HP MSR Router Series WLAN Command Reference(V5) Part number: 5998-2048 Software version: CMW520-R2511 Document version: 6PW103-20140128
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents WLAN interface configuration commands ················································································································· 1 bandwidth ································································································································································· 1 default ·······································································································································································
wlan country-code ················································································································································· 40 wlan link-test ··························································································································································· 43 wlan service-template ············································································································································ 44 Workg
reset wlan ids statistics ·········································································································································· 78 Blacklist and whitelist configuration commands ········································································································· 80 display wlan blacklist ············································································································································ 80 display wlan whitelis
WLAN interface configuration commands The terms AP and fat AP in this document refer to MSR900, MSR93X (JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. bandwidth Use bandwidth to set the expected bandwidth for an interface. Use undo bandwidth to restore the default.
Usage guidelines This command might fail to restore the default settings for some commands because of command dependencies and system restrictions. You can use the display this command in interface view to check for these commands, and perform their undo forms or follow the command reference to individually restore their default settings. Follow the instructions in the error message to resolve the problem if the restoration attempt fails. The default command might interrupt ongoing network services.
Examples # Set the description for WLAN radio 2/0 to WLAN radio2 Interface. system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] description WLAN-Radio2 Interface display interface WLAN BSS Use display interface wlan-bss to display information about the specified WLAN BSS interface or all WLAN BSS interfaces if no WLAN BSS interface is specified.
PVID: 1 Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Port priority: 0 Last clearing of counters: Never Table 1 Command output Field Description WLAN-BSS1 current state Physical link state of a WLAN BSS interface. IP Packet Frame Type Output frame encapsulation type. Hardware Address MAC address of output frames. Description Description of the interface. PVID Default VLAN ID of the interface. Port link-type Port link type, which can be access or hybrid.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
display interface wlan-radio Use display interface wlan-radio to display information about a WLAN radio interface. Syntax display interface [ wlan-radio ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface wlan-radio interface-number [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-number: Specifies a WLAN radio interface by its number.
: 13565 unicasts, 520774 bytes : 16442 multicasts/broadcasts, 1015840 bytes : 0 fragmented : 5687 discarded, 263913 bytes : 0 duplicates, 3054 FCS errors : 2 decryption errors Output: 2032 packets, 468562 bytes : 7 unicasts, 1776 bytes : 312 multicasts/broadcasts, 40114 bytes : 1713 others, 426672 bytes : 0 fragmented : 0 discarded, 0 bytes : 0 failed RTS, 335 failed ACK : 334 transmit retries, 122 multiple transmit retries Table 3 Command output Field Description WLAN-Radio2/0 current state Physical li
Field Description 802.11n protection modes: • no protection mode(0)—The clients associated with the AP, and the wireless devices within the coverage of the AP operate in 802.11n mode, and all the clients associated with the AP operate in either 40 MHz or 20 MHz mode. • Non-member mode(1)—The clients associated with the AP operate in 802.11n mode, but non-802.11n wireless devices exist within the coverage of the AP. HT protection mode • 20 MHz mode(2)—The radio mode of the AP is 40 MHz.
Use undo interface wlan-bss to remove a WLAN BSS interface. Syntax interface wlan-bss interface-number undo interface wlan-bss interface-number Views System view Default command level 2: System level Parameters interface-number: Specifies a WLAN BSS interface by its number. Examples # Create the WLAN BSS interface numbered 1. system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] interface wlan-ethernet Use interface wlan-ethernet to enter WLAN Ethernet interface view.
Syntax interface wlan-radio interface-number Views System view Default command level 2: System level Parameters interface-number: Specifies a WLAN radio interface by its number. Examples # Enter WLAN-Radio 2/0 interface view. system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] shutdown (WLAN radio interface view) Use shutdown to shut down the current WLAN radio interface. Use undo shutdown to bring up the current WLAN radio interface.
Default A WLAN BSS interface is up. Views WLAN BSS interface view Default command level 2: System level Usage guidelines After a WLAN BSS interface is shut down, the connection between the interface and the wireless device will be torn down. Examples # Shut down interface WLAN-BSS 1.
