HP Unified Wired-WLAN Products WLAN Command Reference HP 830 Unified Wired-WLAN PoE+ Switch Series HP 850 Unified Wired-WLAN Appliance HP 870 Unified Wired-WLAN Appliance HP 11900/10500/7500 20G Unified Wired-WLAN Module Part number: 5998-4799 Software version: 3507P22 (HP 830 PoE+ Switch Series) 2607P22 (HP 850 Appliance) 2607P22 (HP 870 Appliance) 2507P22 (HP 11900/10500/7500 20G Module) Document version: 6W101-20140418
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents WLAN interface configuration commands ················································································································· 1 default ········································································································································································ 1 description ······························································································································································
display wlan statistics service-template ··············································································································· 58 distance ·································································································································································· 60 dtim ········································································································································································· 61 fas
display wlan ap-model ······································································································································· 107 echo-interval ························································································································································· 108 firmware-update··················································································································································· 109 hybrid-remo
cipher-suite ··························································································································································· 141 gtk-rekey client-offline enable ····························································································································· 142 gtk-rekey enable ·················································································································································· 143 gtk-rekey
dot11a calibration-interval ································································································································· 184 dot11a crc-error-threshold ·································································································································· 184 dot11a exclude-channel ····································································································································· 185 dot11a interference-thresho
load-balance access-denial ································································································································ 216 load-balance rssi-threshold ································································································································· 216 load-balance session ··········································································································································· 217 load-balance traffic ····
wmm wmm wmm wmm wmm edca radio ················································································································································· 260 edca client (ac-vo and ac-vi) ···················································································································· 262 edca client (ac-be and ac-bk) ·················································································································· 263 enable ·······················
provision ······························································································································································· 299 reset wlan ap provision ······································································································································ 299 save wlan ap provision······································································································································· 300 tunnel encryp
Guest access tunnel configuration commands ······································································································ 336 aggregation-ac ···················································································································································· 336 display wlan guest-tunnel···································································································································· 336 edge-ac ························
countermeasure static (countermeasures policy view) ····················································································· 370 countermeasure static (WIPS view) ··················································································································· 370 countermeasure unauthorized-client ·················································································································· 371 countermeasure uncategorized-ap ······························
display wlan ips hotspotlist ································································································································ 425 display wlan ips ignorelist ·································································································································· 426 display wlan ips malformed-detect-policy ········································································································· 427 display wlan ips network ···········
WLAN optimization commands ····························································································································· 484 wlan wlan wlan wlan wlan wlan wlan wlan wlan wlan wlan wlan wlan wlan wlan wlan option broadcast-buffer enable ················································································································ 484 option channel-reuse··········································································································
WLAN interface configuration commands default Use default to restore the default settings for an interface. Syntax default Views WLAN-ESS interface view, WLAN mesh interface view. Default command level 2: System level Usage guidelines This command might fail to restore the default settings for some commands because of command dependencies and system restrictions.
Default command level 2: System level Parameters text: Specifies a description for the current interface, a string of 1 to 80 characters. The device supports the following types of characters or symbols: standard English characters (numbers and case-sensitive letters), special English characters, spaces, and other characters or symbols that conform to the Unicode standard. Usage guidelines An interface description can be a mixture of English characters and other Unicode characters.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Untagged VLAN ID : 1 Port priority: 0 Last clearing of counters: Never Maximum client number: 64 Clients: 0 associating, 0 associated Input : Total Frames Count : 1203 Total Frames Bytes : 240156 Ucast Frames Count : 302 Ucast Frames Bytes : 10710 Bcast Frames Count : 901 Bcast Frames Bytes : 229446 Output : Total Frames Count : 907 Total Frames Bytes : 226552 Ucast Frames Count : 31 Ucast Frames Bytes : 9334 Bcast Frames Count : 876 Bcast Frames Bytes : 217218 Table 1 Command
Field Input Description : Total Frames Count Total Frames Bytes :0 :0 Ucast Frames Count :0 Ucast Frames Bytes :0 Bcast Frames Count :0 Bcast Frames Bytes Output Input packet statistics of the interface: • Number of packets, number of bytes. • Number of unicast packets, number of bytes of unicast packets. • Number of multicast/broadcast packets, number of bytes of multicast/broadcast packets.
Usage guidelines If you do not specify the wlan-ess keyword, the command displays information about all interfaces on the device. If you specify the wlan-ess keyword and do not provide the interface-number argument, the command displays information about all WLAN-ESS interfaces. Examples # Display information about the interface WLAN-ESS 1.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If you do not specify the wlan-mesh keyword, the command displays information about all interfaces on the device. If you specify the wlan-mesh keyword and do not specify the interface-number argument, the command displays information about all WLAN-MESH interfaces.
[Sysname-WLAN-ESS1] interface wlan-mesh Use interface wlan-mesh to enter WLAN mesh interface view. If the specified WLAN mesh interface does not exist, the command creates the WLAN mesh interface first. Use undo interface wlan-mesh to delete the specified WLAN mesh interface.
WLAN access configuration commands WLAN global service control commands wlan enable Use wlan enable to enable WLAN service. Use undo wlan enable to disable WLAN service. Syntax wlan enable undo wlan enable Default WLAN service is enabled. Views System view Default command level 2: System level Usage guidelines Enable WLAN before you can use the WLAN services. Examples # Enable WLAN service if it is disabled. system-view [Sysname] wlan enable 802.
Views Radio view Default command level 2: System level Usage guidelines This command is only effective on 802.11n radios. If you change the radio type of an 802.11n radio, the default setting for this function of the new radio type is restored. Examples # Disable the A-MPDU function.
ani enable Use ani enable to enable the Adaptive Noise Immunity (ANI) function. Use undo ani enable to disable the ANI function. Syntax ani enable undo ani enable Default ANI is enabled. Views Radio view Default command level 2: System level Usage guidelines After the ANI function is enabled, the device automatically adjusts the noise immunity level according to the surrounding signal environment to eliminate RF interference. Examples # Disable ANI.
Parameters antenna-gain: Specifies the antenna gain in the range of –5 to +20 dBm. Usage guidelines This command only takes effect on antennas from a third party. Make sure the actual antenna gain is within the valid range. The system always uses the configured antenna gain even if the antenna gain might cause the current power of an AP to be illegitimate. Examples # Configure the gain for radio 1 on AP 1 as 2.
Syntax authentication-mode { backup | local } undo authentication-mode Default The AC performs central authentication on clients. Views Service template view Default command level 2: System level Parameters backup: Specifies the backup authentication mode. local: Specifies the local authentication mode. Examples # Enable local authentication.
If the advertising of the SSID in beacon frames is disabled, the SSID must be configured for the clients to associate with the AP. Examples # Disable the advertising of the SSID in beacon frames. system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] beacon ssid-hide beacon-interval Use beacon-interval to set the interval for sending beacon frames. Beacon frames are transmitted at a regular interval to allow mobile clients to join the network.
Views Service template view Default command level 2: System level Examples # Enable the beacon measurement function. system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] beacon-measurement enable beacon-measurement interval Use beacon-measurement interval to configure the interval at which the AP sends beacon measurement requests to clients. Use undo beacon-measurement interval to restore the default.
Default The beacon-table mode is adopted. Views Service template view Default command level 2: System level Parameters active: Enables the active beacon measurement mode. In this mode, the AP sends a beacon measurement request to a client. Upon receiving the request, the client broadcasts probe requests on all supported channels and sets a measurement duration timer. At the end of the measurement duration, the client compiles all received beacons and probe responses into a measurement report.
Examples # Bind interface WLAN-ESS 1 to service template 1. system-view [Sysname] interface WLAN-ESS 1 [Sysname-WLAN-ESS1] quit [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] bind wlan-ess 1 broadcast-probe reply Use broadcast-probe reply to enable the AP to respond to the probe requests that do not carry an SSID. Use undo broadcast-probe reply to configure the AP to only respond to probe requests that carry an SSID.
Syntax channel { channel-number | auto } undo channel Default Auto mode is set. Views Radio view Default command level 2: System level Parameters channel-number: Specifies a channel. auto: Specifies that the channel is automatically selected by the device according to the actual environment during system initialization. Usage guidelines The working channels depend on the country code and radio mode. The channel list depends on your device model.
Default The channel bandwidths of the 802.11a/n radio, the 802.11g/n radio, and the 802.11ac radio are 40 MHz, 20 MHz, and 80 MHz, respectively. Views Radio view Default command level 2: System level Parameters 20: Specifies the channel bandwidth of the 802.11n radio as 20 MHz. 40: Specifies the channel bandwidth of the 802.11n radio as 40 MHz. auto-switch: Enables automatic channel bandwidth switch for 2.4 GHz radios. 80: Specifies the channel bandwidth of the 802.11ac radio as 80 MHz.
undo channel lock Default The current channel is not locked. Views Radio view Default command level 2: System level Usage guidelines The channel clock command takes effect only when the radio adopts the auto mode (which is configured with the channel auto command). If you configure the channel lock command and then enable the radio by using the radio enable command, the radio automatically selects an optimal channel, and then locks the channel.
Default command level 2: System level Parameters acl-number: Specifies an IPv4 ACL number in the range of 2000 to 4999. ipv6 acl6-number: Specifies an IPv6 ACL number in the range of 2000 to 3999. local: Specifies the local forwarding mode. remote: Specifies the centralized forwarding mode. Usage guidelines A forwarding policy can be configured with 100 rules at most. Before you can apply a forwarding policy, create a forwarding policy and specify forwarding rules.
Usage guidelines The client dot11n-only command permits 802.11n and 802.11ac clients to access the WLAN. To provide access for all 802.11a/b/g clients, disable this command. The client dot11ac-only command permits only 802.11ac clients to access the WLAN. To provide access for 802.11a/n clients, disable this command. Examples # Configure the radio to allow 802.11n and 802.11ac clients to access the WLAN.
system-view [Sysname]wlan service-template 1 clear [Sysname-wlan-st-1] client cache aging-time 600 client forwarding-mode local Use client forwarding-mode local to enable local forwarding in the service template. Use undo client forwarding-mode local to disable local forwarding in the service template.
undo client forwarding-mode policy-based Default The centralized forwarding mode is adopted, in which the AC performs data forwarding. Views Service template view Default command level 2: System level Parameters policy-name: Specifies a forwarding policy by its name, a case-sensitive string of 1 to 31 characters. Usage guidelines If you configure the forwarding policy in service template view, specify the policy name.
Examples # Configure data frames to be encapsulated in 802.3 format and forwarded by the AC. system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] client remote-forwarding format dot3 client idle-timeout Use client idle-timeout to specify the maximum idle time for a connection between a client and the AP. A connection that remains idle for the specified period of time is removed. Use undo client idle-timeout to restore the default.
Syntax client keep-alive interval undo client keep-alive Default The client keep-alive functionality is disabled. Views AP template view, AP group view Default command level 2: System level Parameters interval: Keep-alive interval of clients in the range of 3 to 1800 seconds. Usage guidelines The client keep-alive mechanism is used to detect and disconnect clients that are segregated from the system for reasons such as power failure or crash.
Default command level 2: System level Parameters max-number: Maximum number of allowed clients in a BSS. The value is in the range of 1 to 124. Examples # Configure the maximum number of clients associated with an SSID as 10 for radio policy radio1. system-view [Sysname] wlan radio-policy radio1 [Sysname-wlan-rp-radio1] client max-count 10 client max-count (service template view) Use client max-count to specify the maximum number of allowed clients for the radio policy.
Syntax display wlan client [ ap ap-name [ radio radio-number ] | mac-address mac-address | service-template service-template-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ap ap-name: Specifies an AP by its name. radio radio-number: Displays information about clients that are attached to the specified radio. The radio number value is 1. mac-address mac-address: Specifies the MAC address of a client.
Field Description Username of the client: User Name • The field is displayed as -NA- if the client adopts plain-text authentication or cipher-text authentication with no username. • The field is not used by the portal authentication method. If the client uses the portal authentication method, the field does not display the portal username of the client. APID/RID ID of the AP or radio with which the client is associated. IP Address IP address of the client. VLAN VLAN to which the client belongs.
4-Way Handshake State : -NA- Group Key State : -NA- Encryption Cipher : Clear PMF Status : -NA- Roam Status : Normal Roam Count : 0 Up Time (hh:mm:ss) : 00:01:13 Bonjour Records: IP address Service Type Service Instance 192.168.0.1 airplay Apple TV 192.168.0.1 raop B8782E5101E7@Apple TV 192.168.0.2 ipp Officejet Pro 8600 [1B284A] 192.168.0.1 airplay Apple TV 192.168.0.1 raop B8782E5101E7@Apple TV 192.168.0.1 airplay Apple TV 192.168.0.
Field SM Power Save Enable Description SM Power Save enables a client to have one antenna in the active state, and others in sleep state to save power. • Enabled—SM Power Save is enabled. • Disabled—SM Power Save is disabled. Short GI for 20MHz Whether the client supports short GI when its channel bandwidth is 20 MHz. Short GI for 40MHz Whether the client supports short GI when its channel bandwidth is 40 MHz.
Field Description Display either of the 4-way handshake states: 4-Way Handshake State • • • • IDLE—Displayed in initial state. PTKSTART—Displayed when the 4–way handshake is initialized. PTKNEGOTIATING—Displayed after sending valid message 3. PTKINITDONE—Displayed when the 4-way handshake is successful. Display the group key state: Group Key State Encryption Cipher • IDLE—Displayed in initial state. • REKEYNEGOTIATE—Displayed after the AC sends the initial message to the client.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Default command level 1: Monitor level Parameters ap ap-name: Specifies an AP by its name. radio radio-number: Specifies a radio by its number. verbose: Displays detailed client information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
display wlan client bridge verbose Total Number of Clients : 1 Client Information ------------------------------------------------------------------------------MAC Address : 5866-baf2-d7cd User Name : -NA- IP Address : 192.168.1.
Tx Packets : 0 Tx Bytes : 0 Tx Dropped Packets : 0 Command Execution Result : -NA- Table 6 Command output Field Description MAC address MAC address of the client. Username of the client: • The field is displayed as -NA- if the client adopts plain-text authentication or User Name cipher-text authentication with no username. • If the client uses the portal authentication method, the field does not display the portal username of the client. IP Address IP address of the client.
Field Description Support MCS Set MCS supported by the client. BLOCK ACK is negotiated based on traffic identifier (TID): BLOCK ACK-TID QoS Mode • OUT—Outbound direction. • IN—Inbound direction. • BOTH—Both outbound and inbound directions. WMM indicates that the WMM function is supported. None indicates that the WMM function is not supported. WMM information negotiation is carried out between an AP and a client that both support WMM.
Field Description Up Time Time for which the client has been associated with the AP. Serial Number Serial number of the client. Device Information Device model of the client. Software Version Software version of the client. Associated AP RSSI Received Signal Strength Indicator. It indicates the associated AP's signal strength detected by the client. Associated AP SNR The associated AP's SNR detected by the client. Tx Power (dBm) Transmission rate of the client radio.
regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters. Examples # Display the country code information about all APs.
Classifier ACL IPv6 2001: Remote Classifier ACL IPv6 2002: Remote Forwarding Policy Parameters ------------------------------------------------------------------------------Forwarding Policy Name: fwd2 Classifier ACL 4021: Local Classifier ACL IPv6 2000: Remote Classifier ACL IPv6 3024: Remote Table 7 Command output Field Description Forwarding Policy Name Name of the current forwarding policy.
display wlan radio-policy rp Radio Policy Parameters ---------------------------------------------------------------------Radio Policy Name : rp Fragmentation Threshold (Bytes) : 2346 Beacon Interval (TU) : 100 RTS Threshold (Bytes) : 2346 DTIM Period (Beacon Interval) : 1 Long Retry Threshold : 4 Short Retry Threshold : 7 Maximum Rx Duration (ms) : 2000 Maximum clients per Radio : 64 Protection-mode : cts-to-self ------------------------------------------------------------------
Short Retry Threshold : 7 Maximum Rx Duration (ms) : 2000 Maximum clients per Radio : 64 Protection-mode : cts-to-self ---------------------------------------------------------------------QoS Mode : WMM Admission Control Policy : Users Threshold users count : 20 CAC-Free's AC Request Policy : Response Success CAC Unauthed Frame Policy : Downgrade CAC Medium Time Limitation(us) : 100000 CAC AC-VO's Max Delay(us) : 50000 CAC AC-VI's Max Delay(us) : 300000 SVP packet mapped AC number :
CAC AC-VO's Max Delay(us) : 50000 CAC AC-VI's Max Delay(us) : 300000 SVP packet mapped AC number : Disabled Radio's WMM Parameters: AC-BK AC-BE AC-VI AC-VO ECWmin 4 4 3 2 ECWmax 10 6 4 3 AIFSN 7 3 1 1 TXOPLimit 0 0 94 47 AckPolicy Normal Normal Normal Normal AC-BE AC-VI AC-VO Client's WMM Parameters: AC-BK ECWmin 4 4 3 2 ECWmax 10 10 4 3 AIFSN 7 3 2 2 TXOPLimit 0 0 94 47 Disable Disable Disable Disable CAC ---------------------------------------
Field Description CAC-Free's AC Request Policy Response policy adopted for CAC-incapable ACs. CAC Unauthed Frame Policy Policy of processing frames unauthorized by CAC. CAC Medium Time Limitation(us) Maximum medium time allowed by the CAC policy (in microseconds). CAC AC-VO's Max Delay(us) Maximum voice traffic delay allowed by the CAC policy (in microseconds). CAC AC-VI's Max Delay(us) Maximum video traffic delay allowed by the CAC policy (in microseconds).
Examples # Display the configuration information for service template 1.
Field Description Authentication method: Authentication Method • Open system. • Shared key. Authentication mode: Authentication Mode • Central—Central authentication. The AC authenticates clients. • Local—Local authentication. The AP authenticates clients. • Backup—Backup authentication. Beacon-measurement Enable—The beacon measurement function is enabled. Beacon-measurement Interval Interval at which the AP sends beacon requests to clients. The value is in seconds.
Field Description Maximum clients per BSS Maximum number of associated clients per BSS. Bonjour Policy Name of the Bonjour policy applied to the service template. display wlan statistics ap connect-history Use display wlan statistics ap connect-history to display AP connection statistics.
Field Description Reassociations Total number of reassociations. Failures Total number of failed associations. Rejections Total number of associations rejected. Exceptional Deassociations Total number of exceptional associations. Current Associations Number of current associations. display wlan statistics client Use display wlan statistics client to display client statistics.
Back Ground (Frames/Bytes) : 0/0 Best Effort (Frames/Bytes) : 9/1230 Video (Frames/Bytes) : 0/0 Voice (Frames/Bytes) : 2/76 Received Frames: Back Ground (Frames/Bytes) : 0/0 Best Effort (Frames/Bytes) : 18/2437 Video (Frames/Bytes) : 0/0 Voice (Frames/Bytes) : 7/468 Discarded Frames: Back Ground (Frames/Bytes) : 0/0 Best Effort (Frames/Bytes) : 0/0 Video (Frames/Bytes) : 0/0 Voice (Frames/Bytes) : 5/389 -------------------------------------------------------------------------- Table
Views Any view Default command level 1: Monitor level Parameters radio: Displays radio statistics. ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. If the ap ap-name option is not specified, the radio statistics of all APs are displayed. load: Displays the load information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Larger than 1024 : 0 Packet Statistics Based on Rate: 6 Mbps : 0 9 Mbps : 0 12 Mbps : 0 18 Mbps : 0 24 Mbps : 880 36 Mbps : 0 48 Mbps : 0 54 Mbps : 0 Packet Statistics Based on 802.11n Rate: 6.5 Mbps : 0 7.2 Mbps : 0 13 Mbps : 0 13.5 Mbps : 0 14.4 Mbps : 0 15 Mbps : 0 19.5 Mbps : 0 21.7 Mbps : 0 26 Mbps : 0 27 Mbps : 0 28.9 Mbps : 0 29.3 Mbps : 0 30 Mbps : 0 32.5 Mbps : 0 39 Mbps : 0 40.5 Mbps : 0 43.3 Mbps : 0 45 Mbps : 0 52 Mbps : 0 54 Mbps : 0 57.
780 Mbps : 0 866.7 Mbps : 0 877.
108 Mbps : 0 117 Mbps : 130 115.6 Mbps : 170 120 Mbps : 0 : 140 121.5 Mbps : 0 130 Mbps 135 Mbps : 0 144.4 Mbps 150 Mbps : 0 156 Mbps : 0 162 Mbps : 0 173.3 Mbps : 0 175.5 Mbps : 0 180 Mbps : 0 195 Mbps : 0 200 Mbps : 0 216 Mbps : 0 216.7 Mbps : 0 234 Mbps : 0 240 Mbps : 0 : 22 243 Mbps : 0 260 Mbps : 0 263.3 Mbps : 0 270 Mbps : 0 288.9 Mbps : 0 292.5 Mbps : 0 300 Mbps : 0 324 Mbps : 0 325 Mbps : 0 351 Mbps : 0 360 Mbps : 0 364.
Failed ACK Frames Count : 7541 Authentication Frames Count : 14 Association Frames Count : 8 Packet Statistics Based on Size: Smaller than or equal to 128 : 1020 Between 128 and 512 (inclusive) : 11386 Between 512 and 1024 (inclusive) : 0 Larger than 1024 : 0 Packet Statistics Based on Rate: 1 Mbps : 0 2 Mbps : 0 5.5 Mbps 9 Mbps : 0 6 Mbps : 0 : 0 11 Mbps : 1121 12 Mbps : 0 18 Mbps : 0 24 Mbps : 0 36 Mbps : 0 48 Mbps : 0 54 Mbps : 0 Packet Statistics Based on 802.
300 Mbps : 0 324 Mbps : 0 325 Mbps : 0 351 Mbps : 0 360 Mbps : 0 364.5 Mbps : 0 390 Mbps : 0 400 Mbps : 0 405 Mbps : 0 433.3 Mbps : 0 450 Mbps : 0 468 Mbps : 0 486 Mbps : 0 520 Mbps : 0 526.5 Mbps : 0 540 Mbps : 0 585 Mbps : 0 600 Mbps : 0 650 Mbps : 0 702 Mbps : 0 780 Mbps : 0 866.7 Mbps : 0 877.
27 Mbps : 0 28.9 Mbps 26 Mbps : 0 29.3 Mbps : 0 30 Mbps : 0 32.5 Mbps : 0 39 Mbps : 59 40.5 Mbps : 0 : 0 45 Mbps : 0 : 17 54 Mbps : 0 43.3 Mbps 52 Mbps : 136 57.8 Mbps : 0 58.5 Mbps 60 Mbps : 0 65 Mbps : 20 : 4 72.2 Mbps : 0 78 Mbps : 0 81 Mbps : 0 86.7 Mbps : 0 87.8 Mbps : 0 90 Mbps : 0 97.5 Mbps : 0 104 Mbps : 0 108 Mbps : 0 115.6 Mbps : 0 117 Mbps : 0 120 Mbps : 0 121.5 Mbps : 0 130 Mbps : 0 135 Mbps : 0 144.
