HP MSR Router Series WLAN Configuration Guide(V5) Part number: 5998-2030 Software version: CMW520-R2511 Document version: 6PW103-20140128
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring WLAN interfaces····································································································································· 1 Configuring a WLAN radio interface ····························································································································· 1 Configuring a WLAN BSS interface ······························································································································· 1 WLAN Ethernet
Configuring 802.
Displaying and maintaining client rate limiting ································································································· 70 Client rate limiting configuration example·········································································································· 70 Support and other resources ····································································································································· 72 Contacting HP ·······························
Configuring WLAN interfaces NOTE: The terms AP and fat AP in this document refer to MSR900, MSR93X, and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. • Wireless routers support WLAN radio interfaces, which are physical interfaces that provide wireless network access. • Wireless routers support WLAN BSS and WLAN Ethernet virtual interfaces. WLAN radio interfaces on routers can be used as common physical access interfaces.
Step 7. Enter system view. Command Remarks system-view N/A If the WLAN BSS interface does not exist, this command creates the WLAN BSS interface first. 8. Enter WLAN BSS interface view. 9. Set the description string for the interface. interface wlan-bss interface-number When you bind a service with a WLAN-BSS interface in IMC, make sure the interface number of the WLAN BSS interface is no greater than 31. For more information about IMC, see HP Intelligent Management Center Getting Started Guide.
Entering WLAN Ethernet interface view Step Command Remarks 1. Enter system view. system-view N/A 2. Enter WLAN Ethernet interface view. interface wlan-ethernet interface-number If the WLAN Ethernet interface does not exist, this command creates the WLAN Ethernet interface first. 3. Specify the expected bandwidth for the interface. bandwidth bandwidth-value Optional. 4. Restore the default settings of the WLAN Ethernet interface. default Optional.
Step Command 11. Configure IP performance. • ip forward-broadcast • tcp mss 12. Configure policy-based routing. ip policy-based-route 13. Configure UDP helper. udp-helper server 14. Configure URPF. ip urpf 15. Configure fast forwarding. ip fast-forwarding 16. Configure basic IPv6 settings.
Step Command ospf authentication-mode simple 19. Configure OSPF. • • • • • • • • • • • • • • • • • • • • rip authentication-mode 20. Configure RIP. ospf authentication-mode ospf cost ospf dr-priority ospf mtu-enable ospf network-type ospf timer dead ospf timer hello ospf timer poll ospf timer retransmit ospf trans-delay rip input rip output rip metricin rip metricout rip poison-reverse rip split-horizon rip summary-address rip version 21. Configure IPv6 IS-IS. isis ipv6 enable ospfv3 cost 22.
Step Command 26. Configure PPPoE. • pppoe-server bind virtual-template • pppoe-client dial-bundle-number 27. Configure bridge sets.
Step Command • • • • • • • • • • • Configure IPv6 PIM 29. Configure QoS.
Step Command • port-security authorization ignore • port-security max-mac-count • port-security port-mode { mac-and-psk | mac-authentication | mac-else-userlogin-secure | mac-else-userlogin-secure-ext | psk | userlogin-secure | userlogin-secure-ext | userlogin-secure-ext-or-psk | userlogin-secure-or-mac | userlogin-secure-or-mac-ext } 38. Configure port security.
Configuring WLAN access The terms AP and fat AP in this document refer to MSR900, MSR93X (JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. WLAN access overview A WLAN can provide the following services: • WLAN client connectivity to conventional 802.
Scanning When a wireless client is operating, it usually uses both passive scanning and active scanning to get information about surrounding wireless networks. 1. Active scanning When a wireless client operates, it periodically searches for (scans) surrounding wireless networks. During active scanning, the wireless client actively sends probe request frames and obtains network signals from received probe response frames.
2. Passive scanning Passive scanning is used by clients to discover surrounding wireless networks through listening to the beacon frames periodically sent by an AP. All APs providing wireless services periodically send beacons frames, so that wireless clients can periodically listen to beacon frames on the supported channels to get information about surrounding wireless networks and connect to an AP. Passive scanning is used by a client when it wants to save battery power.
Figure 5 Network diagram LAN Segment PC Printer Hub Workgroup Bridge AP Client For an AP with two radios, you can configure one radio as a workgroup bridge and configure the other radio to provide normal access services. As shown in Figure 6, Radio 1 operates as a workgroup bridge, and Radio 2 provides normal access services. Clients associated with Radio 2 can access the network through the workgroup bridge Radio 1.