WLAN access configuration commands The terms AP and fat AP in this document refer to MSR900, MSR93X and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. 802.11 MAC configuration commands a-mpdu enable Use a-mpdu enable to enable the Aggregated MAC Protocol Data Unit (A-MPDU) function for the radio. Use undo a-mpdu enable to disable the A-MPDU function for the radio. Syntax a-mpdu enable undo a-mpdu enable Default The A-MPDU function is enabled.
system-view [sysname] interface WLAN-Radio 2/0 [sysname-WLAN-Radio2/0] undo a-mpdu enable a-msdu enable Use a-msdu enable to enable the A-MSDU function for the radio. Use undo a-msdu enable to disable the A-MSDU function for the radio. Syntax a-msdu enable undo a-msdu enable Default The A-MSDU function is enabled. Views WLAN-radio interface view Default command level 2: System level Usage guidelines This command is only effective on 802.11n radios. If you change the radio type of an 802.
Use undo antenna type to restore the default. Syntax antenna type type undo antenna type Default The default setting for the command depends on the device model. Views WLAN radio interface view Default command level 2: System level Parameters type: Specifies the antenna type. Examples # Specify the antenna type.
[Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] beacon ssid-hide beacon-interval Use beacon-interval to set the interval for sending beacon frames. Beacon frames are transmitted at a regular interval to allow mobile clients to join the network. Use undo beacon-interval to restore the default beacon interval. Syntax beacon-interval interval undo beacon-interval Default The beacon interval is 100 TUs.
Parameters channel-number: Specifies a channel. The working channels depend on the country code and radio mode. The channel list depends on your device model. auto: Specifies that the channel is automatically selected by the device according to the actual environment during system initialization. Usage guidelines Different radios support different channels. Channels may differ for each country. Examples # Specify channel 6 for radio interface 1/0/2.
Paramete r 20 40 MSR90 0 MSR93X MSR20-1 X MSR20 MSR30 MSR50 MSR1000 No Available for MSR93X (WLAN & HSPA+), MSR93X (WLAN & EVDO) and MSR93X (WLAN). Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.
The following matrix shows the command and router compatibility: Command client dot11n-only MSR90 0 MSR93X MSR20-1 X MSR20 MSR30 MSR50 MSR1000 No Available for MSR93X (WLAN & HSPA+), MSR93X (WLAN & EVDO) and MSR93X (WLAN). Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.
[Sysname-wlan-st-1] ssid service [Sysname-wlan-st-1] client max-count 10 display wlan client Use display wlan client to display WLAN client information. The information is displayed in the order of client MAC address.
Table 4 Command output Field Description SSID SSID with which the client is associated. MAC address MAC address of the client. Username of the client: • The field is displayed as -NA- if the client adopts plain-text authentication or cipher-text authentication with no username. User Name • The field is irrelevant to the portal authentication method. If the client uses the portal authentication method, the field does not display the portal username of the client.
Roam Count : 0 Up Time (hh:mm:ss) : 00:05:15 ------------------------------------------------------------------------------- Table 5 Command output Field Description MAC address MAC address of the client. Username of the client: • The field is displayed as -NA- if the client adopts plain-text authentication or User Name cipher-text authentication with no username. • The field is irrelevant to the portal authentication method.
Field Description RSSI Received signal strength indication. This value indicates the client signal strength detected by the AP. Rx/Tx Rate Represents the receiving and sending rates of the frames such as data, management, and control frames. Client Type Client type such as RSN, WPA, or Pre-RSN. Authentication Method Authentication method such as open system or shared key. AKM Method AKM suite used such as Dot1X or PSK.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the configuration information for service template 1.
Field Description GTK Rekey Packets Number of packets for GTK rekey. Service Template Status Status such as enabled or disabled. Maximum clients per BSS Maximum number of associated clients per BSS. display wlan statistics client Use display wlan statistics client to display client statistics.
Voice (Frames/Bytes) : 2/76 Received Frames: Back Ground (Frames/Bytes) : 0/0 Best Effort (Frames/Bytes) : 18/2437 Video (Frames/Bytes) : 0/0 Voice (Frames/Bytes) : 7/468 Discarded Frames: Back Ground (Frames/Bytes) : 0/0 Best Effort (Frames/Bytes) : 0/0 Video (Frames/Bytes) : 0/0 Voice (Frames/Bytes) : 5/389 -------------------------------------------------------------------------- Table 7 Command output Field Description SSID SSID to which the client is associated.
Default command level 1: Monitor level Parameters service-template-number: Service template number in the range of 1 to 1024. connection-history: Displays the connection history. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description Receive statistics: • • • • • Receive Frame Count—Number of frames received. Frame Bytes—Number of bytes received. Data Frame Count—Number of data frames received. Data Frame Bytes—Number of data bytes received. Associate Frame Count—Number of association requests received. Send statistics: • • • • • Send Frame Count—Number of frames sent. Frame Bytes—Number of bytes sent. Data Frame Count—Number of data frames sent. Data Frame Bytes—Number of data bytes sent.
