HP a-MSR Router Series High WLAN Command Reference

HP A-MSR Router Series WLAN Command Reference
Abstract This document describes the commands and command syntax options available for the HP A Series products. This document is intended for network planners, field technical support and servicing engineers, and network administrators who work with HP A Series products.
Part number: 5998-2048 Software version: CMW520-R2207P02 Document version: 6PW100-20110810
Legal and notice information

Copyright 201 Hewlett-Packard Development Company, L.P. 1 No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Contents
WLAN interface configuration commands 1 default 1 description 1 display interface wlan-bss 2 display interface wlan-ethernet 4 display interface wlan-radio 5 interface wlan-bss 8 interface wlan-ethernet 9 interface wlan-radio 9 shutdown (WLAN-Radio interface view) 10 shutdown (WLAN-BSS interface view) 10 WLAN configuration commands 12 802.11 MAC configuration commands 12 a-mpdu enable 12 a-msdu enable 13 beacon ssid-hide 13 beacon-interval 14 channel 15 channel band-width 15 client dot11n-only 16 client max-count (service template view) 17 display wlan client 18 display wlan service-template 22 display wlan statistics 23 dtim 25 fragment-threshold 26 long-retry threshold 26 max-power 27 max-rx-duration 27 preamble 28 radio-type 29 reset wlan client 29 reset wlan statistics 30 rts-threshold 30 service-template (WLAN-radio interface view) 31 service-template (service template view) 32 short-gi enable 32 short-retry threshold 33 ssid 34 wlan broadcast-probe reply 34 wlan client idle-timeout 35 wlan client keep-alive 35 wlan country-code 36 wlan service-template 39 WLAN client isolation commands 40 wlan-client-isolation enable 40 SSID-based access control configuration commands 40 wlan permit-ssid 40
iii
WLAN RRM configuration commands 42 autochannel-set avoid-dot11h 42 display wlan rrm 42 dot11b 44 dot11g 45 dot11g protection enable 46 dot11n mandatory maximum-mcs 46 dot11n support maximum-mcs 47 wlan rrm 48 WLAN security configuration commands 49 authentication-method 49 cipher-suite 49 gtk-rekey client-offline enable 50 gtk-rekey enable 51 gtk-rekey method 51 ptk-lifetime 52 security-ie 53 tkip-cm-time 53 wep default-key 54 wep key-id 55 WLAN IDS configuration commands 57 WLAN IDS configuration commands 57 wlan ids 57 WLAN IDS attack detection configuration commands 57 attack-detection enable 57 display wlan ids history 58 display wlan ids statistics 59 reset wlan ids history 61 reset wlan ids statistics 62 WLAN frame filtering configuration commands 63 display wlan blacklist 63 display wlan whitelist 64 dynamic-blacklist enable 65 dynamic-blacklist lifetime 65 reset wlan dynamic-blacklist 66 static-blacklist mac-address 67 whitelist mac-address 67 WLAN QoS configuration commands 69 display wlan wmm 69 reset wlan wmm 73 wmm cac policy 74 wmm edca radio 75 wmm edca client (ac-vo and ac-vi) 76 wmm edca client (ac-be and ac-bk) 77 wmm enable 79 wmm svp map-ac 79 Support and other resources 81 Contacting HP 81 Subscription service 81 Related information 81 Documents 81 Websites 81
iv
Conventions 82
Index 84
WLAN interface configuration commands

The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20-1x routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module.
default
Description
Use the default command to restore the default settings for a WLAN-BSS, WLAN-Ethernet, or WLANRadio interface.
Syntax
default
View
WLAN-BSS interface view, WLAN-Ethernet interface view, WLAN-Radio interface view.
Default level
2: System level
Parameters
None
Example
# Restore the default settings of WLAN-BSS interface 1.
<Sysname> system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] default This command will restore the default settings. Continue? [Y/N]:y
description
Description
Use the description command to set the description of the current interface. Use the undo description command to restore the default. By default, the description of an interface is interface-name + Interface.
Syntax
description text undo description
View
WLAN-BSS interface view, WLAN-Ethernet interface view, WLAN-Radio interface view.
Default level
2: System level
Parameter
text: Describes the current interface, a string of 1 to 80 characters. The device supports the following types of characters or symbols: standard English characters (numbers and case-sensitive letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard. An interface description can be the mixture of English characters and other Unicode characters. The mixed description cannot exceed the specified length. To use a type of Unicode characters or symbols in an interface description, you must install the corresponding IME and log in to the device through remote login software that supports this character type. Each Unicode character or symbol (non-English characters) takes the space of two regular characters. When the length of a description string reaches or exceeds the maximum line width on the terminal software, the software starts a new line, possibly breaking a Unicode character into two parts. As a result, garbled characters may be displayed at the end of a line.
Example
# Set the description of WLAN-Radio 2/0 to WLAN-Radio2 Interface.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] description WLAN-Radio2 Interface
display interface wlan-bss

Description
Use the display interface wlan-bss command to display the information of the specified WLAN-BSS interface or all WLAN-BSS interfaces if no WLAN-BSS interface is specified. If you do not provide the wlan-bss parameter, the command displays information about all interfaces on the device. If you provide the wlan-bss parameter, and do not provide the interface-number parameter, the command displays information about all WLAN-BSS interfaces.
Syntax
display interface [ wlan-bss] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface wlan-bss interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
interface-number: Specifies a WLAN-BSS interface by its number. brief: Displays brief interface information. If you do not provide this parameter, the command displays detailed interface information.
2
down: Displays down interface information and the cause. If you do not provide this parameter, the command output is not filtered based on the down interface status. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the information of interface WLAN-BSS 1 (assume that the interface supports traffic statistics collection).
<Sysname> display interface wlan-bss 1 WLAN-BSS1 current state: DOWN IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e2c0-0110 Description: WLAN-BSS1 Interface PVID: 1 Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Port priority: 0 Last clearing of counters: Maximum client number: 0 Clients: 0 associating, 0 associated Input (total) : 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes Output (total): 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes Never
Table 1 Command output Field

WLAN-BSS1 current state IP Packet Frame Type Hardware Address Description PVID Port link-type Tagged VLAN ID Untagged VLAN ID
Description
Physical link state of a WLAN-BSS interface. Output frame encapsulation type. MAC address of output frames. Description of the interface. Default VLAN ID of the interface. Port link type, which can be access or hybrid. VLANs whose packets are sent through the port with VLAN tag kept. VLANs whose packets are sent through the port with VLAN tag stripped off.
Field
Last clearing of counters: Never
Description
Time when the reset counts interface command was last used to clear statistics on the interface. Never indicates that the reset counts interface command was never used since the device was started. Maximum number of clients allowed to access. This field is available only if the interface supports traffic statistics collection. Number of clients that are associating, number of clients associated. This field is available only if the interface supports traffic statistics collection. Input packet statistics of the interface:
Maximum client number
Clients: 0 associating, 0 associated
Input (total): 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes
Number of packets, number of bytes Number of unicast packets, number of bytes of unicast
packets
Number of multicast/broadcast packets, number of bytes of

multicast/broadcast packets This field is available only if the interface supports traffic statistics collection. Output packet statistics of the interface:
Output (total): 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicast/broadcasts, 0 bytes
Number of packets, number of bytes Number of unicast packets, number of bytes of unicast
packets
Number of multicast/broadcast packets, number of bytes of

multicast/broadcast packets This field is available only if the interface supports traffic statistics collection.
display interface wlan-ethernet

Description
Use the display interface wlan-ethernet command to display the information of a WLAN-Ethernet interface. If you do not provide the wlan-ethernet parameter, the command displays information about all interfaces on the device. If you provide the wlan-ethernet parameter, and do not provide the interface-number parameter, the command displays information about all WLAN-Ethernet interfaces.
Syntax
display interface [ wlan-ethernet ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface wlan-ethernet interface-number [ brief ] [ | { begin | exclude | include } regularexpression ]
View
Any view
Default level
1: Monitor level
4
Parameters
interface-number: Specifies a WLAN-Ethernet interface by its number. brief: Displays brief interface information. If you do not provide this parameter, the command displays detailed interface information. down: Displays down interface information and the cause. If you do not provide this parameter, the command output is not filtered based on the down interface status. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the information of interface WLAN-Ethernet 1 (assume that the interface supports traffic 1 statistics collection).
<Sysname> display interface wlan-ethernet 11 WLAN-Ethernet11 current state: DOWN Line protocol current state: DOWN The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e212-12f0 Last clearing of counters: Maximum client number: 0 Clients: 0 associating, 0 associated Input (total) : 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes Output (total): 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes Never
For the display interface wlan-ethernet command output description, see Table 1Error! Reference source not found..
display interface wlan-radio

Description
Use the display interface wlan-radio command to display the information of a WLAN-Radio interface. If you do not provide the wlan-radio parameter, the command displays information about all interfaces on the device. If you provide the wlan-radio parameter, and do not provide the interface-number parameter, the command displays information about all WLAN-Radio interfaces.
Syntax
display interface [ wlan-radio ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]
5
display interface wlan-radio interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
interface-number: Specifies a WLAN-Radio interface by its number. brief: Displays brief interface information. If you do not provide this parameter, the command displays detailed interface information. down: Displays down interface information and the cause. If you do not provide this parameter, the command output is not filtered based on the down interface status. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the information of interface WLAN-Radio 2/0.
<Sysname> display interface WLAN-Radio 2/0 WLAN-Radio2/0 current state: UP IP Packet Frame Type: PKTFMT_IEEE_802.11, Hardware Address: 000f-e2c0-0110 Description: WLAN-Radio2/0 Interface Radio-type dot11g, channel auto, power(dBm) 23 Received: 0 authentication frames, 0 association frames Sent out: 0 authentication frames, 0 association frames Stations: 0 associating, 0 associated Input : 30007 packets, 1536614 bytes : 13565 unicasts, 520774 bytes : 16442 multicasts/broadcasts, 1015840 bytes : 0 fragmented : 5687 discarded, 263913 bytes : 0 duplicates, 3054 FCS errors : 2 decryption errors Output: 2032 packets, 468562 bytes : 7 unicasts, 1776 bytes : 312 multicasts/broadcasts, 40114 bytes : 1713 others, 426672 bytes : 0 fragmented : 0 discarded, 0 bytes : 0 failed RTS, 335 failed ACK : 334 transmit retries, 122 multiple transmit retries

WLAN-Radio2/0 current state IP Packet Frame Type Hardware Address Description Radio-type dot11g
Description
Physical link state of the WLAN-Radio interface. Output frame encapsulation type. MAC address of the interface. Description of the interface. WLAN protocol type used by the interface. Channel used by the interface. The parameter auto means the channel is selected automatically, and 11 is the number of the selected channel. If the channel is selected manually, the field is displayed in the format of channel configured-channel. Transmit power of the interface (in dBm). The value 23 is the transmit power configured by the user; auto indicates that the actual power is different from that configured by the user. For more information about the max-power command and the power-constraint command, see WLAN Command Reference. 802.11n protection modes:
channel auto(11)
power(dBm) 23
no protection mode(0): The clients associated with the AP,

and the wireless devices within the coverage of the AP operate in 802.1 mode, and all the clients associated with 1n the AP operate in either 40 MHz or 20 MHz mode.
Non-member mode(1): The clients associated with the AP

HT protection mode operate in 802.1 mode, but non-802.1 wireless devices 1n 1n exist within the coverage of the AP.
20 MHz mode(2): The radio mode of the AP is 40 MHz.

The clients associated with the AP and the wireless devices within the coverage of the AP operate in 802.1 mode, 1n and at least one 802.1 client operating in 20 MHz mode 1n is associated with the radio of the AP.
Non-HT mix mode(3): All situations except the above three.