Field Description Total Frames Bytes Number of transmitted bytes, including probe responses and beacon frames. Unicast Frames Count Number of transmitted unicast frames, excluding probe responses. Unicast Frames Bytes Number of transmitted bytes of unicast frames, excluding probe responses. Broadcast/Multicast Frames Count Number of transmitted broadcast or multicast frames. Broadcast/Multicast Frames Bytes Number of transmitted bytes of broadcast or multicast frames.
Radio Load -------------------------------------------------------------------------------AP Name Radio Client Number -------------------------------------------------------------------------------ap1 1 0 ap1 2 11 ap2 1 20 Table 13 Command output Field Description AP name Access Point name. Radio ID Radio ID. Client Number Number of associated clients. display wlan statistics service-template Use display wlan statistics service-template to display service template statistics.
-------------------------------------------------------------------------------AP Name : ap1 Radio : 1 Receive : Frame Count : 1713 Frame Bytes : 487061 Data Frame Count : 1683 Data Frame Bytes : 485761 Associate Frame Count : 2 Send : Frame Count : 62113 Frame Bytes : 25142076 Data Frame Count : 55978 Data Frame Bytes : 22626600 Associate Frame Count : 2 -------------------------------------------------------------------------------- Table 14 Command output Field Description
Current Associations : 57 -------------------------------------------------------------------------------AP Name : ap1 Radio : 2 Associations : 1004 Failures : 35 Reassociations : 59 Rejections : 4 Exceptional Deassociations : 22 Current Associations : 300 -------------------------------------------------------------------------------- Table 15 Command output Field Description Service Template Service template number. AP name AP name. Radio Radio number.
Examples # Configure the maximum distance that the radio can cover as 5 km (3.11 miles). system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] radio 1 [Sysname-wlan-ap-ap1-radio-1] distance 5 dtim Use dtim to set the number of beacon intervals an AP waits before it sends buffered multicast and broadcast frames. The AP sends buffered broadcast/multicast frames when the DTIM counter reaches the configured value. Use undo dtim to restore the default.
Views Service template view Default command level 2: System level Usage guidelines When fast association is enabled, the AP does not perform band navigation and load balancing calculations for clients bound to the SSID. Examples # Enable fast association. system-view [Sysname] wlan service-template 1 [Sysname-wlan-st-1] fast-association enable fragment-threshold Use fragment-threshold to specify the maximum length of frames that can be transmitted without fragmentation.
Use undo green-energy-management enable to disable the energy saving function. Syntax green-energy-management enable undo green-energy-management enable Default The energy saving function is disabled. Views Radio view Default command level 2: System level Usage guidelines This function is only available to APs supporting 802.11n and at least two spatial streams. Examples # Enable the energy saving function.
[Sysname-wlan-ap-ap2] radio 1 type dot11an [Sysname-wlan-ap-ap2-radio-1] ldpc enable led-mode Use led-mode to set the LED flashing mode for an AP. All LEDs on the AP are steady on when an error occurs. Use undo led-mode to restore the default. Syntax led-mode { quiet | awake | always-on | normal } undo led-mode Default The LED flashing mode is normal.
Examples # Set the LED flashing mode for AP 1 to always-on. system-view [Sysname] wlan ap ap1 [Sysname-wlan-ap-ap1] led-mode always-on long-retry threshold Use long-retry threshold to set the number of retransmission attempts for frames larger than the RTS threshold. Use undo long-retry threshold to restore the default. Syntax long-retry threshold count undo long-retry threshold Default The long retry threshold is 4.
Views Radio view Default command level 2: System level Parameters radio-power: Maximum radio transmission power, which varies with country codes and radio types. Examples # Specify the max transmission power of radio 1 as 5. system-view [Sysname] wlan ap ap3 model MSM460-WW [Sysname-wlan-ap-ap3] radio 1 type dot11an [Sysname-wlan-ap-ap3-radio-1] max-power 5 max-rx-duration Use max-rx-duration to specify the interval for the AP to hold a received frame.
Syntax mimo { 1x1 | 2x2 | 3x3 } undo mimo Default No MIMO mode is set for a radio. Views Radio view Default command level 2: System level Parameters 1x1: Enables the radio to transmit and receive 1 space stream at a time. 2x2: Enables the radio to transmit and receive 2 space streams at a time. 3x3: Enables the radio to transmit and receive 3 space streams at a time. Usage guidelines This function is only available to APs supporting 802.11n and at least two spatial streams.
Examples # Set the NAS-ID for AP 1 to 0002053110000460. system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] nas-id 0002053110000460 nas-port-id Use nas-port-id to set the NAS-PORT-ID for an AP. Use undo nas-port-id to remove the NAS-PORT-ID. Syntax nas-port-id text undo nas-port-id Default No NAS-PORT-ID is configured for an AP. Views AP template view Default command level 2: System level Parameters text: Sets the NAS-PORT-ID for an AP.
Default command level 2: System level Usage guidelines After you configure the power lock command, the device automatically sets the maximum power as the power after power selection. The AP can use the power after power selection after the AC is rebooted. If the working channel changes after you lock the power and the locked power is greater than the maximum power supported by the new channel, the device automatically changes the power to the maximum power supported by the new channel.
Usage guidelines Preamble is a pattern of bits at the beginning of a frame so that the receiver can synchronize and be ready for receiving the data. There are short and long preambles. 802.11a and 802.11an does not support this configuration. Examples # Configure the AP to support long preamble.
Use radio disable to disable the specified radio of an AP. Syntax radio { disable | enable } Default All radios are disabled. Views Radio view Default command level 2: System level Parameters disable: Disables the radio. enable: Enables the radio. Examples # Enable radio 1 of the AP.
dot11gn: Specifies the 802.11g/n (2.4 GHz) radio type. Examples # Specify the radio type as 802.11a/n for radio 1. system-view [sysname] wlan ap ap1 model MSM460-WW [sysname-wlan-ap-ap1] radio 1 type dot11an radio-policy Use radio-policy to map a radio policy to a radio. Use undo radio-policy to remove the mapping. Syntax radio-policy radio-policy-name undo radio-policy Default All radios use the default radio policy default_rp.
Views User view Default command level 2: System level Parameters all: Disconnects all clients. mac address mac-address: Disconnects the client specified by the MAC address. Examples # Disconnect the client with MAC address 000f-e2cc-8501. reset wlan client mac-address 000f-e2cc-8501 reset wlan statistics Use reset wlan statistics to clear client or radio statistics.
Views Radio policy view Default command level 2: System level Parameters size: Specifies the length of frames for which the request to send (RTS) method is used. The value is in the range of 0 to 2346 bytes. Usage guidelines Request to Send (RTS) is used to avoid data sending collisions in a WLAN. You need to set a rational value. A small value causes RTS packets to be sent more often, which consumes more of the available bandwidth.
nas-port-id nas-port-id: Sets the ID of the NAS port to be bound. The ID is a case-insensitive string of 1 to 63 characters, without spaces. nas-id nas-id: Sets the ID of the NAS to be bound. The ID is a case-insensitive string of 1 to 20 characters, without spaces. ssid-hide: Disables the advertising of the Service Set Identifier. If the SSID is hidden, the value of the TLV field in Beacon frames or Probe requests is 0. By default, the SSID is not hidden.
[Sysname-wlan-st-1] service-template enable short-gi enable Use short-gi enable to enable the short GI function. Use undo short-gi enable to disable the short GI function. Syntax short-gi enable undo short-gi enable Default The short GI function is enabled. Views Radio view Default command level 2: System level Usage guidelines This command is only effective on 802.11n radios. If you change the radio type of an 802.11n radio, the default setting for this function of the new radio type is restored.
Default The short retry threshold is 7. Views Radio policy view Default command level 2: System level Parameters count: Number of times the AP can send a short unicast frame (less than the RTS threshold) if no acknowledgment is received for it. The value is in the range of 1 to 15. Examples # Specify the short retry threshold as 10.
snmp-agent trap enable wlan Use snmp-agent trap enable wlan to enable the AC to send SNMP traps to the NMS when the number of concurrent online APs reaches or drops below the upper limit. Use undo snmp-agent trap enable wlan to disable the function.
Syntax smart-antenna enable undo smart-antenna enable Default The smart antenna is disabled. Views Radio view Default command level 2: System level Usage guidelines The smart antenna is available only if you have configured an internal antenna for the radio by using the antenna type command. Examples # Enable the smart antenna.
high-throughput: Adopts the high throughput policy. Usage guidelines The command takes effect only if you have enabled the smart antenna. Examples # Configure the smart antenna to adopt the high reliability policy. system-view [Sysname] wlan ap ap2 model MSM460-WW [Sysname-wlan-ap-ap2] radio 1 type dot11an [Sysname-wlan-ap-ap2-radio-1] smart-antenna policy high-reliability Related commands smart-antenna enable ssid Use ssid to set the SSID for the current service template.
Use undo stbc enable to disable STBC. Syntax stbc enable undo stbc enable Default STBC is enabled. Views Radio view Default command level 2: System level Usage guidelines Enabling STBC improves the SNR of the receiver and data transmission reliability. STBC can be used for wireless access and mesh links. When you enable STBC on a mesh link, HP recommends that you enable STBC on both the sender and receiver to get best performance.
Examples # Enable the AP to send traps. system-view [AC]wlan ap ap2 model MSM460-WW id 2 [AC-wlan-ap-ap2] trap enable [AC-wlan-ap-ap2] device-detection enable [AC-wlan-ap-ap2] #Nov 19 14:10:30:003 2012 HP WMAC/4/AP WorkMode Changed: Work mode of AP change d:1.3.6.1.4.1.2011.10.2.75.2.3.0.1 Serial ID: CN2AD330S8 WorkMode: 3 unknown-client Use unknown-client to configure how the AP treats packets from unknown clients. Use undo unknown-client to restore the default.
Default The IP address snooping function is disabled. Views System view Default command level 2: System level Examples # Enable IP address snooping for wireless clients. system-view [Sysname] wlan client learn-ipaddr enable wlan country-code Use wlan country-code to specify the global country code. Use undo wlan country-code to restore the default. Syntax wlan country-code code undo wlan country-code Default No global country code value is configured.
Country Code Country Code BAHRAIN BH MOLDOVA MD BOLIVIA BO MACEDONIA MK BRAZIL BR MARTINIQUE MQ BAHAMAS BS MALTA MT BELARUS BY MEXICO MX BELIZE BZ MALAYSIA MY CANADA CA NETHERLANDS NL SWITZERLAND CH NORWAY NO CHILE CL NEW ZEALAND NZ CHINA CN OMAN OM COLOMBIA CO PANAMA PA CYPRUS CY PERU PE CZECH REPUBLIC CZ PHILIPPINES PH GERMANY DE PAKISTAN PK DENMARK DK POLAND PL DOMINICAN REPUBLIC DO PUERTO RICO PR ESTONIA EE PORTUGAL PT EGYPT EG PA
Country Code Country Code ICELAND IS HOLY SEE VA ITALY IT VENEZUELA VE JORDAN JO VIET NAM VN JAPAN JP SOUTH AFRICA ZA KOREA KR Usage guidelines The country code determines characteristics such as the power level and the total number of channels. You must set the correct country code or area code for a WLAN device (AC or AP).
system-view [Sysname] wlan forwarding-policy branch [sysname-wlan-fp-branch] wlan link-test Use wlan link-test to RFPing a client. Syntax wlan link-test mac-address Views User view Default command level 1: Monitor level Parameters mac-address: MAC address of a client. Only clients that have been associated with the AP can be RFPinged. Examples # Perform an RFPing operation on the client with the MAC address 000f-e201-0101.
3 234 5 5 70 0 0 4 351 5 5 69 0 0 5 520 5 4 70 2 0 6 526.5 5 4 69 2 0 7 585 5 5 69 0 0 8 702 5 5 70 0 0 9 780 5 5 69 0 0 -------------------------------------------------------------------------------NSS = 3 -------------------------------------------------------------------------------0 87.8 5 5 70 0 0 1 175.5 5 5 70 0 0 2 263.3 5 5 70 0 0 3 351 5 5 70 0 0 4 526.
Syntax wlan radio { disable | enable } { all | dot11a | dot11ac | dot11an | dot11b | dot11g | dot11gn | radio-policy radio-policy-name } Default No WLAN radio is enabled. Views System view Default command level 2: System level Parameters disable: Disables WLAN radios. enable: Enables WLAN radios. all: Enables or disables all the WLAN radios. dot11a: Enables or disables 802.11a WLAN radios. dot11ac: Enables or disables 802.11ac WLAN radios. dot11an: Enables or disables 802.11an WLAN radios.
Views System view Default command level 2: System level Parameters radio-policy-name: Specifies a radio policy by its name, a case-insensitive string of 1 to 15 characters. Usage guidelines A radio policy is a set of radio attributes. If the radio policy is mapped to a radio, the radio will have all the attributes configured in the radio policy. If the radio-policy is mapped with a radio, it cannot be directly deleted before it is unmapped. Examples # Create a radio policy named radio1.
system-view [Sysname] wlan radio-policy auto-create snmp wlan service-template Use wlan service-template to create a service template and enter service template view. If the service template exists, you can directly enter service template view. Use undo wlan service-template to delete the service template and related configurations. If the specified service template is mapped to a radio, it cannot be directly deleted before it is unmapped.
Default The threshold percentage for sending SNMP traps is 100. Views System view Default command level 2: System level Parameters value: Specifies the trap threshold percentage for sending SNMP traps, in the range of 30 to 100. Usage guidelines The number of supported APs varies with the AC model. For example, an AC supports a maximum of 128 concurrent online APs. If you set the trap threshold percentage to 50, the upper limit of concurrent online APs is 64.
system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] ap-name admin cir Use cir to set the CIR for packets sent from AC to AP. Use undo cir to restore the default. Syntax cir committed-information-rate [ cbs committed-burst-size ] undo cir Default The CBS is the number of bytes transmitted in 500 ms at the rate of CIR. Default No CIR is set for an AP.
Default The country or region code depends on the AP model. If no country or region code is configured for the AP, the AP uses the global country code. Views AP template view, AP group view Default command level 2: System level Parameters code: Country code. For information about country codes, see Table 17. Usage guidelines An AP configured with a country code uses its own country code. Executed in AP template view, the command applies to a specified AP.
Default command level 2: System level Parameters text: Description for the AP, a case-sensitive string of 1 to 64 characters. Examples # Set a description for an AP. system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] description L3-office display wlan ap Use display wlan ap to display information about a specified AP or all APs.
AP Profiles State : I = Idle, J = Join, JA = JoinAck, C = Config, R = Run, IL = ImageLoad KU = KeyUpdate, KC = KeyCfm M = Master, B = Backup -------------------------------------------------------------------------------AP Name State Model Serial-ID -------------------------------------------------------------------------------ap1 R/M MSM460-WW CN2AD330S8 ap3 I MSM460-WW Not Configured # Display information about all unauthenticated auto APs.
Field Description Current state of the AP: • • • • • State Idle—Idle. J—Join. JA—Join acknowledge. IL—The AP is downloading the version. C—Configuration exchange. This state is an instantaneous state. It indicates that the AC is delivering configuration file to the fit AP, and the fit AP is collecting radio information through the radio interface and reporting to the AC. • R—The AP is operating. It indicates that the AP has associated with the AC.
Transmitted data packets : 104 Received data packets : 370 Configuration Failure Count : 0 Last Failure Reason : Last Reboot Reason : Tunnel Initiated Latest IP Address : 192.168.100.
Co-channel Neighbor Count : -NA- Channel Health : -NA- Radio Policy : 257 Service Template : 1 SSID : office Port : WLAN-DBSS0:6 Mesh Policy : default_mp_plcy ANI Support : Enable Admin State : UP Physical State : UP Operational Rates (Mbps): 6 : mandatory 9 : supported 12 : mandatory 18 : supported 24 : mandatory 36 : supported 48 : supported 54 : supported Radar detected Channels : None Antenna Type : Internal Antenna Resource Using Ratio (%) : 0 Noise Floor (dBm)
Channel Health : -NA- Preamble Type : short Radio Policy : 258 Service Template : 1 SSID : office Port : WLAN-DBSS0:7 Mesh Policy : default_mp_plcy ANI Support : Enable 11g Protection : Disable Admin State : UP Physical State : UP Operational Rates (Mbps): 1 : mandatory 2 : mandatory 5.
Field Description Current state of the AP: • ImageDownload—The AP is downloading the version. If the ImageDownload state persists, check the following: { { The version of the fit AP saved on the AC matches with the version that the AC requires. The space of the flash is enough. • Idle—The AP is idle. If the Idle state persists, check the following: { State { If the fields of Latest IP Address and Tunnel Down Reason are displayed as -NA-, the AP has never connected to the AC successfully.
Field Description Latest IP Address IP address of the last AP. The AC-AP tunnel is down when one of the following occurs: • Neighbor Dead Timer Expire—The AC does not receive an Echo request from the AP within three times the handshake interval. Tunnel Down Reason • Response Timer Expire—The AC sends a control packet to the AP but does not receive any response within the specified waiting time. • Reset AP—The AP is rebooted by the execution of a command on the AC.
Field Description Secondary channel information for 802.11n radio mode: • SCA (Second Channel Above)—The AP operates in 40 MHz bandwidth mode, Secondary channel offset and the secondary channel is above the primary channel. • SCB (Second Channel Below)—The AP operates in 40 MHz bandwidth mode, and the secondary channel is above the primary channel. • SCN—The AP operates in 20 MHz bandwidth mode. 802.
Field Description Channel Load Load observed on the operating channel in percentage. Utilization Utilization rate of the operating channel in percentage. Co-channel Neighbor Count Number of neighbors found on the operating channel. Channel Health Health of the channel such as good or bad based on the configured thresholds. Preamble Type Type of preamble the AP can support such as short or long. Radio-Policy Radio policy. Port WLAN-DBSS interface associated with the service template.
Total Number of APs configured : 3 Total Number of configured APs connected : 3 Total Number of auto APs connected : 0 AP Address ------------------------------------------------------------------------------AP Name IP Address MAC Address ------------------------------------------------------------------------------ap1 1.1.1.5 ... 000b-6b8f-fc6a ap2 2001::1 ... 000f-e000-0052 ap3 2.2.2.2 ...
Examples # Display connection records for all APs. display wlan ap connection record all MAC address Serial ID State Time 000f-e200-3000 CN2AD330S8 Run 2012-10-05 13:42:46 000f-e200-1000 CN2AD330S9 Join 2012-10-05 13:46:05 Table 22 Command output Field Description MAC address MAC address of the AP. Serial ID Serial number of the AP. The connection status of the AP: State • • • • Discovery—The AC has only received discovery requests from the AP.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the radio information about all APs.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
--------------------------------------------------Vendor Name : HP Vendor ID : -NA- Radio Count : 2 --------------------------------------------------Radio1 : Mode : 802.11a/n Default Mode : 802.11n BSS Count : 16 Radio2 : Mode : 802.11b/g/n Default Mode : 802.11n BSS Count : 16 --------------------------------------------------Version Support List : Hardware Version Ver.A : Software Version : V100R001B09D005 Image Name : main.
Default The echo interval is 10 seconds. Views AP template view, AP group view Default command level 2: System level Parameters interval: Interval for an AP to send echo requests to the AC, in the range of 5 to 80 seconds. Usage guidelines Typically, an AP periodically sends echo requests to an AC. The AC responds to echo requests by sending echo responses. If the AC does not receive any echo request three times the keep-alive interval, the AC/AP terminates the connection.
enable: Enables the AP version upgrade function. Usage guidelines If you execute the firmware-update command or the undo firmware-update command in AP template view, the configuration only takes effect on the specified AP. If you execute the firmware-update command or the undo firmware-update command in AP group view, the configuration takes effect on all APs in the group. Examples # Enable the AP version upgrade function in AP template view.
Examples # Enable the remote AP function for AP 1. system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] hybrid-remote-ap enable # Enable the remote AP function for all APs in AP group office. system-view [Sysname] wlan ap-group office [Sysname-ap-group-office] hybrid-remote-ap enable jumboframe enable Use jumboframe enable to set the maximum length of jumbo frames. Use undo jumboframe enable to restore the default.
Views AP template view, AP group view Parameters filename: Specifies a configuration file by name, a string of 1 to 32 characters. The configuration file must exist in the flash. Use the dir command in user view to view the list of files in the device. Usage guidelines The downloaded configuration file takes effect when the tunnel operates in Run state. The AP uses the configuration in the configuration file but does not save it. Executed in AP template view, the command applies to the specified AP.
reset wlan ap Use reset wlan ap to reset APs. Syntax reset wlan ap { all | name ap-name | unauthenticated } Views User view Default command level 1: Monitor level Parameters all: Specifies all APs connected to the current AC. name ap-name: Name of the AP, a case-insensitive string of 1 to 64 characters. unauthenticated: Specifies all unauthenticated auto APs. Examples # Reset an AP named ap1.
Syntax reset wlan ap reboot-log { all | name ap-name } Views User view Default command level 1: Monitor level Parameters all: Clears the reboot log information for all APs. name ap-name: Clears the reboot log information for the AP. An AP name is a case-insensitive string of 1 to 64 characters. Examples # Clear the AP reboot log information about an AP named ap1. reset wlan ap reboot-log name ap1 serial-id Use serial-id to enable auto AP serial ID configuration.
statistics-interval Use statistics-interval to configure the interval for an AP to send statistics reports (including radio decryption error report and radio statistics). Use undo statistics-interval to restore the default. Syntax statistics-interval interval undo statistics-interval Default The interval for an AP to send statistics reports is 50 seconds. Views AP template view, AP group view Default command level 2: System level Parameters interval: Interval for an AP to send statistics reports.
Default command level 2: System level Parameters ap-name: Name of the AP, a case-insensitive string of 1 to 64 characters. model model-name: Specifies the model number of the AP. This argument must be provided when you create an AP template. id ap-id: ID of the AP, which ranges from 1 to the maximum number of APs supported. If this parameter is not configured, the AC automatically assigns an ID to the AP. Examples # Create an AP template named ap1 and its model is MSM460-WW.
[Sysname] wlan ap-authentication accept ap unauthenticated all Related commands • wlan ap-authentication • wlan ap-authentication method wlan ap-authentication acl Use wlan ap-authentication acl to enable authentication on auto APs by using a specified ACL. Use undo wlan ap-authentication acl to remove the configuration. Syntax wlan ap-authentication acl acl-number undo wlan ap-authentication acl Default No ACL is specified for authenticating auto APs.
Syntax wlan ap-authentication domain domain-name undo wlan ap-authentication domain Default No authentication domain is specified for authenticating auto APs. Views System view Default command level 2: System level Parameters domain-name: Name of the authentication domain for auto AP authentication. It is a case-insensitive string of 1 to 24 characters. Usage guidelines You must configure the authentication domain for auto AP authentication when remote authentication is adopted.
system-view [Sysname] wlan ap-authentication enable wlan ap-authentication import Use wlan ap-authentication import to use ACL rules generated using the specified file to authenticate auto APs. Syntax wlan ap-authentication import file-name Views System view Default command level 2: System level Parameters file-name: Name of the auto AP authentication file. It is case-insensitive string of 1 to 32 characters and must have the extension .txt.