Step 2. Specify the global country code. Command Remarks wlan country-code code By default, the country code for North American models is US, and for other models is CN. Configuring a WLAN service template Creating a service template and specifying an SSID Step Command Remarks 1. Enter system view. system-view N/A 2. Create a WLAN service template and enter WLAN service template view.
Configuring the maximum number of associated clients Step Command Remarks 1. Enter system view. system-view N/A 2. Create a WLAN service template and enter WLAN service template view. wlan service-template service-template-number { clear | crypto } You cannot change an existing service template to another type. 3. Configure the maximum number of clients allowed to associate with a radio. client max-count max-number The default is 32. Command Remarks Enabling fast association Step 1.
Step 4. Command Enable the fat AP to respond to probe requests with null SSID. broadcast-probe reply Remarks Optional. The default setting is enabled. Configuring radio parameters Configuring radio parameters Step Command Remarks 1. Enter system view. system-view N/A 2. Enter radio interface view. interface wlan-radio interface-number N/A 3. Configure a radio type. radio-type { dot11b | dot11g | dot11gn } Optional. Optional. 4. Specify a working channel for the radio.
Step Command 10. Set the DTIM counter. dtim counter 11. Specify the maximum length of packets that can be transmitted without fragmentation. Remarks Optional. By default, the DTIM counter is 1. Optional. fragment-threshold size Optional. 12. Set the maximum number of retransmission attempts for frames larger than the RTS threshold. long-retry threshold count 13. Specify the maximum number of attempts to transmit a frame shorter than the RTS threshold. short-retry threshold count 14.
{ { Similar with MPDU aggregation, multiple MSDU can be aggregated into a single A-MSDU. This reduces the MAC header overhead and improves MAC layer forwarding efficiency. To improve physical layer performance, 802.11n introduces the short GI function, which shortens the GI interval of 800 ns in 802.11a/g to 400 ns. This can increase the data rate by 10 percent. To configure 802.11n: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter AP template view.
Step Command Remarks Optional. You can map multiple service templates to the radio. 4. Map a service template to the radio. service-template service-template-number interface wlan-bss interface-number If you use the WLAN BSS interface together with the IMC binding service, make sure the interface number of the WLAN BSS interface is no more than 31. For more information about IMC, see HP Intelligent Management Center Getting Started Guide. Enabling a radio Step Command Remarks 1.
Task Command Remarks Display WLAN client statistics. display wlan statistics client { all | mac-address mac-address } [ | { begin | exclude | include } regular-expression ] Available in any view. Cut off clients. reset wlan client { all | mac-address mac-address } Available in user view. Clear client statistics. reset wlan statistics client { all | mac-address mac-address } Available in user view.
Step Command Remarks 2. Create a WLAN-BSS interface and enter its view. interface wlan-bss wlan-bss N/A 3. Quit to user view. quit N/A 4. Enter radio interface view. interface wlan-radio interface-number N/A 5. Configure the radio as a workgroup bridge and bind the WLAN-BSS interface to the specified radio. client-mode interface wlan-bss wlan-bss By default, workgroup bridge mode is disabled. Connecting the workgroup bridge to the wireless network Step Command Remarks 1.
Task Command Remarks Display the wireless services scanned by the workgroup bridge and the signal quality. display wlan client-mode ssid [ ssid ] [ | { begin | exclude | include } regular-expression ] Available in any view. WLAN access configuration examples WLAN access configuration example Network requirements As shown in Figure 7, enable the client to access the internal network resources at any time. The AP provides a plain-text wireless access service with SSID service. 802.11g is adopted.
Feature 802.11n MSR900 MSR93X MSR20-1X MSR20 MSR30 MSR50 No Available for JG512A, JG519A and JG597A Available for routers with a SIC_WLAN module that supports 802.11n Available for routers with a SIC_WLAN module that supports 802.11n Available for routers with a SIC_WLAN module that supports 802.11n Available for routers with a SIC_WLAN module that supports 802.11n Network requirements As shown in Figure 8, deploy an 802.
Workgroup bridge mode configuration example Network requirements As shown in Figure 9, the AP is connected to a LAN, and the workgroup bridge is connected to the AP as a client and is connected to the PCs and printer through its Ethernet port. The workgroup bridge uses the shared-key (WEP) authentication method to access the wireless service China-net. Figure 9 Network diagram LAN Segment PC Printer Hub Workgroup Bridge AP Client Configuration procedure # Create a WLAN-BSS interface.
