H3C WA2210X-G, WA2220X-AG, WA2610-AGN, WA2612-AGN, WA2210-AG Command Reference Manual
...
H3C WA Series WLAN Access Points
WLAN Command Reference
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 6W100-20100910
Copyright © 2010, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
Notice
H3C, , Aolynk, , H3Care,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V
, TOP G, , IRF, NetPilot, Neocean, NeoVTL,
2
G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C WA documentation set includes 10 command references, whi ch describe the comma nds and
command syntax options available for the H3C WA series WLAN access points.
The WLAN Command Reference describes WLAN interface, WLAN service, WLAN security, WLAN
RRM, WLAN IDS, WLAN QoS, and WDS configuration commands.
This preface includes:
z Audience
z Conventions
z About the H3C WA Documentation Set
z Obtaining Documentation
z Documentation Feedback
Audience
This documentation is intended for:
z Network planners
z Field technical support and servicing engineers
z Network administrators working with the WA series
Conventions
This section describes the conventions used in this documentation.
Command conventions
Convention Description
Boldface Bold
italic
[ ]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... } *
[ x | y | ... ] *
text represents commands and keywords that you enter literally as shown.
Italic text represents arguments that you replace with actual values.
Square brackets enclose syntax choices (keywords or arguments) that are
optional.
Braces enclose a set of required syntax choices separated by vertical bars,
from which you select one.
Square brackets enclose a set of optional syntax choices separated by vertical
bars, from which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by
vertical bars, from which you select at least one.
Asterisk marked square brackets enclose optional syntax choices separated by
vertical bars, from which you may select multiple choices or none.
&<1-n>
# A line that starts with a pound (#) sign is comments.
The argument or keyword and argument combination before the ampersand (&)
sign can be entered 1 to n times.
GUI conventions
Convention Description
Boldface
>
Window names, button names, field names, and menu items are in Boldface.
For example, the
Multi-level menus are separated by angle brackets. For example,
Folder
>
.
New User
Symbols
Convention Description
Means reader be extremely careful. Improper operation may cause bodily
injury.
Means reader be careful. Improper operation may cause data loss or damage to
equipment.
Means an action or information that needs special attention to ensure
successful configuration or good performance.
Means a complementary description.
Means techniques helpful for you to make configuration with ease.
About the H3C WA Documentation Set
window appears; click OK.
File
>
Create
The H3C WA documentation set includes:
Category Documents Purposes
Product
description and
specifications
Hardware
specifications
and installation
Software
configuration
Operations and
maintenance
Marketing brochures Describe product specifications and benefits.
Technology white papers
Compliance and safety
manual
Quick start
Installation guide
Getting started guide
Configuration guides Describe software features and configuration procedures.
Command references Provide a quick reference to all available commands.
User FAQ
Release notes
Provide an in-depth description of software features and
technologies.
Provides regulatory information and the safety instructions
that must be followed during installation.
Guides you through initial installation and setup procedures to
help you quickly set up and use your AP with the minimum
configuration.
Guides you through hardware specifications and installation
methods to help you install your AP.
Guides you through the main functions of your AP, and
describes how to install and log in to your AP, perform basic
configurations, maintain software, and troubleshoot your AP.
Provides answers to some of the most frequently asked
questions on how to troubleshoot your AP.
Provide information about the product release, including the
version history, hardware and software compatibility matrix,
version upgrade information, technical support information,
and software upgrading.
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at
http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, software
upgrading, getting started, and software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with
the software version.
