu enable,12 a-msdu enable,13 attack-detection enable,57 authentication-method,49 autochannel-set avoid-dot1 1h,42 B beacon ssid-hide,13 beacon-interval,14 C channel,15 channel band-width,15 cipher-suite,49 client dot1 1n-only,16 client max-count (service template view),17 D default,1 description,1 display interface wlan-bss,2 display interface wlan-ethernet,4 display interface wlan-radio,5 display wlan blacklist,63 display wlan client,18 display wlan ids history,58 display wlan ids statistics,59 display wlan rrm,42 display wlan service-template,22 display wlan statistics,23 display wlan whitelist,64 display wlan wmm,69 dot1 1b,44 dot1 1g,45 dot1 protection enable,46 1g dot1 mandatory maximum-mcs,46 1n dot1 support maximum-mcs,47 1n dtim,25
84
dynamic-blacklist enable,65 dynamic-blacklist lifetime,65 F fragment-threshold,26 G gtk-rekey client-offline enable,50 gtk-rekey enable,51 gtk-rekey method,51 I interface wlan-bss,8 interface wlan-ethernet,9 interface wlan-radio,9 L long-retry threshold,26 M max-power,27 max-rx-duration,27 P preamble,28 ptk-lifetime,52 R radio-type,29 reset wlan client,29 reset wlan dynamic-blacklist,66 reset wlan ids history,61 reset wlan ids statistics,62 reset wlan statistics,30 reset wlan wmm,73 rts-threshold,30 S security-ie,53 service-template (service template view),32 service-template (WLAN-radio interface view),31
short-gi enable,32 short-retry threshold,33 shutdown (WLAN-BSS interface view),10 shutdown (WLAN-Radio interface view),10 ssid,34 SSID-based access control configuration commands,40 static-blacklist mac-address,67 T tkip-cm-time,53 W wep default-key,54 wep key-id,55 whitelist mac-address,67 wlan broadcast-probe reply,34 wlan client idle-timeout,35 WLAN client isolation commands,40 wlan client keep-alive,35 wlan country-code,36 wlan ids,57 WLAN IDS attack detection configuration commands,57 WLAN IDS configuration commands,57 wlan permit-ssid,40 wlan rrm,48 wlan service-template,39 wlan-client-isolation enable,40 wmm cac policy,74 wmm edca client (ac-be and ac-bk),77 wmm edca client (ac-vo and ac-vi),76 wmm edca radio,75 wmm enable,79 wmm svp map-ac,79
85