Syntax wlan ap-authentication method { mac-address | serial-id } undo wlan ap-authentication method Default MAC address authentication is adopted. Views System view Default command level 2: System level Parameters mac-address: Specifies the MAC address authentication method. serial-id: Specifies the serial ID authentication method. Examples # Authenticate auto APs by serial ID.
wlan ap-concurrency-limit Use wlan ap-concurrency-limit to configure the number of AP requests for getting online that an AC can process per second. Use undo wlan ap-concurrency-limit to restore the default. Syntax wlan ap-concurrency-limit number undo wlan ap-concurrency-limit Default The number of AP requests for getting online for getting online that an AC can process per second is 32.
Examples # Disable the AP version upgrade function. system-view [Sysname] wlan ap-firmware-update disable wlan apdb Use wlan apdb to enable the AC to accept APs with the specified software version. Use undo wlan apdb to restore the default. Syntax wlan apdb model-name hardware-version software-version undo wlan apdb model-name hardware-version Default An AP must use the same software version as the AC to establish an AP-AC tunnel.
conversion-to-fatap: Changes the fit AP to a fat AP. Usage guidelines Download the fat AP's software to the AC before configuring the command. Otherwise, the AC cannot change the fit AP to a fat AP. Examples # Convert AP ap1_003 to a fat AP. system-view [Sysname] wlan ap-execute ap1_003 conversion-to-fatap wlan auto-ap enable Use wlan auto-ap enable to enable the auto AP function. Use undo wlan auto-ap enable to restore the default.
Parameters all: All connected auto APs. name auto-ap-name: Name of a connected auto AP. new-ap-name: New name of the AP. It is a case-insensitive string of 1 to 64 characters. If you do not specify this argument, the AP with the name auto-ap-name is converted to a configured AP, with its name unchanged. Examples # Convert a connected auto AP to a configured AP with a new name ap2.
Default The LWAPP discovery policy is broadcast. Views System view Default command level 2: System level Parameters unicast: Configures the AC to accept only unicast discovery requests from an AP. Examples # Set the LWAPP discovery policy type to unicast. system-view [Sysname] wlan lwapp discovery-policy unicast wlan rename-ap Use wlan rename-ap to rename an AP.
Default No APs exist in an AP group created by the wlan ap-group command. Views AP group view Default command level 2: System level Parameters template-name-list: A list of AP templates. Up to 10 AP templates can be included in the list. An AP template name is a case-insensitive string of 1 to 64 characters that can contain letters, digits, and underlines. Usage guidelines If you do not provide the AP name when you delete an AP from an AP group, all APs in the group are deleted.
Views AP template view Default command level 2: System level Parameters group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 64 characters. An AP group name cannot be a, al, or all. Usage guidelines A newly configured AP is added to the default AP group default_group, and uses the configuration of the default AP group. One AP can only be added to one AP group.
[System] wlan ap-group 10 [System-ap-group10] description marketing display wlan ap-group Use display wlan ap-group to display AP group information. If no AP group is specified, the command displays information about all AP groups. Syntax display wlan ap-group [ group-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters group-name: Name of an AP group.
Table 25 Command output Field Description AP-Group Name AP group name. Description Description of the AP group. If-Match IP IPv4 address match criteria. If-Match IPv6 IPv6 address match criteria. Bonjour Policy Name of the Bonjour policy applied to the AP group. Created AP List APs that have been created. In other words, an AP template has been created with the wlan ap command. Not Created AP List APs that have not been created.
Syntax dot11a radio-policy radio-policy-name undo dot11a radio-policy Default The radios of all APs in an AP group use the default radio policy default_rp. Views AP group view Default command level 2: System level Parameters radio-policy-name: Radio policy name, which is a case-insensitive string of 1 to 15 characters. Usage guidelines Before you map a radio policy, use the wlan radio-policy command to create the radio policy. APs in an AP group examine the configurations when executing the command.
Parameters service-template-number: Number of a service template in the range of 1 to 1024. vlan-id vlan-id: Specifies a VLAN by its ID, in the range of 1 to 4094. If you do not specify this option, the VLAN of the WLAN-ESS interface is used by default. vlan-pool vlan-pool-name: Specifies a VLAN pool by its name, a case-insensitive string of 1 to 16 characters.
dot11bg radio-policy Use dot11bg radio enable to map a radio policy to the 2.4 GHz radios of APs in an AP group. Use undo dot11bg radio enable to restore the default. Syntax dot11bg radio-policy radio-policy-name undo dot11bg radio-policy Default The radios of all APs in an AP group use the default radio policy default_rp. Views AP group view Default command level 2: System level Parameters radio-policy-name: Specifies a radio policy by its name, a case-insensitive string of 1 to 15 characters.
Views AP group view Default command level 2: System level Parameters service-template-number: Specifies a service template by its number in the range of 1 to 1024. vlan-id vlan-id: Specifies a VLAN by its ID, in the range of 1 to 4094. If you do not specify this option, the VLAN of the WLAN-ESS interface is used by default. vlan-pool vlan-pool-name: Specifies a VLAN pool by its name, a case-insensitive string of 1 to 16 characters.
Syntax if-match ip ip-address { mask-length | mask } undo if-match ip Default No IPv4 address match criteria are configured. Views AP group view Default command level 2: System level Parameters ip-address: Specifies an IPv4 address in dotted decimal notation. mask-length: Specifies the length of the subnet mask, in the range of 1 to 31. mask: Specifies the subnet mask in dotted decimal notation. Usage guidelines Use this command to manage APs by matching IP addresses.
Syntax if-match ipv6 { ipv6-address prefix-length | ipv6-address/prefix-length } undo if-match ipv6 Default No IPv6 addresses match criteria are configured. Views AP group view Default command level 2: System level Parameters ipv6-address: Specifies an IPv6 address. prefix-length: Specifies the length of the IPv6 address prefix, in the range of 1 to 127. Usage guidelines Use this command to manage APs by matching IP addresses.
Syntax wlan ap-group group-name undo wlan ap-group { group-name | all } Default An AP group named default_group exists. The default group cannot be deleted. All APs are in this group. Views System view Default command level 2: System level Parameters group-name: Specifies a name for the AP group, a case-insensitive string of 1 to 32 characters. The name cannot be a, al, or all. all: Specifies all AP groups. Usage guidelines The maximum number of AP groups depends on the device model.
Parameters group-name: Specifies an AP group by its name, a case-insensitive string of 1 to 32 characters. The name cannot be a, al, or all. Examples # Apply AP group office to user profile management. system-view [Sysname] user-profile management [Sysname-user-profile-management] wlan permit-ap-group office SSID-based access control configuration commands wlan permit-ssid Use wlan permit-ssid to specify a permitted SSID for a user profile.
Restoring AP default settings configuration commands display wlan ap-execute conversion-to-factory Use display wlan ap-execute conversion-to-factory to display the status of APs when their settings are restored to factory defaults. Syntax display wlan ap-execute conversion-to-factory [ | { begin | exclude | include } regular-expression ] Views System view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression.
Syntax wlan ap-execute { all | name ap-name } conversion-to-factory Default An AP is not restored to its factory defaults. Views System view Default command level 2: System level Parameters all: Specifies all APs. name ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 32 characters. Examples # Restore AP 1 to its factory defaults.
Examples # Enable automatic AP heating for the AP with the name MSM466-R.
WLAN security configuration commands authentication-method Use authentication-method to enable an 802.11 authentication method. You can enable open system authentication, shared key authentication, or both. Use undo authentication-method to disable the authentication method. Syntax authentication-method { open-system | shared-key } undo authentication-method { open-system | shared-key } Default The open system authentication method is enabled.
Default No cipher suite is selected. Views Service template view Default command level 2: System level Parameters ccmp: Enables the AES-CCMP cipher suite. tkip: Enables the TKIP cipher suite. wep40: Enables the WEP-40 cipher suite. wep104: Enables the WEP-104 cipher suite. wep128: Enables the WEP-128 cipher suite. Examples # Enable the TKIP cipher suite.
gtk-rekey enable Use gtk-rekey enable to enable GTK rekey. Use undo gtk-rekey enable to disable GTK rekey. Syntax gtk-rekey enable undo gtk-rekey enable Default GTK rekey is enabled. Views Service template view Default command level 2: System level Examples # Disable GTK rekey. system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] undo gtk-rekey enable gtk-rekey method Use gtk-rekey method to select a mechanism for rekeying the GTK.
time-based: Indicates the GTK will be refreshed based on time. time: Time after which the GTK is refreshed. The value is in the range of 180 to 604800 seconds defaults to 86400 seconds. Usage guidelines The method configured most recently overwrites the previous method. For example, if you configure the packet-based method and then configure the time-based method, the time-based method is enabled. Examples # Enable packet-based GTK rekeying and the packet number is 60000.
pmf Use pmf to configure management frame protection. Use undo pmf to disable management frame protection. Syntax pmf { mandatory | optional } undo pmf Default Management frame protection is disabled. Views Service template view Default command level 2: System level Parameters mandatory: Allows only clients supporting PMF to associate with the AP. optional: Allows all clients to associate with the AP. Examples # Enable PMF to allow all clients to associate with the AP.
Examples # Configure the association comeback time as 2 seconds. system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] pmf association-comeback 2 Related commands • pmf • pmf saquery retry • pmf saquery timeout pmf saquery retry Use pmf saquery retry to configure the retransmission time for the AP to send SA Query requests. Use undo pmf saquery retry to restore the default.
Syntax pmf saquery timeout value undo pmf saquery timeout Default The timeout time for SA Query responses is 200 milliseconds. Views Service template view Default command level 2: System level Parameters value: Specifies the timeout time for SA Query responses, in the range of 100 to 500 milliseconds. If the AP does not receive any SA Query response from the client within the timeout time, the AP resends the SA Query request.
Examples # Specify the PTK lifetime as 86400 seconds. system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] ptk-lifetime 86400 security-ie Use security-ie to enable the WPA-IE, RSN-IE, or both in the beacon and probe responses. Use undo security-ie to disable the WPA-IE or RSN-IE in the beacon and probe responses. Syntax security-ie { rsn | wpa } undo security-ie { rsn | wpa } Default Both WPA-IE and RSN-IE are disabled.
Views Service template view Default command level 2: System level Parameters time: TKIP counter measure time in seconds. The value is in the range of 0 to 3600 seconds. Usage guidelines If more than two MIC failures occur within a certain time after TKIP countermeasures are enabled, the TKIP associations are disassociated. New associations can be established only after the specified TKIP counter measure time expires. Examples # Set the TKIP counter measure time to 90 seconds.
pass-phrase: Inputs a character-string pre-shared key. raw-key: Inputs a hexadecimal-string pre-shared key. cipher: Sets a ciphertext key. simple: Sets a plaintext key. key: Specifies the key string. The length of a ciphertext key is in the range of 24 to 88 characters. If neither cipher nor simple is specified, you set a plaintext key string. The length of a plaintext key depends on the key options selected: • For wep40 pass-phrase, the key length is 5 alphanumeric characters.
2: Specifies key index 2. 3: Specifies key index 3. 4: Specifies key index 4. Examples # Specify the index of the key for broadcast/multicast encryption and decryption as 2. system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] wep key-id 2 Related commands wep default-key wep mode Use wep mode to enable WEP encryption. Use undo wep mode to restore the default. Syntax wep mode dynamic undo wep mode Default Static WEP encryption is enabled.
Related commands • wep key-id • cipher-suite 152
WLAN roaming configuration commands WLAN roaming configuration commands display wlan client Use display wlan client to display information about clients that have roamed in or out. Syntax display wlan client { roam-in | roam-out } [ member { ip ipv4-address | ipv6 ipv6-address } ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters roam-in: Specifies clients that have roamed in.
display wlan client roam-in Roam-In Table -------------------------------------------------------------------------Client-MAC-address BSSID Home-AC-IP-address -------------------------------------------------------------------------0012-f0cc-489d 000f-e25d-f3e0 202.0.0.13 -------------------------------------------------------------------------- # Display information about clients that have roamed in from member AC 202.0.0.13. display wlan client roam-in member ip 202.0.0.
-------------------------------------------------------------------------- # Display all roam-out client information in detail. display wlan client roam-out verbose Roam-Out Client Information -------------------------------------------------------------------------Client-MAC-address : 0012-f0cc-489d BSSID : 000f-e25d-f3e0 Vlan-ID : 30 Online time (hh:mm:ss) : 00:00:29 Foreign-AC-IP-address : 202.0.0.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views IACTP tunnel view Default command level 2: System level Usage guidelines Before you enable or disable WLAN roaming, make sure mobility group is disabled. Otherwise, you cannot modify the roaming configuration. Disable WLAN roaming if no clients want to roam between ACs and packets exchanged in a mobility group need to be reduced. After WLAN roaming is disabled, clients cannot roam between ACs. Examples # Display WLAN roaming.
simple: Sets a plaintext key. This key will be saved in cipher text for security purposes. authentication-key: Specifies the key string. This argument is case sensitive. The length of a plaintext key is in the range of 1 to 16, and the length of a ciphertext key is in the range of 24 to 53. If neither cipher nor simple is specified, you set a plaintext key string. Usage guidelines For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Member Information -------------------------------------------------------------------------IP-address State Interface ------------------------------------------------------------------------192.168.1.10 Run wlan-tunnel0 192.168.1.34 Idle wlan-tunnel1 -------------------------------------------------------------------------- # Display information about all member ACs in an IPv6 mobility group.
member Use member to configure the IP address for an AC. Use undo member to remove the configured IP address. Syntax member { ip ipv4-address | ipv6 ipv6-address } [ vlan vlan-id-list ] undo member { all | ip ipv4-address | ipv6 ipv6-address } Default No AC exists in a mobility group. Views Mobility group view Default command level 2: System level Parameters ip ipv4-address: Specifies the IPv4 address of an AC in the mobility group. ipv6 ipv6-address: Specifies the IPv6 address of an AC.
undo mobility-group enable Default IACTP is disabled. Views Mobility group view Default command level 2: System level Usage guidelines IACTP can be enabled only when the IACTP source IP address is configured. Examples # Enable IACTP. system-view [Syaname] wlan mobility-group abc [Sysname-wlan-mg-abc] source ip 1.1.1.1 [Sysname-wlan-mg-abc] member ip 1.1.1.2 [Sysname-wlan-mg-abc] mobility-group enable mobility-tunnel Use mobility-tunnel to configure the IACTP tunnel protocol type.
source Use source to specify the IACTP tunnel source IP address. Use undo source to restore the default. Syntax source { ip ipv4-address | ipv6 ipv6-address } undo source Default No IACTP source IP address is configured. Views Mobility group view Default command level 2: System level Parameters ip ipv4-address: Specifies the IACTP tunnel source IPv4 address. ipv6 ipv6-address: Specifies the IACTP tunnel source IPv6 address.
Parameters name: Name of the mobility group, a case-insensitive string of 1 to 15 characters. Usage guidelines An AC can establish IACTP tunnels with at most seven ACs in the same mobility group. ACs in the same mobility group must have the same group name. Examples # Enter mobility group view. system-view [Sysname] wlan mobility-group abc [Sysname-wlan-mg-abc] wlan mobility-group-isolation disable Use wlan mobility-group-isolation enable to isolate tunnels in a mobility group.
WLAN RRM configuration commands adjacent-channel interference trap Use adjacent-channel interference trap threshold to set the adjacent channel interference trap threshold. Use undo adjacent-channel interference trap threshold to restore the default. Syntax adjacent-channel interference trap threshold value undo adjacent-channel interference trap threshold Default The adjacent channel interference trap threshold is 60.
Default command level 2: System level Parameters ap-name: Specifies an AP by its name. It is a string of 1 to 64 characters that can contain case-insensitive letters and digits, and special characters such as underscore(_), left bracket ([), right bracket (]), slash (/), hyphen (-), and spaces. The specified AP must exist. radio-number: Specifies a radio by its number. The value range depends on your device model. all: Removes all radios from the radio group.
Views WLAN RRM view Default command level 2: System level Usage guidelines Some of 802.11h channels, also called radar channels, overlap some 802.11a channels. If the device operates on an overlapping channel, the radar signal might be affected. When this command is enabled, the device scans only non-802.11h channels belonging to the configured country/region code to avoid channel collision. Examples # Configure RRM to scan only non-dot11h channels.
[Sysname-wlan-rc-group-10] channel holddown-time 600 co-channel interference trap Use co-channel interference trap threshold to set the co-channel interference trap threshold. Use undo co-channel interference trap threshold to restore the default. Syntax co-channel interference trap threshold value undo co-channel interference trap threshold Default The co-channel interference trap threshold is 60.
Parameters text: Description of the radio group, a case-sensitive string of 1 to 64 characters. Examples # Configure the description of radio group 10 as office. system-view [Sysname] wlan rrm-calibration-group 10 [Sysname-wlan-rc-group-10] description office display wlan ap rrm-history Use display wlan ap rrm-history to display the details of the latest three channel changes and power changes applied on all APs or a specified AP.
-------------------------------------------------------------------------Chl Power Load Util Intf PER Retry Reason (dBm) (%) (%) (%) (%) (%) Date Time (yyyy-mm-dd) (hh:mm:ss) -------------------------------------------------------------------------Before 6 20 24 2 21 11 18 -P---- 2013-01-07 17:31:50 After 20 9 0 8 0 27 - - - 1 -------------------------------------------------------------------------Before 1 20 54 1 53 11 15 IP---- 2013-01-08 12:19:50 After 20 10 0 1
Default command level 1: Monitor level Parameters all: Specifies all APs. name ap-name: Specifies an AP by its name, a string of 1 to 64 characters that can contain case-insensitive letters and digits, and special characters such as underscore(_), left bracket ([), right bracket (]), slash (/), hyphen (-), and spaces. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
000f-e267-9b10 11 0 -65 Unmanaged 000f-e26c-2980 6 0 -85 Unmanaged 000f-e26e-5f00 11 0 -63 Unmanaged 000f-e274-1020 6 5 -60 Unmanaged 000f-e299-5510 1 2 -78 Unmanaged 000f-e2c0-0120 1 4 -76 Unmanaged 000f-e2ff-ee10 6 1 -74 Unmanaged 5055-5555-5500 11 41 -67 Unmanaged -------------------------------------------------------------------------- Table 31 Command output Field Description Radio Radio ID of the AP.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Mandatory : 6, 12, 24 Supported : 9, 18, 36, 48, 54 Disabled : -NA- Multicast : Auto 11b Configured Rates (Mbps) Mandatory : 1, 2 Supported : 5.5, 11 Disabled : -NA- Multicast : Auto 11g Configured Rates (Mbps) Mandatory : 1, 2, 5.
11b Configuration max-bandwidth (kbps) : 7000 11g Configuration 11g Protection : Disabled 11g Protection Mode : RTS/CTS max-bandwidth (kbps) : 30000 11n Configuration Mandatory Maximum MCS : -NA- Supported Maximum MCS : 76 Multicast MCS : -NA- 11n Protection : Disabled 11n Protection Mode : RTS/CTS max-bandwidth (kbps) : 180000 11h Configuration Spectrum Management : Disabled Power Constraint (dBm) : 0 Channel Set : All 11ac Configuration Mandatory Maximum NSS : -NA- Support Maxi
Field Description Calibration Mode-Channel • Self-decisive—Auto DFS. • Pronto—One-time DFS. • -NA-—Not configured. Mesh Calibration Mode-Channel • Self-decisive—Mesh auto DFS. • Pronto—Mesh one-time DFS. • -NA-—Not configured. Calibration Mode-Power • Self-decisive—Auto TPC. • Pronto—One-time TPC. • -NA-—Not configured. Exclude-channel Channels to be excluded. Calibration Interval (min) Calibration interval. Interference Threshold (%) Channel interference threshold.
display wlan rrm-calibration-group Use display wlan rrm-calibration-group to display radio group configuration information. Syntax display wlan rrm-calibration-group { group-id | all } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters group-id: ID of a radio group. The value range depends on your device model. For more information, see About the Command References for HP Unified Wired-WLAN Products. all: Specifies all radio groups.
Default • Disabled rates: none. • Mandatory rates: 6, 12, and 24. • Multicast rates: automatically selected from the mandatory rates. • Supported rates: 9, 18, 36, 48 and 54. Views WLAN RRM view Default command level 2: System level Parameters disabled-rate: Specifies a disabled rate. mandatory-rate: Specifies mandatory rates. multicast-rate: Specifies multicast rates, at which the AP sends multicasts to clients. Multicasts rates must be selected from the mandatory rates.
Default The maximum number of neighbors is 3, and when the maximum neighbor number is reached, the AP with the power at the third position among all neighbors performs power detection. Views WLAN RRM view Default command level 2: System level Parameters neighbor: Specifies the maximum number of neighbors. The value is in the range of 1 to 16. Examples # Set the maximum number of neighbors for 802.
dot11a calibrate-channel persistent Use dot11a calibrate-channel persistent to execute channel persistence on all 5 GHz radios. Syntax dot11a calibrate-channel persistent Views RRM view Default command level 2: System level Usage guidelines The device executes channel persistence on automatically selected or adjusted channels. After the AC reboots, the AP continues to use the persistent channel.
Parameters all: Specifies all APs. name apname: Specifies the name of an AP, a case-insensitive string of 1 to 64 characters. radio radio-num: Specifies a radio of the AP. Usage guidelines This command cannot be undone. Enable auto channel persistence before executing one-time DFS. Examples # Execute one-time DFS for all 802.11a APs.
Default Power monitoring is disabled. Views WLAN RRM view Default command level 2: System level Examples # Enable power monitoring for TPC. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11a calibrate-power dot11a calibrate-power min Use dot11a calibrate-power min to configure the minimum 802.11a radio transmission power. Use undo dot11a calibrate-power min to restore the default. Syntax dot11a calibrate-power min tx-power undo dot11a calibrate-power min Default The minimum 802.
Views RRM view Default command level 2: System level Usage guidelines This command enables the device to execute power persistence on the adjusted power. If the adjusted power value is not the default value set through the max-power command, the device automatically saves the power value with the max-power command. After the AC reboots, the AP continues to use the persistent power. Examples # Execute power persistence on all 5 GHz radios.
dot11a calibrate-power self-decisive Use dot11a calibrate-power self-decisive to enable automatic TPC (power monitoring also needs to be configured). Use undo dot11a calibrate-power self-decisive to restore the default. Syntax dot11a calibrate-power self-decisive undo dot11a calibrate-power self-decisive Default Automatic TPC is disabled. Views WLAN RRM view Default command level 2: System level Examples # Enable automatic TPC.
