HP a-msr Configuration Manual

HP A-MSR Router Series

Part number: 5998-2030
Software version: CMW520-R2207P02
Document version: 6PW100-20110810

WLAN
Configuration Guide

Abstract

This document describes the software features for the HP A Series products and guides you through the
software configuration procedures. These configuration guides also provide configuration examples to help
you apply software features to different network scenarios.

This documentation is intended for network planners, field technical support and servicing engineers, and
network administrators working with the HP A Series products.

Legal and notice information

© Copyright 2011 Hewlett-Packard Development Company, L.P.

No part of this documentation may be reproduced or transmitted in any form or by any means without prior
written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS
MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for
incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional
warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Contents

WLAN interface configuration ······································································································································· 1

WLAN-radio interface ······················································································································································ 1

Configuring a WLAN-radio interface ···················································································································· 1

WLAN-BSS interface ························································································································································· 1

Configuring a WLAN-BSS interface ······················································································································· 1

WLAN-Ethernet interface ·················································································································································· 2

Entering WLAN-Ethernet interface view ················································································································· 2
Configuring a WLAN-Ethernet interface ················································································································ 3

Displaying and maintaining a WLAN interface ············································································································ 8

WLAN service configuration ·········································································································································· 9

Basic concepts ·························································································································································· 9

Wireless client access ·············································································································································· 9
WLAN topologies ·························································································································································· 12
Protocols and standards ················································································································································ 14
Configuring WLAN service ··········································································································································· 14

Configuration task list ··········································································································································· 14

Configuring global WLAN parameters ·············································································································· 14

Specifying a country code···································································································································· 14

Configuring a WLAN service template ··············································································································· 15

Configuring radio parameters ····························································································································· 15

Configuring the radio of the AP ·························································································································· 16

Configuring 802.11n ··········································································································································· 17

Displaying and maintaining WLAN service ······································································································· 18
Configuring WLAN client isolation ······························································································································ 19

Enabling WLAN client isolation ·························································································································· 19
Configuring SSID-based access control ······················································································································· 19

Specifying a permitted SSID in a user profile ···································································································· 19
WLAN service configuration examples ······················································································································· 20

WLAN service configuration example ················································································································ 20

802.11n configuration example ························································································································· 21

WLAN RRM configuration ············································································································································ 23

Configuration task list ···················································································································································· 23
Configuring data transmit rates ···································································································································· 23

Configuring 802.11b/802.11g rates ················································································································ 23

Configuring 802.11n rates ·································································································································· 24
Configuring non-dot11h channel scanning ················································································································· 26
Enabling 802.11g protection ······································································································································· 26
Displaying and maintaining WLAN RRM ··················································································································· 27

WLAN security configuration ······································································································································· 28

Authentication modes ··········································································································································· 28

WLAN data security ············································································································································· 29

Client access authentication ································································································································· 30

Protocols and standards ······································································································································· 30
Configuring WLAN security ·········································································································································· 31

Configuration task list ··········································································································································· 31

Enabling an authentication method ····················································································································· 31

Configuring the PTK lifetime ································································································································· 31

Configuring the GTK rekey method ····················································································································· 32

iii

Configuring security IE ·········································································································································· 33

Configuring cipher suite ······································································································································· 34

Configuring port security ······································································································································ 35

Displaying and maintaining WLAN security ······································································································ 37
WLAN security configuration examples ······················································································································ 37

PSK authentication configuration example ········································································································· 37

MAC and PSK authentication configuration example ······················································································· 38

802.1X authentication configuration example ·································································································· 41

Supported combinations for ciphers ···························································································································· 46

WLAN IDS configuration ·············································································································································· 49

Terminology ··························································································································································· 49

WIDS attack detection ·········································································································································· 49
WLAN IDS configuration task list ································································································································· 50
Configuring IDS attack detection ································································································································· 50

Displaying and maintaining IDS attack detection ······························································································ 51

WLAN IDS frame filtering configuration ····················································································································· 52