Received: 0 authentication frames, 0 association frames Sent out: 0 authentication frames, 0 association frames Stations: 0 associating, 0 associated Input : 30007 packets, 1536614 bytes : 13565 unicasts, 520774 bytes : 16442 broadcasts, 1015840 bytes : 0 fragmented : 5687 discarded, 263913 bytes : 0 duplicates, 3054 FCS errors : 2 decryption errors Received: Number of authentication frames, number of association frames. Sent out: Number of authentication frames, number of association frames. Number of wireless users. Input packet statistics of the interface:
Number of packets, number of bytes. Number of unicast packets, number of bytes of unicast
packets.
Number of broadcast packets, number of bytes of broadcast

packets.
Number of fragmented packets. Number of discarded packets, number of discarded bytes. Number of duplicate frames, number of FCS errors. Number of encryption errors.
Field
Output: 2032 packets, 468562 bytes : 7 unicasts, 1776 bytes : 312 multicasts/broadcasts, 40114 bytes : 1713 others, 426672 bytes : 0 fragmented : 0 discarded, 0 bytes : 0 failed RTS, 335 failed ACK : 334 transmit retries, 122 multiple transmit retries
Description
Output packet statistics of the interface:
Number of packets (unicasts + multicasts/broadcasts +

others), number of bytes.
Number of unicast packets, number of bytes of unicast

packets.
Number of broadcast packets, number of bytes of broadcast

packets.
Number of other types of packets, bytes. Number of fragmented packets. Number of discarded packets, number of discarded bytes. Number of failed RTS packets, number of failed ACK packets.
Number of retransmitted frames, number of transmit retries.
interface wlan-bss
Description
Use the interface wlan-bss command to enter WLAN-BSS interface view. If the WLAN-BSS interface identified by the interface-number parameter does not exist, this command creates the WLAN-BSS interface first. Use the undo interface wlan-bss command to remove a WLAN-BSS interface.
Syntax
interface wlan-bss interface-number undo interface wlan-bss interface-number
View
System view
Default level
2: System level
Parameter
interface-number: Specifies a WLAN-BSS interface by its number.
Example
# Create the WLAN-BSS interface numbered 1.
<Sysname> system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1]
interface wlan-ethernet
Description
Use the interface wlan-ethernet command to enter WLAN-Ethernet interface view. If the WLAN-Ethernet interface identified by the interface-number parameter does not exist, this command creates the WLANEthernet interface first. Use the undo interface wlan-ethernet command to remove a WLAN-Ethernet interface.
Syntax
interface wlan-ethernet interface-number undo interface wlan-ethernet interface-number
View
System view
Default level
2: System level
Parameter
interface-number: Specifies a WLAN-Ethernet interface by its number.
Example
# Create the WLAN-Ethernet interface numbered 1.
<Sysname> system-view [Sysname] interface wlan-ethernet 1 [Sysname-WLAN-Ethernet1]
interface wlan-radio
Description
Use the interface wlan-radio command to enter WLAN-Radio interface view.
Syntax
interface wlan-radio interface-number
View
System view
Default level
2: System level
Parameter
interface-number: Specifies a WLAN-Radio interface by its number.
Example
# Enter WLAN-Radio 2/0 interface view.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0]
shutdown (WLAN-Radio interface view)

Description
Use the shutdown command to shut down the current WLAN-Radio interface. Use the undo shutdown command to bring up the current WLAN-Radio interface. By default, the WLAN-Radio interface is up.
Syntax
shutdown undo shutdown
View
WLAN-Radio interface view
Default level
2: System level
Parameters
None
Example
# Shut down interface WLAN-Radio 2/0.
<Sysname>system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] shutdown
shutdown (WLAN-BSS interface view)

Description
Use the shutdown command to shut down the current WLAN-BSS interface. Use the undo shutdown command to bring up the current WLAN-BSS interface. By default, the WLAN-BSS interface is up. After a WLAN-BSS interface is shut down, the connection between the interface and the wireless device is torn down.
Syntax
shutdown undo shutdown
View
WLAN-BSS interface view
Default level
2: System level
Parameters
None
10
Example
# Shut down interface WLAN-BSS 1.
<Sysname>system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-Bss1] shutdown
11
WLAN configuration commands

The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20-1X routers with IEEE 802.1 1b/g and A-MSR series routers installed with a SIC WLAN module.
802.11 MAC configuration commands

a-mpdu enable
Description
Use the a-mpdu enable command to enable the A-MPDU function for the radio. Use the undo a-mpdu enable command to disable the A-MPDU function for the radio. By default, the A-MPDU function is enabled. This command is only effective on 802.1 radios. 1n If you change the radio type of an 802.1 radio, the default setting for this function of the new radio 1n type is restored. The following matrix shows the command and router compatibility: Command A-MSR900 A-MSR20-1X
Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR20
A-MSR30
A-MSR50
a-mpdu enable
No
Syntax
a-mpdu enable undo a-mpdu enable
View
Default level
2: System level
Parameters
None
Example
# Disable the A-MPDU function on the current radio interface.
<sysname> system-view [sysname] interface WLAN-Radio 2/0
12
[sysname-WLAN-Radio2/0] undo a-mpdu enable
a-msdu enable
Description
Use the a-msdu enable command to enable the A-MSDU function for the radio. Use the undo a-msdu enable command to disable the A-MSDU function for the radio. By default, the A-MSDU function is enabled. This command is only effective on 802.1 radios. If you change the radio type of an 802.1 radio, the 1n 1n default setting for this function of the new radio type is restored. The device only receives but does not send A-MSDU frames. The following matrix shows the command and router compatibility: Command A-MSR900 A-MSR20-1X
A-MSR20
A-MSR30
A-MSR50
a-msdu enable
No
Syntax
a-msdu enable undo a-msdu enable
View
Default level
2: System level
Parameters
None
Example
# Disable the A-MSDU function on the current radio interface.
<sysname> system-view [sysname] interface WLAN-Radio 2/0 [sysname-WLAN-Radio2/0] undo a-msdu enable
beacon ssid-hide
Description
Use the beacon ssid-hide command to hide the SSID in beacon frames. Use the undo beacon ssid-hide command to restore the default. By default, the SSID is not hidden in beacon frames.
13
When the SSID in beacon frames is hidden, you must configure the SSID for the clients to associate with the AP. Disabling the advertising of the SSID in beacon frames does little good to wireless security. Allowing the advertising of the SSID in beacon frames enables a client to discover an AP more easily.
Syntax
beacon ssid-hide undo beacon ssid-hide
View
Service template view
Default level
2: System level
Parameters
None
Example
# Hide the SSID in beacon frames.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] beacon ssid-hide
beacon-interval
Description
Use the beacon-interval command to set the interval for sending beacon frames. Beacon frames are transmitted at a regular interval to allow mobile clients to join the network. Use the undo beacon-interval command to restore the default beacon interval. By default, the beacon interval is 100 TUs. Beacon frames are used for the device to communicate with other APs or network control devices to advertise its existence.
Syntax
beacon-interval interval undo beacon-interval
View
Default level
2: System level
Parameter
interval: Specifies the interval for sending beacon frames, ranging from 32 to 8191 TUs.
14
Example
# Specify the beacon interval as 1000 TUs.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] beacon-interval 1000
channel
Description
Use the channel command to specify a channel for the radio. Use the undo channel command to restore the default. By default, auto mode is set. Different radios support different channels. Channels may differ for each country.
Syntax
channel { channel-number | auto } undo channel
View
Default level
2: System level
Parameters
channel-number: Specifies a channel. The working channels depend on the country code and radio mode. The channel list depends on your device model. auto: Specifies that the channel is selected automatically by the device according to the actual environment during system initialization.
Example
# Specify channel 6 for radio interface 2/0.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] radio-type dot11b [Sysname-WLAN-Radio2/0] channel 6
channel band-width
Description
Use the channel band-width command to specify the channel bandwidth of the 802.1 radio. 1n Use the undo channel band-width command to restore the default. By default, the channel bandwidth of the 802.1 1gn radio is 20 MHz. This command is only effective on 802.1 radios. 1n
15
If you change the radio type of an 802.1 radio, the default setting for this function of the new radio 1n type is restored. If the channel bandwidth of the radio is set to 40 MHz, a 40 MHz channel is used as the working channel. If no 40 MHz channel is available, only a 20 MHz channel can be used. The following matrix shows the command and router compatibility: Parameter A-MSR900 A-MSR20-1X
Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR20
A-MSR30
A-MSR50
20
No
40
No
Syntax
channel band-width { 20 | 40 } undo channel band-width
View
Default level
2: System level
Parameters
20: Specifies the channel bandwidth of the 802.1 radio as 20 MHz. 1n 40: Specifies the channel bandwidth of the 802.1 radio as 40 MHz. 1n
Example
# Configure the channel bandwidth of the current radio interface as 20 MHz.
<sysname> system-view [sysname] interface Wlan-radio 2/0 [sysname-WLAN-Radio2/0] radio-type dot11gn [sysname-WLAN-Radio2/0] channel band-width 20
client dot11n-only
Description
Use the client dot1 1n-only command to allow only 802.1 clients to access. 1n Use the undo client dot1 1n-only command to restore the default. By default, an 802.1 1gn radio permits 802.1 1b/g clients to access.
16
The client dot1 1n-only command will prohibit non-802.1 clients from access. Therefore, if you want to 1n provide access for all 802.1 1b/g clients, you need to disable this command. Related commands: dot1 mandatory maximum-mcs. 1n The following matrix shows the command and router compatibility: Command A-MSR900 A-MSR20-1X
A-MSR20
A-MSR30
A-MSR50
client dot11n-only
No
Syntax
client dot1 1n-only undo client dot1 1n-only
View
Default level
2: System level
Parameters
None
Example
# Configure the radio to allow only 802.1 clients to access. 1n
<sysname> system-view [sysname] interface Wlan-radio 2/0 [sysname-WLAN-Radio2/0] radio-type dot11gn [sysname-WLAN-Radio2/0] client dot11n-only
client max-count (service template view)

Description
Use the client max-count command to specify the maximum number of clients associated to a radio for an SSID. Use the undo client max-count command to restore the default. By default, up to 32 clients can be associated to a radio. When the number of clients associated to a radio reaches the maximum number, the SSID is hidden automatically.
Syntax
client max-count max-number undo client max-count
17
View
Default level
2: System level
Parameter
max-number: Specifies the maximum number of clients associated to a radio, ranging from 1 to 32.
Example
# Specify the maximum number of clients associated to a radio with SSID service as 10.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid service [Sysname-wlan-st-1] client max-count 10
display wlan client

Description
Use the display wlan client command to display WLAN client information. The information is displayed in the order of client MAC address.
Syntax
display wlan client { interface wlan-radio [ radio-number ] | mac-address mac-address | servicetemplate service-template-number } [ verbose ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
wlan-radio radio-number: Displays the information of clients attached to the specified radio. The radio number value is 1. mac-address mac-address: Specifies the MAC address of a client. service-template service-template-number: Displays client information based on the specified service template. The service template number ranges from 1 to 1024. verbose: Displays detailed client information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
18
Examples
# Display information about all the clients.
<Sysname> display wlan client Total Number of Clients SSID: office -------------------------------------------------------------------------------MAC Address User Name APID/RID IP Address 1/1 1024/1 103 /1 1.1.1.1 3.0.0.3 FE:11:12:03::11:25:13 VLAN 1 3 1 -------------------------------------------------------------------------------000f-e265-6400 -NA000f-e265-6401 user 000f-e265-6402 mac@office.com : 3 Client Information

SSID MAC address
Description
SSID with which the client is associated. MAC address of the client. Username of the client:
The field is displayed as -NA- if the client adopts plain-text authentication or

User Name cipher-text authentication with no username.
The field is irrelevant to the portal authentication method. If the client uses the
portal authentication method, the field does not display the portal username of the client.
APID/RID IP Address VLAN
ID of the AP or radio with which the client is associated. IP address of the client. VLAN to which the client belongs.
# Display the detailed information of all clients.