Field Description Failures Total number of failed associations. Reassociations Total number of reassociations. Rejections Total number of associations rejected. Exceptional Deassociations Total number of exceptional associations. Current Associations Number of current associations. distance Use distance to configure the maximum distance that the radio can cover. Use undo distance to restore the default. Syntax distance distance undo distance Default The radio can cover 1 km (0.
Default The DTIM is 1. Views WLAN radio interface view Default command level 2: System level Parameters counter: Number of beacon intervals between DTIM transmissions. The value is in the range of 1 to 31. Examples # Set the DTIM counter to 10. system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] dtim 10 fast-association enable Use fast-association enable to enable fast association. Use undo fast-association enable to disable fast association.
Syntax fragment-threshold size undo fragment-threshold Default The fragment threshold is 2346 bytes. Frames that exceed 2346 bytes are fragmented. Views WLAN radio interface view Default command level 2: System level Parameters size: Maximum frame length without fragmentation. The value is in the range of 256 to 2346 bytes and must be an even number. Examples # Specify the fragment threshold as 2048 bytes.
max-power Use max-power to configure the maximum transmission power on the radio. Use undo max-power to restore the default. Syntax max-power radio-power undo max-power Default The maximum radio power varies with country codes, channels, AP models, radio types, and antenna types. If 802.11n is adopted, the maximum radio power also depends on the bandwidth mode.
Examples # Set the max-rx-duration as 5000 milliseconds. system-view [Sysname] interface WLAN-Radio 2/0 [Sysname-WLAN-Radio2/0] max-rx-duration 5000 preamble Use preamble to specify the type of preamble an AP can support. Syntax preamble { long | short } undo preamble Default The short preamble is supported. Views WLAN radio interface view Default command level 2: System level Parameters long: Indicates that only frames with a long preamble can be transmitted.
Views WLAN radio interface view Default command level 2: System level Parameters cts-to-self: Specifies the Clear to Send (CTS)-to-Self collision avoidance mechanism. rts-cts: Specifies the Request to Send (RTS)/CTS collision avoidance mechanism. Usage guidelines Compared with RTS/CTS, CTS-to-Self reduces the number of control frames. However, data collisions still occur when some clients are hidden and thus cannot receive the CTS frames sent by the AP.
Parameter MSR900 MSR93X MSR20-1X MSR20 MSR30 MSR50 MSR1000 dot11b Yes Yes Yes Yes Yes Yes Yes dot11g Yes Yes Yes Yes Yes Yes Yes No Available for MSR93X (WLAN & HSPA+), MSR93X (WLAN & EVDO) and MSR93X (WLAN). Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.
Views User view Default command level 2: System level Parameters all: Clears the statistics of all clients. mac-address mac-address: Clears the statistics of the client. Examples # Clear the statistics of all clients. reset wlan statistics client all rts-threshold Use rts-threshold to specify the request to send (RTS) threshold length. If a frame is larger than this value, the RTS mechanism is used. Use undo rts-threshold to restore the default.
service-template (WLAN radio interface view) NOTE: Support for this command depends on the device model (only supported on fat APs). Use service-template to map a service template to the current radio. Syntax service-template service-template-number interface wlan-bss wlan-bss-number undo service-template service-template-number Default No service-template is mapped to a WLAN-BSS interface on a WLAN radio interface.
Examples # Enable service template 1. system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid clear [Sysname-wlan-st-1] authentication-method open-system [Sysname-wlan-st-1] service-template enable short-gi enable Use short-gi enable to enable the short GI function. Use undo short-gi enable to disable the short GI function. Syntax short-gi enable undo short-gi enable Default The short GI function is enabled.
Syntax short-retry threshold count undo short-retry threshold Default The short retry threshold is 7. Views WLAN radio interface view Default command level 2: System level Parameters count: Number of times the AP can send a short unicast frame (less than the RTS threshold) if no acknowledgment is received for it. The value is in the range of 1 to 15. Examples # Specify the short retry threshold as 10.
system-view [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid firstfloor wlan broadcast-probe reply Use wlan broadcast-probe reply to enable the AP to respond to the probe requests without SSID. Use undo wlan broadcast-probe reply to remove the configuration to cause the AP to only respond to probe requests that carry the specified SSID. Syntax wlan broadcast-probe reply undo wlan broadcast-probe reply Default An AP responds to probe requests without SSID.