Documentation Feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Table of Contents
1 Applicable Models and Software Versions·····························································································1-1
2 Feature Matrix············································································································································2-1
3 Command/Parameter Matrix·····················································································································3-1
4 WLAN Interface Configuration Commands·····························································································4-1
WLAN Interface Configuration Commands·····························································································4-1
description·······································································································································4-1
display interface wlan-bss ···············································································································4-2
display interface wlan-mesh············································································································4-3
display interface wlan-radio·············································································································4-4
interface wlan-bss····························································································································4-6
interface wlan-mesh ························································································································4-7
interface wlan-radio·························································································································4-7
shutdown (WLAN-Radio interface view)··························································································4-8
shutdown (WLAN-BSS interface view)····························································································4-8
5 WLAN Security Configuration Commands·····························································································5-1
authentication-method·····················································································································5-1
cipher-suite······································································································································5-2
gtk-rekey client-offline enable··········································································································5-2
gtk-rekey enable······························································································································5-3
gtk-rekey method·····························································································································5-4
ptk-lifetime·······································································································································5-5
security-ie········································································································································5-5
tkip-cm-time·····································································································································5-6
wep default-key ·······························································································································5-6
wep key-id ·······································································································································5-7
wep mode········································································································································5-8
6 WLAN RRM Configuration Commands ···································································································6-1
autochannel-set avoid-dot11h·········································································································6-1
display wlan rrm·······························································································································6-1
dot11a··············································································································································6-3
dot11b··············································································································································6-4
dot11g··············································································································································6-4
dot11g protection enable·················································································································6-5
dot11n mandatory maximum-mcs···································································································6-6
dot11n support maximum-mcs········································································································6-7
power-constraint······························································································································6-7
spectrum-management enable········································································································6-8
wlan rrm···········································································································································6-8
i
7 WLAN IDS Configuration Commands······································································································7-1
WLAN Rouge AP Configuration Commands··························································································7-1
attack-detection enable ···················································································································7-1
display wlan ids history····················································································································7-2
display wlan ids statistics·················································································································7-3
wlan ids············································································································································7-4
reset wlan ids history·······················································································································7-5
reset wlan ids statistics····················································································································7-5
WLAN Frame Filtering Configuration Commands ··················································································7-6
display wlan blacklist·······················································································································7-6
display wlan whitelist·······················································································································7-7
dynamic-blacklist enable ·················································································································7-8
dynamic-blacklist lifetime·················································································································7-8
reset wlan dynamic-blacklist············································································································7-9
static-blacklist mac-address ············································································································7-9
whitelist mac-address····················································································································7-10
8 WLAN QoS Configuration Commands····································································································8-1
display wlan wmm ···························································································································8-1
reset wlan wmm·······························································································································8-6
wmm cac policy·······························································································································8-7
wmm edca radio······························································································································8-8
wmm edca client (ac-vo and ac-vi)··································································································8-9
wmm edca client (ac-be and ac-bk) ······························································································8-10
wmm enable··································································································································8-11
wmm svp map-ac ··························································································································8-12
9 WDS Configuration Commands···············································································································9-1
bind wlan-mesh ·······························································································································9-1
display wlan mesh-link·····················································································································9-1
display wlan mesh-profile················································································································9-2
display wlan mp-policy·····················································································································9-3
link-hold-rssi ····································································································································9-4
link-initiation enable·························································································································9-5
link-keep-alive··································································································································9-6
link-maximum-number·····················································································································9-6
link rate-mode··································································································································9-7
link-saturation-rssi ···························································································································9-7
mesh-id············································································································································9-8
mesh-profile·····································································································································9-8
mesh-profile enable·························································································································9-9
mesh peer-mac-address··················································································································9-9
mp-policy·······································································································································9-10
probe-request-interval ···················································································································9-11
wlan mesh-profile ··························································································································9-11
wlan mp-policy·······························································································································9-12
wlan uplink-interface mesh-link·····································································································9-12
ii
10 WLAN Service Configuration Commands···························································································10-1
a-mpdu enable·······························································································································10-1
a-msdu enable·······························································································································10-2
beacon ssid-hide ···························································································································10-2
beacon-interval······························································································································10-3
channel··········································································································································10-3
channel band-width ·······················································································································10-4
client dot11n-only ··························································································································10-5
client max-count ····························································································································10-5
display wlan client··························································································································10-6
display wlan service-template ·······································································································10-9
display wlan statistics··················································································································10-10
dtim··············································································································································10-12
fragment-threshold ······················································································································10-13
long-retry threshold······················································································································10-13
max-power···································································································································10-14
max-rx-duration ···························································································································10-14
preamble······································································································································10-15
radio-type·····································································································································10-16
reset wlan client···························································································································10-16
reset wlan statistics ·····················································································································10-17
rts-threshold·································································································································10-17
service-template (WLAN radio interface view)············································································10-18
service-template { disable | enable } (WLAN service template view)··········································10-18
short-gi enable·····························································································································10-19
short-retry threshold ····················································································································10-20
shutdown ·····································································································································10-20
ssid ··············································································································································10-21
wlan broadcast-probe reply·········································································································10-21
wlan client idle-timeout················································································································10-22
wlan client keep-alive ··················································································································10-22
wlan country-code ·······················································································································10-23
wlan service-template··················································································································10-26
wlan uplink-interface····················································································································10-26
11 Wireless User Isolation·························································································································11-1
l2fw wlan-client-isolation enable····································································································11-1
12 Index ·······················································································································································12-1
iii
z The models listed in this document are not applicable to all regions. Please consult your local sales
office for the models applicable to your region.
z Read this chapter before using an H3C WA series WLAN access point.