<Sysname> display wlan client verbose Total Number of Clients : 1 Client Information -------------------------------------------------------------------------MAC Address User Name AID Radio Interface SSID BSSID Port VLAN State Power Save Mode Wireless Mode Channel Band-width SM Power Save Enable Short GI for 20MHz : 0014-6c91-9a14 : Guest : 251 : WLAN-Radio2/0 : nsw-nsw : 000f-e2cc-2022 : WLAN-BSS1 : 1 : Running : Sleep : 11gn : 20MHz : Disabled : Not Supported
19
Short GI for 40MHz Support MCS Set BLOCK ACK-TID 0 QoS Mode RSSI Rx/Tx Rate Client Type Authentication Method AKM Method 4-Way Handshake State Group Key State Encryption Cipher Roam Status Roam Count Up Time (hh:mm:ss)
: Not Supported : 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 : BOTH : WMM : 25 : 48/54 : RSN : Open System : Dot1X : PTKINITDONE : IDLE : CCMP : Normal : 0 : 00:05:15
Listen Interval (Beacon Interval) : 10
--------------------------------------------------------------------------

MAC address
Description
MAC address of the client. Username of the client:
The field is displayed as -NA- if the client adopts plain-text

User Name authentication or cipher-text authentication with no username.
The field is irrelevant to the portal authentication method. If the client

uses the portal authentication method, the field does not display the portal username of the client.
AID Radio Interface SSID BSSID Port VLAN State Power Save Mode
Association ID of the client. WLAN radio interface. SSID of the client. ID of the BSS. WLAN-BSS interface associated with the client. VLAN to which the client belongs. State of the client such as running. Clients power save mode such as active or sleep. Wireless mode such as 802.11b, 802.11g, 802.11gn.
Wireless Mode
IMPORTANT: Support for the wireless mode depends on the device model. Channel bandwidth, 20 MHz or 40 MHz. SM Power Save enables a client to have one antenna in the active state, and others in sleep state to save power.
Channel Band-width
SM Power Save Enable
Enabled: SM Power Save is enabled. Disabled: SM Power Save is disabled.
20
Field
Short GI for 20MHz Short GI for 40MHz Support MCS Set
Description
Indicates whether the client supports short GI when its channel bandwidth is 20 MHz. Indicates whether the client supports short GI when its channel bandwidth is 40 MHz. MCS supported by the client BLOCK ACK is negotiated based on traffic identifier (TID) 0:
BLOCK ACK-TID 0
OUT: Outbound direction. IN: Inbound direction. BOTH: Both outbound and inbound directions.
WMM indicates that the WMM function is supported; None indicates that the WMM function is not supported. WMM information negotiation is carried out between an AP and a client that both support WMM. Number of times the client has waken up to listen to beacon frames. Received signal strength indication. This value indicates the client signal strength detected by the AP. Represents the receiving and sending rates of the frames such as data, management, and control frames. Station type such as RSN, WPA, or Pre-RSN. Authentication method such as open system or shared key. AKM suite used such as Dot1X or PSK. Displays either of the 4-way handshake states:
QoS Mode
Listen Interval(Beacon Interval) RSSI Rx/Tx Rate Station Type Authentication Method AKM Method
4-Way Handshake State
IDLE: Displayed in initial state. PTKSTART: Displayed when the 4way handshake is initialized. PTKNEGOTIATING: Displayed after sending valid message 3. PTKINITDONE: Displayed when the 4-way handshake is successful.
Displays the group key state such as: Group Key State
IDLE: Displayed in initial state. REKEYNEGOTIATE: Displayed after the AC sends the initial message to
the client.
REKEYESTABLISHED: Displayed when re-keying is successful.

Encryption Cipher Roam Status Roam Count Up Time Encryption cipher such as clear or crypto. Displays the roam status such as Normal or Fast Roaming. It is Normal for the fat AP. Roaming count of the client, not supported on the fat AP. Time for which the client has been associated with the AP.
21
display wlan service-template

Description
Use the display wlan service-template command to display WLAN service template information. If no service template is specified, all service templates are displayed.
Syntax
display wlan service-template [ service-template-number ] [ | { begin | exclude | include } regularexpression ]
View
Any view
Default level
1: Monitor level
Parameters
service-template-number: Specifies the number of a service template, ranging from 1 to 1024. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the configuration information of service template 1.
<Sysname> display wlan service-template 1 Service Template Parameters -------------------------------------------------------------------------Service Template Number SSID Service Template Type Security IE Authentication Method SSID-hide Cipher Suite WEP Key Index WEP Key Mode WEP Key TKIP Countermeasure Time(s) PTK Life Time(s) GTK Rekey GTK Rekey Method GTK Rekey Packets Service Template Status Maximum clients per BSS 1 : 1 : nsw-nsw : Crypto : RSN WPA : Open System : Disabled : TKIP CCMP : WEP40 : ASCII : 12345 : 60 : 180 : Enabled : Packet-based : 5000 : Enabled : 35
22
--------------------------------------------------------------------------

Service Template Number SSID Service Template Type Security IE Authentication Method SSID-hide Cipher Suite WEP Key Index WEP Key Mode TKIP Countermeasure Time(s) PTK Life Time(s) GTK Rekey GTK Rekey Method GTK Rekey Packets Service Template Status Maximum clients per BSS
Description
Current service template number Service set identifier associated with the client Service template type crypto or clear Security IE such as WPA and RSN Type of authentication used: open system or shared key Enabled or disabled Cipher suite such as CCMP, TKIP, WEP40, WEP104 or WEP128 Key index to encrypt or decrypt frames WEP key format
HEX: Hexadecimal string ASCII: ASCII character string.

Countermeasure time for MIC failure in seconds PTK lifetime in seconds GTK rekey configured GTK rekey method configured such as packet based or time based Time for GTK rekey in seconds Status such as enabled or disabled Maximum number of associated clients per BSS
display wlan statistics

Description
Use the display wlan statistics command to display client statistics.
Syntax
display wlan statistics client { all | mac-address mac-address } [ | { begin | exclude | include } regularexpression ]
View
Any view
Default level
1: Monitor level
Parameters
client: Displays client statistics. all: Displays the statistics of all clients. mac-address mac-address: Displays the statistics of the client with the specified MAC address.
23
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Example
# Display the statistics of all the clients.
<Sysname> display wlan statistics client all Client Statistics -------------------------------------------------------------------------AP Name Radio Id SSID BSSID MAC Address RSSI Transmitted Frames: Back Ground (Frames/Bytes) Best Effort (Frames/Bytes) Video (Frames/Bytes) Voice (Frames/Bytes) Received Frames: Back Ground (Frames/Bytes) Best Effort (Frames/Bytes) Video (Frames/Bytes) Voice (Frames/Bytes) Discarded Frames: Back Ground (Frames/Bytes) Best Effort (Frames/Bytes) Video (Frames/Bytes) Voice (Frames/Bytes) : 0/0 : 0/0 : 0/0 : 5/389 : 0/0 : 18/2437 : 0/0 : 7/468 : 0/0 : 9/1230 : 0/0 : 2/76 : ap1 : 1 : 123 : 000f-e2ff-7700 : 0014-6c8a-43ff : 31
--------------------------------------------------------------------------
--------------------------------------------------------------------------

AP Name Radio Id SSID BSSID MAC Address RSSI
Description
Access Point name. Radio ID. SSID to which the client is associated. ID of the BSS. MAC address of the client. Received Signal Strength Indicator. It indicates the client signal strength detected by the AP. 24
Field
Transmitted Frames Back Ground(Frames/Bytes) Best Effort(Frames/Bytes) Video(Frames/Bytes) Voice(Frames/Bytes) Received Frames Discarded Frames
Description
Transmitted Frames. Statistics of background traffic. Statistics of best effort traffic. Statistics of video traffic. Statistics of voice traffic. Received frames. Discarded frames.
Statistics for background, best effort, video, and voice traffic are only for QoS-capable clients. For QoSincapable clients, only best effort traffic statistics are available (including SVP packets) and may be inconsistent with the real physical output queues because the priority-queue statistics can only identify priorities carried in Dot1 and WMM packets. Otherwise, statistics of received packets cannot be 1E collected.
dtim
Description
Use the dtim command to set the DTIM counter for an AP waits before it sends buffered multicast and broadcast frames. The AP sends buffered broadcast/multicast frames when the DTIM counter reaches the configured value. Use the undo dtim command to restore the default. By default, the DTIM counter is 1.
Syntax
dtim counter undo dtim
View
Default level
2: System level
Parameter
counter: Specifies the number of beacon intervals between DTIM transmissions. The value ranges from 1 to 31.
Example
# Set the DTIM counter to 10.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] dtim 10
25
fragment-threshold
Description
Use the fragment-threshold command to specify the fragment threshold (maximum length of frames that can be transmitted without fragmentation). When the length of a frame exceeds the specified fragment threshold value, it is fragmented. Use the undo fragment-threshold command to restore the default value. By default, the fragment threshold is 2346 bytes. Frames that exceed 2346 bytes are fragmented.
Syntax
fragment-threshold size undo fragment-threshold
View
Default level
2: System level
Parameter
size: Specifies the maximum frame length without fragmentation. The value ranges from 256 to 2346 bytes, and must be an even number.
Example
# Specify the fragment threshold as 2048 bytes.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] fragment-threshold 2048
long-retry threshold
Description
Use the long-retry threshold command to set the number of retransmission attempts for frames larger than the RTS threshold. Use the undo long-retry threshold command to restore the default. By default, the long retry threshold is 4.
Syntax
long-retry threshold count undo long-retry threshold
View
Default level
2: System level
26
Parameter
count: Specifies the number of retransmission attempts for frames larger than the RTS threshold, ranging from 1 to 15.
Example
# Specify the long-retry threshold as 10.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] long-retry threshold 10
max-power
Description
Use the max-power command to configure the maximum transmission power on the radio. Use the undo max-power command to restore the default. By default, the maximum radio power varies with country codes, channels, AP models, radio types and antenna types. If 802.1 is adopted, the maximum radio power also depends on the bandwidth mode. 1n Related commands: wlan country-code and radio type.
Syntax
max-power radio-power undo max-power
View
Default level
2: System level
Parameter
radio-power: Specifies the maximum radio transmission power in dBm, which varies with country codes and radio types.
Example
# Specify the max transmission power of radio 2/0 as 5.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] radio-type dot11b [Sysname-WLAN-Radio2/0] max-power 5
max-rx-duration
Description
Use the max-rx-duration command to specify the interval for the AP to hold a received frame. An AP holds received packets in its buffer memory. Use the undo max-rx-duration command to restore the default.
27
By default, the max-rx-duration is 2000 milliseconds.
Syntax
max-rx-duration interval undo max-rx-duration
View
Default level
2: System level
Parameter
interval: Specifies the interval for which a frame received by an AP can stay in the buffer memory. The value ranges from 500 to 250,000 milliseconds.
Example
# Set the max-rx-duration as 5000 milliseconds.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] max-rx-duration 5000
preamble
Description
Use the preamble command to specify the type of preamble an AP can support. Preamble is a pattern of bits at the beginning of a frame so that the receiver can sync up and be ready for the real data. There are two different kinds of preambles, short and long. By default, the short preamble is supported.
Syntax
preamble { long | short } undo preamble
View
Default level
2: System level
Parameters
long: Indicates that only frames with long preamble can be transmitted. short: Indicates that frames with either short preamble or long preamble can be transmitted.
Example
# Configure the AP to support long preamble.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0
28
[Sysname-WLAN-Radio2/0] radio-type dot11b [Sysname-WLAN-Radio2/0] preamble long
radio-type
Description
Use the radio-type command to specify the radio type to be used by a radio. Use the undo radio-type command to restore the default. The default radio type depends on the device model. WLAN allows you to modify the default radio type for different types of AP. The following matrix shows the command and router compatibility: Parameter
dot11b dot11g
A-MSR900
Yes Yes
A-MSR20-1X
Yes Yes Only available for routers with a SIC-WLAN module that supports 802.11n
A-MSR20
A-MSR30
A-MSR50
dot11gn
No
Syntax
radio-type { dot1 | dot1 | dot1 1b 1g 1gn } undo radio-type
View
WLAN radio interface view
Parameters
dot 1 1b: Indicates the wireless radio type is 802.1 1b. dot 1 1g: Indicates the wireless radio type is 802.1 1g. dot1 1gn: Indicates the wireless radio type is 802.1 1gn (2.4 GHz).
Example
# Specify the radio type as 802.1 for interface WLAN-Radio 2/0. 1g
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] radio-type dot11g
reset wlan client

Description
Use the reset wlan client command to cut off a client or all clients. When this command is used, the AP sends a de-authentication frame to the client and the client is removed from the WLAN service.
29
Syntax
reset wlan client { all | mac-address mac-address }
View
User view
Default level
2: System level
Parameters
all: Cuts off all clients. mac address mac-address: Cuts off the client with the MAC address.
Example
# Cut off the client with MAC address 000f-e2cc-8501.
<Sysname> reset wlan client mac-address 000f-e2cc-8501
reset wlan statistics