Key (Simple) : 12345 WEP Key ID : 1 SSID : China-net BSSID : 000f-e233-5501 Status : Connected -------------------------------------------------------------------------------Received Packets Data : 1324939 Management : 34876 Sent Packets Data : 46365 Discarded Packets : 38272 Rate(Rx/Tx) : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Online Duration : 0 days 0 hours 45 minutes 5 seconds -------------------------------------------------------------------------------- The output shows that the A
Configuring WLAN RRM NOTE: The terms AP and fat AP in this document refer to MSR900, MSR93X (JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. Overview Radio signals are susceptible to surrounding interference. The causes of radio signal attenuation in different directions are very complex. Make careful plans before deploying a WLAN network.
Step Command Remarks Optional. 3. Configure rates for 802.11b. dot11b { disabled-rate | mandatory-rate | multicast-rate | supported-rate } rate-value By default, no rates are disabled. Mandatory rates are 1 and 2. The multicast rate is automatically selected from mandatory rates. Supported rates are 5.5 and 11. Optional. 4. Configure rates for 802.11g. dot11g { disabled-rate | mandatory-rate | multicast-rate | supported-rate } rate-value By default, no rates are disabled.
MCS index Number of spatial streams Modulation 5 1 6 Data rate (Mbps) 800ns GI 400ns GI 64-QAM 52.0 57.8 1 64-QAM 58.5 65.0 7 1 64-QAM 65.0 72.2 8 2 BPSK 13.0 14.4 9 2 QPSK 26.0 28.9 10 2 QPSK 39.0 43.3 11 2 16-QAM 52.0 57.8 12 2 16-QAM 78.0 86.7 13 2 64-QAM 104.0 115.6 14 2 64-QAM 117.0 130.0 15 2 64-QAM 130.0 144.
• Supported rates—These are higher rates supported by the AP besides the mandatory rates. Supported rates allow some clients that support both mandatory and supported rates to choose higher rates when communicating with the AP. • Multicast rates—These are rates that are supported by the AP besides the mandatory rates. Multicast rates allow clients to send multicast traffic at the multicast rates. When you specify the maximum MCS index, you actually specify a range.
The configured maximum bandwidth does not take effect on radios enabled with intelligent bandwidth assurance. To validate the configured maximum bandwidth, you must disable the radios and then enable them. Step Command Remarks 1. Enter system view. system-view N/A 2. Enter WLAN RRM view. wlan rrm N/A By default: • 802.11b: dot11b max-bandwidth 11b-bandwidth Configure the maximum bandwidth. 3. • 802.11g: dot11g max-bandwidth 11g-bandwidth • 802.
Configuring 802.11g protection mode 802.11g protection modes include RTS/CTS and CTS-to-self. • RTS/CTS—An AP sends an RTS packet before sending data to a client. After receiving the RTS packet, all the devices within the coverage of the AP do not send data within the specified time. Upon receiving the RTS packet, the client sends a CTS packet. This ensures that all the devices within the coverage of the client do not send data within the specified time.
To enable 802.11n protection: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter WLAN RRM view. wlan rrm N/A Optional. Enable 802.11n protection. 3. dot11n protection enable By default, 802.11n protection is disabled. Enabling 802.11n protection reduces network performance. Configuring 802.11n protection mode 802.11n protection modes include RTS/CTS and CTS-to-self. • RTS/CTS—An AP sends an RTS packet before sending data to a client.
Step Command 4. Set the scan type. scan type { active | passive } 5. Set the scan report interval. scan report-interval seconds Remarks Optional. By default, the scan type is passive. Optional. By default, the scan report interval is 10 seconds. Optional. 6. Configure only non-dot11h channels to be scanned. autochannel-set avoid-dot11h By default, the default setting of the command depends on the scan channel command.
Configuring WLAN security The terms AP and fat AP in this document refer to MSR900, MSR93X(JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. Overview The wireless security incorporated in 802.11 is inadequate for protecting networks that contain sensitive information. They do a fairly good job defending against the general public, but not against good hackers.
d. The AP uses the shared key to de-encrypt the challenge and compares the result with that received from the client. If they are identical, the client passes the authentication. If not, the authentication fails.
header. The AES block algorithm in CCMP uses a 128-bit key and a 128-bit block size. Similarly, CCMP contains a dynamic key negotiation and management method, so that each wireless client can dynamically negotiate a key suite, which can be updated periodically to further enhance the security of the CCMP encryption mechanism. During the encryption process, CCMP uses a 48-bit packet number (PN) to ensure that each encrypted packet uses a different PN, improving the security to a certain extent.