1 Applicable Models and Software Versions
H3C WA series WLAN access points include the WA2200 series and WA2600 series. Table 1-1 shows
the applicable models and software versions.
Table 1-1 Applicable models and software versions
Series Model Software version
WA2200 series
WA2600 series
WA2200 series access
points (indoors)
WA2200 series access
points (outdoors)
WA2600 series access
points (indoors)
WA2600 series access
points (enhanced)
WA2210-AG
WA2220-AG
WA2210X-G
WA2220X-AG
WA2610-AGN
WA2612-AGN
WA2620-AGN
WA2610E-AGN
WA2620E-AGN
R 1115
R 1106
R 1109
1-1
2 Feature Matrix
z Support of the H3C WA series WLAN access points for features, commands and parameters may
vary by device model. See this document for more information.
z For information about feature support, see Table 2-1. For information about command and
parameter support, see
z The term AP in this document refers to common APs, wireless bridges, or mesh APs.
Table 2-1 Feature matrix
Document Feature WA2200 series WA2600 series
Table 3-1.
Fundamentals
Configuration Guide
WLAN Configuration
Guide
Layer 2 – LAN
Switching
Configuration Guide
Layer 3 – IP Services
Configuration Guide
IP Multicast
Configuration Guide
Security Configuration
Guide
HTTPS Not supported Supported
802.11n radio mode Not supported Supported
802.11n bandwidth mode Not supported Supported
802.11n rate configuration Not supported Supported
Supported on
Optical Ethernet interface
GE interface Not supported Supported
DHCP server configuration Not supported Supported
DHCPv6 configuration Not supported Supported
IGMP snooping configuration Not supported Supported
MLD snooping configuration Not supported Supported
SSH2.0 Not supported Supported
WA2210X-G/WA2220XÂAG only
Not supported
2-1
3 Command/Parameter Matrix
Table 3-1 Command/Parameter matrix
Document Module Command/Parameter WA2200 series WA2600 series
Fundamentals
Command
Reference
WLAN
Command
Reference
HTTP commands
WLAN service
commands
display ip https
ip https acl
ip https certificate
access-control-policy
ip https enable
a-mpdu enable
a-msdu enable
channel band-width
client dot11n-only
preamble
radio-type
short-gi enable
dot11a { disabled-rate |
mandatory-rate |
supported-rate
{
long
short }
|
} rate-value
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
Only APs that
support the
802.11b/g radio
mode support this
command.
Keywords
dot11an
dot11gn
supported
Not supported Supported
Only APs that
support 802.11a
radio mode
support this
command.
and
not
Only APs that
support the
802.11b/g radio
mode support this
command.
Supported
Only APs that
support 802.11a
radio mode
support this
command.
WLAN RRM
commands
dot11n mandatory
maximum-mcs
dot11n support
maximum-mcs
power-constraint
power-constraint
3-1
Not supported Supported
Not supported Supported
Only APs that
support the
802.11a radio
mode support this
command.
Only APs that
support the
802.11a radio
mode support this
command.
Document Module Command/Parameter WA2200 series WA2600 series
The maximum
number of
broadcast packets
that can be
forwarded on an
Ethernet interface
per second
broadcast-suppression
pps
{ ratio |
max-pps }
pps
ranges from 1 to
148810.
max-pps
pps
max-pps
ranges from 1 to
1488100.
Layer 2 – LAN
Switching
Command
Reference
Layer 3 - IP
Services
Command
Reference
The maximum
number of multicast
packets allowed on
an Ethernet
interface per
second
The maximum
number of unknown
unicast packets
allowed on an
Ethernet interface
per second
DHCP commands
DHCPv6
commands
multicast-suppression
{ ratio |
unicast-suppression
|
DHCP server configuration
commands
display ipv6 dhcp client
[
interface-number ]
display ipv6 dhcp client
statistics [ interface
interface-type
interface-number ]
display ipv6 dhcp duid
reset ipv6 dhcp client
statistics [ interface
interface-type
interface-number ]
pps
pps
max-pps }
interface
max-pps }
interface-type
{ ratio
Not supported Supported
pps
max-pps
ranges from 1 to
148810.
pps
max-pps
ranges from 1 to
148810.
Not supported Supported
Not supported Supported
Not supported Supported
Not supported Supported
pps
max-pps
ranges from 1 to
1488100.
pps
max-pps
ranges from 1 to
1488100.
3-2
z The models listed in this document are not applicable to all regions. Please consult your local sales
office for the models applicable to your region.
z Support of the H3C WA series WLAN access points (APs) for commands may vary by AP model.
For more information, see Feature Matrix.
z The interface types and the number of interfaces vary by AP model.