Description
Use the reset wlan statistics command to clear radio statistics of all clients.
Syntax
reset wlan statistics client { all | mac-address mac-address }
View
User view
Default level
2: System level
Parameters
all: Clears the statistics of all clients. mac-address: Clears the statistics of the client.
Example
# Clear the radio statistics of all clients.
<Sysname> reset wlan statistics client all
rts-threshold
Description
Use the rts-threshold command to specify the RTS threshold length. If a frame is larger than this value, the RTS mechanism is used. Use the undo rts-threshold command to restore the default. By default, the RTS threshold is 2346 bytes.
30
RTS is used to avoid data sending collisions in a WLAN. You need to set a rational value. A small value causes RTS packets to be sent more often, consuming more of the available bandwidth. However, the more often RTS packets are sent, the quicker the system can recover from interference or collisions.
Syntax
rts-threshold size undo rts-threshold
View
Default level
2: System level
Parameter
size: Specifies the length of frames for which the RTS method is used. The value ranges from 0 to 2346 bytes.
Example
# Specify the RTS threshold as 2046 bytes.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] rts-threshold 2046
service-template (WLAN-radio interface view)

Description
Use the service-template command to map a service template to a WLAN-BSS interface on the current WLAN-Radio interface. Use the undo service-template command to remove the mapping of a service template on the current WLAN-Radio interface. By default, no service-template is mapped to a WLAN-BSS interface on a WLAN-Radio interface.
Syntax
service-template service-template-number interface wlan-bss wlan-bss-number undo service-template service-template-number
View
Default level
2: System level
Parameters
service-template-number: Specifies the number of a service template, ranging from 1 to 1024. wlan-bss-number: Specifies the number of a WLAN-BSS interface, ranging from 0 to 1023.
31
Example
# Map service template 1 to interface WLAN-BSS 1 on interface WLAN-Radio 2/0.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] service-template 1 interface WLAN-BSS 1
service-template (service template view)

Description
Use the service-template command to enable or disable the service template. By default, the service template is disabled.
Syntax
service-template { disable | enable }
View
Default level
2: System level
Parameters
disable: Disables the service template. enable: Enables the service template.
Example
# Enable service template 1.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid clear [Sysname-wlan-st-1] authentication-method open-system [Sysname-wlan-st-1] service-template enable
short-gi enable
Description
Use the short-gi enable command to enable the short GI function. Use the undo short-gi enable command to disable the short GI function. By default, the short GI function is enabled. This command is only effective on 802.1 radios. 1n If you change the radio type of an 802.1 radio, the default setting for this function of the new radio 1n type is restored. Delays may occur during receiving radio signals due to factors like multi-path reception. Therefore, a subsequently sent frame may interfere with a previously sent frame. Use the GI function to avoid such interference.
32
The GI interval in 802.1 1a/g is 800 us. The short GI function can be configured for 802.1 1n. This can shorten the GI interval to 400 ns, which increases the data speed by 10 percent.
Syntax
short-gi enable undo short-gi enable
View
Default level
2: System level
Parameters
None
Example
# Disable the short GI function.
<sysname> system-view [sysname] interface WLAN-Radio2/0 [sysname-WLAN-Radio2/0] undo short-gi enable
short-retry threshold
Description
Use the short-retry threshold command to specify the maximum number of attempts to transmit a frame less than the RTS threshold. Use the undo short-retry threshold command to restore the default. By default, the short retry threshold is 7.
Syntax
short-retry threshold count undo short-retry threshold
View
Default level
2: System level
Parameter
count: Specifies the number of times the AP can send a short unicast frame (less than the RTS threshold) if no acknowledgment is received for it. The value ranges from 1 to 15.
Example
# Specify the short retry threshold as 10.
<Sysname> system-view [Sysname] interface WLAN-Radio 2/0
33
[Sysname-WLAN-Radio2/0] short-retry threshold 10
ssid
Description
Use the ssid command to set the SSID for the current service template. Use the undo ssid command to remove the SSID. By default, no SSID is set for the service template. An SSID should be as unique as possible. For security, the company name should not be contained in the SSID. Meanwhile, it is not recommended to use a long random string as the SSID, because a long random string only adds payload to the header field, without any improvement to wireless security.
Syntax
ssid ssid-name undo ssid
View
Default level
2: System level
Parameter
ssid-name: Specifies the name of the service set identifier, a case-sensitive string of 1 to 32 characters that can contain letters, digits, and underlines, with spaces included.
Example
# Set the SSID as firstfloor for service template 1.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid firstfloor
wlan broadcast-probe reply

Description
Use the wlan broadcast-probe reply command to enable the AP to respond to the probe requests with SSID null sent by the client. Use the undo wlan broadcast-probe reply command to remove the configuration. In other words, the AP responds only to probe requests that carry the specified SSID. By default, an AP responds to probe requests with SSID null sent by the client.
Syntax
wlan broadcast-probe reply undo wlan broadcast-probe reply
34
View
System view
Default level
2: System level
Parameters
None
Example
# Enable the AP to respond to probe requests with SSID null sent by the client.
<Sysname> system-view [Sysname] wlan broadcast-probe reply
wlan client idle-timeout

Description
Use the wlan client idle-timeout command to specify the client idle timeout. Use the undo wlan client idle-timeout command to restore the default. By default, the client idle timeout is 3600 seconds. If a client is idle for more than the specified interval, or, if the AP does not receive any data from the client within the specified interval, the client is removed from the network.
Syntax
wlan client idle-timeout interval undo wlan client idle-timeout
View
System view
Default level
2: System level
Parameter
interval: Specifies the maximum interval for which the link between the AP and a client ( power-save or awake ) can be idle. The value ranges from 60 to 86,400 seconds.
Example
# Specify the client idle timeout as 600 seconds.
<Sysname> system-view [Sysname] wlan client idle-timeout 600
wlan client keep-alive

Description
Use the client keep-alive command to specify the client keep alive interval.
35
Use the undo client keep-alive command to disable the client keep-alive functionality. By default, the client keep-alive functionality is disabled. The keep-alive mechanism is used to detect clients segregated from the system due to various reasons such as power failure or crash, and disconnect them from the AP.
Syntax
wlan client keep-alive interval undo wlan client keep-alive
View
System view
Default level
2: System level
Parameter
interval: Specifies the interval between keep alive requests, ranging from 3 to 1800 seconds.
Example
# Specify the client keep-alive interval as 60 seconds.
<Sysname> system-view [Sysname] wlan client keep-alive 60
wlan country-code
Description
Use the wlan country-code command to specify the country code. Use the undo wlan country-code command to restore the default. By default, the country code value is CN. The country code determines characteristics such as the power level, total number of channels. You must set the correct country code or area code before configuring an AP. If you change the country code for an AP that has a radio card not supported by the new country code, the corresponding WLAN-radio interface will have its configurations of the service template, maximum power, and channels removed automatically. The country code for North American models cannot be modified, and that for other models can be modified at the CLI.
Syntax
wlan country-code code undo wlan country-code
View
System view
Default level
2: System level
36
Parameter
code: Specifies a country code. See Table 7. Table 7 Country code information Country
Andorra United Arab Emirates Albania Armenia Australia Argentina Australia Azerbaijan Bosnia and Herzegovina Belgium Bulgaria Bahrain Brunei Darussalam Bolivia Brazil Bahamas Belarus Belize Canada Switzerland Cote d'ivoire Chile China Colombia Costarica Serbia Cyprus Czech Republic Germany Denmark Dominica Algeria
Code
AD AE AL AM AU AR AT AZ BA BE BG BH BN BO BR BS BY BZ CA CH CI CL CN CO CR RS CY CZ DE DK DO DZ 37
Country
Korea, Republic of Korea Kenya Kuwait Kazakhstan Lebanon Liechtenstein Sri Lanka Lithuania Luxembourg Latvia Libyan Morocco Monaco Moldova Macedonia Macau Martinique Malta Mauritius Mexico Malay Archipelago Namibia Nigeria Nicaragua Netherlands Norway New Zealand Oman Panama Peru Poland Philippines
Code
KR KE KW KZ LB LI LK LT LU LV LY MA MC MD MK MO MQ MT MU MX MY NA NG NI NL NO NZ OM PA PE PL PH
Country
Ecuador Estonia Egypt Spain Faroe Islands Finland France Britain Georgia Gibraltar Greenland Guadeloupe Greece Guatemala Guyana Honduras Hong Kong Croatia Hungary Iceland India Indonesia Ireland Israel Iraq Italy Iran Jamaica Jordan Japan Democratic People's Republic of Korea
Code
EC EE EG ES FO FI FR GB GE GI GL GP GR GT GY HN HK HR HU IS IN ID IE IL IQ IT IR JM JO JP KP
Country
Pakistan Puerto Rico Portugal Paraguay Qatar Romania Russian Federation Saudi Arabia Sweden Singapore Slovenia Slovak San Marino Salvador Syrian Thailand Tunisia Turkey Trinidad and Tobago Taiwan, Province of China Ukraine United States of America Uruguay Uzbekistan The Vatican City State Venezuela Virgin Islands Vietnam Yemen South Africa Zimbabwe
Code
PK PR PT PY QA RO RU SA SE SG SI SK SM SV SY TH TN TR TT TW UA US UY UZ VA VE VI VN YE ZA ZW
Example
# Specify the country code as US.
<Sysname> system-view
38
[Sysname] wlan country-code US
wlan service-template
Description
Use the wlan service-template command to create a service template and enter service template view. If the service template exists, then you can directly enter service template view. Use the undo wlan service-template command to delete the service template, and related configurations. If the specified service template is mapped to a radio, it cannot be directly deleted before it is unmapped. By default, no service template is configured. You cannot change an existing service template to another type. To do so, you must delete the existing service template, and configure a new service template with the new type.
Syntax
wlan service-template service-template-number { clear | crypto } undo wlan service-template service-template-number
View
System view
Default level
2: System level
Parameters
service-template-number: Specifies the number of the service template, ranging from 1 to 1024. clear: Sets the current service template type to clear, which means data is sent in clear text after the template is mapped to an AP. crypto: Sets the current service template type to crypto, which means data is sent in cipher text after the template is mapped to an AP.
Example
# Create service template 1.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1]
39
WLAN client isolation commands

wlan-client-isolation enable
Description
Use the wlan-client-isolation enable command to enable WLAN client isolation. Use the undo wlan-client-isolation enable command to disable WLAN client isolation. By default, WLAN client isolation is disabled.
Syntax
wlan-client-isolation enable undo wlan-client-isolation enable
View
System view
Default level
2: System level
Parameters
None
Example
# Disable WLAN client isolation.
<Sysname> system-view [Sysname] undo wlan-client-isolation enable
SSID-based access control configuration commands

wlan permit-ssid
Description
Use the wlan permit-ssid command to specify a permitted SSID for a user profile. Use the undo wlan permit-ssid command to remove a permitted SSID or all permitted SSIDs. By default, no permitted SSID is specified for a user profile. Users can use any SSID to access the WLAN network.
Syntax
wlan permit-ssid ssid-name undo wlan permit-ssid [ ssid-name ]
40
View
User profile view
Default level
2: System level
Parameter
ssid-name: Name of a permitted SSID, a case-sensitive string of 1 to 32 characters that can contain letters, digits, underscores, and spaces. The maximum number of permitted SSIDs in a user profile varies depending on the device model.
Example
# Specify permitted SSID VIPguest for user profile management.
<System> system-view [System] user-profile management [System-user-profile-management] wlan permit-ssid VIPguest
41
WLAN RRM configuration commands

autochannel-set avoid-dot11h
Description
Use the autochannel-set avoid-dot1 command to set the channel set to non-dot1 channels. Only the 1h 1h non-dot1 channels of the country code are scanned during initial channel selection and one of them is 1h selected. Use the undo autochannel-set command to restore the default. By default, all channels of the country code are scanned.
Syntax
autochannel-set avoid-dot1 1h undo autochannel-set
View
WLAN RRM view
Default level
2: System level
Parameters
None
Example
# Set the channel set to non-dot1 channels. 1h
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm] autochannel-set avoid-dot11h
display wlan rrm