[Sysname] wlan rrm [Sysname-wlan-rrm] dot11a calibrate-power threshold 70 Related commands dot11a adjacency-factor dot11a calibration-interval Use dot11a calibration-interval to set the calibration interval for 802.11a. Use undo dot11a calibration-interval to restore the default value. Syntax dot11a calibration-interval minutes undo dot11a calibration-interval Default The calibration interval is 8 minutes.
Default WLAN RRM view Views WLAN RRM view Default command level 2: System level Parameters percent: Threshold in the range of 1 to 100 percentage. Usage guidelines The default CRC error threshold is 20%. Examples # Set the CRC error threshold for 802.11a to 50%. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11a crc-error-threshold 50 dot11a exclude-channel Use dot11a exclude-channel to configure the 5 GHz channel exclusion list.
dot11a interference-threshold Use dot11a interference-threshold to set the channel interference threshold value for 802.11a. Use undo dot11a interference-threshold to restore the default for 802.11a. Syntax dot11a interference-threshold percent undo dot11a interference-threshold Default The interference threshold for 802.11a is 50%. Views WLAN RRM view Default command level 2: System level Parameters percent: Channel interference threshold in the range of 1 to 100 percentage.
system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11a max-bandwidth 15000 dot11a tolerance-level Use dot11a tolerance-level to set the tolerance factor for the band. Use undo dot11a tolerance-level to restore the default. Syntax dot11a tolerance-level percentage undo dot11a tolerance-level Default The tolerance factor is 20%. Views WLAN RRM view Default command level 2: System level Parameters percentage: Tolerance factor in percentage, in the range of 1 to 45.
Default command level 2: System level Parameters number: Specifies the maximum NSS for 802.11ac mandatory rates, in the range of 1 to 8. Examples # Specify the maximum NSS for 802.11ac mandatory rates as 4. system-view [sysname] wlan rrm [sysname-wlan-rrm] dot11ac mandatory maximum-nss 4 dot11ac multicast-rate nss Use dot11ac multicast-rate to specify the 802.11ac multicast NSS and the VHT-MCS index. Use undo dot11ac multicast-rate to remove the configuration.
Default The maximum NSS for 802.11ac supported rates is 8. Views RRM view Default command level 2: System level Parameters number: Specifies the maximum NSS for 802.11ac supported rates, in the range of 1 to 8. Usage guidelines The maximum NSS specified by this command cannot be smaller than the maximum NSS specified by the dot11ac mandatory maximum-nss command. Examples # Specify the maximum NSS for 802.11ac supported rates as 5.
Examples # Configure 802.11b rates (disabled: 1; multicast: 2; supported: 11). system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11b disabled-rate 1 [Sysname-wlan-rrm] dot11b multicast-rate 2 [Sysname-wlan-rrm] dot11b supported-rate 11 dot11b max-bandwidth Use dot11b max-bandwidth to configure the maximum 802.11b bandwidth. Use undo dot11b max-bandwidth to restore the default. Syntax dot11b max-bandwidth 11b-bandwidth undo dot11b max-bandwidth Default The maximum 802.
Views WLAN RRM view Default command level 2: System level Parameters neighbor: Specifies the maximum number of neighbors. The value is in the range of 1 to 16. Examples # Set the maximum number of neighbors for 802.11b/g to 7, and specify that when the maximum neighbor number is reached, the AP with the power at the seventh place among the neighbors performs power detection.
Views RRM view Default command level 2: System level Usage guidelines The device executes channel persistence on automatically selected or adjusted channels. After the AC reboots, the AP continues to use the persistent channel. If you have configured the channel auto command, and execute channel persistence on a radio after the radio automatically selects a working channel, the device automatically saves the channel value with the channel channel-number command.
system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11bg calibrate-channel pronto ap name ap1 radio 2 dot11bg calibrate-channel self-decisive Use dot11bg calibrate-channel self-decisive to enable auto DFS for 802.11b/g (channel monitoring also needs to be enabled). Use undo dot11bg calibrate-channel self-decisive to restore the default. Syntax dot11bg calibrate-channel self-decisive undo dot11bg calibrate-channel self-decisive Default Auto-DFS is disabled.
[Sysname] wlan rrm [Sysname-wlan-rrm] dot11bg calibrate-power dot11bg calibrate-power min Use dot11bg calibrate-power min to configure the minimum 802.11b/g radio transmission power. Use undo dot11bg calibrate-power min to restore the default. Syntax dot11bg calibrate-power min tx-power undo dot11bg calibrate-power min Default The minimum 802.11b/g radio transmission power is 1 dBm. Views WLAN RRM view Default command level 2: System level Parameters tx-power: Minimum 802.
system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11bg calibrate-power persistent dot11bg calibrate-power pronto Use dot11bg calibrate-power pronto ap to execute one-time TPC for an AP or all APs. The TPC result is applied to the APs at the next calibration interval. Syntax dot11bg calibrate-power pronto ap { all | name apname radio radio-num } Default One-time TPC is not executed. Views WLAN RRM view Default command level 2: System level Parameters all: Specifies all APs.
Default command level 2: System level Examples # Enable automatic TPC. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11bg calibrate-power self-decisive dot11bg calibrate-power threshold Use dot11bg calibrate-power threshold to configure the power adjustment threshold for 802.11b/g radios. Use undo dot11bg calibrate-power threshold to restore the default. Syntax dot11bg calibrate-power threshold value undo dot11bg calibrate-power threshold Default The power adjustment threshold for 802.
Default The calibration interval is 8 minutes. Views WLAN RRM view Default command level 2: System level Parameters minutes: Calibration interval in the range of 3 to 180 minutes. Usage guidelines RRM algorithms run periodically at the calibration interval for transmit power control or dynamic frequency selection. Examples # Set the calibration interval to 10 minutes for 802.11b/g.
dot11bg exclude-channel Use dot11bg exclude-channel to configure the 2.4 GHz channel exclusion list. Use undo dot11bg exclude-channel to remove the channels in the 2.4 GHz channel exclusion list. Syntax dot11bg exclude-channel channel-list undo dot11bg exclude-channel { channel-list | all } Default No channels exist in the channel exclusion list.
Usage guidelines When channel adjustment is enabled, a new channel is selected when the following conditions occur: • The interference threshold is exceeded on the current channel. • The channel quality gap between the new channel and the current channel exceeds the limit. Examples # Set the channel interference threshold to 60% for 802.11b/g.
Syntax dot11g { disabled-rate | mandatory-rate | multicast-rate | supported-rate } rate-value undo dot11g { disabled-rate | mandatory-rate | multicast-rate | supported-rate } Default • Disabled rates: none. • Mandatory rates: 1, 2, 5.5, and 11. • Multicast rates: automatically selected from the mandatory rates. • Supported rates: 6, 9, 12, 18, 24, 36, 48, and 54. Views WLAN RRM view Default command level 2: System level Parameters disabled-rate: Specifies disabled rates.
dot11g max-bandwidth Use dot11g max-bandwidth to configure the maximum 802.11g bandwidth. Use undo dot11g max-bandwidth to restore the default. Syntax dot11g max-bandwidth 11g-bandwidth undo dot11g max-bandwidth Default The maximum 802.11g bandwidth 30000 kbps. Views WLAN RRM view Default command level 2: System level Parameters 11g-bandwidth: Maximum 802.11g bandwidth in kbps in the range of 16 to 30000 kbps. Examples # Configure the maximum 802.11g bandwidth as 6000 kbps.
dot11g protection-mode Use dot11g protection-mode to configure the 802.11g protection mode. Use undo dot11g protection-mode to restore the default. Syntax dot11g protection-mode { cts-to-self | rts-cts } undo dot11g protection-mode Default The 802.11g protection mode is CTS-to-Self. Views WLAN RRM view Default command level 2: System level Parameters cts-to-self: Specifies the Clear to Send (CTS)-to-Self mode. rts-cts: Specifies the Request to Send (RTS)/CTS mode. Examples # Configure the 802.
Usage guidelines If you configure the client dot11n-only command for a radio, you must configure the maximum MCS index for 802.11n mandatory rates. Examples # Specify the maximum MCS index for 802.11n mandatory rates as 7. system-view [sysname] wlan rrm [sysname-wlan-rrm] dot11n mandatory maximum-mcs 7 dot11n max-bandwidth Use dot11n max-bandwidth to configure the maximum 802.11n bandwidth. Use undo dot11n max-bandwidth to restore the default.
Views RRM view Default command level 2: System level Parameters index: Specifies the maximum MCS index for 802.11n multicast rates, in the range of 0 to 76. Usage guidelines The multicast MCS is adopted only when all the clients use 802.11n. If a non-802.11n client exists, multicast traffic is transmitted at an 802.11a/b/g rate. If you configure a multicast MCS index greater than the maximum MCS index supported by the radio, the maximum MCS index is adopted.
dot11n protection-mode Use dot11n protection-mode to configure the 802.11n protection mode. Use undo dot11n protection-mode to restore the default. Syntax dot11n protection-mode { cts-to-self | rts-cts } undo dot11n protection-mode Default The 802.11n protection mode is CTS-to-Self. Views WLAN RRM view Default command level 2: System level Parameters cts-to-self: Specifies the Clear to Send (CTS)-to-Self mode. rts-cts: Specifies the Request to Send (RTS)/CTS mode. Examples # Configure the 802.
Usage guidelines The specified maximum MCS index for 802.11n supported rates must be no less than the specified maximum MCS index for 802.11n mandatory rates. Examples # Specify the maximum MCS index for 802.11n supported rates as 25. system-view [sysname] wlan rrm [sysname-wlan-rrm] dot11n support maximum-mcs 25 mesh calibrate-channel Use mesh calibrate-channel to enable mesh channel monitoring for mesh auto DFS. Use undo mesh calibrate-channel to restore the default.
Parameters mesh-profile-number: Specifies a mesh profile by its number, in the range of 1 to 32. all: Specifies mesh profiles. Usage guidelines Enable mesh channel monitoring before executing one-time mesh DFS. Examples # Execute one-time DFS for all mesh profiles.
Views Radio group view Default command level 2: System level Parameters minutes: Power holddown time, within which the power of any radio in the radio group stays unchanged after each power adjustment. The value is in the range of 10 to 1440 minutes. Examples # Set the power holddown time of radio group 10 to 600 minutes.
Related commands spectrum-management enable scan channel Use scan channel to set the scan mode. Use undo scan channel to restore the default. Syntax scan channel { all | auto } undo scan channel Default The scan mode is auto. Views WLAN RRM view Default command level 2: System level Parameters all: Sets the scan mode to all. When this option is set, all the channels of the radio band are scanned. auto: Sets the scan mode to auto.
Parameters seconds: Interval for sending scan reports to the AC, in the range of 5 to 120 seconds. Examples # Set the scan report interval to 20 seconds. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] scan report-interval 20 scan type Use scan type to set the scan type. Use undo scan type to restore the default. Syntax scan type { active | passive } undo scan type Default The scan type is passive.
Views WLAN RRM view Default command level 2: System level Usage guidelines After you enable spectrum management, the AP will notify its power capabilities and power constraint on clients. Examples # Enable spectrum management. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] spectrum-management enable Related commands power-constraint wlan rrm Use wlan rrm to enter WLAN RRM view. Syntax wlan rrm Views System view Default command level 2: System level Examples # Enter WLAN RRM view.
Views System view Default command level 2: System level Parameters group-id: ID of a radio group. The value range depends on your device model. For more information, see About the Command References for HP Unified Wired-WLAN Products. all: Removes all radio groups. Examples # Create radio group 10. system-view [Sysname] wlan rrm-calibration-group 10 [Sysname-wlan-rc-group-10] WLAN load balancing configuration commands ap radio Use ap radio to add a radio of an AP to the radio group.
system-view [Sysname] wlan load-balance-group 10 [Sysname-wlan-lb-group-10] ap ap1 radio 2 # Remove all radios from load balancing group 10. system-view [Sysname] wlan load-balance-group 10 [Sysname-wlan-lb-group-10] undo ap all # Remove all radios of AP 1 from load balancing group 10. system-view [Sysname] wlan load-balance-group 10 [Sysname-wlan-lb-group-10] undo ap ap1 # Remove radio 2 of AP 1 from load balancing group 10.
Syntax display wlan load-balance neighbor-list ap ap-name Views Any view Default command level 1: Monitor level Parameters ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. Examples # Display the MAC addresses of all the neighbors of ap1.
Parameters mac-address: Specifies a client by its MAC address. Examples # Display the neighbors of the client with MAC address 0014-6c8a-4322.
Examples # Display configuration information about load balancing group 10.
undo load-balance rssi-threshold Default The load balancing RSSI threshold is 25. Views WLAN RRM view Default command level 2: System level Parameters rssi-threshold: Band navigation RSSI threshold in the range of 5 to 100. Examples # Configure the load balancing RSSI threshold as 40. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] load-balance rssi-threshold 40 load-balance session Use load-balance session to configure session-mode load balancing.
load-balance traffic Use load-balance traffic to configure traffic-mode load balancing. Use undo load-balance to remove the configuration. Syntax load-balance traffic value [ gap gap-value ] undo load-balance Default Load balancing is disabled. Views WLAN RRM view Default command level 2: System level Parameters value: Traffic threshold in the range of 10 to 80 percent. gap gap-value: Specifies the traffic gap threshold in the range of 10 to 40 percent. The default is 20 percent.
Views System view Default Level 2: System level Parameters group-id: ID of a load balancing group. The value range depends on your device model. For more information, see About the Command References for HP Unified Wired-WLAN Products. all: Removes all load balancing groups. Examples # Create load balancing group 10.
band-navigation balance access-denial Use band-navigation balance access-denial to configure the maximum denial count of association requests sent by a 5 GHz-capable client. Use undo band-navigation balance access-denial to restore the default. Syntax band-navigation aging-time aging-time undo band-navigation aging-time Default The device does not deny the association requests sent by a 5 GHz-capable client.
Default command level 2: System level Parameters session: Band navigation load balancing session threshold for the 5 GHz band, in the range of 2 to 40. gap: Band navigation load balancing session gap, which is the number of clients on the 5 GHz band minus the number of clients on the 2.4 GHz band. It is in the range of 1 to 8. Examples # Configure the session threshold as 10 and session gap as 5.
Default Band navigation is disabled globally. Views WLAN RRM view Default command level 2: System level Usage guidelines Band navigation takes effect on an AP only when it is enabled both globally and for the AP.. Examples # Enable band navigation globally. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] band-navigation enable band-navigation rssi-threshold Use band-navigation rssi-threshold to configure the band navigation RSSI threshold.
WLAN IDS configuration commands WLAN IDS rogue detection configuration commands countermeasures enable Use countermeasures enable to enable countermeasures against rogue devices present in the attack list. Use undo countermeasures enable to restore the default. Syntax countermeasures enable undo countermeasures enable Default No countermeasures are enabled. Views WLAN IDS view Default command level 2: System level Examples # Enable countermeasures.
Default command level 2: System level Parameters all: Takes countermeasures against all rogue devices present in the attack list. rogue: Takes countermeasures against all rogue APs and clients. adhoc: Takes countermeasures against all rogue ad hoc devices. config: Takes countermeasures against statically configured rogue devices. Usage guidelines Wireless bridge devices are classified as rogues. Countermeasures are not taken against rogue wireless bridges.
device aging-duration Use device aging-duration to set the age time for entries in the detected device table. Use undo device aging-duration to restore the default. Syntax device aging-duration duration undo device aging-duration Default The age time is 600 seconds. Views WLAN IDS view Default command level 2: System level Parameters duration: Interval, in the range of 300 to 1800 seconds. Usage guidelines If an entry is not detected within the interval, it is deleted from the detected device table.
Usage guidelines The maximum number of entries in the static attack list is 64. Examples # Add a MAC address to, and then remove it from, the static attack list. system-view [Sysname] wlan ids [Sysname-wlan-ids] device attack mac-address aabb-cc00-0001 [Sysname-wlan-ids] undo device attack mac-address aabb-cc00-0001 # Remove all entries from the static attack list.
device-detection enable Use device-detection enable to set the AP to operate in hybrid mode. Use undo device-detection enable to restore the default. Syntax device-detection enable undo device-detection enable Default The AP operates in normal mode and only provides WLAN data services. For an AP in monitor mode, this command is invisible.
Parameters config: Displays the static attack list. all: Displays the dynamic attack list established based on the rules for detection of rogue devices, for all APs. If the number of entries for an AP exceeds 256, only the first 256 entries will be sent and present in the attack list of that AP. ap ap-name: Displays dynamic attack list information about the specified AP. Its name is a string of characters.
#AP = number of active APs detecting, Ch = channel number Attack List - AP -------------------------------------------------------------------------MAC Address type #AP Ch Last Detected SSID -------------------------------------------------------------------------000b-6b8f-fc6a --c 1 11 2012-01-22/15:33:21 - 000f-e000-0052 -w- 1 10 2012-01-22/15:33:58 "xxxx-xxxx-xxxx" 000f-e200-0000 -w- 1 9 2012-01-22/15:33:59 "6103_kaifang" 000f-e200-0001 -w- 1 9 2012-01-22/15:33:59 "6103_youxian" 000f
client: Displays all rogue clients detected in the WLAN. adhoc: Displays clients which belong to adhoc networks detected in the WLAN. ssid: Displays all SSIDs detected in the WLAN. mac-address mac-address: Displays information about an AP or client. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Vendor Vendor of the detected device. Flags Whether the device detected is an AP, wireless bridge, ad hoc, or client, and whether it is permitted or a rogue. Number of active APs that detect the device. #AP If WIDS is enabled on multiple APs, these APs may detect the same device. Ch Channel in which the device was last detected. Last Detected Time at which the entry was last detected. SSID Service set identifier for the ESS of the entry.
---------------------------------------------------------------------000F-E212-1230 Hangz... 1 5 2012-03-16/12:44:11 - 000F-E234-0200 Hangz... 1 11 2012-03-16/12:44:11 - 000F-E2AA-CC04 Hangz... 1 12 2012-03-16/12:44:11 - 000F-E2BB-CCD0 Hangz... 1 1 2012-03-16/12:44:11 -... ---------------------------------------------------------------------- See Table 36 for the command output description. # Display information about all detected SSIDs.
Radio Type : 11g RSSI : 75 Last Detected(yyyy-mm-dd/hh:mm:ss): 2012-03-16/12:44:37 -------------------------------------------------------------------------- Table 37 Command output Field Description MAC Address MAC address of the device detected. BSSID Basic service set identifier of the detected device. Type Whether the device detected is an AP, wireless bridge, ad hoc device, or client, and whether it is permitted or a rogue. SSID Service set identifier for the ESS of the entry.
ssid: Displays the permitted SSID list. vendor: Displays the permitted vendor OUI list. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Table 39 Command output Field Description SSID Service set identifier for the ESS. Detected Whether the device has been detected or not. # Display information about the permitted OUI list. display wlan ids permitted vendor Total Number of Entries: 3 Permitted Vendor(s) -------------------------------------------------------------------------------OUI Vendor Name -------------------------------------------------------------------------------Hewlett-Packard Development Company, L.P.
Flags: a = adhoc, w = ap, b = wireless-bridge, c = client Ch = channel number Rogue History List -------------------------------------------------------------------------MAC Address Vendor Type Ch Last Detected SSID -------------------------------------------------------------------------00E0-9855-1D9A AboCo... -w- 11 2012-03-16/11:38:22 "ATNet" 000F-E2CC-0005 Hangz... -b- 4 2012-03-16/11:37:06 - 000F-E2CC-0004 Hangz... --c 4 2012-03-16/11:36:20 - 000F-E2CC-DD00 Hangz...
work-mode monitor Use work-mode monitor to configure the AP to operate in monitor mode to scan rogue devices. Use undo work-mode to restore the default. Syntax work-mode monitor undo work-mode Default The AP operates in normal mode to provide WLAN data services. Views AP template view, AP group view Default command level 2: System level Parameters monitor: Configures the AP to operate in monitor mode. Usage guidelines Executed in AP template view, this command applies to the specified AP.
Syntax reset wlan ids detected { all | rogue { ap | client } | adhoc | ssid | mac-address mac-address } Views User view Default command level 1: Monitor level Parameters all: Clears information about all devices detected in the WLAN. rogue: Clears information about detected rogue devices (AP or clients) in the WLAN. ap: Clears information about rogue APs detected in the WLAN. client: Clears information about rogue clients detected in the WLAN.
Syntax attack-detection enable { all | flood | spoof | weak-iv } undo attack-detection enable Default No WIDS-IPS detection is enabled. Views WLAN IDS view Default command level 2: System level Parameters all: Enables detection of all kinds of attacks. flood: Enables detection of flood attacks. spoof: Enables detection of spoof attacks. weak-iv: Enables weak-IV detection. Examples # Enable spoof attack detection.
Examples # Display the history of attacks.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Disassociation Request Frame Flood Attack Number of disassociation request frame flood attacks detected. Reassociation Request Frame Flood Attack Number of reassociation request frame flood attacks detected. Action Frame Flood Attack Number of action frame flood attacks detected. Null Data Frame Flood Attack Number of null data frame flood attacks detected. Weak IVs Detected Number of weak IVs detected.
Examples # Clear WLAN IDS statistics. reset wlan ids statistics Blacklist and whitelist configuration commands display wlan blacklist Use display wlan blacklist to display the static or dynamic blacklist entries. Syntax display wlan blacklist { static | dynamic } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters static: Displays static blacklist entries. dynamic: Displays dynamic blacklist entries.
# Display information about the dynamic blacklist.
-------------------------------------------------------------------------MAC-Address -------------------------------------------------------------------------000e-35b2-000e 0019-5b8e-b709 001c-f0bf-9c92 0000-0000-00EE 0400-0000-0000 0400-0000-00EE -------------------------------------------------------------------------- Table 46 Command output Field Description MAC-Address MAC addresses of clients in the whitelist.
dynamic-blacklist lifetime Use dynamic-blacklist lifetime to set the lifetime for dynamic blacklist entries. Use undo dynamic-blacklist lifetime to restore the default. Syntax dynamic-blacklist lifetime lifetime undo dynamic-blacklist lifetime Default The lifetime is 300 seconds. Views WLAN IDS view Default command level 2: System level Parameters lifetime: Specifies the lifetime for dynamic blacklist entries, in the range of 60 to 3600 seconds.
Examples # Remove a client with MAC address 001d-0f31-87d from the dynamic blacklist. reset wlan dynamic-blacklist mac-address 001d-0f31-87d static-blacklist mac-address Use static-blacklist mac-address to add a client with a specified MAC address to the static blacklist. Use undo static-blacklist to remove the client with the specified MAC address or all clients from the static blacklist.
Default command level 2: System level Parameters mac-address: Adds or deletes the client with the MAC address to or from the whitelist. all: Deletes all entries from the whitelist. Default No whitelist exists. Usage guidelines Clients in the whitelist can be associated with the AP. You can configure at most 256 entries in the whitelist. Examples # Add the client with MAC address 001c-f0bf-9c92 to the whitelist.