Blacklist and white list ··········································································································································· 52
Configuring WLAN IDS frame filtering ························································································································ 53
Displaying and maintaining WLAN IDS frame filtering ···························································································· 54
WLAN IDS frame filtering configuration example ······································································································ 54

WLAN QoS configuration ············································································································································ 55

Terminology ··························································································································································· 55

WMM protocol overview ····································································································································· 55

Protocols and standards ······································································································································· 57
WMM configuration ······················································································································································ 57
Displaying and maintaining WMM ····························································································································· 59
WMM configuration examples ···································································································································· 59

WMM basic configuration ··································································································································· 59

CAC service configuration example ··················································································································· 60

SVP service configuration example ····················································································································· 62
Troubleshooting ······························································································································································ 63

EDCA parameter configuration failure ··············································································································· 63

SVP or CAC configuration failure························································································································ 63

Support and other resources ········································································································································ 64

Contacting HP ································································································································································ 64

Subscription service ·············································································································································· 64
Related information ························································································································································ 64

Documents ······························································································································································ 64

Websites ································································································································································ 64
Conventions ···································································································································································· 65

Index ················································································································································································ 67

iv

WLAN interface configuration

To do…

Use the Command…

Remarks

1. Enter system view.

system-view

—

2. Enter WLAN-radio interface

view.

interface wlan-radio
interface-number

Required.

3. Set the description for the

interface.

description text

Optional.

By default, the description string of
an interface is interface-name +

Interface.

4. Restore the default settings of

the WLAN-radio interface.

default

Optional.

5. Shut down the WLAN-radio

interface.

shutdown

Optional.

By default, a WLAN-Radio
interface is up.

The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20-1X routers with IEEE 802.11b/g
and A-MSR series routers installed with a SIC WLAN module.

Wireless routers support WLAN-Radio interfaces, which are physical interfaces that provide wireless network
access.

Wireless routers support WLAN-BSS and WLAN-Ethernet virtual interfaces. Use WLAN-Radio interfaces on
routers as common physical access interfaces. You can bind them to WLAN-BSS interfaces and
WLAN-Ethernet interfaces.

WLAN-radio interface

WLAN-Radio interfaces are physical interfaces used to provide wireless access service. You can configure
them, but you cannot remove them manually.

Configuring a WLAN-radio interface

To configure a WLAN-radio interface:

WLAN-BSS interface

WLAN-BSS interfaces are virtual Layer 2 interfaces. They operate like Layer 2 Ethernet ports of the access
link type. A WLAN-BSS interface supports multiple Layer 2 protocols. On a wireless router, a WLAN-Radio
interface bound to a WLAN-BSS interface operates as a Layer 2 interface.

Configuring a WLAN-BSS interface

To configure a WLAN-BSS interface:

1

To do…

Use the command…

Remarks

1. Enter system view.

system-view

—

2. Enter WLAN-BSS interface

view.

interface wlan-bss

interface-number

Required.

If the WLAN-BSS interface does
not exist, this command creates the
WLAN-BSS interface first.

3. Set the description string for the

interface.

description text

Optional.

By default, the description string of
an interface is interface-name +

Interface.

4. Assign the WLAN-BSS

interface to a VLAN.

port access vlan vlan-id

Optional.

By default, an interface belongs to
VLAN 1 (the default VLAN).

5. Specify an authentication

domain for MAC
authentication users.

mac-authentication domain
domain-name

Optional.

By default, the default
authentication domain is used for
MAC authentication users.

6. Set the maximum number of

concurrent MAC
authentication users on a port.

mac-authentication max-user
user-number

Optional.

256 by default

7. Restore the default settings of

the WLAN-BSS interface.

default

Optional.

8. Shut down the WLAN-BSS

interface.

shutdown

Optional.

By default, a WLAN-BSS interface
is up.

Before you execute the port access vlan command, make sure the VLAN specified by the vlan-id parameter

To do…

Use the command…

Remarks

1. Enter system view.

system-view

—

already exists. Use the vlan command to create a VLAN. For more information about the port access vlan
command, see Layer 2—LAN Switching Command Reference.