Examples # Specify the client idle timeout as 600 seconds. system-view [Sysname] wlan client idle-timeout 600 wlan client keep-alive Use client keep-alive to specify the client keep alive interval. Use undo client keep-alive to restore the default. Syntax wlan client keep-alive interval undo wlan client keep-alive Default The client keep-alive functionality is disabled. Views System view Default command level 2: System level Parameters interval: Interval between keep alive requests.
Default command level 2: System level Parameters code: Specifies a global country code. See Table 10.
Country Code Country Code Dominica DO Poland PL Algeria DZ Philippines PH Ecuador EC Pakistan PK Estonia EE Puerto Rico PR Egypt EG Portugal PT Spain ES Paraguay PY Faroe Islands FO Qatar QA Finland FI Romania RO France FR Russian Federation RU Britain GB Saudi Arabia SA Georgia GE Sweden SE Gibraltar GI Singapore SG Greenland GL Slovenia SI Guadeloupe GP Slovak SK Greece GR San Marino SM Guatemala GT Salvador SV Guyana GY Syrian SY Hon
Usage guidelines The country code determines characteristics such as the power level and the total number of channels. You must set the correct country code or area code for a WLAN device (AC or AP). If an AP is configured with a country code in AP template view or has a fixed country code, changing the global country code does not affect the country code of the AP. The country code for North American models cannot be modified and that for other models can be modified at the CLI.
9 36 5 5 11 0 0 10 48 5 5 10 0 0 11 54 5 5 11 0 0 Table 11 RFPing operation results Field Description • The No. field is displayed for an RFPing operation to a non 802.11n client, No./MCS indicating the rate index of the client. • The MCS field is displayed for an RFPing operation to an 802.11n client, indicating the MCS value of the client. Rate(Mbps) Rate for the radio interface to send ping packets. TxCnt Number of ping packets sent by the radio interface.
Usage guidelines You cannot change an existing service template to another type. To do so, delete the existing service template and configure a new service template with the new type. Examples # Create service template 1. system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] Workgroup bridge configuration commands client-mode authentication-method Use client-mode authentication-method to configure the authentication method for the workgroup bridge.
Syntax client-mode cipher-suite { ccmp | tkip | { wep40 | wep104 | wep128 } [ key-id key-id ] } key [ cipher | simple ] key undo client-mode cipher-suite Default No cipher suite and pre-shared key are configured for the workgroup bridge. Views WLAN radio interface view Default command level 2: System level Parameters ccmp: Enables the CCMP cipher suite. tkip: Enables the TKIP cipher suite. wep40: Enables the WEP-40 cipher suite. wep104: Enables the WEP-104 cipher suite.
Views WLAN radio interface view Default command level 2: System level Examples # Connect the AP in client mode to the wireless network. system-view [Sysname] interface wlan-radio 2/0 [Sysname-WLAN-Radio2/0] client-mode connect client-mode disconnect Use client-mode disconnect to disconnect the workgroup bridge from the wireless network.
Parameters bss-id: WLAN-BSS interface number. Usage guidelines Workgroup bridge related configurations can be applied only when workgroup bridge mode is enabled. When the workgroup bridge mode is disabled, all workgroup bridge related configurations are automatically removed. Examples # Enable workgroup bridge mode for the radio interface and bind the radio interface to WLAN-BSS 1.
Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Authentication method: Authentication Method • Open-System. • Shared-Key. • WPA2-PSK. Cipher suite: Cipher Suite • • • • • WEP40. WEP104. WEP128. TKIP. AES-CCMP. Key: Key • (Cipher)—Cipher-text key is displayed in cipher text. • (Simple)—Cipher-text key is displayed in simple text. WEP Key ID WEP key ID. Association status: Status • Connected. • Disconnected. Received Data Packets Number of received data frames.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the scanned wireless services and signal quality.
Default No permitted SSID is specified for a user profile, which means that users can access the WLAN through any SSID. Views User profile view Default command level 2: System level Parameters ssid-name: Name of a permitted SSID. It is a case-sensitive string of 1 to 32 characters that can contain letters, numbers, underlines, and spaces. The maximum number of permitted SSIDs in a user profile varies depending on the device model. Examples # Specify permitted SSID VIPguest for user profile management.
WLAN RRM configuration commands NOTE: The terms AP and fat AP in this document refer to MSR900, MSR93X(JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. autochannel-set avoid-dot11h Use autochannel-set avoid-dot11h to configure that only the non-dot11h channels of the country code are scanned during initial channel selection. Use undo autochannel-set to restore the default.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Mandatory Rates that at least one of the APs is required to support. Supported Additional rates supported by the client or AP. Disabled Rates at which an AP does not transmit data. 11g Protection 802.11g protection: Enabled or Disabled. 11g Protection Mode 802.11g protection mode: CTS-to-Self or RTS/CTS. 11n Protection Mode 802.11n protection mode: CTS-to-Self or RTS/CTS. 11h Configuration 802.11h configuration. Spectrum Management Enabled or disabled.