802.11i IEEE Standard for Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements • Configuring WLAN security Configuration task list To configure WLAN security in a service template, map the service template to a radio policy, and add radios to the radio policy. The SSID name, advertisement setting (beaconing), and encryption settings are configured in the service template.
Configuring the PTK lifetime A pairwise transient key (PTK) is generated through a four-way handshake, during which, the pairwise master key (PMK), an AP random value (ANonce), a site random value (SNonce), the AP’s MAC address and the client’s MAC address are used. To configure the PTK lifetime: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter WLAN service template view. wlan service-template service-template-number crypto N/A 3. Configure the PTK lifetime.
Step Command Remarks Optional. 5. Configure the device to start GTK rekey when a client goes offline. gtk-rekey client-offline enable By default, the device does not start GTK rekey when a client goes offline. This command takes effect only when you execute the gtk-rekey enable command. Configuring GTK rekey based on packet Step Command Remarks 1. Enter system view. system-view N/A 2. Enter WLAN service template view. wlan service-template service-template-number crypto N/A 3.
To configure RSN security IE: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter WLAN service template view. wlan service-template service-template-number crypto N/A 3. Enable the RSN-IE in the beacon and probe responses. security-ie rsn By default, RSN-IE is disabled. Configuring cipher suite A cipher suite is used for data encapsulation and de-encapsulation.
Configuring TKIP cipher suite Message integrity check (MIC) is used to prevent attackers from data modification. It ensures data security by using the Michael algorithm. When a fault occurs to the MIC, the device will consider that the data has been modified and the system is being attacked. Upon detecting the attack, TKIP will suspend within the countermeasure interval. No TKIP associations can be established within the interval. To configure TKIP cipher suite: Step Command Remarks 1.
Step Command Remarks 3. Enable 802.11 key negotiation. port-security tx-key-type 11key By default, 802.11 key negotiation is not enabled. 4. Configure the pre-shared key. port-security preshared-key { pass-phrase | raw-key } [ cipher | simple ] key By default, no pre-shared key is configured. 5. Enable the PSK port security mode. port-security port-mode psk N/A Command Remarks Configuring 802.1X authentication Step 1. Enter system view. system-view N/A 2. Enter WLAN-BSS interface view.
Step 5. Configure the pre-shared key. Command Remarks port-security preshared-key { pass-phrase | raw-key } key The key is a string of 8 to 63 characters, or a 64-digit hex number. Displaying and maintaining WLAN security For more information about related display commands, see Security Command Reference. Task Command Remarks Display WLAN service template information.
system-view [Sysname] port-security enable # Configure the authentication mode as PSK, and the pre-shared key as 12345678, and enable 802.11 key negotiation.
[Sysname] port-security enable # Configure the port mode of the WLAN BSS interface as mac-and-psk (with the pre-shared key 12345678) and enable 802.11key negotiation. [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] port-security port-mode mac-and-psk [Sysname-WLAN-BSS1] port-security preshared-key pass-phrase 12345678 [Sysname-WLAN-BSS1] port-security tx-key-type 11key [Sysname-WLAN-BSS1] quit # Create service template 2 of crypto type and configure its SSID as mactest.
Configuring the RADIUS server The following takes the IMC (the IMC PLAT 5.1 SP1 (E0202P05) and IMC UAM 5.1 (E0301) ) as an example to illustrate the basic configurations of the RADIUS server. 1. Add an access device: a. Click the Service tab in the IMC platform. b. Select User Access Manager > Access Device Management from the navigation tree. c. Click Add. d.
b. Select User > All Access Users from the navigation tree to enter the user page. c. Click Add. d. On the page that appears, enter username 00146c8a43ff, set the account name and password both to 00146c8a43ff, select the service mac, and click Apply. Figure 17 Adding an account Verifying the configuration • After the client passes the MAC address authentication, the client can associate with the AP and access the WLAN.