WLAN QoS commands bandwidth-guarantee enable Use bandwidth-guarantee enable to enable bandwidth guaranteeing. Use undo bandwidth-guarantee enable to restore the default. Syntax bandwidth-guarantee enable undo bandwidth-guarantee enable Default Bandwidth guaranteeing is disabled. Views Radio view Default command level 2: System level Examples # Enable bandwidth guaranteeing.
Parameters service-template service-template-number: Specifies a service template by its number, which is in the range of 1 to 1024. percent percent: Specifies the percentage of the guaranteed bandwidth to the total bandwidth. The value range for the percent argument is 1 to 100. all: Specifies all service templates. Usage guidelines The service template must have been bound to the radio. For all service templates bound to the same radio, the sum of guaranteed bandwidth percents cannot exceed 100%.
Usage guidelines WLAN service-based client rate limiting can limit the rate of traffic from clients to APs or the rate of traffic from APs to clients. You can configure client rate limiting for both incoming traffic and outgoing traffic in the same service template. Examples # Configure WLAN service-based client rate limiting to limit the outgoing traffic rate of each client to 567 kbps and the total incoming traffic rate of all clients to 89 kbps.
[Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] radio 1 [Sysname-wlan-ap-ap1-1] client-rate-limit direction inbound mode static cir 567 [Sysname-wlan-ap-ap1-1] client-rate-limit direction outbound mode dynamic cir 89 display wlan bandwidth-guarantee Use display wlan bandwidth-guarantee to display the bandwidth guaranteeing configuration.
Table 47 Command output Field Description AP AP name. Radio Radio ID. Radio mode: Mode • • • • • 802.11a. 802.11b. 802.11g. 802.11n(2.4GHz) 802.11n(5GHz) ST Service template number. Percent Guaranteed bandwidth percent. display wlan client-rate-limit Use display wlan client-rate-limit to display client-rate limiting information. Use display wlan client-rate-limit service-template to display WLAN service-based client-rate limiting information.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display WLAN service-based client rate limiting information.
Field Description Rate limiting mode for the incoming traffic: Mode (Inbound) • Dynamic (shared bandwidth) • Static (exclusive bandwidth) CIR (Inbound) Rate limit for the incoming traffic. Rate limiting mode for the outgoing traffic: Mode (Outbound) • Dynamic (shared bandwidth). • Static (exclusive bandwidth). CIR (Outbound) Rate limit for the outgoing traffic. display wlan wmm Use display wlan wmm to display the WMM information.
display wlan wmm radio ap test AP ID : 4 AP Name : test -------------------------------------------------------------------------Radio : 1 --------------------------------------------------------------------------Client EDCA update count : 0 QoS Mode : WMM Radio chip QoS mode Radio chip max AIFSN : 255 Radio chip max ECWmin : 10 Radio chip max TXOPLimit : 32768 : WMM Radio chip max ECWmax : 10 CAC Information Client accepted : 0 Voice : 0 Video : 0 Total request mediumtime(us) :
Field Description QoS mode: QoS mode • WMM—The WMM function is supported. • none—The WMM function is not supported. Client EDCA update count Number of client EDCA parameters updates. Radio chip WMM support Indicates whether the radio chip supports the WMM function. Radio chip max AIFSN Maximum AIFSN allowed by the radio chip. Radio chip max ECWMIN Maximum ECWmin allowed by the radio chip. Radio chip max TXOPLimit Maximum TXOPLimit allowed by the radio chip.
AC : AC-VO User Priority TID : 1 Direction PSB : 0 Surplus Bandwidth Allowance : 1.0000 Medium Time(ms) : 39.108 Nominal MSDU Size(bytes) : 1500 Minimum PHY Rate(Mbps) : 2.000 Mean Data Rate(Kbps): 78.125 : 7 : Bidirectional Create TS time : 5s Update TS time : 5s Uplink TS packets : 0 Downlink TS packets : 0 Uplink TS bytes : 0 Downlink TS bytes : 0 Table 51 Command output Field Description MAC address MAC address of a station. SSID Service set ID.
Field Description Mean Data Rate(kbps) Average data transmission rate (in kbps). Minimum PHY Rate(Mbps) Minimum physical transmission rate (in Mbps). Surplus Bandwidth Allowance Surplus bandwidth allowance. Medium Time(ms) Medium time (in microseconds). Create TS time Time from when the TS was created to now. Update TS time Time from when the TS was updated to now. Uplink TS packets Number of uplink TS packets. Uplink TS bytes Number of uplink TS bytes.
Syntax wmm cac policy { channelutilization [ channelutilization-value ] | users [ users-number ] } undo wmm cac policy Default The users-based admission policy applies, with the maximum number of admitted users being 20. Views Radio-policy view Default command level 2: System level Parameters channelutilization: Uses the channel utilization-based admission policy for CAC.
Table 52 The default EDCA parameters for APs AC queue AIFSN ECWmin ECWmax TXOP Limit AC-BK queue 7 4 10 0 AC-BE queue 3 4 6 0 AC-VI queue 1 3 4 94 AC-VO queue 1 2 3 47 Views Radio-policy view Default command level 2: System level Parameters ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue.
[Sysname-wlan-rp-radio1] wmm edca radio ac-vo aifsn 2 wmm edca client (ac-vo and ac-vi) Use wmm edca client to set EDCA parameters for the AC-BE or AC-BK queue for clients. Use undo wmm edca client to restore the default of the specified or all EDCA parameters for the specified AC queue.
If both 802.11b and 802.11g clients are present, HP recommends that you use the default TXOPLimit settings in Table 53. If CAC is enabled for an AC queue, CAC is also enabled for AC queues with higher priority. For example, if you use the wmm edca client command to enable CAC for the AC-VI queue, CAC is also enabled for the AC-VO queue. However, enabling CAC for the AC-VO queue does not enable CAC for the AC-VI queue. Examples # Set AIFSN to 3 for the AC-VO queue.
Usage guidelines For a description of each EDCA parameter, see WLAN Configuration Guide. ECWmin must not be greater than ECWmax. The two parameters must be enabled or disabled simultaneously. When all the clients are 802.11b terminals, HP recommends that you set the TXOPLimit value to 0 for both the AC-BK and AC-BE queues. If both 802.11b and 802.11g clients are present, HP recommends that you use the default TXOPLimit settings for the AC-BK and AC-BE queues. Examples # Set AIFSN to 3 for the AC-BE queue.
Syntax wmm svp map-ac { ac-vo | ac-vi | ac-be | ac-bk } undo wmm svp map-ac Default SVP packet mapping is disabled. Views Radio-policy view Default command level 2: System level Parameters ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue. Usage guidelines HP recommends that you map SVP packets to the AC-VO queue in normal cases.
WLAN mesh link configuration commands bind wlan-mesh Use bind wlan-mesh to bind the specified mesh interface to the mesh profile. Use undo bind wlan-mesh to unbind the interface to the mesh profile. Syntax bind wlan-mesh interface-index undo bind wlan-mesh Default No mesh interface is bound to the mesh profile. Views Mesh profile view Default command level 2: System level Parameters interface-index: Specifies the index of the WLAN mesh interface in the range of 1 to 32.
Parameters all: Specifies all APs. name ap-name: Specifies an AP by its name. verbose: Displays the detailed mesh link information of the specified AP. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
display wlan mesh-link ap name ap1 verbose Mesh Link Verbose -------------------------------------------------------------------------------AP Name: ap1 -------------------------------------------------------------------------------Peer MAC : 00ef-2231-0b4a Local MAC : 00aa-4433-6699 Status : Discarding RSSI : 15 SNR : 1 Noise (dBm) : 0 Cost : 100000 Link PER (%) : 13 Packets Receive : 12 Transmit : 3 Resend : 2 TxDiscard : 0 --------------------------------------------------
Default command level 2: System level Parameters mesh-profile-number: Specifies a mesh profile by its number in the range of 1 to 32. all: Specifies all mesh profiles. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Syntax display wlan mp-policy { mp-policy-name | all } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters mp-policy-name: Specifies an MP policy by its name, a string of 1 to 15 alphanumeric characters with underscores. It cannot contain any space characters. all: Specifies all MP policies. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Link saturation RSSI : 150 (Default) Link rate-mode : fixed (Default) -------------------------------------------------------------------------- Table 58 Command output Field Description MP Policy Name Name of the MP policy. Mesh Link Initiation Whether link initiation is enabled or not. Authenticator Role Whether role authenticator is enabled or not. Max Links Maximum number of links on a device using this MP policy.
system-view [Sysname] wlan mesh-profile 1 [Sysname-wlan-mshp-1] link-backhaul-rate 6 link-hold-rssi Use link-hold-rssi to configure the minimum signal strength to allow a mesh link to be formed and held. Use undo link-hold-rssi to restore the system default. Syntax link-hold-rssi value undo link-hold-rssi Default The minimum signal strength to allow a link to be formed and held is 15.
Parameters value: Specifies the link hold time, or, the minimum time for keeping an active link up. It is in the range of 1000 to 20000, in milliseconds. Examples # Set the link hold time for MP policy sys_mp to 2000 milliseconds. system-view [Sysname] wlan mp-policy sys_mp [Sysname-wlan-mp-policy-sys_mp] link-hold-time 2000 link-initiation enable Use link-initiation enable to enable link initiation for the MP policy. An MP using the MP policy will perform link initiation with a peer.
Default The mesh link keep alive interval is 2 seconds. Views Mesh profile view Default command level 2: System level Parameters keep-alive-interval: Specifies the link keep alive interval in seconds, in the range of 1 to 1800. Examples # Set the mesh link keep alive interval to 60 seconds. system-view [Sysname] wlan mesh-profile 1 [Sysname-wlan-mshp-1] link-keep-alive 60 link-saturation-rssi Use link-saturation-rssi to configure the link saturation RSSI.
Syntax link-switch-margin value undo link-switch-margin Default The link switch margin is 10 dBm. Views MP policy view Default command level 2: System level Parameters value: Specifies the link switch margin. If the RSSI of the new link is greater than that of the current active link by the link switch margin, active link switch happens. This argument is in the range of 1 to 100, in dBm. Examples # Set the link switch margin for MP policy sys_mp to 11 dBm.
link rate-mode Use link rate-mode to set the method to calculate the cost of a mesh link. Use undo link rate-mode to restore the system default. Syntax link rate-mode { fixed | real-time } undo link rate-mode Default The cost of a mesh link is calculated with the fixed method. Views MP policy view Default command level 2: System level Parameters fixed: Uses the maximum fixed rate of the current radio to calculate the cost of a mesh link.
Usage guidelines Same mesh ID cannot be assigned for two mesh profiles. Examples # Set the mesh ID to sys_mesh for mesh profile 1. system-view [Sysname] wlan mesh-profile 1 [Sysname-wlan-mshp-1] mesh-id sys_mesh mesh-profile Use mesh-profile to map the mesh profile to the current radio. Use undo mesh-profile to unmap the specified mesh profile from the radio. Syntax mesh-profile mesh-profile-number undo mesh-profile mesh-profile-number Default No mesh profile is mapped to the radio.
Default The mesh profile is disabled. Views Mesh profile view Default command level 2: System level Usage guidelines A mesh profile can be enabled only when it has been bound to a mesh interface and has had a mesh ID configured. You cannot delete a mesh profile if it has been mapped to a radio interface. Examples # Enable the mesh profile 1.
Default command level 2: System level Parameters mac-address: Specifies the MAC address of a peer MP. all: Removes all peer MAC addresses. cost cost: Specifies the cost of the mesh link to the specified peer. It is in the range of 1 to 65535. Usage guidelines You can specify up to 8 peer MAC addresses. Examples # Configure the MAC address of a peer MP for AP 3, and configure the link cost for the mesh link as 20000.
mp-policy Use mp-policy to bind the MP policy to the current radio. Use undo mp-policy to restore the default. Syntax mp-policy policy-name undo mp-policy Default The radio adopts the default MP policy default_mp_plcy. Views Radio-Template view Default command level 2: System level Parameters policy-name: Specifies the name of the MP policy bound to the current radio. MP policy name is a case-insensitive string of 1 to 15 characters, which can contain letters, digits, and underlines.
Default command level 2: System level Examples # Enable the portal service to the MP ap1. system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] portal-service enable probe-request-interval Use probe-request-interval to configure the probe request interval. Use undo probe-request-interval to restore the system default. Syntax probe-request-interval interval-value undo probe-request-interval Default The probe request interval is 1000 ms.
Views MP policy view Default command level 2: System level Examples # Set authenticator role for an MP policy as sys_mp. system-view [Sysname] wlan mp-policy sys_mp [Sysname-wlan-mp-policy-sys_mp] role-authenticator enable temporary-link enable Use temporary-link enable to enable the temporary link function. Use undo temporary-link enable to disable the temporary link function. Syntax temporary-link enable undo temporary-link enable Default The temporary link function is enabled.
Parameters ap-name: Specifies the name of the AP, a case-insensitive string of 1 to 64 characters. Examples # Perform mesh link test on AP 1. wlan mesh-link-test ap1 Testing mesh link of ap1, press CTRL_C to break.....done.
Examples # Create mesh profile 1 and enter mesh profile 1 view. system-view [Sysname] wlan mesh-profile 1 [Sysname-wlan-mshp-1] Related commands • bind wlan-mesh • mesh-id • link-keep-alive • mesh-profile enable • link-backhaul-rate wlan mkd-id Use wlan mkd-id to configure the MKD ID. Use undo wlan mkd-id to remove the MKD ID. Syntax wlan mkd-id mkd-id undo wlan mkd-id Default The MKD ID is 000F-E200-0001.
Syntax wlan mp-policy policy-name undo wlan mp-policy policy-name Default There is a default MP policy default_mp_plcy. Views System view Default command level 2: System level Parameters policy-name: Specifies an MP policy by its name, a case-insensitive string of 1 to 15 characters. Usage guidelines The name of an MP policy cannot be a, al, all, and default_mp_plcy. Modification or deletion of default MP policy named default_mp_plcy is not allowed.
WLAN sniffer configuration commands display wlan capture Use display wlan capture to display information about the WLAN sniffer function. Syntax display wlan capture [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Capture ACL : 4000 Capture Limit : 10000 File Name : CaptureRecord.dmp Status : Capturing -------------------------------------------------------------------------------- Table 60 Command output Field Description Capture types: Capture Type • Client—Client-based WLAN sniffer. • Radio—Radio-based WLAN sniffer. AP Name AP name. Radio Radio ID. Radio Mode Radio mode, which depends on the device model. Channel Channel where the radio operates to capture packets.
You are not allowed to change the name of the CAP file during the WLAN sniffer process. Examples # Specify the name of the CAP file to which the captured packets are saved as CaptureRecord_001. system-view [Sysname] wlan capture file-name CaptureRecord_001 wlan capture packet-limit Use wlan capture packet-limit to configure the maximum number of packets that can be captured by an AP. Use undo wlan capture packet-limit to restore the default.
Default command level 2: System level Parameters ap ap-name: Specifies an AP name, a case-insensitive string of 1 to 32 characters. radio radio-number: Specifies a radio number. Usage guidelines An auto AP does not support the WLAN sniffer function. WLAN sniffer can be enabled for only one radio of an AP. To enable WLAN sniffer on a radio, the AP must operate in normal mode and must be in Run state, and the working channel of the radio must be manually specified.
[Sysname-acl-ethernetframe-4400] rule permit source-mac 0011-0011-0011 FFFF-FFFF-FFFF [Sysname-acl-ethernetframe-4400] quit [Sysname] wlan capture start client acl 4400 wlan capture stop Use wlan capture stop to disable the WLAN sniffer function, and save the captured packets in the specified CAP file. Syntax wlan capture stop Views System view Default command level 2: System level Examples # Disable the WLAN sniffer function.
AP provision configuration commands ac Use ac to specify the IP address or host name of an AC so that the AP can discover the AC. Use undo ac to remove the AC configuration. Syntax ac { host-name host-name | ip ip-address | ipv6 ipv6-address } undo ac { host-name | ip { ip-address | all } | ipv6 { ipv6-address | all } } Default No AC IP address or host name is specified.
data-tunnel encryption enable Use data-tunnel encryption enable to configure the AP to use IPsec to encrypt the data tunnel. Use undo data-tunnel encryption enable to remove the configuration. Syntax data-tunnel encryption enable undo data-tunnel encryption enable Default The AP does not encrypt the data tunnel. Views AP configuration view Default command level 2: System level Examples # Configure the AP to use IPsec to encrypt the data tunnel.
Usage guidelines You can specify only one domain name for the AP. The wlan ap-provision dns domain command takes effect on all APs, and the dns domain command in AP provision view takes effect on the specified AP. If you configure both commands, the configuration in AP provision view applies to the specified AP. Examples # Specify the domain name for AP 1 as com.
[Sysname-wlan-ap-ap1-prvs] dns server ip 192.168.100.123 Related commands wlan ap-provision dns server dot1x supplicant eap-method Use dot1x supplicant eap-method to configure an authentication method for an AP operating as an 802.1X client. Use undo dot1x supplicant eap-method to remove the authentication method.
undo dot1x supplicant enable Default The 802.1X client is not enabled for an AP. Views AP template view Default command level 2: System level Examples # Enable the 802.1X client function for AP 1. system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] provision [Sysname-wlan-ap-ap1-prvs] dot1x supplicant enable dot1x supplicant password Use dot1x supplicant password to configure an authentication password for an AP operating as an 802.1X client.
dot1x supplicant username Use dot1x supplicant username to configure an authentication username for an AP operating as an 802.1X client. Use undo dot1x supplicant username remove the authentication username. Syntax dot1x supplicant username username undo dot1x supplicant username Default No authentication username is configured for an AP when it operates as an 802.1X client. Views AP template view Default command level 2: System level Parameters username: Specifies the authentication username for 802.
ipv6 ipv6-address: Specifies the IPv6 address of the gateway. all: Removes all IP addresses of gateways. Usage guidelines You can specify only one IPv4 gateway and one IPv6 gateway for the AP. Examples # Specify the gateway 192.168.100.1 for AP 1. system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] provision [Sysname-wlan-ap-ap1-prvs] gateway ip 192.168.100.
ip address Use ip address to configure the IP address of the management VLAN interface of the AP. Use undo ip address to remove the IP address of the management VLAN interface of the AP. Syntax ip address ip-address { mask | mask-length } undo ip address Default No IP address is specified for the management VLAN interface of an AP. Views AP configuration view Default command level 2: System level Parameters ip-address: IP address of the management VLAN interface of the AP, in dotted decimal notation.
Parameters ipv6-address: IPv6 address of the management VLAN interface of the AP. prefix-length: Prefix length, in the range of 1 to 128. Examples # Configure the IPv6 address of the management VLAN interface of AP 1 as 2001::1/64. system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] provision [Sysname-wlan-ap-ap1-prvs] ipv6 address 2001::1/64 provision Use provision to create and enter AP provision view.
Default command level 2: System level Parameters all: Specifies all APs. name ap-name: Specifies an AP by its name, which is a string of 1 to 32 characters that can contain case-insensitive letters and digits, and special characters such as underscore(_), left bracket ([), right bracket (]), slash (/), hyphen (-), and spaces. Usage guidelines This command takes effect only on APs in Run state. Examples # AP 1 has been connected to the AC. Remove the wlan_ap_cfg.wcfg file of AP 1.
Examples # AP 1 has established a connection with the AC. Save the configuration in AP provision view to the wlan_ap_cfg.wcfg file of AP 1. save wlan ap provision name ap1 Related commands • map-configuration • reset wlan ap provision • reset wlan ap tunnel encryption ipsec pre-shared-key Use tunnel encryption ipsec pre-shared-key to configure the AP to use IPsec to encrypt the control tunnel. Use undo tunnel encryption ipsec pre-shared-key to remove the configuration.
vlan pvid Use vlan pvid to configure the default VLAN ID of the Ethernet interface on the AP. Use undo vlan pvid to restore the default. Syntax vlan pvid vlan-id undo vlan pvid Default The default VLAN ID of the Ethernet interface on an AP is 1. Views AP configuration view Default command level 2: System level Parameters vlan-id: Default VLAN ID of the Ethernet interface on the AP. It is in the range of 1 to 4094. Examples # Configure the default VLAN ID of the Ethernet interface on AP 1 as 5.
Examples # Configure packets in VLAN 6 are sent tagged on the Ethernet interface on AP 1. system-view [Sysname] wlan ap ap1 model MSM460-WW [Sysname-wlan-ap-ap1] provision [Sysname-wlan-ap-ap1-prvs] vlan tagged 6 vlan untagged Use vlan untagged to configure a list of VLANs whose packets are sent untagged on the Ethernet interface of the specified AP. Use undo vlan tagged to remove the configuration.
Views System view Default command level 2: System level Parameters host-name host-name: Specifies the host name of a global AC. It is a case-insensitive string of 1 to 255 characters, which can contain letters, digits, "-", "_" and ".", and must contain at least one letter. ip ip-address: Specifies the IPv4 address of a global AC. ipv6 ipv6-address: Specifies the IPv6 address of a global AC. all: Removes the IPv4/IPv6 addresses of all global ACs.
Usage guidelines You can specify only one global domain name. The wlan ap-provision dns domain command takes effect on all APs, and the dns domain command in AP provision view takes effect on the specified AP. If you configure both commands, the configuration in AP provision view applies to the specified AP. Examples # Specify the global domain name as com.
VLAN pool configuration commands display wlan statistics client vlan-pool Use display wlan statistics client vlan-pool to display statistics about a VLAN pool. Syntax display wlan statistics client vlan-pool vlan-pool-name [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vlan-pool-name: Specifies a VLAN pool by its name, a case-insensitive string of 1 to 16 characters. |: Filters command output by specifying a regular expression.
Table 61 Command output Field Description VLAN Pool Name VLAN pool name. VLAN List VLAN IDs in the VLAN pool. VLANs used by clients. VLANs in Use After a client goes online by using the VLAN ID assigned by the VLAN pool, if you remove the VLAN ID from the VLAN pool, this field still displays the VLAN ID. Total Clients Total number of online clients that obtain VLAN IDs through the VLAN pool. VLAN ID Assigned VLAN IDs in the VLAN pool. Number of clients corresponding to each VLAN ID.
Syntax wlan vlan-pool vlan-pool-name undo wlan vlan-pool vlan-pool-name Default No VLAN pool exists. Views System view Default command level 2: System level Parameters vlan-pool-name: Specifies the VLAN pool name, a case-insensitive string of 1 to 16 characters. Usage guidelines You can create up to 32 VLAN pools. Examples # Create a VLAN pool named office.
Wireless location configuration commands display wlan rfid-tracking radio Use display wlan rfid-tracking radio to display radio information for wireless location. Syntax display wlan rfid-tracking radio [ ap ap-name radio radio-id ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters ap ap-name: Specifies an AP by its name. If no AP is specified, radio information about all APs is displayed. radio radio-id: Specifies a radio by its ID.