Description
Use the display wlan rrm command to display basic RRM configuration information.
Syntax
display wlan rrm [ | { begin | exclude | include } regular-expression ]
View
Any view
42
Default level
1: Monitor level
Parameters
Example
# Display RRM configuration information.
<Sysname> display wlan rrm RRM Configuration -------------------------------------------------------------------------11b Configured Rates (Mbps) Mandatory Supported Disabled 11g Configured Rates (Mbps) Mandatory Supported Disabled 11g Protection 11h Configuration Spectrum Management Power Constraint (dBm) Channel Set : Enabled : 0 : Non-dot11h : 1, 2, 5.5, 11 : 6, 9, 12, 18, 24, 36, 48, 54 : -NA: Enabled : 1, 2 : 5.5, 11 : -NA-
--------------------------------------------------------------------------

11b Configured Rates (Mbps) Mandatory Supported Disabled 11g Protection 11h Configuration Spectrum Management Power Constraint (dBm)
Description
802.11b radio rates. The field has the same meaning for 802.11g.
Rates that at least one of the APs is required to support. Additional rates supported by the client or AP. Rates at which an AP does not transmit data. Enabled with the dot11g protection enable command. 802.11h configuration. Spectrum management function, enabled or disabled. Power constraint for all 802.11a radios. The router does not support this field, and the field is 0 in the output.
43
Field
Channel Set
Description
All or Non-dot11h.
dot11b
Description
Use the dot1 command to configure 802.1 rates. 1b 1b Use the undo dot1 command to restore the default rates. 1b By default: Mandatory rates: 1 and 2 Supported rates: 5.5 and 1 1 Disabled rates: none
Syntax
dot1 { disabled-rate | mandatory-rate | supported-rate } rate-value 1b undo dot1 { disabled-rate | mandatory-rate | supported-rate } 1b
View
WLAN RRM view
Default level
2: System level
Parameters
disabled-rate: Specifies disabled rate(s). mandatory-rate: Specifies mandatory rate(s). supported-rate: Specifies supported rate(s). rate-value: The following rates can be specified: 1 Mbps 2 Mbps 5.5 Mbps 1 Mbps 1
Example
# Configure 802.1 rates (disabled: 1; supported: 1 1b 1).
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11b disabled-rate 1 [Sysname-wlan-rrm] dot11b supported-rate 11
44
dot11g
Description
Use the dot1 command to configure 802.1 rates. 1g 1g Use the undo dot1 command to restore the default rates. 1g By default: Mandatory rates: 1, 2, 5.5 and 1 1. Supported rates: 6, 9, 12, 18, 24, 36, 48 and 54. Disabled rates: none.
Syntax
dot1 { disabled-rate | mandatory-rate | supported-rate } rate-value 1g undo dot1 { disabled-rate | mandatory-rate | supported-rate } 1g
View
WLAN RRM view
Default level
2: System level
Parameters
disabled-rate: Specifies disabled rates. mandatory-rate: Specifies mandatory rates. supported-rate: Specifies supported rates. rate-value: The following rates can be specified. 1 Mbps 2 Mbps 5.5 Mbps 6 Mbps 9 Mbps 1 Mbps 1 12 Mbps 18 Mbps 24 Mbps 36 Mbps 48 Mbps 54 Mbps
Example
# Configure 802.1 rates (disabled: 2, 36; supported: 54). 1g
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11g disabled-rate 2 36
45
[Sysname-wlan-rrm] dot11g supported-rate 54
dot11g protection enable

Description
Use the dot1 protection enable command to enable 802.1 protection. 1g 1g Use the undo dot1 protection enable command to disable 802.1 protection. 1g 1g By default, 802.1 protection is disabled. 1g
Syntax
dot1 protection enable 1g undo dot1 protection enable 1g
View
WLAN RRM view
Default level
2: System level
Parameters
None
Example
# Enable 802.1 protection. 1g
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11g protection enable
dot11n mandatory maximum-mcs

Description
Use the dot1 mandatory maximum-mcs command to specify the maximum MCS index for 802.1 1n 1n mandatory rates. Use the undo dot1 mandatory maximum-mcs command to remove the configuration. 1n By default, no maximum MCS index is specified for 802.1 mandatory rates. 1n If you configure the client dot1 1n-only command for a radio, you must configure the maximum MCS index for 802.1 mandatory rates. 1n The following matrix shows the command and router compatibility: Command A-MSR900 A-MSR20-1X
Only available for routers with a SICWLAN module that supports 802.11n 46
A-MSR20
Only available for routers with a SICWLAN module that supports 802.11n
A-MSR30
A-MSR50
dot11n mandatory maximum-mcs
No
Syntax
dot1 mandatory maximum-mcs index 1n undo dot1 mandatory maximum-mcs 1n
View
RRM view
Default level
2: System level
Parameter
index: Specifies the maximum MCS index for 802.1 mandatory rates, ranging from 0 to 76. 1n
Example
# Specify the maximum MCS index for 802.1 mandatory rates as 15. 1n
<sysname> system-view [sysname] wlan rrm [sysname-wlan-rrm] dot11n mandatory maximum-mcs 15
dot11n support maximum-mcs

Description
Use the dot1 support maximum-mcs command to specify the maximum MCS index for 802.1 1n 1n supported rates. Use the undo dot1 support maximum-mcs command to restore the default. 1n By default, the maximum MCS index for 802.1 supported rates is 76. 1n The specified maximum MCS index for 802.1 supported rates must be no less than the specified 1n maximum MCS index for 802.1 mandatory rates. 1n The following matrix shows the command and router compatibility: Command A-MSR900 A-MSR20-1X
A-MSR20
A-MSR30
A-MSR50
dot11n support maximum-mcs
No
Syntax
dot1 support maximum-mcs index 1n undo dot1 support maximum-mcs 1n
View
RRM view
47
Default level
2: System level
Parameter
index: Specifies the maximum MCS index for 802.1 supported rates, ranging from 0 to 76. 1n
Example
# Specify the maximum MCS index for 802.1 supported rates as 25. 1n
<sysname> system-view [sysname] wlan rrm [sysname-wlan-rrm] dot11n support maximum-mcs 25
wlan rrm
Description
Use the wlan rrm command to enter WLAN RRM view.
Syntax
wlan rrm
View
System view
Default level
2: System level
Parameters
None
Example
# Enter WLAN RRM view.
<Sysname> system-view [Sysname] wlan rrm [Sysname-wlan-rrm]
48
WLAN security configuration commands

authentication-method
Description
Use the authentication-method command to enable an 802.1 authentication method. You can enable 1 open system authentication, shared key authentication or both. Use the undo authentication-method command to disable the selected authentication method. By default, the open system authentication method is enabled.
Syntax
authentication-method { open-system | shared-key } undo authentication-method { open-system | shared-key }
View
Default level
2: System level
Parameters
open-system: Enables open system authentication. shared-key: Enables shared key authentication.
Examples
# Enable open system authentication.
<Sysname> system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] authentication-method open-system
# Enable shared key authentication.

<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] authentication-method shared-key
cipher-suite
Description
Use cipher-suite command to select the cipher suite used in the encryption of frames. The cipher suites supported are CCMP, TKIP, WEP40, WEP104, and WEP128. Use the undo cipher-suite command to disable the selected cipher suite.
49
By default, no cipher suite is selected.
Syntax
cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }* undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 }*
View
Service template view (crypto)
Default level
2: System level
Parameters
ccmp: Enables the CCMP cipher suite. CCMP is based on the CCM of the AES encryption algorithm. tkip: Enables the TKIP cipher suite. TKIP is based on the RC4 algorithm and dynamic key management. wep40: Enables the WEP-40 cipher suite. WEP is based on the RC4 algorithm and shared-key management. wep104: Enables the WEP-104 cipher suite. wep128: Enables the WEP-128 cipher suite.
Example
# Enable the TKIP cipher suite.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] cipher-suite tkip
gtk-rekey client-offline enable

Description
Use the gtk-rekey client-offline enable to enable refreshing the GTK when some client goes offline. This function is effective when GTK rekey is enabled with the gtk-rekey enable command. Use the undo gtk-rekey client-offline command to disable this feature. By default, the GTK is not refreshed when some client goes off line.
Syntax
gtk-rekey client-offline enable undo gtk-rekey client-offline
View
Default level
2: System level
Parameters
None
50
Example
# Enable GTK rekeying when a client goes off line.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] gtk-rekey client-offline enable
gtk-rekey enable
Description
Use the gtk-rekey enable command to enable GTK rekey. Use undo gtk-rekey enable command to disable GTK rekey. By default, GTK rekey is enabled.
Syntax
gtk-rekey enable undo gtk-rekey enable
View
Default level
2: System level
Parameters
None
Example
# Disable GTK rekey.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] undo gtk-rekey enable
gtk-rekey method
Description
Use the gtk-rekey method command to select a mechanism for re-keying the GTK. If you select option time-based, the GTK is refreshed after a specified period of time. If you select option packet-based, the GTK is refreshed after a specified number of packets are transmitted. Use the undo gtk-rekey method command to restore the default. By default, the GTK rekeying method is time-based, and the interval is 86,400 seconds. The method that is configured later will overwrite the previous. For example, if you configure the packetbased method and then configure the time-based method, the time-based method is enabled.
Syntax
gtk-rekey method { packet-based [ packet ] | time-based [ time ] }
51
undo gtk-rekey method
View
Default level
2: System level
Parameters
packet-based: Indicates the GTK is refreshed after a specified number of packets are transmitted. packet: Number of packets (including multicasts and broadcasts) that are transmitted before the GTK is refreshed. The value ranges from 5000 to 4,294,967,295, and defaults to 10,000,000. time-based: Indicates the GTK is refreshed based on time. time: Specifies the time after which the GTK is refreshed. The value ranges from 180 to 604,800 seconds and defaults to 86,400 seconds.
Example
# Enable packet-based GTK rekeying and set the packet number at 60,000.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] gtk-rekey method packet-based 60000
ptk-lifetime
Description
Use the ptk-lifetime command to configure the PTK lifetime. Use the undo ptk-lifetime command to restore the default. By default, the PTK lifetime is 43,200 seconds.
Syntax
ptk-lifetime time undo ptk-lifetime
View
Default level
2: System level
Parameter
time: Specifies the time, ranging from 180 to 604,800 seconds.
Example
# Specify the PTK lifetime as 86,400 seconds.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] ptk-lifetime 86400
52
security-ie
Description
Use the security-ie command to enable the WPA IE, RSN IE or both in the beacon and probe responses. Use the undo security-ie command to disable the WPA IE or RSN IE in the beacon and probe responses. By default, both WPA IE and RSN IE are disabled.
Syntax
security-ie { rsn | wpa } undo security-ie { rsn | wpa }
View
Default level
2: System level
Parameters
rsn: Enables the RSN IE in the beacon and probe response frames sent by the AP. The RSN IE advertises the RSN capabilities of the AP. wpa: Enables the WPA Information element in the beacon and probe response frames sent by the AP. The WPA IE advertises the WPA capabilities of the AP.
Example
# Enable the WPA IE in the beacon and probe responses.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] security-ie wpa
tkip-cm-time
Description
Use the tkip-cm-time command to set the TKIP countermeasure time. Use the undo tkip-cm-time command to restore the default. By default, the TKIP counter measure time is 0 seconds. No counter measures are taken. After countermeasures are enabled, if more than two MIC failures occur within a certain time, the TKIP associations are disassociated, and new associations are allowed to establish only after the specified TKIP counter measure time expires.
Syntax
tkip-cm-time time undo tkip-cm-time
View
53
Default level
2: System level
Parameter
time: Specifies the TKIP counter measure time in seconds. The value ranges from 0 to 3600 seconds.
Example
# Set the TKIP counter measure time to 90 seconds.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] tkip-cm-time 90
wep default-key
Description
Use the wep default-key command to configure the WEP default key. Use the undo wep default-key command to delete the configured WEP default key. By default, the WEP default key index number is 1.
Syntax
wep default-key key-index { wep40 | wep104 | wep128} { pass-phrase | raw-key } [ cipher | simple ] key undo wep default-key key-index
View
Default level
2: System level
Parameters
key-index: Specifies the key index values can be: 1: Configures the 1st WEP default key. 2: Configures the 2nd WEP default key. 3: Configures the 3rd WEP default key. 4: Configures the 4th WEP default key. wep40: Indicates the WEP40 key option. wep104: Indicates the WEP104 key option. wep128: Indicates the WEP128 key option. pass-phrase: Enables the pass-phrase option. Then a string of alphanumeric characters is used as the key. If you select WEP40, enter 5 alphanumeric characters as the pass-phrase. If you select WEP104, enter 13 alphanumeric characters as the pass-phrase. If you select WEP128, enter 16 alphanumeric characters as the pass-phrase. The length of a pass-phrase is fixed.
54
raw-key: Enables the raw-key option. The key is entered as a hexadecimal number: a 10-digit hexadecimal number for WEP40, a 26-digit hexadecimal number for WEP104 and a 32-digit hexadecimal number for WEP128. The length of the raw-key is fixed. key: Key. Specifies the key lengths for different combinations are as follows: For wep40 pass-phrase, the key length is 5 alphanumeric characters. For wep104 pass-phrase, the key length is 13 alphanumeric characters. For wep128 pass-phrase, the key length is 16 alphanumeric characters. For wep40 raw-key, the key length is a 10-digit hexadecimal number. For wep104 raw-key, the key length is a 26-digit hexadecimal number. For wep128 raw-key, the key length is a 32-digit hexadecimal number.
cipher key: Specifies a cipher-text key, which is displayed in cipher text. The key is a case-sensitive string of 24 to 88 characters. simple key: Specifies a simple-text key, which is displayed in simple text. The key is a case-sensitive string and the value range depends on the key option selected. If the simple or cipher parameter is not specified, a simple-text key is set and the key is displayed in cipher text. The value range of the key is the same as the simple-text key.
Examples
# Configure the WEP default key 1 (WEP40) as hello.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] wep default-key 1 wep40 pass-phrase simple hello
# Specify the first WEP default key as a cipher-text key, which is displayed in cipher text.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] wep default-key 1 wep40 pass-phrase cipher -_'PV5%9O`CQ=^Q`
wep key-id
Description
Use the wep key-id command to specify the default WEP key used in the encryption and decryption of broadcast and multicast frames. There are 4 static keys in WEP. The key index can be 1, 2, 3 or 4. The key corresponding to the specified key index is used for encrypting and decrypting broadcast and multicast frames. Use the undo wep keyid command to restore the default. By default, the key index number is 1. Related commands: wep default-key.
Syntax
wep key-id { 1 | 2 | 3 | 4 } undo wep key-id
View
55
Default level
2: System level
Parameters
1: Specifies the key index 1. 2: Specifies the key index 2. 3: Specifies the key index 3. 4: Specifies the key index 4.
Example
# Specify the index of the key for broadcast/multicast encryption and decryption as 2.
<Sysname> system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] wep key-id 2
56
WLAN IDS configuration commands