4 WLAN Interface Configuration Commands
WLAN Interface Configuration Commands
description
Syntax
description text
undo description
View
WLAN-BSS interface view, WLAN-Radio interface view, WLAN mesh interface view
Default Level
2: System level
Parameters
text: Description of an interface, a string of 1 to 80 characters. Currently, the AP supports the following
types of characters or symbols: standard English characters (numbers and case-sensitive letters),
special English characters, spaces, and other characters or symbols that conform to the Unicode
standard.
4-1
z An interface description can be the mixture of English characters and other Unicode characters.
z To use a type of Unicode characters or symbols in an interface description, install the
z Each Unicode character or symbol (non-English characters) takes the space of two regular
Description
Use the description command to set the description of the current interface.
Use the undo description command to restore the default.
The mixed description cannot exceed the specified length.
corresponding Input Method Editor (IME) and log in to the AP through remote login software that
supports this character type.
characters. When the length of a description string reaches or exceeds the maximum line width on
the terminal software, the software starts a new line, possibly breaking a Unicode character into
two parts. As a result, garbled characters may be displayed at the end of a line.
By default, the description of an interface is interface-name + interface.
Examples
# Set the description of WLAN-Radio 1/0/1 to WLAN-Radio1.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] description WLAN-Radio1
display interface wlan-bss
Syntax
display interface wlan-bss [ interface-number ]
View
Any view
Default Level
1: Monitor level
Parameters
interface-number: Specifies an existing WLAN-BSS interface by its interface number.
Description
Use the display interface wlan-bss command to display information about the specified WLAN-BSS
interface or all WLAN-BSS interfaces.
Examples
# Display information about WLAN-BSS 1.
<Sysname> display interface wlan-bss 1
WLAN-BSS1 current state: DOWN
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e2c0-0110
Description: WLAN-BSS1 Interface
4-2
PVID: 1
Port link-type: access
Tagged VLAN ID : none
Untagged VLAN ID : 1
Port priority: 0
Maximum client number: 64
Clients: 0 associating, 0 associated
Input (total) : 0 packets, 0 bytes
: 0 unicasts, 0 bytes
: 0 broadcasts, 0 bytes
Output (total): 0 packets, 0 bytes
: 0 unicasts, 0 bytes
: 0 broadcasts, 0 bytes
Table 4-1 display interface wlan-bss command output description
Field Description
WLAN-BSS1 current state Physical-layer link state of the interface
IP Packet Frame Type Encapsulation type of the frames that the interface sends out
Hardware Address MAC address of the frames that the interface sends out
Description Description of the interface
PVID Default VLAN ID of the interface
Port link-type Link type of the interface, which can only be access currently.
Tagged VLAN ID VLANs whose packets are sent by the interface with the VLAN tag.
Untagged VLAN ID
VLANs whose packets are sent by the interface with the VLAN tag
removed.
Port priority Priority of the interface.
Maximum client number Maximum number of clients allowed to access the interface.
Clients: 0 associating, 0 associated
Clients: the number of associating clients, and the number of
associated clients.
Statistics on packets received at the physical layer:
Input (total) : 0 packets, 0 bytes
: 0 unicasts, 0 bytes
: 0 broadcasts, 0 bytes
z The total number of packets, and the total number of bytes.
z The total number of unicast packets, and the total number of
unicast bytes.
z The total number of broadcast packets, and the total number of
broadcast bytes.
Statistics on packets sent at the physical layer:
Output (total): 0 packets, 0 bytes
: 0 unicasts, 0 bytes
: 0 broadcasts, 0 bytes
z The total number of packets, and the total number of bytes.
z The total number of unicast packets, and the total number of
unicast bytes.
z The total number of broadcast packets, and the total number of
broadcast bytes.
display interface wlan-mesh
Syntax
display interface wlan-mesh [ interface-number ]
4-3
View
Any view
Default Level
1. Monitor level
Parameters
interface-number: Specifies a WLAN mesh interface by its interface number. The specified interface
must be one already created.
Description
Use the display interface wlan-mesh command to display information about the specified WLAN
mesh interface or all WLAN mesh interfaces already created if no interface is specified.
Examples
# Display information about WLAN mesh interface 3.
<Sysname> display interface wlan-mesh 3
WLAN-MESH3 current state: DOWN
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-e2c0-0110
Description: WLAN-MESH3 Interface
PVID: 1
Port link-type: access
Tagged VLAN ID : none
Untagged VLAN ID : 1
For more details about the fields in the above output, see Table 4-1.
display interface wlan-radio
Syntax
display interface wlan-radio [ interface-number ]
View
Any view
Default Level
1: Monitor level
Parameters
interface-number: Displays information about the WLAN-Radio interface specifie d by interface-number,
which is an interface number .