[Sysname] dot1x authentication-method eap # Create a RADIUS scheme rad, and specify the extended RADIUS server type. [Sysname] radius scheme rad [Sysname-radius-rad] server-type extended # Configure the IP addresses of the primary authentication/authorization server as 10.18.1.88. [Sysname-radius-rad] primary authentication 10.18.1.88 [Sysname-radius-rad] primary accounting 10.18.1.88 # Configure the shared key for RADIUS authentication/authorization packets as 12345678.
3. Configure the wireless card: a. Double click the icon at the bottom right corner of your desktop. The Wireless Network Connection Status window appears. b. Click the Properties button in the General tab. The Wireless Network Connection Properties window appears. c. In the Wireless Networks tab, select the wireless network with the SSID dot1x, and then click Properties. The dot1x Properties window appears. See Figure 19. d.
Figure 19 Configuring the wireless card (1) 49
Figure 20 Configuring the wireless card (2) 50
Figure 21 Configuring the wireless card (3) Verifying the configuration. • Enter the username user and password dot1x. The client can pass 802.1X authentication and access the WLAN. • You can use the display wlan client command, display connection command and display dot1x command to view the online clients. Supported combinations for ciphers This section introduces the combinations that can be used during the cipher suite configuration.
Unicast cipher Broadcast cipher Authentication method Security Type CCMP TKIP PSK RSN CCMP CCMP PSK RSN TKIP WEP40 PSK RSN TKIP WEP104 PSK RSN TKIP WEP128 PSK RSN TKIP TKIP PSK RSN CCMP WEP40 802.1X RSN CCMP WEP104 802.1X RSN CCMP WEP128 802.1X RSN CCMP TKIP 802.1X RSN CCMP CCMP 802.1X RSN TKIP WEP40 802.1X RSN TKIP WEP104 802.1X RSN TKIP WEP128 802.1X RSN TKIP TKIP 802.
Unicast cipher Broadcast cipher Authentication method Security Type TKIP WEP104 802.1X WPA TKIP WEP128 802.1X WPA TKIP TKIP 802.1X WPA Pre-RSN For Pre-RSN stations, the WLAN-WSEC module supports only WEP cipher suites. (WEP40, WEP104 and WEP128 are mutually exclusive).
Configuring WLAN IDS The terms AP and fat AP in this document refer to MSR900, MSR93X(JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. Overview 802.11 networks are susceptible to a wide array of threats such as unauthorized access points and clients, ad hoc networks, and DoS attacks. Rogue devices are a serious threat to enterprise security.
Flood attack detection A flood attack refers to the case where WLAN devices receive large volumes of frames of the same kind within a short span of time. When this occurs, the WLAN devices are overwhelmed. Consequently, they are unable to service normal clients. WIDS attacks detection counters flood attacks by constantly keeping track of the density of traffic generated by each device.
Dynamic blacklist—Contains the MAC addresses of clients forbidden to access the WLAN. A client is dynamically added to the list if it is considered sending attacking frames until the timer of the entry expires. • When an AP receives an 802.11 frame, it checks the source MAC address of the frame and processes the frame by following these rules: 1. If the source MAC address does not match any entry in the white list, the frame is dropped.
• In normal mode, an AP provides WLAN data services but does not perform any scanning. • In monitor mode, an AP scans all Dot11 frames in the WLAN, but cannot provide WLAN services. An AP operating in this mode cannot provide WLAN service, and you do not need to configure a service template. • In hybrid mode, an AP can both scan devices in the WLAN and provide WLAN services.
Configuring blacklist and whitelist Perform this task to configure the static blacklist, static white list, enable dynamic blacklist feature, and configure the lifetime for dynamic entries. • WLAN IDS permits devices present in the static white list. You can add entries into or delete entries from the list. • WLAN IDS denies devices present in the static blacklist. You can add entries into or delete entries from the list. • WLAN IDS adds dynamically detected attack devices into the dynamic blacklist.
Task Command Remarks Display white list entries. display wlan whitelist [ | { begin | exclude | include } regular-expression ] Available in any view. Clear dynamic blacklist entries. reset wlan dynamic-blacklist { mac-address mac-address | all } Available in user view.
# Bind WLAN-Radio 2/0 to service template 1 and WLAN-BSS 1. [AP] interface Wlan-radio 2/0 [AP-Wlan-radio2/0] service-template 1 interface WLAN-BSS 1 [AP-Wlan-radio2/0] quit # Configure the AP to operate in hybrid mode. It scans rogue devices and provides access services.