WLAN IDS configuration commands

wlan ids
Description
Use the wlan ids command to enter WLAN IDS view.
Syntax
wlan ids
View
System view
Default level
2: System level
Parameters
None
Example
# Enter WLAN IDS view.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids]
WLAN IDS attack detection configuration commands

attack-detection enable
Description
Use the attack-detection enable command to enable the detection of various DoS attacks. Use the undo attack-detection enable command to restore the default. By default, no detection is enabled.
57
Syntax
attack-detection enable { all | flood | weak-iv | spoof | all } undo attack-detection enable
View
WLAN IDS view
Default level
2: System level
Parameters
all: Enables detection of all kinds of attacks. flood: Enables detection of flood attacks. spoof: Enables detection of spoof attacks. weak-iv: Enables weak-IV detection.
Example
# Enable spoof attack detection.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] attack-detection enable spoof
display wlan ids history

Description
Use the display wlan ids history command to display the history of attacks detected in the WLAN system. It supports a maximum of 512 entries.
Syntax
display wlan ids history [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
58
Example
# Display the history of attacks.
<Sysname> display wlan ids history Total Number of Entries: 5 Flags: act = Action Frame aur = Authentication Request dar = Disassociation Request pbr = Probe Request asr = Association Request daf = Deauthentication Frame ndf = Null Data Frame rar = Reassociation Request
saf = Spoofed Disassociation Frame sdf = Spoofed Deauthentication Frame wiv = Weak IV Detected AT - Attack Type, Ch - Channel Number, AR - Average RSSI WIDS History Table -------------------------------------------------------------------------MAC Address 0027-E699-CA71 0015-E9A4-D7F4 0027-E699-CA71 003d-B5A6-539F 0015-E9A4-D7F4 AT asr wiv asr pbr wiv Ch 8 8 8 8 8 AR 44 45 20 43 50 Detected Time 2011-06-12/19:47:54 2011-06-12/19:45:28 2011-06-12/19:18:17 2011-06-12/19:10:48 2011-06-12/19:01:28 AP ap12 ap48 ap12 ap56 ap48 --------------------------------------------------------------------------
--------------------------------------------------------------------------

MAC-Address
Description
In case of spoof attacks, this field provides the BSSID that was spoofed. In case of other attacks, this field provides the MAC address of the device that initiated the attack. Type of attack. Channel in which the attack was detected. Average RSSI of the attack frames. Time at which this attack was detected. Name of the AP that detected this attack.
AT Ch AR Detected time AP
display wlan ids statistics

Description
Use the display wlan ids statistics command to display the count of attacks detected.
Syntax
display wlan ids statistics [ | { begin | exclude | include } regular-expression ]
59
View
Any view
Default level
1: Monitor level
Parameters
Examples
# Display WLAN IDS statistics.
<Sysname> display wlan ids statistics Current attack tracking since: 2007-06-21/12:46:33 ---------------------------------------------------------------------Type Probe Request Frame Flood Attack Authentication Request Frame Flood Attack Deauthentication Frame Flood Attack Association Request Frame Flood Attack Disassociation Request Frame Flood Attack Reassociation Request Frame Flood Attack Action Frame Flood Attack Null Data Frame Flood Attack Weak IVs Detected Spoofed Deauthentication Frame Attack Spoofed Disassociation Frame Attack Current 2 0 0 1 4 0 0 0 12 0 0 Total 7 0 0 1 8 0 0 0 21 0 2 ----------------------------------------------------------------------
----------------------------------------------------------------------
Table 10 Command output Field Description

This field provides the count of attacks detected since the time specified by the current attack tracking time (specified in the field Current attack tracking since:). The current attack tracking time is started at the system startup, and is refreshed each hour subsequently.
Current
Total Probe Request Frame Flood Attack
This field provides the total count of the attacks detected since the system startup. Number of probe request frame flood attacks detected. 60
Field
Authentication Request Frame Flood Attack Deauthentication Frame Flood Attack Association Request Frame Flood Attack Disassociation Request Frame Flood Attack Reassociation Request Frame Flood Attack Action Frame Flood Attack Null Data Frame Flood Attack Weak IVs Detected Spoofed Deauthentication Frame Attack Spoofed Disassociation Frame Attack
Description
Number of authentication request frame flood attack detected. Number of deauthentication frame flood attacks detected. Number of association request frame flood attacks detected. Number of disassociation request frame flood attacks detected. Number of reassociation request frame flood attacks detected. Number of action frame flood attacks detected. Number of null data frame flood attacks detected. Number of weak IVs detected. Number of spoofed deauthentication frame attacks detected. Number of spoofed disassociation frame attacks detected.
reset wlan ids history

Description
Use the reset wlan ids history command to clear the history information of attacks detected in the WLAN. After this command is executed, all the history information regarding attacks is cleared, and the history table is empty.
Syntax
reset wlan ids history
View
User view
Default level
1: Monitor level
Parameters
None
Example
# Clear all history information of attacks.
<Sysname> reset wlan ids history
61
reset wlan ids statistics

Description
Use the reset wlan ids statistics command to clear the statistics of attacks detected in the WLAN system. This command will clear both the current and total of all attack types in the WLAN IDS statistics table.
Syntax
reset wlan ids statistics
View
User view
Default level
1: Monitor level
Parameters
None
Example
# Clear WLAN IDS statistics.
<Sysname>reset wlan ids statistics
62
WLAN frame filtering configuration commands

display wlan blacklist
Description
Use the display wlan blacklist command to display the static or dynamic blacklist entries.
Syntax
display wlan blacklist { static | dynamic } [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
2: System level
Parameters
static: Displays static blacklist entries. dynamic: Displays dynamic blacklist entries. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display the information of the static blacklist.
<Sysname> display wlan blacklist static Total Number of Entries: 3 Static Blacklist -------------------------------------------------------------------------MAC-Address -------------------------------------------------------------------------0014-6c8a-43ff 0016-6F9D-61F3 0019-5B79-F04A --------------------------------------------------------------------------

MAC-Address
Description
MAC addresses of clients 63
# Display the information of the dynamic blacklist.

<Sysname> display wlan blacklist dynamic Total Number of Entries : 3 Dynamic Blacklist -------------------------------------------------------------------------MAC-Address Lifetime(s) Last Updated Since(hh:mm:ss) 00:02:11 00:01:17 00:02:08 Reason Assoc-Flood Deauth-Flood Auth-Flood ---------------------------------------------------------------------000f-e2cc-0001 60 000f-e2cc-0002 60 000f-e2cc-0003 60

MAC-Address Lifetime(s) Last Updated Since(hh:mm:ss) Reason
Description
MAC address of the device inserted into the dynamic blacklist Lifetime of the corresponding entry in seconds Time elapsed since the entry was last updated Reason why the entry was added into the dynamic blacklist
display wlan whitelist

Description
Use the display wlan whitelist command to display the configured white list.
Syntax
display wlan whitelist [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
Example
# Display the white list.
<Sysname> display wlan whitelist Total Number of Entries: 3 Whitelist
64
-------------------------------------------------------------------------MAC-Address -------------------------------------------------------------------------000e-35b2-000e 0019-5b8e-b709 001c-f0bf-9c92 --------------------------------------------------------------------------

MAC-Address
Description
MAC addresses of clients in the white list
dynamic-blacklist enable
Description
Use the dynamic-blacklist enable command to enable the dynamic blacklist feature. Use the undo dynamic-blacklist enable command to disable the dynamic blacklist feature. By default, the dynamic blacklist feature is disabled. With this feature, a WLAN device, upon detecting flood attacks from a device, adds the device to the dynamic blacklist, and denies any packets from this device until the dynamic blacklist entry ages out.
Syntax
dynamic-blacklist enable undo dynamic-blacklist enable
View
WLAN IDS view
Default level
2: System level
Parameter
enable: Enables the dynamic blacklist feature.
Example
# Enable the dynamic blacklist feature.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] dynamic-blacklist enable
dynamic-blacklist lifetime
Description
Use the dynamic-blacklist lifetime command to set the lifetime for dynamic blacklist entries. Use the undo dynamic-blacklist lifetime command to restore the default.
65
By default, the lifetime is 300 seconds. If a dynamic blacklist entry is not detected within the lifetime, the entry is removed from the dynamic blacklist.
Syntax
dynamic-blacklist lifetime lifetime undo dynamic-blacklist lifetime
View
WLAN IDS view
Default level
2: System level
Parameter
lifetime: Interval, ranging from 60 to 3600 seconds.
Example
# Specify a lifetime of 1200 seconds for dynamic blacklist entries.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] dynamic-blacklist lifetime 1200
reset wlan dynamic-blacklist