Description
Use the display interface wlan-radio command to display information about the specified
WLAN-Radio interface or all WLAN-Radio interfaces.
Examples
# Display information about WLAN-Radio 1/0/1.
<Sysname> display interface wlan-radio 1/0/1
WLAN-Radio1/0/1 current state: UP
IP Packet Frame Type: PKTFMT_IEEE_802.11, Hardware Address: 000f-e2c0-0110
Description: WLAN-Radio1/0/1 Interface
4-4
Radio-type 11a, channel auto(157), power(dBm) 19 auto (4)
Received: 0 authentication frames, 0 association frames
Sent out: 0 authentication frames, 0 association frames
Stations: 0 associating, 0 associated
Input : 30007 packets, 1536614 bytes
: 13565 unicasts, 520774 bytes
: 16442 broadcasts, 1015840 bytes
: 0 fragmented
: 5687 discarded, 263913 bytes
: 0 duplicates, 3054 FCS errors
: 2 decryption errors
Output: 10002 packets, 1154819 bytes
: 10002 unicasts, 1154819 bytes
: 0 broadcasts, 0 bytes
: 0 fragmented
: 1686 discarded, 195145 bytes
: 0 failed RTS, 2813 failed ACK
: 8570 transmit retries, 2200 multiple transmit retries
Table 4-2 display interface wlan-radio command output description
Field Description
WLAN-Radio1/1 current state Physical-layer link state of the WLAN-Radio interface
IP Packet Frame Type Encapsulation type of the frames that the interface sends out
Hardware Address MAC address of the frames that the interface sends out
Description Description of the interface
Radio-type 11a Radio type of the interface
Channel used by the interface. The keyword
auto
means the
channel is automatically selected and 157 is the number of the
selected channel.
channel auto(157)
If the channel is manually selected, the field will be displayed in
the format of
channel
configured-channel.
Available channels depend on the country code and radio type.
Transmit power of the interface (in dBm). The value 19 is the
transmit power configured by the user; auto indicates that the
actual power is different from that configured by the user; the
bracketed number, is the current transmission power, 4 dBm in
this sample output. (If spectrum management and power
constraint have been configured for the 802.11a bands, the
actual transmit power on the interface may be different from the
power(dBm) 19 auto (4)
configured value, depending on the configuration of two
commands:
max-power
information about the
power-constraint
command, see WLAN Service and WLAN
power-constraint
and
max-power
.) For more
command and the
RRM in the WLAN Command Reference.
If the protocol being used is not 802.11a or the power constraint
function on the 802.11a frequencies is not configured even
though 802.11a is used, this field will be displayed as
power(dBm) configured-power.
Received: 0 authentication frames, 0
association frames
Sent out: 0 authentication frames, 0
association frames
The number of received authentication frames, and the number
of received association frames.
The number of sent authentication frames, and the number of
sent association frames.
4-5
Field Description
Stations: 0 associating, 0 associated
Input : 5620 packets, 254801 bytes
: 0 unicasts, 0 bytes
: 5620 broadcasts, 254801 bytes
: 0 fragmented
: 0 discarded, 0 bytes
: 0 duplicates, 96 FCS errors
: 0 decryption errors
Output: 0 packets, 0 bytes
: 0 unicasts, 0 bytes
: 0 broadcasts, 0 bytes
: 0 fragmented
: 0 discarded, 0 bytes
: 0 failed RTS, 0 failed ACK
: 0 transmit retries, 0 multiple transmit
retries
The number of associating stations, and the number of
associated stations.
Statistics on packets received at the physical layer:
z The total number of packets, and the total number of bytes.
z The total number of unicast packets, and the total number of
unicast bytes.
z The total number of broadcast packets, and the total number
of broadcast bytes.
z The number of fragmented packets.
z The number of dropped packets, and the number of dropped
bytes.
z The number of received duplicate frames, and the number of
FCS errors.
z The number of decryption errors.
Statistics on packets sent at the physical layer:
z The total number of packets, and the total number of bytes.
z The total number of unicast packets, and the total number of
unicast bytes.
z The total number of broadcast packets, and the total number
of broadcast bytes.
z The number of fragmented packets.
z The number of dropped packets, and the number of dropped
bytes.
z The number of RTS packets failing to be sent, and the
number of ACK packets failing to be sent.
z The number of retransmitted frames, and the number of
transmit retries.
interface wlan-bss
Syntax
interface wlan-bss interface-number
undo interface wlan-bss interface-number
View
System view
Default Level
2: System level
Parameters
interface-number: WLAN-BSS interface number, which ranges from 0 to 255.