[Sysname] wlan rrm [Sysname-wlan-rrm] dot11b disabled-rate 1 [Sysname-wlan-rrm] dot11b multicast-rate 11 [Sysname-wlan-rrm] dot11b supported-rate 11 dot11b max-bandwidth Use dot11b max-bandwidth to configure the maximum 802.11b bandwidth. Use undo dot11b max-bandwidth to restore the default. Syntax dot11b max-bandwidth 11b-bandwidth undo dot11b max-bandwidth Default The maximum 802.11b bandwidth is 7000 kbps.
Default command level 2: System level Parameters disabled-rate: Specifies disabled rates. mandatory-rate: Specifies mandatory rates. multicast-rate: Specifies multicast rates, which are the rates at which the AP send multicasts to clients. Multicasts rates must be selected from the mandatory rates. supported-rate: Specifies supported rates. rate-value: The following rates can be specified. • 1 Mbps • 2 Mbps • 5.
Default command level 2: System level Parameters 11g-bandwidth: Maximum 802.11g bandwidth in kbps. It is in the range of 16 to 30000 kbps. Examples # Configure the maximum 802.11g bandwidth as 6000 kbps. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11g max-bandwidth 6000 dot11g protection enable Use dot11g protection enable to enable 802.11g protection. Use undo dot11g protection enable to restore the default. Syntax dot11g protection enable undo dot11g protection enable Default 802.
Default command level 2: System level Parameters cts-to-self: Specifies the Clear to Send (CTS)-to-Self mode. rts-cts: Specifies the Request to Send (RTS)/CTS mode. Examples # Configure the 802.11g protection mode as RTS/CTS. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] dot11g protection-mode rts-cts dot11n mandatory maximum-mcs Use dot11n mandatory maximum-mcs to specify the maximum MCS index for 802.11n mandatory rates. Use undo dot11n mandatory maximum-mcs to remove the configuration.
Examples # Specify the maximum MCS index for 802.11n mandatory rates as 15. system-view [sysname] wlan rrm [sysname-wlan-rrm] dot11n mandatory maximum-mcs 15 dot11n max-bandwidth The following matrix shows the command and router compatibility: Command dot11n max-bandwidt h MSR90 0 No MSR93X MSR20-1 X MSR20 MSR30 MSR50 MSR100 0 Available for JG512A, JG519A and JG597A Only available for routers with a SIC-WLA N module that supports 802.
Use undo dot11n multicast-rate to remove the configuration. Syntax dot11n multicast-rate index undo dot11n multicast-rate Default The maximum MCS index for 802.11n multicast rates is not configured. Views RRM view Default command level 2: System level Parameters index: Specifies the maximum MCS index for 802.11n multicast rates, in the range of 0 to 76. Usage guidelines The multicast MCS is adopted only when all the clients use 802.11n. If a non 802.
Command dot11n protection enable MSR90 0 No MSR93X MSR20-1 X MSR20 MSR30 MSR50 MSR100 0 Available for JG512A, JG519A and JG597A Only available for routers with a SIC-WLA N module that supports 802.11n Only available for routers with a SIC-WLAN module that supports 802.11n Only available for routers with a SIC-WLA N module that supports 802.11n Only available for routers with a SIC-WLA N module that supports 802.11n Only available for routers with a SIC-WLA N module that supports 802.
Use undo dot11n protection-mode to restore the default. Syntax dot11n protection-mode { cts-to-self | rts-cts } undo dot11n protection-mode Default The 802.11n protection mode is CTS-to-Self. Views WLAN RRM view Default command level 2: System level Parameters cts-to-self: Specifies the Clear to Send (CTS)-to-Self mode. rts-cts: Specifies the Request to Send (RTS)/CTS mode. Examples # Configure the 802.11n protection mode as RTS/CTS.
Command dot11n support maximum-mcs MSR90 0 No MSR93X MSR20-1 X MSR20 MSR30 MSR50 MSR100 0 Available for JG512A, JG519A and JG597A Only available for routers with a SIC-WLA N module that supports 802.11n Only available for routers with a SIC-WLA N module that supports 802.11n Only available for routers with a SIC-WLA N module that supports 802.11n Only available for routers with a SIC-WLA N module that supports 802.11n Only available for routers with a SIC-WLA N module that supports 802.