Description
Use the reset wlan dynamic-blacklist command to remove a specified entry or all entries from the dynamic blacklist. The maximum number of entries in the dynamic blacklist is 128.
Syntax
reset wlan dynamic-blacklist { mac-address mac-address | all }
View
User view
Default level
1: Monitor level
Parameters
mac-address mac-address: Removes an entry with the specified MAC address from the dynamic blacklist. all: Removes all entries from the dynamic blacklist.
Example
# Remove a client with MAC address 001d-0f31-87d from the dynamic blacklist.
<Sysname> reset wlan dynamic-blacklist mac-address 001d-0f31-87d
66
static-blacklist mac-address
Description
Use the static-blacklist mac-address command to add a client with a specified MAC address to the static blacklist. Use the undo static-blacklist command to remove the client with the specified MAC address or all clients from the static blacklist. Clients in the static blacklist cannot get associated with the AP. The maximum number of entries in the static blacklist is 64.
Syntax
static-blacklist mac-address mac-address undo static-blacklist { mac-address mac-address | all }
View
WLAN IDS view
Default level
2: System level
Parameters
mac-address: Adds/deletes a client to/from the static blacklist. all: Deletes all entries from the static blacklist.
Example
# Add the client with MAC address 0014-6c8a-43ff to the static blacklist.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] static-blacklist mac-address 0014-6c8a-43ff
whitelist mac-address
Description
Use the whitelist mac-address command to add a client with a specified MAC address to the white list. Use the undo whitelist command to remove the client with the specified MAC address or all clients from the white list. Clients in the white list can be associated with the AP. The maximum number of entries in the white list is 256.
Syntax
whitelist mac-address mac-address undo whitelist { mac-address mac-address | all }
View
WLAN IDS view
67
Default level
2: System level
Parameters
mac-address: Adds/deletes the client with the MAC address to/from the white list. all: Deletes all entries from the white list.
Example
# Add the client with MAC address 001c-f0bf-9c92 to the white list.
<Sysname> system-view [Sysname] wlan ids [Sysname-wlan-ids] whitelist mac-address 001c-f0bf-9c92
68
WLAN QoS configuration commands

display wlan wmm

Description
Use the display wlan wmm radio command to display the WMM information of the specified radio or all radios. Use the display wlan wmm client command to display the WMM information of the client identified by the specified MAC address, of the clients associated with the specified radio, or of all clients.
Syntax
display wlan wmm { radio [ interface wlan-radio wlan-radio-number ] | client { all | interface wlan-radio wlan-radio-number | mac-address mac-address } } [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
2: System level
Parameters
radio: Displays radio WMM information. client: Displays client WMM information. all: Displays WMM information about all clients. interface wlan-radio wlan-radio-number: Specifies a WLAN-radio interface. If the option is used with the radio parameter, this command displays the WMM information of the radio connected to the WLANradio interface. If the option is used with the client parameter, this command displays the WMM information of the client connected to the WLAN-radio interface. mac-address mac-address: Specifies a client by its MAC address. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display the WMM information of all radios.
<Sysname> display wlan wmm radio
69
-------------------------------------------------------------------------Radio interface : WLAN-Radio2/0 -------------------------------------------------------------------------Client EDCA update count : 1 QoS Mode Radio chip max AIFSN CAC Information Client accepted Voice Video Total request mediumtime(us) Voice(us) Video(us) : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : 0 : WMM : 255 Radio chip QoS mode Radio chip max ECWmin Radio chip max ECWmax : WMM : 10 : 10
Radio chip max TXOPLimit : 32767
Calls rejected due to insufficient resource Calls rejected due to invalid parameters Calls rejected due to invalid mediumtime Calls rejected due to invalid delaybound QoS Mode Admission Control Policy Threshold users count CAC-Free's AC Request Policy CAC Unauthed Frame Policy CAC Medium Time Limitation(us) CAC AC-VO's Max Delay(us) CAC AC-VI's Max Delay(us) SVP packet mapped AC number Radio's WMM Parameters: AC-BK ECWmin ECWmax AIFSN TXOPLimit AckPolicy Client's WMM Parameters: AC-BK ECWmin ECWmax AIFSN TXOPLimit CAC 4 10 7 0 Disable AC-BE 4 10 3 0 Disable 4 10 7 0 Normal AC-BE 4 6 3 0 Normal : WMM : Users : 20
: Response Success : Downgrade : 100000 : 50000 : 300000 : Disabled AC-VI 3 4 1 94 Normal AC-VI 3 4 2 94 Disable AC-VO 2 3 1 47 Normal AC-VO 2 3 2 47 Disable
--------------------------------------------------------------------------

Radio interface
Description
WLAN-radio interface.
70
Field
QoS mode Client EDCA update count Radio chip WMM support Radio chip max AIFSN Radio chip max ECWMIN Radio chip max TXOPLimit Radio chip max ECWMAX Station accepted Voice Mediumtime in use(microsecond per second) Video Mediumtime in use(microsecond per second) Voice calls in progress Video calls in progress Calls rejected due to insufficient resource Calls rejected due to invalid parameters Calls rejected due to invalid mediumtime Calls rejected due to invalid delaybound Admission Control Policy Threshold users count CAC-Free's AC Request Policy CAC Unauthed Frame Policy CAC Medium Time Limitation(us) CAC AC-VO's Max Delay(us) CAC AC-VI's Max Delay(us) SVP packet mapped AC number ECWmin ECWmax AIFSN 71
Description
QoS mode: WMM indicates that the WMM function is supported; none indicates that the WMM function is not supported. Number of client EDCA parameters updates. Indicates whether the radio chip supports the WMM function. Maximum AIFSN allowed by the radio chip. Maximum ECWmin allowed by the radio chip. Maximum TXOPLimit allowed by the radio chip. Maximum ECWmax allowed by the radio chip. Number of stations that have been admitted to access the radio. Total medium time of voice traffic (in microseconds per second). Total medium time of video traffic (in microseconds per second). Number of voice calls in progress. Number of video calls in progress. Number of requests rejected due to insufficient resources. Number of requests rejected due to invalid parameters. Number of requests rejected due to invalid medium time. Number of requests rejected due to invalid delay bound. Admission control policy. Threshold used by the admission control policy. Response policy used for CAC-incapable ACs. Policy of processing frames unauthorized by CAC. Maximum medium time allowed by the CAC policy (in microseconds). Maximum voice traffic delay allowed by the CAC policy (in microseconds). Maximum video traffic delay allowed by the CAC policy (in microseconds). The AC queue to which SVP packets are mapped. ECWmin value. ECWmax value. AIFSN value.
Field
TXOPLimit Ack Policy
Description
TXOPLimit value. ACK policy used by an AC queue. Indicates whether an AC queue is controlled by CAC. Disabled indicates that the AC queue is not controlled by CAC. Enabled indicates that the AC queue is controlled by CAC.
CAC
# Display the WMM information of all the clients.

<Sysname> display wlan wmm client all -------------------------------------------------------------------MAC address QoS Mode : 000f-e23c-0000 : None SSID : office
-------------------------------------------------------------------MAC address QoS Mode : 000f-e23c-0001 : WMM SSID :office
APSD information : Max SP Length : all L: Legacy AC State Assoc State CAC T: Trigger AC-BK T|D T|D AC-BE L L : 0 : 0 : 0 : 0 : AC-VO : 1 : 0 : 39.108 : : : 0 : 0 5s 5s Downlink TS packets Downlink TS bytes : 0 : 0 D: Delivery AC-VI T|D T|D AC-VO L T|D Downlink CAC packets Downlink CAC bytes Discard packets Discard bytes User Priority Direction : 0 : 0 : 0 : 0 : 7 : Bidirectional : 1500 : 2.000
information :
Uplink CAC packets Uplink CAC bytes Downgrade packets Downgrade bytes AC TID PSB Medium Time(ms) Create TS time Update TS time Uplink TS packets Uplink TS bytes
Surplus Bandwidth Allowance : 1.0000 Nominal MSDU Size(bytes) Minimum PHY Rate(Mbps)
Mean Data Rate(Kbps): 78.125

MAC address SSID QoS Mode
Description
MAC address of a station. Service set ID associated with the client. QoS mode: WMM indicates that QoS mode is enabled; None indicates that QoS mode is not enabled.
72
Field
Max sp length AC
Description
Maximum service period. Access category. APSD attribute of an AC queue, which can be T, D, or L. T indicates that the AC queue is trigger-enabled; D indicates that the AC queue is delivery-enabled; T | D indicates that the AC queue is both trigger-enabled and delivery-enabled; L indicates that the AC queue is of legacy attributes. APSD attributes of the four AC queues specified when a client accesses the AP. Number of uplink CAC packets. Number of uplink CAC bytes. Number of downlink CAC packets. Number of downlink CAC bytes. Number of downgraded packets. Number of downgraded bytes. Number of dropped packets. Number of dropped bytes. Traffic direction. User priority. Traffic identifier. Power saving mode banner. Average MSDU size (in bytes). Average data transmission rate (in kbps). Minimum physical transmission rate (in Mbps). Surplus bandwidth allowance. Medium time (in microseconds). Time from when the TS was created to now. Time from when the TS was updated to now. Number of uplink TS packets. Number of uplink TS bytes. Number of downlink TS packets. Number of downlink TS bytes.
State
Assoc State Uplink CAC packets Uplink CAC bytes Downlink CAC packets Downlink CAC bytes Downgrade packets Downgrade bytes Discard packets Discard bytes Direction User Priority TID PSB Nominal MSDU Size(bytes) Mean Data Rate(kbps) Minimum PHY Rate(Mbps) Surplus Bandwidth Allowance Medium Time(ms) Create TS time Update TS time Uplink TS packets Uplink TS bytes Downlink TS packets Downlink TS bytes
reset wlan wmm

Description
Use the reset wlan wmm radio command to clear the WMM statistics of the specified radio or all radios.
73
Use the reset wlan wmm client command to clear the WMM statistics of the client identified by the specified MAC address, of the clients associated with the specified radio, or of all clients.
Syntax
reset wlan wmm { radio [ interface wlan-radio wlan-radio-number ] | client { all | interface wlan-radio wlan-radio-number | mac-address mac-address } }
View
User view
Default level
2: System level
Parameters
radio: Clears the WMM statistics information of radios. interface wlan-radio wlan-radio-number: Specifies a WLAN-radio interface by its number. If you use the option with the radio parameter, this command clears the WMM statistics of the radio connected to the WLAN-radio interface. If you use the option with the client parameter, this command clears the WMM statistics of the client connected to the WLAN-radio interface. client: Clears the WMM statistics information of clients. all: Clears the WMM statistics information of all clients. mac-address mac-address: Specifies a client by its MAC address.
Example
# Clear the WMM statistics information of all the radios.
<Sysname> reset wlan wmm radio all
wmm cac policy

Description
Use the wmm cac policy command to configure the access control policy for CAC. Use the undo wmm cac policy command to restore the default. By default, the users-based admission policy applies, with the maximum number of admitted users being 20. Related commands: wmm edca client.
Syntax
wmm cac policy { channelutilization [ channelutilization-value ] | users [ users-number ] } undo wmm cac policy
View
WLAN-radio interface view
Default level
2: System level
74
Parameters
channelutilization: Uses the channel utilization-based admission policy for CAC. channelutilization-value: Specifies the maximum channel utilization rate, which specifies the valid time of the accepted AC-VO traffic and AC-VI traffic to the total time during the unit time. This parameter ranges from 0 to 100. It is 65 by default. The unit is % (percentage). The valid time refers to the time available for transmitting and receiving data. users: Uses the users-based admission policy for CAC. users-number: Specifies the maximum number of clients allowed to be connected, which ranges from 0 to 64. This parameter is 20 by default. A client is counted only once, even if it is using both the AC-VO and AC-VI queues.
Example
# Configure CAC to use the channel utilization-based admission policy, with the channel utilization rate being 70%.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm cac policy channelutilization 70
wmm edca radio

Description
Use the wmm edca radio command to set the EDCA parameters and specify the ACK policy. Use the undo wmm edca radio command to restore the default. By default, Normal ACK is used, and the default EDCA parameters are as shown in Table 16. Table 16 The default EDCA parameters for APs AC queue
AC-BK queue AC-BE queue AC-VI queue AC-VO queue
AIFSN
7 3 1 1
ECWmin
4 4 3 2
ECWmax
10 6 4 3
TXOP Limit
0 0 94 47
For more information about each EDCA parameter, see WLAN Configuration Guide. ECWmin must be no greater than ECWmax. The two parameters must be enabled or disabled simultaneously. When an AP uses 802.1 radio cards, HP recommends that you set TXOPLimit values of the AC-BK, AC1b BE, AC-VI, and AC-VO queues to 0, 0, 188, and 102, respectively.
Syntax
wmm edca radio { ac-vo | ac-vi | ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value | noack } * undo wmm edca radio { ac-vo | ac-vi | ac-be | ac-bk } { aifsn | ecw | txoplimit | noack | all }
75
View
Default level
2: System level
Parameters
ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue. all: Specifies all the EDCA parameters. noack: Specifies the AC queue to use the No ACK policy. The protocol defines two ACK policies: Normal ACK and No ACK. txoplimit-value: Specifies the TXOPLimit parameter of EDCA, which ranges from 0 to 65,535 (in units of 32 microseconds), and is also restricted by the capability of the radio chip. The TXOP value of 0 indicates that only one MPDU can be transmitted. ecwmin-value: Specifies the ECWmin parameter of EDCA, which ranges from 0 to 15, and is also restricted by the capability of the radio chip. ecwmax-value: Specifies the ECWmax parameter of EDCA, which ranges from 0 to 15, and is also restricted by the capability of the radio chip. aifsn-value: Specifies the AIFSN parameter of EDCA, which ranges from 1 to 15, and is also restricted by the capability of the radio chip.
Example
# Set AIFSN to 2 for the AC-VO queue of the radio.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm edca radio ac-vo aifsn 2
wmm edca client (ac-vo and ac-vi)