Description
Use the interface wlan-bss command to enter WLAN-BSS interface view. If the WLAN-BSS interface
identified by the interface-number argument does not exist, this command creates the WLAN-BSS
interface first.
Use the undo interface wlan-bss command to remove a WLAN-BSS interface.
Examples
# Create WLAN-BSS interface 1.
4-6
<Sysname> system-view
[Sysname] interface wlan-bss 1
[Sysname-WLAN-BSS1]
interface wlan-mesh
Syntax
interface wlan-mesh interface-number
undo interface wlan-mesh interface-number
View
System view
Default Level
2. System level
Parameters
interface-number: Number of a WLAN mesh interface. The value range for this argument is 1 to 32.
Description
Use the interface wlan-mesh command to enter WLAN mesh interface view. If the specified WLAN
mesh interface does not exist, the command creates the WLAN mesh interface first.
Use the undo interface wlan-mesh command to delete the specified WLAN mesh interface.
Examples
# Create WLAN mesh interface 2 in system view.
<Sysname> system-view
[Sysname] interface wlan-mesh 2
[Sysname-WLAN-MESH2]
interface wlan-radio
Syntax
interface wlan-radio interface-number
View
System view
Default Level
2: System level
Parameters
interface-number: WLAN-Radio interface number.
Description
Use the interface wlan-radio command to enter WLAN-Radio interface view.
Examples
# Enter WLAN-Radio 1/0/1 interface view.
<Sysname> system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1]
4-7
shutdown (WLAN-Radio interface view)
Syntax
shutdown
undo shutdown
View
WLAN-Radio interface view
Default Level
2: System level
Parameters
None
Description
Use the shutdown command to shut down the current WLAN-Ra dio interfa ce.
Use the undo shutdown command to bring up the current WLA N-Radio interface.
By default, a WLAN-Radio interface is up.
Examples
# Shut down the interface WLAN-Radio 1/0/1.
<Sysname>system-view
[Sysname] interface wlan-radio 1/0/1
[Sysname-WLAN-Radio1/0/1] shutdown
shutdown (WLAN-BSS interface view)
Syntax
shutdown
undo shutdown
View
WLAN-BSS interface view
Default Level
2: System level
Parameters
None
Description
Use the shutdown command to shut down the current WLAN-BSS interface.
Use the undo shutdown command to bring up the current WLAN-BSS interface.
By default, a WLAN-BSS interface is up.
After a WLAN-BSS interface is shut down, the connection between the interface and the wireless
device will be torn down.
Examples
# Shut down the interface WLAN-BSS 1.
4-8
<Sysname>system-view
[Sysname] interface wlan-bss 1
[Sysname-WLAN-BSS1] shutdown
4-9
z The models listed in this document are not applicable to all regions. Please consult your local sales
office for the models applicable to your region.
z Support of the H3C WA series WLAN access points (APs) for commands may vary by AP model.
For more information, see Feature Matrix.
z The interface types and the number of interfaces vary by AP model.
5 WLAN Security Configuration Commands
authentication-method
Syntax
authentication-method { open-system | shared-key }
undo authentication-method { open-system | shared-key }
View
WLAN service template view
Default Level
2: System level
Parameters
open-system: Enables open system authentication.
shared-key: Enables shared key authentication.
Description
Use the authentication-method command to select 802.11 authentication method to be used.
Use the undo authentication-method command to disable the selected authentication method.
By default, open system authentication is enabled.
When you use this command to set the authentication method, if the current service template is of
crypto type, and the encryption mode is WEP, you can set the authentication method to either open
system or shared key.
z If the current service template is of clear type, you can only enable open system authentication.
z If the current service template is of crypto type, you can enable open system or shared key
authentication.
5-1
Examples
# Enable the open system authentication.
<Sysname> system-view
[Sysname] wlan service-template 1 clear
[Sysname-wlan-st-1] authentication-method open-system
# Enable shared key authentication.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] authentication-method shared-key
cipher-suite
Syntax
cipher-suite { ccmp | tkip | wep40 | wep104 | wep128}*
undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128}*
View
WLAN service template view (crypto type)
Default Level
2: System level
Parameters
ccmp: Enables the CCMP cipher suite. CCMP is an AES-based encryption method.
tkip: Enables the TKIP cipher suite. TKIP is an encryption method based on RC4 and dynamic key
management.
wep40: Enabl es the WEP-40 cipher suite. WEP is an encryption method based on RC4 and shared key
management.
wep104: Enables the WEP-104 cipher suite.
wep128: Enables the WEP-128 cipher suite.