Configuring WLAN QoS The terms AP and fat AP in this document refer to MSR900, MSR93X(JG512A, JG519A and JG597A), and MSR20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. Overview An 802.11 network offers contention-based wireless access. To provide applications with QoS services, IEEE developed 802.11e for the 802.11-based WLAN architecture. While IEEE 802.
EDCA parameters WMM assigns data packets in a basic service set (BSS) to four AC queues. By allowing a high-priority AC queue to have more channel contention opportunities than a low-priority AC queue, WMM offers different service levels to different AC queues. WMM define a set of EDCA parameters for each AC queue, covering the following: • Arbitration inter-frame spacing number (AIFSN)—Different from the 802.
high-priority AC queue clients, the request is accepted. Otherwise, the request is rejected. During calculation, a client is counted once even if it is using both the AC-VO and AC-VI queues. U-APSD power-save mechanism U-APSD improves the 802.11 APSD power saving mechanism. When associating clients with AC queues, you can specify some AC queues as trigger-enabled, some AC queues as delivery-enabled, and the maximum number of data packets that can be delivered after receiving a trigger packet.
The SVP packet mapping function takes effect only after you enable WMM. • Configuration procedure Step Command Remarks 1. Enter system view. system-view N/A 2. Enter WLAN-radio interface view. interface wlan-radio radio-number N/A By default, WMM is enabled. The 802.11n protocol stipulates that all 802.11n clients support WLAN QoS. Therefore, when the radio operates in 802.11gn mode, you should enable WMM. Otherwise, the associated 802.11n clients might fail to communicate. 3. Enable WMM.
AC queue AIFSN ECWmin ECWmax TXOP Limit AC-VI queue 2 3 4 94 AC-VO queue 2 2 3 47 Table 4 The default EDCA parameters for APs AC queue AIFSN ECWmin ECWmax TXOP Limit AC-BK queue 7 4 10 0 AC-BE queue 3 4 6 0 AC-VI queue 1 3 4 94 AC-VO queue 1 2 3 47 Displaying and maintaining WMM Task Command Remarks Display WLAN statistics of the specified client.
2. Configuration procedure # Configure interface WLAN-BSS 1 to use the 802.11e priority of the received packets for priority mapping. system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] qos trust dot11e [Sysname-WLAN-BSS1] quit # Configure interface Ethernet 1/0 to use the 802.1p priority of received packets for priority mapping.
2. Configuration procedure # Configure interface WLAN-BSS 1 to use the 802.11e priority of received packets for priority mapping. system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] qos trust dot11e [Sysname-WLAN-BSS1] quit # Configure interface Ethernet 1/0 to use the 802.1p priority of received packets for priority mapping.
Figure 28 Network diagram L2 Switch IP network FAT AP Client 2. Configuration procedure # Configure interface WLAN-BSS 1 to use the 802.11e priority of received packets for priority mapping. system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] qos trust dot11e [Sysname-WLAN-BSS1] quit # Configure interface Ethernet 1/0 to use the 802.1p priority of received packets for priority mapping.
Troubleshooting EDCA parameter configuration failure Symptom Configuring EDCA parameters for an AP failed. Analysis The EDCA parameter configuration of an AP is restricted by the radio chip of the AP. Solution 1. Use the display wlan wmm radio ap command to view the support of the radio chip for the EDCA parameters. Make sure the configured EDCA parameters are supported by the radio chip. 2. Check that the values configured for the EDCA parameters are valid. 3.
Configuration procedure You can configure WLAN service-based client rate limiting, so that the fat AP can limit client rates for a WLAN service. To configure WLAN service-based client rate limiting: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter service template view. wlan service-template service-template-number { clear | crypto } N/A 3. Configure WLAN service-based client rate limiting.
# Create a WLAN service template of the clear type, configure its SSID as service, and enable open-system authentication for the WLAN service template. [AP] wlan service-template 1 clear [AP-wlan-st-1] ssid service [AP-wlan-st-1] authentication-method open-system # Configure WLAN service-based client rate limiting on AC to limit the rate of traffic from clients to AP (incoming traffic) to 8000 kbps in static mode and the rate of traffic from AP to clients (outgoing traffic) to 8000 kbps in dynamic mode.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index CDORSW Displaying and maintaining a WLAN interface,8 C Displaying and maintaining WLAN access,18 Configuration task list,25 Displaying and maintaining WLAN RRM,32 Configuring 802.11g protection,29 Configuring 802.