Description
Use the wmm edca client command to set the EDCA parameters of the AC-VO or AC-VI queue for the clients in a BSS. Use the undo wmm edca client command to restore the default. The following table lists the default EDCA parameters of the AC-VI and AC-VO queue for clients. Table 17 Default EDCA parameters for clients AC queue
AC-VI queue AC-VO queue
AIFSN
2 2
ECWmin
3 2
ECWmax
4 3
TXOP Limit
94 47
For more information about each EDCA parameter, see WLAN Configuration Guide.
76
ECWmin must not be greater than ECWmax. The two parameters must be enabled or disabled simultaneously. When all the clients are 802.1 terminals, HP recommends that you set the TXOPLimit to 188 and 102 1b for the AC-VI and AC-VO queues, respectively. If both 802.1 and 802.1 clients are present, HP recommends that you use the default TXOPLimit 1b 1g settings in Table 17. If CAC is enabled for an AC queue, CAC is also enabled for AC queues with higher priority. For example, if you use the wmm edca client command to enable CAC for the AC-VI queue, CAC is also enabled for the AC-VO queue. However, enabling CAC for the AC-VO queue does not enable CAC for the AC-VI queue.
Syntax
wmm edca client { ac-vo | ac-vi } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value | cac } * undo wmm edca client { ac-vo | ac-vi } { aifsn | ecw | txoplimit | cac | all }
View
Default level
2: System level
Parameters
ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. all: Specifies all the EDCA parameters. cac: Enables CAC. The AC-VO and AC-VI queues support CAC, which is disabled by default. The AC-BE and AC-BK queues do not support CAC. aifsn-value: Specifies the AIFSN parameter of EDCA, which ranges from 2 to 15. ecwmin-value: Specifies the ECWmin parameter of EDCA, which ranges from 0 to 15. ecwmax-value: Specifies the ECWmax parameter of EDCA, which ranges from 0 to 15. txoplimit-value: Specifies the TXOPLimit parameter of EDCA, which ranges from 0 to 65,535 (in units of 32 microseconds). The TXOP value of 0 indicates that only one MPDU can be transmitted.
Example
# Set AIFSN to 3 for the AC-VO queue.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm edca client ac-vo aifsn 3
wmm edca client (ac-be and ac-bk)

Description
Use the wmm edca client command to set EDCA parameters for the AC-BE or AC-BK queue for clients.
77
Use the undo wmm edca client command to restore the default of the specified or all EDCA parameters for the specified AC queue. The following table lists the default EDCA parameter settings for the AC-BK and AC-BE queues for clients. Table 18 Default EDCA parameter settings for clients AC queue
AC-BK queue AC-BE queue
AIFSN
7 3
ECWmin
4 4
ECWmax
10 10
TXOP Limit
0 0
For more information about each EDCA parameter, see WLAN Configuration Guide. ECWmin must not be greater than ECWmax. The two parameters must be enabled or disabled simultaneously. When all the clients are 802.1 terminals, HP recommends that you set the TXOPLimit value to 0 for both 1b the AC-BK and AC-BE queues. If both 802.1 and 802.1 clients are present, HP recommends that you use the default TXOPLimit 1b 1g settings for the AC-BK and AC-BE queues.
Syntax
wmm edca client { ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmaxvalue | txoplimit txoplimit-value } * undo wmm edca client { ac-be | ac-bk } { aifsn | ecw | txoplimit | all }
View
Default level
2: System level
Parameters
ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue. all: Specifies all the EDCA parameters. aifsn-value: Specifies the AIFSN parameter of EDCA, which ranges from 2 to 15. ecwmin-value: Specifies the ECWmin parameter of EDCA, which ranges from 0 to 15. ecwmax-value: Specifies the ECWmax parameter of EDCA, which ranges from 0 to 15. txoplimit-value: Specifies the TXOPLimit parameter of EDCA, which ranges from 0 to 65,535 (in units of 32 microseconds). The TXOP value of 0 indicates that only one MPDU can be transmitted.
Example
# Set AIFSN to 3 for the AC-BE queue.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm edca client ac-be aifsn 5
78
wmm enable
Description
Use the wmm enable command to enable the WMM function. Use the undo wmm enable command to disable the WMM function. The WMM function is enabled by default. The 802.1 protocol stipulates that all 802.1 clients support WLAN QoS. Therefore, when the radio 1n 1n works in 802.1 1an or 802.1 1gn mode, you should enable WMM. Otherwise, the associated 802.1 1n clients may fail to communicate.
Syntax
wmm enable undo wmm enable
View
Default level
2: System level
Parameters
None
Example
# Disable the WMM function.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] undo wmm enable
wmm svp map-ac

Description
Use the wmm svp map-ac command to map SVP packets to a specific AC queue. Use the undo svp map-ac command to restore the default. By default, SVP packet mapping is disabled. HP recommends that you map SVP packets to the AC-VO queue in normal cases.
Syntax
wmm svp map-ac { ac-vo | ac-vi | ac-be | ac-bk } undo wmm svp map-ac
View
Default level
2: System level
79
Parameters
ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue.
Example
# Map SVP packets to the AC-VO queue.
<Sysname> system-view [Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm svp map-ac ac-vo
80
Support and other resources

Contacting HP
For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers Technical support registration number (if applicable) Product serial numbers Error messages Operating system type and revision level Detailed questions
Subscription service
HP recommends that you register your product at the Subscriber's Choice for Business website: http://www.hp.com/go/wwalerts After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources.
Related information
Documents
To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. For a complete list of acronyms and their definitions, see HP A-Series Acronyms.
Websites
HP.com http://www.hp.com HP Networking http://www.hp.com/go/networking HP manuals http://www.hp.com/support/manuals HP download drivers and software http://www.hp.com/support/downloads HP software depot http://www.software.hp.com
81
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention
Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... } * [ x | y | ... ] * &<1-n> #
Description
Bold text represents commands and keywords that you enter literally as shown. Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which you select one. Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none. Asterisk-marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one. Asterisk-marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none. The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times. A line that starts with a pound (#) sign is comments.
GUI conventions
Convention
Boldface >
Description
Window names, button names, field names, and menu items are in bold text. For example, the New User window appears; click OK. Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Symbols
Convention
WARNING CAUTION IMPORTANT NOTE TIP
Description
An alert that calls attention to important information that if not understood or followed can result in personal injury. An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information. An alert that contains additional or supplementary information. An alert that provides helpful information.
82
Network topology icons

Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Port numbering in examples

The port numbers in this document are for illustration only and might be unavailable on your device.
83
Index
ABCDFGILMPRSTW
A a-mpdu enable,12 a-msdu enable,13 attack-detection enable,57 authentication-method,49 autochannel-set avoid-dot1 1h,42 B beacon ssid-hide,13 beacon-interval,14 C channel,15 channel band-width,15 cipher-suite,49 client dot1 1n-only,16 client max-count (service template view),17 D default,1 description,1 display interface wlan-bss,2 display interface wlan-ethernet,4 display interface wlan-radio,5 display wlan blacklist,63 display wlan client,18 display wlan ids history,58 display wlan ids statistics,59 display wlan rrm,42 display wlan service-template,22 display wlan statistics,23 display wlan whitelist,64 display wlan wmm,69 dot1 1b,44 dot1 1g,45 dot1 protection enable,46 1g dot1 mandatory maximum-mcs,46 1n dot1 support maximum-mcs,47 1n dtim,25
84
dynamic-blacklist enable,65 dynamic-blacklist lifetime,65 F fragment-threshold,26 G gtk-rekey client-offline enable,50 gtk-rekey enable,51 gtk-rekey method,51 I interface wlan-bss,8 interface wlan-ethernet,9 interface wlan-radio,9 L long-retry threshold,26 M max-power,27 max-rx-duration,27 P preamble,28 ptk-lifetime,52 R radio-type,29 reset wlan client,29 reset wlan dynamic-blacklist,66 reset wlan ids history,61 reset wlan ids statistics,62 reset wlan statistics,30 reset wlan wmm,73 rts-threshold,30 S security-ie,53 service-template (service template view),32 service-template (WLAN-radio interface view),31
short-gi enable,32 short-retry threshold,33 shutdown (WLAN-BSS interface view),10 shutdown (WLAN-Radio interface view),10 ssid,34 SSID-based access control configuration commands,40 static-blacklist mac-address,67 T tkip-cm-time,53 W wep default-key,54 wep key-id,55 whitelist mac-address,67 wlan broadcast-probe reply,34 wlan client idle-timeout,35 WLAN client isolation commands,40 wlan client keep-alive,35 wlan country-code,36 wlan ids,57 WLAN IDS attack detection configuration commands,57 WLAN IDS configuration commands,57 wlan permit-ssid,40 wlan rrm,48 wlan service-template,39 wlan-client-isolation enable,40 wmm cac policy,74 wmm edca client (ac-be and ac-bk),77 wmm edca client (ac-vo and ac-vi),76 wmm edca radio,75 wmm enable,79 wmm svp map-ac,79
85

HP a-MSR Router Series High WLAN Command Reference

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

HP a-MSR Router Series High WLAN Command Reference

Загружено:

Авторское право:

Доступные форматы

HP A-MSR Router Series WLAN Command Reference

Part number: 5998-2048 Software version: CMW520-R2207P02 Document version: 6PW100-20110810

Legal and notice information

WLAN interface configuration commands

display interface wlan-bss

Table 1 Command output Field

Maximum client number

Clients: 0 associating, 0 associated

Input (total): 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicasts/broadcasts, 0 bytes

Number of multicast/broadcast packets, number of bytes of

Output (total): 0 packets, 0 bytes : 0 unicasts, 0 bytes : 0 multicast/broadcasts, 0 bytes

Number of multicast/broadcast packets, number of bytes of

display interface wlan-ethernet

display interface wlan-radio

display interface wlan-radio interface-number [ brief ] [ | { begin | exclude | include } regular-expression ]

Table 2 Command output Field

no protection mode(0): The clients associated with the AP,

Non-member mode(1): The clients associated with the AP

20 MHz mode(2): The radio mode of the AP is 40 MHz.

Non-HT mix mode(3): All situations except the above three.

Number of broadcast packets, number of bytes of broadcast

Number of packets (unicasts + multicasts/broadcasts +

Number of unicast packets, number of bytes of unicast

Number of broadcast packets, number of bytes of broadcast

Number of retransmitted frames, number of transmit retries.

shutdown (WLAN-Radio interface view)

shutdown (WLAN-BSS interface view)

WLAN configuration commands

802.11 MAC configuration commands

[sysname-WLAN-Radio2/0] undo a-mpdu enable

client max-count (service template view)

display wlan client

Table 3 Command output Field

The field is displayed as -NA- if the client adopts plain-text authentication or

APID/RID IP Address VLAN

# Display the detailed information of all clients.

Listen Interval (Beacon Interval) : 10

Table 4 Command output Field

The field is displayed as -NA- if the client adopts plain-text

The field is irrelevant to the portal authentication method. If the client

SM Power Save Enable

Enabled: SM Power Save is enabled. Disabled: SM Power Save is disabled.

4-Way Handshake State

REKEYESTABLISHED: Displayed when re-keying is successful.

display wlan service-template

Table 5 Command output Field

HEX: Hexadecimal string ASCII: ASCII character string.

display wlan statistics

Table 6 Command output Field

By default, the max-rx-duration is 2000 milliseconds.

[Sysname-WLAN-Radio2/0] radio-type dot11b [Sysname-WLAN-Radio2/0] preamble long

reset wlan client

reset wlan statistics

service-template (WLAN-radio interface view)

service-template (service template view)

[Sysname-WLAN-Radio2/0] short-retry threshold 10

wlan broadcast-probe reply

wlan client idle-timeout

wlan client keep-alive

[Sysname] wlan country-code US

WLAN client isolation commands

SSID-based access control configuration commands

WLAN RRM configuration commands