Description
Use cipher-suite command to select the cipher suite used in the encryption of frames. The cipher
suites supported are CCMP, TKIP, WEP40, WEP104 and WEP128.
Use the undo cipher-suite command to disable the selected cipher suite.
By default, no cipher suite is selected.
Examples
# Enable TKIP cipher suite.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] cipher-suite tkip
gtk-rekey client-offline enable
Syntax
gtk-rekey client-offline enable
undo gtk-rekey client-offline
5-2
View
WLAN service template view (crypto type)
Default Level
2: System level
Parameters
None
Description
Use the gtk-rekey client-offline enable to enable refreshing group temporal key (GTK) when some
client is off-line. This function is effective when the gtk-rekey enable command is executed.
Use the undo gtk-rekey client-offline command to set not refreshing GTK when some client is off-line.
By default, GTK is not refreshed when some client is off-line.
Examples
# Enable GTK refreshing when some client is off-line.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] gtk-rekey client-offline enable
gtk-rekey enable
Syntax
gtk-rekey enable
undo gtk-rekey enable
View
WLAN service template view (crypto type)
Default Level
2: System level
Parameters
None
Description
Use the gtk-rekey enable command to allow GTK refresh.
Use undo gtk-rekey enable command to disable GTK refresh.
By default, GTK refresh is enabled.
Examples
# Disable GTK refresh.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] undo gtk-rekey enable
5-3
gtk-rekey method
Syntax
gtk-rekey method { packet-based [ packet ] | time-based [ time ] }
undo gtk-rekey method
View
WLAN service template view (crypto type)
Default Level
2: System level
Parameters
packet-based: Indicates GTK will be rekeyed after transmitting a specified number of packets.
packet: Number of packets (including multicasts and broadcast s) that are transmitted before the GTK is
refreshed. The value ranges from 5000 to 4294967295.
time-based: Indicates GTK will be rekeyed on time based.
time: Specifies the time after which the GTK is refreshed. The value ranges from 180 to 604800
seconds.
Description
Use the gtk-rekey method command to select a mechanism for re-keying GTK.
Use the undo gtk-rekey method command to set the refreshing method to the default value.
By default, the GTK refreshing method is time-based, and the interval is 86400 seconds.
z If option time-based is selected then the GTK will be refreshed after a specified period of time, the
z If option packet-based is selected then GTK will be refreshed after transmitting a specified number
The method which is configured later will overwrite the previous. For example if you configure
packet-based method and configure the time-based method, then the time-based method will be
enabled.
range the time is 180 seconds to 604800 seconds, the default value is 86400 seconds.
of packets, the range the number of packets is 5000 to 4294967295, and the default value is
10000000.
Examples
# Enable packet-based GTK refreshing and the packets nu mber is 60000.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] gtk-rekey method packet-based 60000
5-4
ptk-lifetime
Syntax
ptk-lifetime time
undo ptk-lifetime
View
WLAN service template view (crypto type)
Default Level
2: System level
Parameters
time: Lifetime in seconds, which ranges from 180 to 604800.
Description
Use the ptk-lifetime command to change the life time of pairwise transient key (PTK).
Use the undo ptk-lifetime command is used to set the PTK lifetime to the default value.
By default, the lifetime of PTK is 43200 seconds.
Examples
# Specify the PTK lifetime to 86400 seconds.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] ptk-lifetime 86400
security-ie
Syntax
security-ie { rsn | wpa }
undo security-ie { rsn | wpa }
View
WLAN service template view (crypto type)
Default Level
2: System level
Parameters
rsn: Enables the RSN Information element in the beacon and probe response frames sent by AP. RSN
IE advertises the Robust Security Network (RSN) capabilities of the AP.
wpa: Enables the WPA Information element in the beacon and probe response frames sent by AP. WPA
IE advertises the Wi-Fi Protected Access (WPA) capabilities of the AP.
Description
Use the security-ie command to enable WPA-IE or RSN-IE or both of them present in the Beacon and
Probe response frame.
Use the undo security-ie command to disable WPA -IE or RSN-IE present in the Beacon and Probe
response frame.
By default, both WPA-IE and RSN-IE are disabled.
5-5
Examples
# Enable the WPA-IE in the frames.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] security-ie wpa
tkip-cm-time
Syntax
tkip-cm-time time
undo tkip-cm-time
View
WLAN service template view (crypto type)
Default Level
2: System level
Parameters
time: Counter measure time for Message Integrity Check (MIC) failure in seconds. The value ranges
from 0 to 3600 seconds.