Syntax scan type { active | passive } undo scan type Default The scan type is passive. Views WLAN RRM view Default command level 2: System level Parameters active: Sets the active scanning mode. passive: Sets the passive scanning mode. Examples # Set the scan type to active. system-view [Sysname] wlan rrm [Sysname-wlan-rrm] scan type active wlan rrm Use wlan rrm to enter WLAN RRM view. Syntax wlan rrm Views System view Default command level 2: System level Examples # Enter WLAN RRM view.
WLAN security configuration commands The terms AP and fat AP in this document refer to MSR900, MSR93X(JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. authentication-method Use authentication-method to enable an 802.11 authentication method. You can enable open system authentication, shared key authentication or both. Use undo authentication-method to disable the selected authentication method.
Default No cipher suite is selected. Views Service template view Default command level 2: System level Parameters ccmp: Enables the AES-CCMP cipher suite. tkip: Enables the TKIP cipher suite. TKIP is an encryption mechanism that uses RC4 encryption algorithm and dynamic key management. wep40: Enables the WEP-40 cipher suite. WEP is an encryption mechanism that uses RC4 encryption algorithm and dynamic key management. wep104: Enables the WEP-104 cipher suite. wep128: Enables the WEP-128 cipher suite.
gtk-rekey enable Use gtk-rekey enable to enable GTK rekey. Use undo gtk-rekey enable to disable GTK rekey. Syntax gtk-rekey enable undo gtk-rekey enable Default GTK rekey is enabled. Views Service template view Default command level 2: System level Examples # Disable GTK rekey. system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] undo gtk-rekey enable gtk-rekey method Use gtk-rekey method to select a mechanism for re-keying the GTK.
time: Time after which the GTK is refreshed. The value is in the range of 180 to 604800 seconds defaults to 86400 seconds. Usage guidelines The method configured later overwrites the previous one. For example, if you configure the packet-based method and then configure the time-based method, the time-based method is enabled. Examples # Enable packet-based GTK rekeying and the packet number is 60000.
Views Service template view Default command level 2: System level Parameters rsn: Enables the Robust Security Network (RSN) information element in the beacon and probe response frames sent by the AP. The RSN IE advertises the RSN capabilities of the AP. wpa: Enables the Wi-Fi Protected Access (WPA) Information element in the beacon and probe response frames sent by the AP. The WPA IE advertises the WPA capabilities of the AP. Examples # Enable the WPA-IE in the beacon and probe responses.
wep default-key Use wep default-key to configure the WEP default key. Use undo wep default-key to delete the configured WEP default key. Syntax wep default-key key-index { wep40 | wep104 | wep128} { pass-phrase | raw-key } [ cipher | simple ] key undo wep default-key key-index Default The WEP default key index number is 1. Views Service template view Default command level 2: System level Parameters key-index: The key index values can be: 1: Configures the 1st WEP default key.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text. Examples # Specify the first WEP default key as a simple text key 12345. system-view [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] wep default-key 1 wep40 pass-phrase simple 12345 wep key-id Use wep key-id to specify the default WEP key used in the encryption and decryption of broadcast and multicast frames. There are 4 static keys in WEP. The key index can be 1, 2, 3, or 4.
WLAN IDS configuration commands The terms AP and fat AP in this document refer to MSR900, MSR93X(JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. WLAN IDS rogue detection configuration commands wlan device-detection enable Use wlan device-detection enable to configure the AP to operate in hybrid mode. Use undo wlan device-detection enable to restore the default.
Views System view Default command level 2: System level Usage guidelines This view enables you to configure WLAN IDS parameters such as scan parameters and device lists. Examples # Enter WLAN IDS view. system-view [Sysname] wlan ids [Sysname-wlan-ids] wlan work-mode monitor Use wlan work-mode monitor to configure the AP to operate in monitor mode. Use undo wlan work-mode monitor to restore the default.
WLAN IDS attack detection configuration commands attack-detection enable Use attack-detection enable to enable the WIDS-IPS detection of various DoS attacks. Use undo attack-detection enable to restore the default. Syntax attack-detection enable { all | flood | spoof | weak-iv } undo attack-detection enable Default No WIDS-IPS detection is enabled. Views WLAN IDS view Default command level 2: System level Parameters all: Enables detection of all kinds of attacks.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
display wlan ids statistics Use display wlan ids statistics to display the count of attacks detected. Syntax display wlan ids statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Total Provides the total count of the attacks detected since the system startup. Probe Request Frame Flood Attack Number of probe request frame flood attacks detected. Authentication Request Frame Flood Attack Number of authentication request frame flood attack detected. Deauthentication Frame Flood Attack Number of de-authentication frame flood attacks detected. Association Request Frame Flood Attack Number of association request frame flood attacks detected.