Field Description Radio Radio ID. Wireless location mode: Mode • • • • MU/Tag—Supports both MU and Tag modes. MU—MU mode. Tag—Tag mode. N/A—No wireless location mode is configured. rfid-tracking engine-address Use rfid-tracking engine-address to specify an IPv4 address for the wireless location server. The AP uses this IP address as the destination address to send location frames to the location server. Use undo rfid-tracking engine-address to restore the default.
rfid-tracking mode Use rfid-tracking mode to configure the wireless location mode. Use undo rfid-tracking mode to restore the default. Syntax rfid-tracking mode { all | mu | tag } undo rfid-tracking mode { all | mu | tag } Default No wireless location mode is configured. Views Radio view Default command level 2: System level Parameters all: Supports both tag and mu modes. tag: Specifies the AeroScout-proprietary mode. Wireless devices in this mode are provided by AeroScout. mu: Specifies the mu mode.
undo wlan rfid-tracking dilution Default No dilution factor and dilution timeout are configured. Views System view Default command level 2: System level Parameters factor factor: Specifies the dilution factor for wireless location frames, in the range of 1 to 10000. A dilution factor restricts the number of frames reported by the AP to the location server.
Default command level 2: System level Examples # Enable wireless location. system-view [Sysname] wlan rfid-tracking enable wlan rfid-tracking engine-detection Use wlan rfid-tracking engine-detection to specify a wireless location method. Use undo wlan rfid-tracking engine-detection to restore the default. Syntax wlan rfid-tracking engine-detection { static | dynamic } undo wlan rfid-tracking engine-detection Default The static wireless location method is used.
Default The AeroScout protocol is used for wireless location. Views System view Default command level 2: System level Parameters aero-scout: Specifies the AeroScout protocol. general: Specifies a general wireless location protocol. Usage guidelines If the wireless location protocol is general, only the static wireless location method can be used. If the wireless location protocol is AeroScout, both static and dynamic wireless location methods can be used.
wlan rfid-tracking rate-limit Use wlan rfid-tracking rate-limit to configure the rate at which the AP sends wireless location frames to the location server to prevent wireless location frame flood to the location server. Use undo wlan rfid-tracking rate-limit to restore the default. Syntax wlan rfid-tracking rate-limit rate undo wlan rfid-tracking rate-limit Default Wireless location frame sending rate is not limited.
Views System view Default command level 2: System level Parameters rssi-threshold: Specifies an RSSI threshold for wireless location packets, in the range of 5 to 100. Examples # Configure the RSSI threshold for wireless location packets as 40. system-view [Sysname] wlan rfid-tracking rssi-threshold 40 wlan rfid-tracking vendor-port Use wlan rfid-tracking vendor-port to specify the port number for the location server vendor. Use undo wlan rfid-tracking vendor-port to restore the default.
Multicast optimization configuration commands display wlan multicast optimization Use display wlan multicast optimization to display multicast optimization information. Syntax display wlan multicast optimization { all | ap-name ap-name radio radio-id } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Specifies all APs. ap-name ap-name radio radio-id: Specifies an AP by its name and a radio by its ID.
8234-1101-1116, 8234-1101-1117, 8234-1101-1118 # Display multicast optimization information for radio 2 on AP 1. display wlan multicast optimization ap1 radio 2 Multicast Optimization Information Total clients: 7 Action: Halt Multicast Address: 229.0.0.1 MAC Address: 8234-1101-1116, 8234-1101-1117 Multicast Address: 229.0.0.
Default command level 2: System level Examples # Enable multicast optimization for service template 1. system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] multicast optimization enable wlan multicast optimization aging-time Use wlan multicast optimization aging-time to configure the aging time for multicast optimization entries. Use undo wlan multicast optimization aging-time to restore the default.
wlan multicast optimization threshold Use wlan multicast optimization threshold to configure the maximum number of clients supported by multicast optimization. Use undo wlan multicast optimization threshold to restore the default. Syntax wlan multicast optimization threshold threshold-value undo wlan multicast optimization threshold Default The maximum number of clients supported by multicast optimization is 6.
Views System view Default command level 2: System level Parameters halt: Invalidates the multicast optimization function. A new client can join a multicast group and receive multicast packets, and a multicast optimization entry can be created for the client. However, the multicast optimization function for all clients in the multicast group becomes invalid. When the number of clients drops below the upper limit, the multicast optimization function takes effect again. reject-client: Rejects new clients.
Spectrum analysis configuration commands display wlan spectrum-analysis channel-quality Use display wlan spectrum-analysis channel-quality to display channel quality information detected by an AP. Syntax display wlan spectrum-analysis channel-quality [ ap ap-name ] Views Any view Default command level 2: System level Parameters ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 32 characters. Examples # Display channel quality information detected by AP 1.
Syntax display wlan spectrum-analysis device [ ap ap-name ] Views Any view Default command level 2: System level Parameters ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 32 characters. Examples # Display information about non-802.11n interference devices detected by AP 1.
Field Description SI Interference severity level. A larger value indicates a stronger interference. RSSI Signal strength of the interference device. Duty Cycle (%) Percentage of time for which the interference device was active. Affected Channels Channels affected by the interference device. Detected Time Time that the interference device was last detected.
dot11a calibrate-channel track spectrum-analysis Use dot11a calibrate-channel track spectrum-analysis to enable spectrum analysis to trigger channel adjustment on 5 GHz radios. Use undo dot11a calibrate-channel track spectrum-analysis to disable spectrum analysis from triggering channel adjustment on 5 GHz radios. Syntax dot11a calibrate-channel track spectrum-analysis undo dot11a calibrate-channel track spectrum-analysis Default Spectrum analysis does not trigger channel adjustment.
Parameters device-type: Specifies the type of interference devices to be detected. The interference device that can be detected on 5 GHz radios is the cordless-Network-fh device. all: Detects all interference devices. Examples # Specify the type of interference devices to be detected on 5 GHz radios as cordless-Network-fh.
undo dot11a spectrum-analysis trap channel-quality enable Default The AC sends SNMP traps to the NMS when the channel quality on 5 GHz radios is lower than the channel quality alarm threshold. Views RRM view Default command level 2: System level Examples # Configure the AC to not send any SNMP traps to the NMS when the channel quality on 5 GHz radios is lower than the channel quality alarm threshold.
dot11a spectrum-analysis trap device Use dot11a spectrum-analysis trap device to enable the AC to send SNMP traps to the NMS when an interference device is detected on 5 GHz radios. Use undo dot11a spectrum-analysis trap device to remove the configuration. Syntax dot11a spectrum-analysis trap device { device-type | all } undo dot11a spectrum-analysis trap device { device-type | all } Default The AC sends SNMP traps to the NMS when a cordless-Network-fh device is detected on 5 GHz radios.
Views RRM view Default command level 2: System level Examples # Configure the AC to not send any SNMP traps to the NMS when interference devices are detected on 5 GHz radios. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] undo dot11a spectrum-analysis trap device enable Related commands dot11a spectrum-analysis trap device. dot11bg calibrate-channel sensitivity Use dot11bg calibrate-channel sensitivity to specify the sensitivity level that triggers channel adjustment on 2.4 GHz radios.
[Sysname] wlan rrm [Sysname-wlan-rrm] dot11bg calibrate-channel sensitivity high Related commands dot11bg calibrate-channel track spectrum-analysis. dot11bg calibrate-channel track spectrum-analysis Use dot11bg calibrate-channel track spectrum-analysis to enable spectrum analysis to trigger channel adjustment on 2.4 GHz radios. Use undo dot11bg calibrate-channel track spectrum-analysis to disable spectrum analysis from triggering channel adjustment on 2.4 GHz radios.
Default command level 2: System level Parameters device-type: Specifies the type of interference devices to be detected, including microwave, Bluetooth, video-ff, cordless-network-fh, and xbox-fh. all: Detects all interference devices. Examples # Specify the type of interference devices to be detected on 2.4 GHz radios as bluetooth.
Syntax dot11bg spectrum-analysis trap channel-quality enable undo dot11bg spectrum-analysis trap channel-quality enable Default The AC sends SNMP traps to the NMS when the channel quality on 2.4 GHz radios is lower than the channel quality alarm threshold. Views RRM view Default command level 2: System level Examples # Configure the AC to not send any SNMP traps to the NMS when the channel quality on 2.4 GHz radios is lower than the channel quality alarm threshold.
[Sysname-wlan-rrm] dot11bg spectrum-analysis trap channel-quality threshold 45 dot11bg spectrum-analysis trap device Use dot11bg spectrum-analysis trap device to enable the AC to send SNMP traps to the NMS when an interference device is detected on 2.4 GHz radios. Use undo dot11bg spectrum-analysis trap device to remove the configuration.
Syntax dot11bg spectrum-analysis trap device enable undo dot11bg spectrum-analysis trap device enable Default The AC sends SNMP traps to the NMS when interference devices are detected on 2.4 GHz radios. Views RRM view Default command level 2: System level Examples # Configure the AC to not send any SNMP traps to the NMS when interference devices are detected on 2.4 GHz radios.
Related commands • dot11a spectrum-analysis enable • dot11bg spectrum-analysis enable 335
Guest access tunnel configuration commands aggregation-ac Use aggregation-ac ip to configure an aggregation AC on an edge AC. Use undo aggregation-ac ip to remove the configuration. Syntax aggregation-ac ip ipv4-address source ip ipv4-address vlan vlan-id-list undo aggregation-ac { all | ip ipv4-address [ vlan vlan-id-list ] } Default No aggregation AC information is available on the edge AC.
Default command level 1: Monitor level Parameters all: Specifies all guest access tunnels. ip ipv4-address: Specifies a peer AC by its IPv4 address. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Table 66 Command output Field Description Local Mode Role of the AC, Edge or Aggregation. Tunnel Count Number of guest access tunnels. Peer IP Address IP address of the peer AC. Local IP Address IP address of the local AC. VLAN Configured guest VLAN. State of the guest access tunnel: State Interface Online time (hh:mm:ss) • Up • Down Local interface used to establish the guest access tunnel. This field is displayed as -NA- if the WLAN-Tunnel interface fails to be created.
keep-alive Use keep-alive to configure the interval at which the edge AC sends keep-alive requests to aggregation ACs. Use undo keep-alive to restore the default. Syntax keep-alive time-interval undo keep-alive Default The interval at which the edge AC sends keep-alive requests to aggregation ACs is 10 seconds.
Default command level 2: System level Parameters all: Removes all guest access tunnels. ip ipv4-address: Specifies a peer AC by its IP address. Examples # Remove all guest access tunnels. reset wlan guest-tunnel all wlan guest-tunnel aggregation-ac Use wlan guest-tunnel aggregation-ac to specify the current AC as the aggregation AC and create an aggregation AC view. If the aggregation AC view has been created, this command enters the aggregation AC view.
Views System view Default command level 2: System level Usage guidelines When you delete the edge AC view, all guest access tunnels established with this edge AC are also removed. Examples # Specify the current AC as the edge AC.
Bonjour gateway commands bonjour-gateway enable Use bonjour-gateway enable to enable Bonjour gateway. Use undo bonjour-gateway enable to disable Bonjour gateway. Syntax bonjour-gateway enable undo bonjour-gateway enable Default Bonjour gateway is enabled. Views AP template view, AP group view Default command level 2: System level Usage guidelines Bonjour gateway takes effect only after you enable Bonjour gateway both globally and for an AP.
undo bonjour-policy Default No Bonjour policy is applied to an AP template, an AP group, or a service template. Views AP template view, AP group view, service template view Default command level 2: System level Parameters policy-name: Specifies a Bonjour policy by its name, a case-sensitive string of 1 to 31 characters. Examples # Apply the specified Bonjour policy to an AP template.
Examples # Display Bonjour policy information. display wlan bonjour-policy Total number of configured bonjour policies: 1 Bonjour policy parameters -------------------------------------------------------------------------------Bonjour policy name : student VLAN : 1 2 to 5 Access-VLAN : Enabled Service list: Service type IP address/Instance name ichat 192.168.0.1 printer Table 67 Command output Field Description VLAN List of VLANs where the AC can forward queries and responses.
Examples # Display information about services discovered by the AC. display wlan bonjour-service Total number of discarded query packets : 0 Total number of discarded response packets: 20 Total number of bonjour services : 3 Bonjour Services ------------------------------------------------------------------------------Name Type VLAN TTL IP ------------------------------------------------------------------------------Apple TV airplay 1 4500 192.168.10.
Table 69 Apple Bonjour protocols and service type strings Service type Protocol name afpovertcp AppleTalkFiling Protocol airplay Airplay airport Airport Base Station apple-sasl Apple Password Server daap Digital Audio Access Protocol dacp Digital Audio Control Protocol distcc Distributed Compiler dpap Digital Photo Access Protocol eppc Remote AppleEvents ftp File Transfer Protocol http Hypertext Transfer Protocol Ica-networking Image Capture Sharing ichat iChat Instant Messaging P
[Sysname-wlan-bp-teacher] service type ichat ip 192.168.1.10 service vlan Use service vlan to configure the VLANs to which the AC can forward queries and responses. Use undo service vlan to remove the configuration. Syntax service vlan vlan-id-list [ access-vlan ] undo service vlan [ vlan-id-list ] [ access-vlan ] Default The AC cannot forward queries and responses.
Usage guidelines Bonjour gateway takes effect only after you enable it both globally and for an AP. You can enable Bonjour gateway for an AP in AP template view or AP group view. Examples # Enable Bonjour gateway globally. system-view [Sysname] wlan bonjour-gateway enable Related commands bonjour-gateway enable wlan bonjour-gateway halt-multicast threshold Use wlan bonjour-gateway halt-multicast threshold to configure the threshold for the AC to start sending multicast responses to clients.
[Sysname] wlan bonjour-gateway halt-multicast threshold 15 wlan bonjour-gateway query enable Use wlan bonjour-gateway query enable to enable active query for Bonjour services on the AC. Use undo wlan bonjour-gateway query enable to disable the function. Syntax wlan bonjour-gateway query enable undo wlan bonjour-gateway query enable Default Active query for Bonjour services is disabled on the AC.
Examples # Configure the interval at which the AC sends queries for a service as 30 seconds. system-view [Sysname] wlan bonjour-gateway query interval 30 Related commands wlan bonjour-gateway query enable wlan bonjour-policy (system view) Use wlan bonjour-policy to create a Bonjour policy. Use undo wlan bonjour-policy to remove a Bonjour policy. Syntax wlan bonjour-policy policy-name undo wlan bonjour-policy policy-name Default No Bonjour policy is created.
Views User profile view Default command level 2: System level Parameters policy-name: Specifies a Bonjour policy by its name, a case-sensitive string of 1 to 31 characters. Examples # Apply Bonjour policy teacher to user profile a123.
WLAN high availability configuration commands AC backup commands backup-ac Use backup-ac to specify an IPv4/IPv6 backup AC. Use undo backup-ac to remove the IPv4/IPv6 backup ACs. Syntax backup-ac { ip ipv4-address | ipv6 ipv6-address } undo backup-ac { ip | ipv6 } Default By default, no IP address is configured for the backup AC, and the IP address configured in system view is used.
display hot-backup state Use display hot-backup state to display the AC hot backup state. Syntax display hot-backup state [ | { begin | exclude | include } regular-expression ] Views System view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Status of the peer AC: Peer Board State • Normal. • Abnormal. • Unknown—No connection is established. hot-backup enable Use hot-backup enable to enable the AC hot backup function. Use undo hot-backup enable to disable the AC hot backup function. Syntax hot-backup enable [ domain domain-id ] * undo hot-backup enable Default The AC hot backup function is disabled. Views System view Default command level 2: System level Parameters domain domain-id: Specifies the domain ID of the AC.
Default command level 2: System level Parameters hellointerval: Sets the interval for sending heartbeat messages, in the range of 30 to 2000 milliseconds. The default value is 2000 milliseconds. Usage guidelines Support for this command depends on the device models. For more information, see About the Command References for HP Unified Wired-WLAN Products. Examples # Set the heartbeat interval to 100 milliseconds.
Syntax priority level priority undo priority level Default The connection priority of an AP is 4. Views AP template view, AP group view Default command level 2: System level Parameters priority: Specifies the AP connection priority in the range of 0 to 7. The higher the value, the higher the priority. Usage guidelines Executed in AP template view, the command takes effect on the specified AP. Executed in AP group view, the command takes effect on all APs in the AP group.
Examples # Configure the IP address of a backup AC as 192.168.1.1. system-view [Sysname] wlan backup-ac ip 192.168.1.1 wlan backup-ac switch-delay Use wlan backup-ac switch-delay to set the delay for an AP to switch from a backup AC to a primary AC. Use undo wlan backup-ac switch-delay to remove the configuration. Syntax wlan backup-ac switch-delay time undo wlan backup-ac switch-delay Default The delay for an AP to switch from a backup AC to a primary AC is 5 seconds.
Default command level 2: System level Parameters priority: Specifies a priority for the probe response packets sent by the AC to the AP, in the range of 1 to 16. The higher the value, the lower the priority. Usage guidelines If multiple ACs send probe response packets to an AP, the AP associates with the AC that sends probe response packets with the highest priority. Examples # Specify the priority of the probe response packets sent by the AC to the AP as 15.
Uplink detection commands wlan uplink track Use wlan uplink track to specify a track entry for uplink detection. Use undo wlan uplink-interface to remove the configuration. Syntax wlan uplink track track-entry-number undo wlan uplink track Default No track entry is specified for uplink detection. Views System view Parameters track-entry-number: Specifies the number of the track entry to be detected, in the range of 1 to 1024.
WIPS commands action Use action to specify the action that WIPS takes when the number of matching times for a signature rule reaches the detect threshold. Syntax action { none | report event-level level-value } Default The action for a user-defined signature rule is none, the action for a system-defined signature rule is report, and the alarm level depends on the signature rule.
Use undo ados enable to disable the anti-denial-of-service function. Syntax ados enable undo ados enable Default The anti-denial-of-service function is disabled. Views WIPS view Default command level 2: System level Examples # Enable the anti-denial-of-service function. system-view [Sysname] wlan ips [Sysname-wlan-ips] ados enable ap-classification-rule (virtual security domain view) Use ap-classification-rule to add an AP classification rule to the current virtual security domain.
Examples # Add an AP classification rule to the virtual security domain office, and specify its precedence as 15. system-view [Sysname] wlan ips [Sysname-wlan-ips] virtual-security-domain office [Sysname-wlan-ips-vsd-office]ap-classification-rule external-ap precedence 15 ap-classification-rule (WIPS view) Use ap-classification-rule to create an AP classification rule and enter AP classification rule view.
Views Virtual security domain view Default command level 2: System level Parameters policy-name: Specifies an attack detection policy by its name, a case-insensitive string of 1 to 32 characters that can contain letters, numbers, and underlines. Examples # Configure the virtual security domain office to use the attack detection policy office.
blocklist-action block Use blocklist-action block to disable wireless devices in the prohibited device list from accessing the WLAN. Use undo blocklist-action block to enable wireless devices in the prohibited device list to access the WLAN. Syntax blocklist-action block undo blocklist-action block Default Wireless devices in the prohibited device list are allowed to access the WLAN.
Parameters authorized-ap: Specifies an authorized AP. external-ap: Specifies an external AP. misconfigured-ap: Specifies a mis-configured AP. rogue-ap: Specifies a rogue AP. Usage guidelines You do not necessarily need to set the type of the AP that matches an AP classification rule. If you do not set the AP type but specify the severity level, in the AP classification rule, the severity level takes effect. Examples # Specify the type of the AP that matches the invalid_ap classification rule as rogue-ap.
countermeasure fixed-channel Use countermeasure fixed-channel enable to enable the sensor to take countermeasures against wireless devices on a fixed channel. Use undo countermeasure fixed-channel enable to restore the default. Syntax countermeasure fixed-channel enable undo countermeasure fixed-channel enable Default No countermeasures are taken against wireless devices on a fixed channel.
Parameters precedence number: Specifies the precedence for taking countermeasures against misassociated clients, in the range of 0 to 9. The default is 6. Examples # Use countermeasures policy office to take countermeasures against misassociated clients.
Default No countermeasures are taken against potential-authorized APs. Views Countermeasures policy view Default command level 2: System level Parameters precedence number: Specifies the precedence for taking countermeasures against potential-authorized APs, in the range of 0 to 9. The default is 0. Examples # Use countermeasures policy office to take countermeasures against potential-authorized APs.
countermeasure potential-rogue-ap Use countermeasure potential-rogue-ap to take countermeasures against potential-rogue APs. Use undo countermeasure potential-rogue-ap to restore the default. Syntax countermeasure potential-rogue-ap [ precedence number ] undo countermeasure potential-rogue-ap Default No countermeasures are taken against potential-rogue APs.
Examples # Use countermeasures policy office to take countermeasures against rogue APs. system-view [Sysname] wlan ips [Sysname-wlan-ips] countermeasure-policy office [Sysname-wlan-ips-cmep-office] countermeasure rogue-ap countermeasure static (countermeasures policy view) Use countermeasure static to add the MAC address of a specific wireless device to the static countermeasures address list.
Use undo countermeasure static to remove all wireless devices or a wireless device with a specific MAC address from the static countermeasures address list. Syntax countermeasure static mac-address undo countermeasure static { mac-address | all } Default No countermeasures are taken on wireless devices. Views WIPS view Default command level 2: System level Parameters mac-address: Specifies the MAC address of the wireless device to be added to or removed from the static countermeasures address list.
Parameters precedence number: Specifies the precedence for taking countermeasures against unauthorized clients, in the range of 0 to 9. The default is 8. Examples # Use countermeasures policy office to take countermeasures against unauthorized clients.
Default No countermeasures are taken against uncategorized clients. Views Countermeasures policy view Default command level 2: System level Parameters precedence number: Specifies the precedence for taking countermeasures against uncategorized clients, in the range of 0 to 9. The default is 4. Examples # Use countermeasures policy office to take countermeasures against uncategorized clients.
[Sysname-wlan-ips-vsd-vsda] countermeasure-policy office countermeasure-policy (WIPS view) Use countermeasure-policy to create a new countermeasures policy and enter countermeasures policy view, or directly enter countermeasures policy view if a countermeasures policy already exists. Use undo countermeasure-policy to remove a countermeasures policy. Syntax countermeasure-policy policy-name undo countermeasure-policy policy-name Default The default countermeasures policy exists.
Usage guidelines When this command is enabled, WIPS detection and attack prevention capabilities are improved, but the access performance is decreased. Examples # Enable WIPS for a hybrid sensor that provides access services. system-view [Sysname] wlan ips [Sysname-wlan-ips] detect access-flow-scan enable detect adhoc-network Use detect adhoc-network to enable Ad hoc network detection specified in the current attack detection policy.
Views Attack detection policy view Default command level 2: System level Examples # Enable all detections specified in the attack detection policy named office. system-view [Sysname] wlan ips [Sysname-wlan-ips] attack-detect-policy office [Sysname-wlan-ips-dctp-office]detect all detect all action Use detect all action { log | trap }* to configure a sensor to send a log or an alarm to the AC when it detects a malformed packet of any type specified in Table 71.