Description
Use the tkip-cm-time command to set the Temporal Key Integrity Protocol (TKIP) Counter measure
time.
Use the undo tkip-cm-time command will change the TKIP counter measure time to the default value.
By default, the TKIP counter measure time is 0 seconds, that is, no counter measures are t aken.
After countermeasures are enabled, if more than two MIC failures occur within a certain time, the TKIP
associations are disassociated, and new associations are allowed to establish only after the specified
TKIP counter measure time expires.
Examples
# Set the TKIP counter measure time to 90 seconds.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] tkip-cm-time 90
wep default-key
Syntax
wep default-key key-index { wep40 | wep104 | wep128} { pass-phrase | raw-key } [ cipher | simple ]
key
undo wep default-key key-index
View
WLAN service template view (crypto type)
Default Level
2: System level
5-6
Parameters
key-index: The key index values can be:
z 1: Configures the 1st wep default key.
z 2: Configures the 2nd wep default key.
z 3: Configures the 3rd wep default key.
z 4: Configures the 4th wep default key.
wep40: Indicates the wep40 key option.
wep104: Indicates the wep104 key option.
wep128: Indicates the wep128 key option.
pass-phrase: Enables the pass-p hrase option. Then a string of alphanumeric ch aracters is used as the
key. If WEP40 is selected, 5 alphanumeric characters should be entered as the key; if WEP104 is
selected, 13 alphanumeric characters should be entered as the key; if WEP128 is selected, 16
alphanumeric characters should be entered as the key.
raw-key: Enables the raw-key option. The key is entered as a hexadecimal number. If WEP40 is
selected, a 10-digit hexadecimal number should be entered as the key; if WEP104 is selected, a
26-digit hexadecimal number should be entered as the key; if WEP128 is selected, a 32-digit
hexadecimal number should be entered as the key. The length of the raw-key is fixed.
cipher key: Sets the wep key in cipher text, and the key is displayed in cipher text. The key argument is
a case sensitive string of 24 to 88 characters.
simple key: Sets the wep key in simple text, and the key is displayed in simple text. The value range of
the key argument (case sensitive) depends on the key option you select.
If you provide neither the simple nor the cipher keyword, you set a wep key in simple text, and the key
will be displayed in cipher text. The value range of the key argument is the same as the key specified by
simple key.
Description
Use wep default-key command to configure the wep default key.
Use undo wep default-key command to delete the configured wep default key.
By default, no wep default key is configured.
Examples
# Specify the wep default key 1(wep40) as hello.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] wep default-key 1 wep40 pass-phrase hello
# Specify the wep default key as c25d3fe4483e867d1df96eaacd.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] wep default-key 1 wep104 raw-key c25d3fe4483e867d1df96eaacd
wep key-id
Syntax
wep key-id { 1 | 2 | 3 | 4 }
undo wep key-id
5-7
View
WLAN service template view (crypto type)
Default Level
2: System level
Parameters
key-index: The key index ranges from 1 to 4:
1: Selects the key index as 1.
2: Selects the key index as 2.
3: Selects the key index as 3.
4: Selects the key index as 4.
Description
Use the wep key-id command to configure the key index.
Use the undo wep key-id command to restore the default.
By default, the key index is 1.
There are 4 static keys in WEP. The key index can be 1, 2, 3 or 4. The key corresponding to the
specified key index will be used for encrypting and decrypting the broadcast and multicast frames.
Examples
# Set the key index to 2.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] wep key-id 2
wep mode
Syntax
wep mode dynamic
undo wep mode
View
Service template view
Default Level
2: System level
Parameters
dynamic: Enables dynamic WEP encryption.
Description
Use the wep mode command to enable WEP encryption.
Use the undo wep mode command to restore the default.
By default, static WEP encryption is enabled.
z Dynamic WEP encryption must be used together with 802.1X authentication, and the WEP key ID
cannot be configured as 4.
5-8
z With dynamic WEP encryption configured, the device automatically uses the WEP 104 encryption
z With dynamic WEP encryption configured, the WEP key used to encrypt unicast frames is
Related commands: we p key-id, cipher-suite, and wep default-key.
Examples
# Specify the WEP encryption mode as dynamic.
<Sysname> system-view
[Sysname] wlan service-template 1 crypto
[Sysname-wlan-st-1] wep mode dynamic
method. To change the encryption method, use the cipher-suite command.
negotiated between client and server. If the WEP default key is configured, the WEP default key is
used to encrypt multicast frames. If not, the device randomly generates a multicast WEP key.
5-9
Loading...