Views User view Default command level 1: Monitor level Usage guidelines This command clears both the "current" and "total" of all attack types in the WLAN IDS statistics table. Examples # Clear WLAN IDS statistics.
Blacklist and whitelist configuration commands display wlan blacklist Use display wlan blacklist to display the static or dynamic blacklist entries. Syntax display wlan blacklist { static | dynamic } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters static: Displays static blacklist entries. dynamic: Displays dynamic blacklist entries. |: Filters command output by specifying a regular expression.
------------------------------------------------------------------------------MAC-Address APID Lifetime(s) Last Updated Since(hh:mm:ss) Reason ------------------------------------------------------------------------------000f-e2cc-0001 1 60 00:02:11 Assoc-Flood 000f-e2cc-0002 2 60 00:01:17 Deauth-Flood 000f-e2cc-0003 3 60 00:02:08 Auth-Flood Table 18 Command output Field Description MAC-Address MAC address of the device inserted into the dynamic blacklist.
001c-f0bf-9c92 0000-0000-00EE 0400-0000-0000 0400-0000-00EE -------------------------------------------------------------------------- Table 19 Command output Field Description MAC-Address MAC addresses of clients in the white list. dynamic-blacklist enable Use dynamic-blacklist enable to enable the dynamic blacklist feature. Use undo dynamic-blacklist enable to disable the dynamic blacklist feature.
undo dynamic-blacklist lifetime Default The lifetime is 300 seconds. Views WLAN IDS view Default command level 2: System level Parameters lifetime: Interval in the range of 60 to 3600 seconds. Usage guidelines If a dynamic blacklist entry is not detected within the lifetime, the entry is removed from the dynamic blacklist. Examples # Specify a lifetime of 1200 seconds for dynamic blacklist entries.
Use undo static-blacklist to remove the client with the specified MAC address or all clients from the static blacklist. Syntax static-blacklist mac-address mac-address undo static-blacklist { mac-address mac-address | all } Views WLAN IDS view Default command level 2: System level Parameters mac-address: Adds/deletes a client to/from the static blacklist. all: Deletes all entries from the static blacklist. Default No static blacklist exists.
Default No white list exists. Usage guidelines Clients in the white list can be associated with the AP. The maximum number of entries in the white list depends on the device model. Examples # Add the client with MAC address 001c-f0bf-9c92 to the white list.
WLAN QoS commands The terms AP and fat AP in this document refer to MSR900, MSR93X(JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. client-rate-limit direction (WLAN service-based) Use client-rate-limit direction to configure WLAN service-based client rate limiting. Use undo client-rate-limit direction to restore the default.
display wlan client-rate-limit Use display wlan client-rate-limit service-template to display WLAN service-based client rate limiting information. Syntax display wlan client-rate-limit service-template [ service-template-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters service-template service-template-number: Specifies a service template by its number.
Field Description CIR(kbps) Rate limit (in kbps) display wlan wmm Use display wlan wmm radio to display the WMM information of the specified radio or all radios. Use display wlan wmm client to display the WMM information of the client identified by the specified MAC address, of the clients associated with the specified radio, or of all clients.
CAC Information Client accepted : 0 Voice : 0 Video : 0 Total request mediumtime(us) : 0 Voice(us) : 0 Video(us) : 0 Calls rejected due to insufficient resource : 0 Calls rejected due to invalid parameters : 0 Calls rejected due to invalid mediumtime : 0 Calls rejected due to invalid delaybound : 0 QoS Mode : WMM Admission Control Policy : Users Threshold users count : 20 CAC-Free's AC Request Policy : Response Success CAC Unauthed Frame Policy : Downgrade CAC Medium Time Limit
Field Description Radio chip max AIFSN Maximum AIFSN allowed by the radio chip. Radio chip max ECWMIN Maximum ECWmin allowed by the radio chip. Radio chip max TXOPLimit Maximum TXOPLimit allowed by the radio chip. Radio chip max ECWMAX Maximum ECWmax allowed by the radio chip. Station accepted Number of stations that have been admitted to access the radio. Voice Mediumtime in use(microsecond per second) Total medium time of voice traffic (in microseconds per second).