Field Description overflow-eapol-key Oversized EAPOL key. malformed-auth Malformed authentication frame. malformed-assoc-req Malformed association request frame. malformed-ht-ie Malformed HT IE. large-duration Oversized duration. null-probe-resp Null SSID for probe response frame. invalid-deauth-code Invalid deauthentication reason code. invalid-disassoc-code Invalid disassociation reason code. overflow-ssid Oversized SSID. FATA Jack attack. fata-jack FATA Jack is a kind of DOS attack.
Examples # Enable AP flooding detection specified in the attack detection policy named office. system-view [Sysname] wlan ips [Sysname-wlan-ips] attack-detect-policy office [Sysname-wlan-ips-dctp-office] detect ap-flood detect ap-impersonation Use detect ap-impersonation to enable AP impersonation attack detection specified in the current attack detection policy. Use undo detect windows-bridge to disable AP impersonation attack detection specified in the current attack detection policy.
detect ap-spoofing Use detect ap-spoofing to enable AP MAC address spoofing detection specified in the current attack detection policy. Use undo detect ap-spoofing to disable AP MAC address spoofing detection specified in the current attack detection policy. Syntax detect ap-spoofing [ quiet-time time-value ] undo detect ap-spoofing Default AP MAC address spoofing detection is disabled.
Parameters time-value: Specifies the quiet time after an alarm is generated for detecting client MAC spoofing, in the range of 5 to 604800 seconds. The default is 600 seconds. Examples # Enable client spoofing detection specified in the attack detection policy named office.
Syntax detect dos-authentication [ quiet-time time-value ] undo detect dos-authentication Default Authentication DoS attack detection is disabled. Views Attack detection policy view Default command level 2: System level Parameters time-value: Specifies the quiet time after an alarm is generated for detecting an authentication DoS attack, in the range of 5 to 604800 seconds. The default is 600 seconds.
[Sysname] wlan ips [Sysname-wlan-ips] attack-detect-policy office [Sysname-wlan-ips-dctp-office] detect dos-eapol-start detect dos-reassociation Use detect dos-reassociation to enable reassociation DoS attack detection specified in the current attack detection policy. Use undo detect dos-reassociation to disable reassociation DoS attack detection specified in the current attack detection policy.
Default command level 2: System level Parameters log: Configures the sensor to send a log to the AC when it detects a duplicate IE. trap: Configures the sensor to send an alarm to the AC when it detects a duplicate IE. Examples # In the malformed packet detection policy named normal, configure the sensor to send a log and an alarm to the AC when it detects a duplicate IE.
detect hotspot-attack Use detect hotspot-attack to enable hotspot attack detection specified in the current attack detection policy. Use undo detect hotspot-attack to disable hotspot attack detection specified in the current attack detection policy. Syntax detect hotspot-attack undo detect hotspot-attack Default Hotspot attack detection is disabled.
Examples # In the malformed packet detection policy named normal, configure the sensor to send a log and an alarm to the AC when it detects abnormal IBSS or ESS setting.
Syntax detect invalid-disassoc-code action { log | trap }* undo detect invalid-disassoc-code action { log | trap }* Default The sensor does not send a log or alarm to the AC when it detects an invalid disassociation reason code. Views Malformed packet detection policy view Default command level 2: System level Parameters log: Configures the sensor to send a log to the AC when it detects an invalid disassociation reason code.
Examples # In the malformed packet detection policy named normal, configure the sensor to send a log and an alarm to the AC when it detects invalid IE length . system-view [Sysname] wlan ips [Sysname-wlan-ips] malformed-detect-policy normal [Sysname-wlan-ips-mdctp-normal]detect invalid-ie-length action log trap detect invalid-oui Use detect invalid-oui to enable invalid OUI attack detection for an attack detection policy, and classify the detected devices.
Syntax detect invalid-pkt-length action { log | trap }* undo detect invalid-pkt-length action { log | trap }* Default The sensor does not send a log or an alarm to the AC when it detects invalid packet length. Views Malformed packet detection policy view Default command level 2: System level Parameters log: Configures the sensor to send a log to the AC when it detects invalid packet length. trap: Configures the sensor to send an alarm to the AC when it detects invalid packet length.
trap: Configures the sensor to send an alarm to the AC when it detects an authentication/association request frame with a broadcast or multicast source address. Examples # In the malformed packet detection policy named normal, configure the sensor to send a log and an alarm to the AC when it detects an authentication/association request frame with a multicast or broadcast source address.
[Sysname-wlan-ips-mdctp-normal]detect large-duration action log trap # Configure the duration threshold for the malformed packet detection policy normal as 2000 μs, and configure the sensor to send a log and an alarm to the AC when the duration exceeds 2000 μs.
undo detect malformed-auth action { log | trap }* Default The sensor does not send a log or an alarm to the AC when it detects a malformed authentication frame. Views Malformed packet detection policy view Default command level 2: System level Parameters log: Configures the sensor to send a log to the AC when it detects a malformed authentication frame. trap: Configures the sensor to send an alarm to the AC when it detects a malformed authentication frame.
[Sysname-wlan-ips] malformed-detect-policy normal [Sysname-wlan-ips-mdctp-normal]detect malformed-ht-ie action log trap detect null-probe-resp action Use detect null-probe-resp action { log | trap }* to configure the sensor to send a log, an alarm, or both to the AC when it detects a probe response frame with a null SSID. Use undo detect null-probe-resp { log | trap }* to disable the function.
Default The sensor does not send a log or an alarm to the AC when it detects an EAPOL packet with an oversized key. Views Malformed packet detection policy view Default command level 2: System level Parameters log: Configures the sensor to send a log to the AC when it detects an EAPOL packet with an oversized key. trap: Configures the sensor to send an alarm to the AC when it detects an EAPOL packet with an oversized key.
system-view [Sysname] wlan ips [Sysname-wlan-ips] malformed-detect-policy normal [Sysname-wlan-ips-mdctp-normal]detect overflow-ssid action log trap detect prohibited-channel Use detect prohibited-channel to enable prohibited channel detection specified in the current attack detection policy. Use undo detect prohibited-channel to disable prohibited channel detection specified in the current attack detection policy.
Default Power saving attack detection is disabled. Views Attack detection policy view Default command level 2: System level Parameters quiet-time quiet-time-value: Specifies the quiet time after an alarm is generated for detecting a power saving attack, in the range of 5 to 604800 seconds. The default is 600 seconds. threshold: Specifies parameters for power saving attack detection.
trap: Configures the sensor to send an alarm to the AC when it detects a redundant IE. Examples # In the malformed packet detection policy named normal, configure the sensor to send a log and an alarm to the AC when it detects a redundant IE.
undo detect unencrypted-authorized-ap Default Unencrypted authorized AP detection is disabled. Views Attack detection policy view Default command level 2: System level Parameters quiet-time quiet-time-value: Specifies the quiet time after an alarm is generated for detecting an unencrypted authorized AP, in the range of 5 to 604800 seconds. The default is 600 seconds. Examples # Enable unencrypted authorized AP detection specified in the attack detection policy named office.
[Sysname-wlan-ips-dctp-office]detect unencrypted-trust-client detect weak-iv Use detect weak-iv to enable weak-IV detection for an attack detection policy. Use undo detect weak-iv to restore the default. Syntax detect weak-iv [ quiet-time time-value ] undo detect weak-iv Default Weak-IV detection is disabled in an attack detection policy.
Examples # Enable Windows bridge detection specified in the attack detection policy named office. system-view [Sysname] wlan ips [Sysname-wlan-ips] attack-detect-policy office [Sysname-wlan-ips-dctp-1] detect windows-bridge detect-period Use detect-period to configure the statistics collection period for a signature rule.
detect-threshold Use detect-threshold to configure the maximum matching times for a signature rule within the specified statistics collection period. When the matching times reach this threshold, WIPS takes further actions according to the configuration of the action command. Use undo detect-threshold to restore the default.
Syntax display wlan ips ap-classification-rule [ rule-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters rule-name: Specifies an AP classification rule by its name, a case-insensitive string of 1 to 32 characters that can contain letters, numbers, and underlines, but not spaces. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Security : include WPA Authentication Method : PSK RSSI : < 20 Duration : < 86400 Client Count : -NA- Discovered APs : > 10 OUI : 00-01-02 OUI Vendor : -NA- Applied to VSD VSD 1 : office -------------------------------------------------------------------------------- Table 72 Command output Field Description Severity Level Severity level for an AP that matches an AP classification rule. The value is in the range of 0 to 100. Match policy for the rule.
Field Description OUI Vendor Vendor of the AP. Applied to VSD Virtual security domain where the AP classification rule is applied. VSD n Name of the virtual security domain, where n represents a number automatically assigned by the system. display wlan ips attack-detect-policy Use display wlan ips attack-detect-policy to display information about the specified or all attack detection policies.
Dos-association off -- -- Dos-reassociation off -- -- Weak-iv off -- -- Invalid-OUI on -- -- Ps-attack on 600 -- Windows-Bridge on -- -- Hotspot-attack on -- -- AP-Impersonation on 600 -- Soft-ap on -- -- Unencrypt-auth-ap on 600 -- Unencrypt-trust-cli on 600 -- Applied To VSD : default, vsd_office -------------------------------------------------------------------------------Policy Name: lab Adhoc-network on -- -- Prohibited-channel on -- -- AP-spoofing
Field Description Whether to detect prohibited channels. Prohibited-channel • on. • off. Whether to detect AP spoofing. AP-spoofing • on. • off. Whether to detect client spoofing. Client-spoofing • on. • off. Whether to detect AP flood. AP-Flood • on. • off. Dos-eapol-start • on. • off. Dos-authentication • on. • off. Whether to detect EAPOL-Start DoS attacks. Whether to detect authentication DoS attacks. Whether to detect association DoS attacks. Dos-association • on. • off.
Field Description Whether to detect AP impersonation attacks. AP-Impersonation • on. • off. Whether to detect soft APs. Soft-ap • on. • off. Whether to detect unencrypted authorized APs. Unencrypt-auth-ap • on. • off. Whether to detect unencrypted trust clients. Unencrypt-trust-cli Applied to VSD • on. • off. Virtual security domain where the attack detection policy is applied.
Total Number of Entries: 2 State: S = Static, D = Dynamic, S&D = Static & Dynamic Blocklist-Action Block : Disable Block List -------------------------------------------------------------------------------MAC-Address Status -------------------------------------------------------------------------------0001-0002-0003 S 0001-0002-0004 S -------------------------------------------------------------------------------- Table 74 Command output Field Blocklist-Action Block MAC-Address Description Dis
Examples # Display information about all channels.
Views Any view Default command level 2: System level Parameters vsd vsd-name: Specifies a virtual security domain by its name, a case-insensitive string of 1 to 32 characters that can contain letters, numbers, and underlines. static: Displays information about wireless devices added to the countermeasures list from WIPS view and countermeasures policy view. dynamic: Displays information about wireless devices dynamically added to the countermeasures list.
c4ca-d9f0-cab0 S I -- -- -- -- -------------------------------------------------------------------------------- Table 76 Command output Field Description Type of the wireless device. Type • S—Manually added. • D—Dynamically added. • S&D—Both manually and dynamically added. State of the wireless device against which countermeasures are taken. State Start-Time • Pending. • Countermeasure. • Idle. Time when the wireless device enters the current state.
Countermeasure records : 1 2013-06-21/16:11:29 - 2013-06-21/16:11:44 Pending -------------------------------------------------------------------------------Device: c4ca-d9f0-cab0 Type : Static Classification : potential-external-ap Precedence : 10 State : Pending Channel : 1 Sensor : -- Start-Time : 2013-06-21/16:25:56 Global Static Countermeasure : YES Applied to Countermeasure-policies : -- Countermeasure records : 0 -------------------------------------------------------------------
Field Description Start-Time Time when the wireless device entered the current countermeasures state. Global Static Countermeasure Whether the wireless device is a globally configured device against which countermeasures are taken. Applied to Countermeasure-policy Countermeasures policy applied to the wireless device. Countermeasure record Countermeasures record for the wireless device.
potential-authorized-ap : Off potential-rogue-ap : Off potential-external-ap : Off uncategorized-ap : Off uncategorized-client : Off Countermeasure Static Devices : 0 Applied to VSD : VSD 1 : vsd_office ---------------------------------------------------------------------- Table 78 Command output Field Description Policy Name Countermeasures policy name. Countermeasures policy on fixed channel. Countermeasure on Fixedchannel • enable. • disable.
Field Description Whether to take countermeasures against potential-external APs. potential-external-ap • on. • off. Whether to take countermeasures against uncategorized APs. uncategorized-ap • on. • off. Whether to take countermeasures against uncategorized clients. uncategorized-client • on. • off. Countermeasure Static Devices Information about the wireless devices in the static countermeasures list specified by the current countermeasures policy.
external: Displays external AP information. potential-authorized: Displays potential-authorized AP information. potential-rogue: Displays potential-rogue AP information. potential-external: Displays potential-external AP information. uncategorized: Displays uncategorized AP information. wireless-bridge: Displays information about APs with the wireless bridge function. client: Displays client information. authorized: Displays authorized client information.
Table 79 Command output Field Description MAC-Address MAC address of the wireless device. Type • AP • Cli: Client. Classification Category of the wireless device. SL Severity level of the wireless device. Last-Time Time when WIPS last detected the AP or client. #S Number of sensors that detected the wireless device. Chl Channel where the wireless device was detected. S • Active—Enabled. • Inactive—Disabled. Type of the wireless device. AP or client status.
RSSI : 72 Last Reported Time : 2013-06-22/15:53:26 Attached Clients Client 1 : 1 : 0021-632f-f77d -------------------------------------------------------------------------------BSSID : 000f-e233-5500 Vendor: Hewlett-Packard Development Company, L.P. SSID : bignetwork-a Hotspot : NO Status : Active Classification : Misconfigured Severity Level : 0 Security : Clear Encrypt Method : -NA- Authentication Method : None Radio Type : 802.
Last Reported Time Attached Clients : 2013-06-22/15:53:42 : 0 -------------------------------------------------------------------------------Total Number of Clients: 2 -------------------------------------------------------------------------------MAC Address: 0021-632f-f77d Vendor: ASKEY COMPUTER CORP BSSID : 000f-e2a2-2420 Status : Active State : EAPSuccess Classification : Uncategorized RadioType : 802.
Field Description AP or client status. Status • Active—Enabled. • Inactive—Disabled. Client association state. State • Association—The client has been associated with the AP. • Unassociation—The client is not associated with the AP. • EAPSuccess—The client has passed the PSK or 802.1X authentication. • EAPLogoff—The client has been logged off. Category of the AP or client. • AP. Classification { Ad_hoc. { Authorized. { Rogue. { Misconfigured. { External. { Potential-authorized.
Field Description Channel Working channel of the wireless device. Whether the AP or client is in the countermeasures list. In Countermeasure List • Yes. • No. Up Time Bootup time of the AP. First Reported Time Time when WIPS first detected the AP or client. Last Reported Time Time when WIPS last detected the AP or client. Reporting Sensor Number of sensors that detected the wireless device.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
ID: 5 Event Level: 2 Event Type : prohibited-chl Reported Time : 2013-06-22/15:35:30 - 2013-06-22/15:35:30 Aggregate times : 1 Causer : -NA- Source: Source 1 : c4ca-d9f0-e3e0 VSD: default Detail Information: In the VSD default, inhibitory channel 157 is active.
Source 1 : c4ca-d9f0-e3e0 VSD: default Source 2 : 3822-d6c1-55fd VSD: -NA- Detail Information: In the VSD default,the AP 000f-e233-5500 is added.
Reported Time : 2013-11-29/10:00:00 - 2013-11-29/11:18:25 Aggregate times : 4 Causer : ccef-48f4-7850 Source: Source 1 : 80f6-2ee6-d3da VSD: -NA- Detail Information: In the vsd default, detect a trust client 0021-6330-0f04 connect to an unencrypted AP ccef-48f4-7850.
Field Description Aggregate times Number of times that alarm events are aggregated. Causer MAC address of the wireless device that causes the alarm event. Source MAC address of the WIPS-enabled device that generated the alarm event. VSD Name of the virtual security domain to which the WIPS-enabled device belongs. Detail Information Detailed information for the alarm event. display wlan ips hotspotlist Use display wlan ips hotspotlist to display information about the hotspots in the WIPS system.
y06066 2013-12-16/10:46:52 -------------------------------------------------------------------------------- Table 83 Command output Field Description Total Number of Entries Number of hotspots in the WIPS system. SSID SSID of the hotspot. Last-Reported-Time Time when the hotspot is detected most recently. display wlan ips ignorelist Use display wlan ips ignorelist to display a specific device or all devices in the alarm-ignored device list.
Table 84 Command output Field Description MAC-Address MAC address of the device in the list. Hit-Count Number of times that the entry in the list was hit. First-Reported-Time Time when the first alarm event was generated for the device. Last-Reported-Time Time when the last alarm event was generated for the device. display wlan ips malformed-detect-policy Use display wlan ips malformed-detect-policy to display information about the specified or all malformed packet detection policies.
overflow-eapol-key off 600 -- -- malformed-auth off 600 -- -- malformed-assoc-req off 600 -- -- malformed-ht-ie off 600 -- -- large-duration off 600 -- 5000 null-probe-resp off 600 -- -- invalid-deauth-code off 600 -- -- invalid-disassoc-code off 600 -- -- overflow-ssid off 600 -- -- fata-jack off 600 -- -- --------------------------------------------------------------------------Applied To VSD : vsd ----------------------------------------------------------
Field Description Action Action to take when the sensor detects a malformed packet: send a log or alarm to the AC. Threshold Duration threshold. Applied To VSD Virtual security domain using the malformed packet detection policy. display wlan ips network Use display wlan ips network to display information about wireless services in the specified or all virtual security domains.
VSD vsd_office: 3 office WPA2/WPA PSK TKIP/CCMP 1 Ruckus-Wireless-1 Clear None -NA- 1 bignetwork-a Clear None -NA- 1 -------------------------------------------------------------------------------- # Display information about all hotspots in the hotspot list in virtual security domain default.
Total number of networks: 3 -------------------------------------------------------------------------------SSID: office Hotspot : No Status : Active Security : WPA2/WPA Authentication Method : PSK Encrypt Method : TKIP/CCMP First Reported Time : 2013-06-22/15:43:18 Last Reported Time : 2013-06-22/15:43:38 APs : 1 BSSID 1 : 000f-e2a2-2420 Channel: 149 Clients: 0 SSID Hide: No -------------------------------------------------------------------------------SSID: Ruckus-Wireless-1 Hotspot
Field Description Security type used by the wireless device. Security • • • • Clear. WEP. WPA. WPA2. Authentication method. Authentication Method • • • • None—No authentication. PSK—PSK authentication. 802.1X—802.1X authentication. Other—Authentication other than None, PSK, and 802.1X. Data encryption mode. Encrypt Method • TKIP. • CCMP. • WEP. First Reported Time Time when WIPS first detected the SSID. Last Reported Time Time when WIPS last detected the SSID.
[Sysname] display wlan ips oui HP Total Number of Entries: 8 Vendor OUI List --------------------------------------------------------------------------OUI Vendor --------------------------------------------------------------------------00-19-3c HighPoint Technologies Incorporated 00-1b-3f ProCurve Networking by HP 00-1c-2e HPN Supply Chain 00-1d-31 HIGHPRO INTERNATIONAL R&D CO,.LTD.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters. Examples # Display sensors in all virtual security domains.
Syntax display wlan ips signature { all | custom | signature-id id-value | signature-name name-string | standard } [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters custom: Specifies all user-defined signature rules. all: Specifies all signature rules. signature-name name-string: Specifies a signature rule by its name, a case-insensitive string of 1 to 32 characters that can contain letters, numbers, and underlines.
11 addba_req_flood Standard -------------------------------------------------------------------------------- # Display information about all user-defined signature rules.
Signature Type : Standard Track Method : per-signature Detect Threshold : per-signature : 5000 pkts/period per-mac : -NA- Detect Period : 5 s Action : report Event Level : 2 Quiet Time : 900 s Applied on Signature Policy Signature Policy 1 : office Precedence : 1 --------------------------------------------------------------------------- # Display detailed information about the signature rule with the ID 40.
Table 91 Command output Field Description Signature Name Signature rule name. Signature ID Signature rule ID. 1 to 32 represent system-defined signature rules, and 33 to 64 represent user-defined signature rules. Signature rule type. Signature Type • Standard—System-defined signature rule. • Custom—User-defined signature rule. Tracking method for the signature rule. Track Method • per-mac. • per-signature. • both: Uses both methods. Maximum matching times for the signature rule.
Field Description Frame type. Frame Type • data—Data frames. • management—Management frames. • control—Control frames. Sub type of a management frame. Frame Subtype • • • • • • • Association Request. Association Response. Authentication. Beacon. Deauthentication. Disassociation. Probe Request. Matches MAC addresses of a specific type. MAC • Source Mac. • Dest Mac. • Bssid. Seq Number Packet sequence number. SSID Length SSID length. Match mode for the SSID.
display wlan ips signature-policy Use display wlan ips signature-policy to display information about the specified or all signature policies. Syntax display wlan ips signature-policy { policy-name | all } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters policy-name: Specifies a signature policy by its name. all: Specifies all signature policies. |: Filters command output by specifying a regular expression.
Table 92 Command output Field Description Signature Policy Name Signature policy name. VSD Virtual security domain. Include Signature Num Number of signature rules. ID Signature rule ID. 1 to 32 represent system-defined signature rules, and 33 to 64 represent user-defined signature rules. Signature Name Name of the signature rule bound to the signature policy. Signature rule type. • Standard—System-defined signature rule. • Custom—User-defined signature rule.
[Sysname]display wlan ips static-trustoui vendor Total Number of Entries: 1 Trust OUI Vendor List --------------------------------------------------------------------------Vendor --------------------------------------------------------------------------HP --------------------------------------------------------------------------- # Display information about all entries in the static trusted OUI list.
mac-address mac-address: Specifies a MAC address. channel: Displays frame statistics about a channel. If you do not specify the channel-num argument, frame statistics about all channels are displayed. total: Displays all frame statistics. recent: Displays frame statistics within the last statistics collection period. Examples # Display total frame statistics about the wireless device with the MAC address 00fc-4a38-4fc5 detected by sensor office_ap1.
Total (Frames/Bytes) : 1/106 Unicast (Frames/Bytes) : 1/106 Broadcast/Multicast (Frames/Bytes) : 0/0 Management : 0 Control : 0 Data : 1 Fragment : 0 Retry : 1 Beacon : 0 Probe Req : 0 Authentication : 0 Probe Resp : 0 Unicast Deauth : 0 Assoc req : 0 Broadcast Deauth : 0 Assoc Resp : 0 Unicast Disassoc : 0 RTS : 0 Broadcast Disassoc : 0 EAPOL Start : 0 EAP Success : 0 EAPOL Logoff : 0 EAP Failure : 0 Abnormal : 0 ------------------------------------------------
EAPOL Start : 0 EAP Success : 0 EAPOL Logoff : 0 EAP Failure : 0 -------------------------------------------------------------------------------- Table 94 Command output Field Description Sensor Name of the sensor. Device MAC address of the wireless device. Channel Channel number. Total(Frames/Bytes) Total number of frames/bytes. Unicast (Frames/Bytes) Total number of unicast frames/bytes. Broadcast/Multicast(Frames/Bytes) Total number of broadcast/multicast frames/bytes.
display wlan ips statistics sensor Use display wlan ips statistics sensor to display the malformed packet statistics about the specified sensor. Syntax display wlan ips statistics sensor sensor-name malformed-counter Views Any view Default command level 2: System level Parameters sensor-name: Specifies a sensor by its name, a case-insensitive string of 1 to 64 characters. Examples # Display the malformed packet statistics about sensor 1.