Field Description Indicates whether an AC queue is controlled by CAC: • Disabled—Indicates that the AC queue is not controlled by CAC. CAC • Enabled—Indicates that the AC queue is controlled by CAC. # Display the WMM information of all the clients.
Field Description AC Access category. APSD attribute of an AC queue: State • T—Indicates that the AC queue is trigger-enabled. • D—Indicates that the AC queue is delivery-enabled. • T | D—Indicates that the AC queue is both trigger-enabled and delivery-enabled. • L—Indicates that the AC queue is of legacy attributes. Assoc State APSD attributes of the four AC queues specified when a client accesses the AP. Uplink CAC packets Number of uplink CAC packets.
Syntax reset wlan wmm { radio [ interface wlan-radio wlan-radio-number ] | client { all | interface wlan-radio wlan-radio-number | mac-address mac-address } } Views User view Default command level 2: System level Parameters radio: Clears the WMM statistics for radios. interface wlan-radio wlan-radio-number: Specifies a WLAN-radio interface. When the option follows the radio keyword, the command clears WMM information of radios connected to the WLAN-radio interface.
users-number: Maximum number of clients allowed to be connected, which ranges from 0 to 64. This argument is 20 by default. A client is counted only once, even if it is using both the AC-VO and AC-VI queues. Examples # Configure CAC to use the channel utilization-based admission policy, with the channel utilization rate being 70%.
noack: Specifies the AC queue to use the No ACK policy. The protocol defines two ACK policies: Normal ACK and No ACK. txoplimit-value: TXOPLimit parameter of EDCA, which ranges from 0 to 65535 (in units of 32 microseconds). The TXOP value of 0 indicates that only one MPDU can be transmitted. The range of this argument is limited by the radio chip capability. ecwmin-value: ECWmin parameter of EDCA, which ranges from 0 to 15. The range of this argument is limited by the radio chip capability.
Default command level 2: System level Parameters ac-vo: Specifies the AC-VO (voice traffic) queue. ac-vi: Specifies the AC-VI (video traffic) queue. all: Specifies all the EDCA parameters. cac: Enables CAC. The AC-VO and AC-VI queues support CAC, which is disabled by default. The AC-BE and AC-BK queues do not support CAC. aifsn-value: AIFSN parameter of EDCA, which ranges from 2 to 15. ecwmin-value: ECWmin parameter of EDCA, which ranges from 0 to 15.
Table 25 Default EDCA parameter settings for clients AC queue AIFSN ECWmin ECWmax TXOP Limit AC-BK queue 7 4 10 0 AC-BE queue 3 4 10 0 Views WLAN-Radio interface view Default command level 2: System level Parameters ac-be: Specifies the AC-BE (best-effort traffic) queue. ac-bk: Specifies the AC-BK (background traffic) queue. all: Specifies all the EDCA parameters. aifsn-value: AIFSN parameter of EDCA, in the range of 2 to 15. ecwmin-value: ECWmin parameter of EDCA, in the range of 0 to 15.
Default The WMM function is enabled. Views WLAN-Radio interface view Default command level 2: System level Usage guidelines The 802.11n protocol stipulates that all 802.11n clients support WLAN QoS. Therefore, when the radio operates in 802.11an or 802.11gn mode, you should enable WMM. Otherwise, the associated 802.11n clients might fail to communicate. Examples # Disable the WMM function.
[Sysname] interface WLAN-Radio2/0 [Sysname-WLAN-Radio2/0] wmm svp map-ac ac-vo 99
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDFGILMPRSTW display wlan ids statistics,77 A display wlan rrm,53 a-mpdu enable,12 display wlan service-template,22 a-msdu enable,13 display wlan statistics client,24 antenna type,13 display wlan statistics service-template,25 attack-detection enable,75 display wlan whitelist,81 authentication-method,66 display wlan wmm,88 autochannel-set avoid-dot11h,53 distance,28 B Documents,100 bandwidth,1 dot11b,55 beacon ssid-hide,14 dot11b max-bandwidth,56 beacon-interval,15 dot11g,56 C
long-retry threshold,30 ssid,38 M static-blacklist mac-address,83 Subscription service,100 max-power,31 max-rx-duration,31 T P tkip-cm-time,70 preamble,32 W protection-mode,32 Websites,100 ptk-lifetime,69 wep default-key,71 R wep key-id,72 whitelist mac-address,84 radio-type,33 wlan broadcast-probe reply,39 reset wlan client,34 wlan client idle-timeout,39 reset wlan dynamic-blacklist,83 wlan client keep-alive,40 reset wlan ids history,78 wlan country-code,40 reset wlan ids statistics