Field Description Malformation-Specify Type of the malformed packet detection policy: invalid-ie-length, duplicated-ie, redundant-ie, invalid-pkt-length, illegal-ibss-ess, invalid-source-address, overflow-eapol-key, malformed-auth, malformed-assoc-req, malformed-ht-ie, large-duration, null-probe-resp, invalid-deauth-code, invalid-disassoc-code, overflow-ssid, or fata-jack. Count Count of malformed packets of all types.
Ados State : Disable Total Number of Signatures : 11 Standard Signature : 10 Custom Signature : 1 Timer: Inactivity Timer of AP : 300s Inactivity Timer of Client : 600s Aging Timer of AP and Client : 86400s Statistic Period : 103s Reclassification Period : 800s Dynamic Trustlist Aging Period: 300s Update Timer of Device : 20s Total Number of Events: 214 Level-0: 0 Level-1: 4 Level-2: 14 Level-3: 0 Level-4: 70 Level-5: 126 Level-6: 0 Level-7: 0 ------------------------------------
External : 2 Ad-hoc : 0 Potential-Authorized : 0 Potential-Rogue : 0 Potential-External : 29 Uncategorized : 0 STA: 1 Authorized : 0 Rogue : 0 Mis-Association : 0 Uncategorized : 1 Unassociated : 0 Total Number of Events: 60 -------------------------------------------------------------------------------Virtual Security Domain Name : vsd_office Configured Sensor Number : 0 Running Sensor Number : 0 Detection Information: Detected Network Number : 0 AP: 0 Authorized : 0 Mis-Con
Field Description Trust-list Entry Number Number of entries in the permitted device list. Countermeasure-list Entry Number Number of entries in the countermeasures list. Ignore-list Entry Number Number of entries in the alarm-ignored device list. ADoS status. Ados State • Enable. • Disable. Total Number of Signatures Number of signature rules. Standard Signature Number of system-defined signature rules. Custom Signature Number of user-defined signature rules. Timer Global timer.
Field Description Potential-Rogue Number of potential-rogue APs detected in the virtual security domain. Potential-External Number of potential-external APs detected in the virtual security domain. Uncategorized Number of uncategorized APs detected in the virtual security domain. STA Number of clients detected in the virtual security domain. Authorized Number of authorized clients detected in the virtual security domain. Rogue Number of rogue APs.
Trust List ----------------------------------------------------------MAC-Address Status ----------------------------------------------------------0001-0002-0003 S 0001-0002-0004 S&D ----------------------------------------------------------- Table 97 Command output Field Description Status of the entries in the permitted device list. • S—Manually configured. • D—Dynamically generated. • S&D—Manually configured and dynamically generated.
Countermeasure Policy : default AP Classification Rules : -NA- --------------------------------------------------------------------------VSD Name : office Attack Detect Policy : policy1 Signature Policy : default Countermeasure Policy : officecmp AP Classification Rules: Priority 15 : auth_ap Priority 10 : invalid_ap Priority 0 : default_rule --------------------------------------------------------------------------VSD Name : lab Attack Detect Policy : policy2 Signature Policy : sigpolicy
Default command level 2: System level Parameters file-name: Specifies a configuration file by its name, a case-insensitive string of 1 to 32 characters. It cannot contain special characters back slash (\), slash (/), colon (:), asterisk (*), question mark (?), quotation mark ("), left angle bracket (<), right angle bracket (>), and vertical bar (|). Usage guidelines Export OUI information in the following format: 000FE2 (base 16) Hangzhou H3C Technologies Co., Ltd.
Use undo ignorelist to remove the MAC address of the specified or all wireless devices in the alarm-ignored device list. Syntax ignorelist mac-address undo ignorelist { mac-address | all } Default No alarm-ignored device list exists. Views WIPS view Default command level 2: System level Parameters mac-address: Specifies the MAC address of the wireless device to be added to or removed from the alarm-ignored device list. all: Removes all entries in the alarm-ignored device list.
Usage guidelines Download the specified configuration files from the H3C website, as follows: 38-22-D6 (hex) H3C Technologies Co., Limited 3822D6 (base 16) H3C Technologies Co., Limited 00-00-00 (hex) XEROX CORPORATION 000000 (base 16) XEROX CORPORATION M/S 105-50C 800 PHILLIPS ROAD WEBSTER NY 14580 UNITED STATES If multiple imported OUI configuration files contain information about the same OUI, the new OUI information overwrites the old OUI information.
[Sysname] wlan ips [Sysname-wlan-ips] virtual-security-domain office [Sysname-wlan-ips-vsd-office] malformed-detect-policy all malformed-detect-policy (WIPS view) Use malformed-detect-policy to create a malformed packet detection policy and enter its view. If the malformed packet detection policy already exists, the command enters its view. Use undo malformed-detect-policy to remove the specified malformed packet detection policy.
Views Virtual security domain view Default command level 2: System level Parameters authorized-ap: Specifies an authorized AP. external-ap: Specifies an external AP. misconfigured-ap: Specifies a misconfigured AP. rogue-ap: Specifies a rogue AP. mac-address&<1-2>: Specifies the MAC address of an AP, in the H-H-H format. When you specify this argument, you can omit the 0s for each octet in the MAC address. For example, f-e2-1 represents 000f-00e2-0001.
external-ap: Specifies an external AP. misconfigured-ap: Specifies a misconfigured AP. rogue-ap: Specifies a rogue AP. mac-address&<1-2>: Specifies the MAC address of an AP, in the H-H-H format. When you specify this argument, you can omit the 0s for each octet in the MAC address. For example, f-e2-1 represents 000f-00e2-0001. &<1-2> indicates you can enter up to two MAC addresses. all: Removes the WIPS device type configuration for all APs.
match all (SIG view) Use match all to set the match criteria relationship for a signature rule. A packet is considered as matching the rule when it matches all match criteria of the rule. Use undo match all to restore the default match criteria relationship. Syntax match all undo match all Default A packet is considered as matching a user-defined signature rule as long as it matches any match criterion of the rule.
Default command level 2: System level Parameters channel-list: Specifies a list of channels to be added to or removed from the permitted channel list, in the range of 1 to 224. You can configure a maximum of 10 permitted channels at a time. all: Removes all permitted channels. Usage guidelines Use the permit-channel command in combination with the detect prohibited-channel command. The permit-channel command takes effect only when the detect prohibited-channel command is configured.
quiet-time (SIG view) Use quiet-time to configure the quiet time for a signature rule. A signature rule in quiet state is not matched. Use undo quiet-time to restore the default. Syntax quiet-time time undo quiet-time Default The quiet time for a user-defined signature rule is 900 seconds and that for a system-defined signature rule depends on the specific system-defined signature rule.
Default command level 2: System level Parameters all: Deletes all events generated by the WIPS system. causer-mac source-mac: Specifies the MAC address of the wireless device that causes alarm events. id event-id: Specifies an event ID in the range of 1 to 1200. level event-level: Specifies the level for an alarm in the range of 0 to 7. source-mac source-mac: Specifies the MAC address of the WIPS-enabled device that generates alarm events to be deleted. type event-type: Specifies the type of an alarm.
Views Virtual security domain view Default command level 2: System level Parameters ap-name-list: Specifies a space-separated list of up to 10 items. Each item specifies an AP by its name or a range of names in the form of ap-name. The ap-name argument is a case-insensitive string of 1 to 64 characters. Usage guidelines If you execute the command multiple times, WIPS adds the specified AP into the virtual security domain until the upper limit is reached, regardless of whether the AP exists.
Parameters level-value: Specifies the severity level for an AP that matches an AP classification rule. The value is in the range of 0 to 100. A greater value represents a higher severity level. Usage guidelines A severity level takes effect only when no AP type is specified for an AP classification rule. If an AP matches multiple AP classification rules, WIPS uses the sum of the severity levels as the severity level for the AP. The maximum value is 100, even if the sum exceeds 100.
eapol_logoff_flood: System-defined signature rule, used to reconfigure the EAPOL-logoff flooding attack detection parameters. broadcast_disassoc_flood: System-defined signature rule, used to reconfigure the broadcast diassociation flooding attack detection parameters. disassoc_flood: System-defined signature rule, used to reconfigure the unicast diassociation flooding attack detection parameters.
signature (signature policy view) Use signature to specify a signature rule by its name or ID for a signature policy. Use undo signature to remove the specified signature rule from a signature policy. Syntax signature { signature-name name-string | signature-id signature-list } [ precedence level ] undo signature { name name-string | signature-id signature-list } Default No signature rule is configured for a signature policy.
Examples # Enable detection specified by user-defined signature rule office1 in signature policy office, with the match precedence 21. system-view [Sysname] wlan ips [Sysname-wlan-ips] signature-policy office [Sysname-wlan-ips-sigpolicy-office] signature signature-name office1 precedence 21 signature-policy (virtual security domain view) Use signature-policy to bind a signature policy to a virtual security domain.
Default A virtual security domain uses the signature policy named default. Views WIPS view Default command level 2: System level Parameters policy-name: Specifies a signature policy by its name, a case-insensitive string of 1 to 32 characters that can contain letters, numbers, and underlines. Usage guidelines The system supports up to 16 signature policies, including the default signature policy default. You cannot remove a signature policy that has been applied to a virtual security domain.
Examples # Add the wireless device with the MAC address 0016-6f9d-612e to the static prohibited device list. system-view [Sysname] wlan ips [Sysname-wlan-ips] static-blocklist 0016-6f9d-612e static-trustlist Use static-trustlist to add the MAC address of the specified wireless device to the static permitted device list. Use undo static-trustlist to remove all wireless devices or the device with a specific MAC address from the static permitted device list.
Views WIPS view Default command level 2: System level Parameters oui-info: Specifies an OUI, a case-insensitive string of hexadecimal characters in the format XXXXXX. vendor vendor-name: Specifies a vendor by its name, a case-sensitive string of 1 to 64 characters. all: Removes all OUIs and vendors in the static trusted OUI list. Usage guidelines You can specify a maximum of 512 OUIs and 64 vendors. The command does not take effect if the OUI library has no OUI information for the specified vendor.
case-sensitive: Specifies a case-sensitive character string. not: Matches SSIDs that are not equal to or do not include the specified value. equal: Matches SSIDs equal to the specified value. include: Matches SSIDs that include the specified value. string: Specifies a character string in the range of 1 to 32. security: Matches security methods used by the AP. clear: Specifies the clear security method. wep: Specifies the WEP security method. wpa: Specifies the WPA security method.
system-view [Sysname] wlan ips [Sysname-wlan-ips] ap-classification-rule invalid_ap [Sysname-wlan-ips-class-invalid_ap] sub-rule ssid not include HP [Sysname-wlan-ips-class-invalid_ap] sub-rule security include clear wep [Sysname-wlan-ips-class-invalid_ap] sub-rule rssi greater-than 80 [Sysname-wlan-ips-class-invalid_ap] sub-rule duration less-than 172800 [Sysname-wlan-ips-class-invalid_ap] sub-rule clients-on-ap greater-than 10 [Sysname-wlan-ips-class-invalid_ap] sub-rule discovered-ap greater-th
disassociation: Matches disassociation frames. probe-request: Matches probe requests. control: Matches control frames. mac: Matches MAC addresses. source-mac mac-address: Matches a source MAC address in the format of FFFF-FFFF-FFFF, case-insensitive. dest-mac mac-address: Matches a destination MAC address in the format of FFFF-FFFF-FFFF, case-insensitive. bssid mac-address: Matches a BSSID in the format of FFFF-FFFF-FFFF, case-insensitive. ssid: Matches SSIDs.
If you do not specify the pattern-id keyword in the undo sub-rule command, all sub rules specifying a frame match pattern are removed. Examples # Configure the sub rules for signature rule office as the following: • Frame type—Association Request. • Source MAC address—0000-0000-0001. • SSID—Does not contain HP, case sensitive. • SSID length—Between 15 (inclusive) and 20 (inclusive). • Wireless packet sequence number—Greater than 100.
Usage guidelines WIPS considers an AP inactive when it detects that the AP has not sent any packets within the specified time. Examples # Set the maximum idle time for an AP to 120 seconds. system-view [Sysname] wlan ips [Sysname-wlan-ips] timer ap-inactivity 120 timer client-inactivity Use timer client-inactivity to set the maximum idle time for an associated client. Use undo timer client-inactivity to restore the default maximum idle time.
Views WIPS view Default command level 2: System level Parameters time: Specifies the aging time of inactive APs or clients, in the range of 60 to 2592000 seconds. Examples # Set the aging time for inactive APs or clients to 604800 seconds (7 days). system-view [Sysname] wlan ips [Sysname-wlan-ips]timer device-aging 604800 timer device-update Use timer device-update to set the information update interval for wireless devices in WIPS. Use undo timer device-update to restore the default.
undo timer dynamic-trustlist-aging Default The aging time is 300 seconds. Views WIPS view Default command level 2: System level Parameters time: Specifies the aging time of the wireless devices dynamically added to the trusted device list, in the range of 60 to 86400 seconds. Examples # Set the aging time of the wireless devices dynamically added to the trusted device list to 360 seconds.
timer statistic-period Use timer statistic-period to set the packet statistics collection period. Use undo timer statistic-period to restore the default. Syntax timer statistic-period time undo timer statistic-period Default The statistics collection period for wireless packets is 900 seconds. Views WIPS view Default command level 2: System level Parameters time: Specifies the packet statistics collection period in the range of 60 to 86400 seconds.
Usage guidelines To modify the track method for a signature rule that has been bound to a signature policy, remove the binding first. If you configure the track-method for a signature rule multiple times, the latter configuration overwrites the previous one. You cannot modify the track method for a system-defined signature rule. If you set the track-method to both, configure both the per-mac and per-signature keywords.
virtual-security-domain Use virtual-security-domain to create a virtual security domain and enter virtual security domain view. For an existing virtual security domain, this command directly enters the corresponding virtual security domain view. Use undo virtual-security-domain to remove the specified virtual security domain. Syntax virtual-security-domain vsd-name undo virtual-security-domain vsd-name Default The virtual security domain default is used as the default virtual security domain.
Parameters access-first: Specifies the access first policy for the sensor operating in local mode. detect-first: Specifies the detection first policy for the sensor operating in local mode. detect-only: Specifies a monitor sensor. middle: Specifies the balanced policy for the sensor operating in local mode. Usage guidelines If you configure a radio as a sensor operating in monitor mode, you do not need to configure wireless service for the radio.
Syntax wipslogfile { event | malformed-packet } size value undo wipslogfile { event | malformed-packet } size Default The size of WIPS logs depends on the device model. For more information, see About the Command References for HP Unified Wired-WLAN Products. Parameters event: Specifies system event logs. malformed-packet: Specifies error packet logs. size value: Specifies the size of a certain type of logs in MB. The value range for this option depends on the device model.
WLAN optimization commands wlan option broadcast-buffer enable Use wlan option broadcast-buffer enable to enable buffering of multicast and broadcast packets. Use undo wlan option broadcast-buffer enable to disable buffering of multicast and broadcast packets. Syntax wlan option broadcast-buffer enable undo wlan option broadcast-buffer enable Views System view Default An AP buffers all multicast and broadcast packets when an associated client is in sleep state.
Parameters reuse-level: Specifies a channel reuse level, in the range of 1 to 10. A value of 1 specifies the highest reuse level. HP recommends that you set the reuse level to 5. Examples # Specify the channel reuse level as 6. system-view [sysname] wlan option channel-reuse 6 wlan option channel-share Use wlan option channel-share to enable channel sharing adjustment and specify a power level.
Views System view Default command level 2: System level Parameters dot11b: Specifies the 802.11b client type. dot11ag: Specifies the 802.11a and 802.11g client types. dot11n: Specifies the 802.11n client type. inbound: Limits the rate of incoming packets (from client to AP). outbound: Limits the rate of outgoing packets (from AP to client). cir: Sets the CIR in the range of 1 to 2097152 kbps. cbs: Sets the CBS in the range of 1 to 268435456 bytes.
Examples # Enable the AP to trigger client reconnection. system-view [sysname] wlan option client-reconnect-trigger 20 wlan option client-reject Use wlan option client-reject to reject clients with signal strength lower than an RSSI. HP recommends that you set the RSSI to 10 dBm. Use undo wlan option client-reject to restore the default. Syntax wlan option client-reject rssi undo wlan option client-reject Default This feature is disabled.
Parameters packet-number max-packets: Specifies the maximum number of MPDUs aggregated in an A-MPDU, in the range of 1 to 64. HP recommends that you set the max-packets to 8. packet-length max-length: Specifies the maximum A-MPDU length, in the range of 2000 to 60000 bytes. HP recommends that you set the max-length to 6000. Usage guidelines The two thresholds take effect at the same time. If either threshold is reached, the AP stops aggregation and sends the A-MPDU. Examples # Enable 802.
Default The maximum transmission times for probe responses is 2. Views System view Default command level 2: System level Parameters trynum: Specifies the maximum transmission times for probe responses in the range of 1 to 16. Examples # Configure the maximum transmission times for probe responses as 5. system-view [Sysname] wlan option probe-response-try 5 wlan option rate-algorithm Use wlan option rate-algorithm to specify the rate algorithm.
Examples # Specify the rate algorithm as LPL. system-view [sysname] wlan option rate-algorithm lpl wlan option roam-navigation level Use wlan option roam-navigation level to enable roaming navigation. Use undo wlan option roam-navigation level to disable roaming navigation. Syntax wlan option roam-navigation level level [ rssi client-level ] undo wlan option roam-navigation Default Roaming navigation is disabled.
Default The AP is disabled from receiving all broadcasts. Views System view Default command level 2: System level Examples # Enable the AP to receive all broadcasts. system-view [sysname] wlan option rx-broadcast-all enable wlan option signal-ignore Use wlan option signal-ignore to ignore signals weaker than the specified RSSI. Use undo wlan option signal-ignore to restore the default. Syntax wlan option signal-ignore rssi undo wlan option signal-ignore Default This feature is disabled.
Default Per-packet TPC based on signal strength of clients is disabled. Views System view Default command level 2: System level Parameters rssithreshold: Specifies the RSSI threshold of received packets, in the range of 20 to 95. By default, the value is 65. rssistep: Specifies the step value for RSSI modification, in the range of 1 to 20. By default, the value is 10. powerstep: Specifies the step value for transmission power decrease, in the range of 1 to 15. By default, the value is 15.
wlan option traffic-shaping enable Use wlan option traffic-shaping enable to enable traffic shaping based on link status. Use undo wlan option traffic-shaping enable to restore the default. Syntax wlan option traffic-shaping enable undo wlan option traffic-shaping enable Default Traffic shaping based on link status is disabled.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEFGHIJKLMNPQRSTUVW beacon-measurement enable,14 A beacon-measurement interval,15 ac,291 beacon-measurement type,15 action,360 bind wlan-ess,16 adjacent-channel interference trap,164 bind wlan-mesh,266 ados enable,360 blocklist-action block,364 aggregation-ac,336 bonjour-gateway enable,342 a-mpdu enable,9 bonjour-policy,342 a-msdu enable,10 broadcast-probe reply,17 ani enable,11 antenna gain,11 C antenna type,12 channel,17 ap,125 channel band-width,18 ap radio,164 channel ho
countermeasure static (countermeasures policy view),370 detect malformed-assoc-req action,390 countermeasure static (WIPS view),370 detect malformed-ht-ie action,391 detect malformed-auth action,390 countermeasure unauthorized-client,371 detect null-probe-resp action,392 countermeasure uncategorized-ap,372 detect overflow-eapol-key action,392 countermeasure uncategorized-client,372 detect overflow-ssid action,393 countermeasure-policy (virtual security domain view),373 detect prohibited-channel,
display wlan country-code,38 display wlan spectrum-analysis channel-quality,322 display wlan forwarding-policy,39 display wlan spectrum-analysis device,322 display wlan guest-tunnel,336 display wlan statistics ap connect-history,47 display wlan ids attack-list,227 display wlan statistics client,48 display wlan ids detected,229 display wlan statistics client vlan-pool,306 display wlan ids history,239 display wlan statistics radio,49 display wlan ids permitted,233 display wlan statistics service-
dot11ac multicast-rate nss,188 dot1x supplicant enable,294 dot11ac support maximum-nss,188 dot1x supplicant password,295 dot11b,189 dot1x supplicant username,296 dot11b max-bandwidth,190 dtim,61 dot11bg adjacency-factor,190 dynamic-blacklist enable,245 dot11bg calibrate-channel,191 dynamic-blacklist lifetime,246 dot11bg calibrate-channel persistent,191 E dot11bg calibrate-channel pronto,192 echo-interval,108 dot11bg calibrate-channel self-decisive,193 edge-ac,338 dot11bg calibrate-channel
L nas-id,67 ldpc enable,63 nas-port-id,68 led-mode,64 P link rate-mode,276 permit-channel,460 link-backhaul-rate,271 pmf,145 link-hold-rssi,272 pmf association-comeback,145 link-hold-time,272 pmf saquery retry,146 link-initiation enable,273 pmf saquery timeout,146 link-keep-alive,273 portal-service enable,280 link-maximum-number,275 power holddown-time,207 link-saturation-rssi,274 power lock,68 link-switch-margin,274 power-constraint,208 load-balance access-denial,216 preamble,69 l
timer device-aging,476 rfid-tracking mode,311 roam enable,156 timer device-update,477 role-authenticator enable,281 timer dynamic-trustlist-aging,477 rts-threshold,73 timer reclassification,478 S timer statistic-period,479 tkip-cm-time,148 save wlan ap provision,300 track-method,479 scan channel,209 trap enable,81 scan report-interval,209 tunnel encryption ipsec pre-shared-key,301 scan type,210 U security-ie,148 sensor,463 undo wips-cfg-file oui,480 serial-id,114 unknown-client,82 servi
wlan ap-provision dns domain,304 wlan option channel-reuse,484 wlan ap-provision dns server,305 wlan option channel-share,485 wlan auto-ap enable,123 wlan option client-reconnect-trigger,486 wlan auto-ap persistent,123 wlan option client-reject,487 wlan auto-persistent enable,124 wlan option dot11n-restraint,487 wlan backup-ac,356 wlan option max-interfer-threshold,488 wlan backup-ac switch-delay,357 wlan option probe-response-try,488 wlan backup-client enable,358 wlan option rate-algorithm,4