For more information about the mac-authentication domain and mac-authentication max-user commands,
see Security Command Reference.

WLAN-Ethernet interface

WLAN-Ethernet interfaces are virtual Layer 3 interfaces. They operate like Layer 3 Ethernet interfaces. You
can assign an IP address to a WLAN-Ethernet interface. On a wireless router, a WLAN-Radio interface
bound to a WLAN-Ethernet interface operates as a Layer 3 interface.

Entering WLAN-Ethernet interface view

To enter WLAN-Ethernet interface view:

2

To do…

Use the command…

Remarks

2. Enter WLAN-Ethernet interface

view.

interface wlan-ethernet

interface-number

Required.

If the WLAN-Ethernet interface
does not exist, this command
creates the WLAN-Ethernet
interface first.

3. Restore the default settings of

the WLAN-Ethernet interface.

default

Optional.

To do…

Use the command…

1. Configure an interface.

 qos max-bandwidth
 shutdown
 mtu
 description
 enable snmp trap updown

2. Configure ARP.

 arp max-learning-num
 arp proxy enable
 proxy-arp enable

3. Configure the interface as a BOOTP client.

ip address bootp-alloc

4. Configure

DHCP.

Configure DHCP server.

dhcp select server global-pool

Configure DHCP relay.

 dhcp relay address-check
 dhcp relay information enable
 dhcp relay information format
 dhcp relay information strategy
 dhcp relay release
 dhcp relay server-select
 dhcp select relay

Configure DHCP client.

ip address dhcp-alloc

5. Configure IP accounting.

 ip count firewall-denied
 ip count inbound-packets
 ip count outbound-packets

6. Assign an IP address to the interface.

ip address

7. Configure IP performance.

 ip forward-broadcast
 tcp mss

8. Configure policy-based routing.

ip policy-based-route

9. Configure UDP helper.

udp-helper server

10. Configure URPF.

ip urpf

11. Configure fast forwarding.

ip fast-forwarding

Configuring a WLAN-Ethernet interface

For a WLAN-Ethernet interface, you can configure basic settings such as MTU, and ARP, DHCP, and routing
protocols as listed in the following table. For information about the commands/features listed in the following
table, see related chapters in the corresponding volumes.

3

To do…

Use the command…

12. Configure basic IPv6 settings.

 ipv6 address
 ipv6 address auto link-local
 ipv6 mtu
 ipv6 nd autoconfig managed-address-flag
 ipv6 nd autoconfig other-flag
 ipv6 nd dad attempts
 ipv6 nd ns retrans-timer
 ipv6 nd nud reachable-time
 ipv6 nd ra halt
 ipv6 nd ra interval
 ipv6 nd ra prefix
 ipv6 nd ra router-lifetime
 ipv6 neighbors max-learning-num
 ipv6 policy-based-route

13. Configure NAT-PT.

natpt enable

14. Configure IS-IS.

 isis authentication-mode
 isis circuit-level
 isis circuit-type p2p
 isis cost
 isis dis-name
 isis dis-priority
 isis enable
 isis mesh-group
 isis small-hello
 isis timer csnp
 isis timer hello
 isis timer holding-multiplier
 isis timer lsp
 isis timer retransmit
 isis silent

15. Configure OSPF.

 ospf authentication-mode simple
 ospf authentication-mode
 ospf cost
 ospf dr-priority
 ospf mtu-enable
 ospf network-type
 ospf timer dead
 ospf timer hello
 ospf timer poll
 ospf timer retransmit
 ospf trans-delay

4

To do…

Use the command…

16. Configure RIP.

 rip authentication-mode
 rip input
 rip output
 rip metricin
 rip metricout
 rip poison-reverse
 rip split-horizon
 rip summary-address
 rip version

17. Configure IPv6 IS-IS.

isis ipv6 enable

18. Configure IPv6 OSPFv3.

 ospfv3 cost
 ospfv3 mtu-ignore
 ospfv3 timer dead
 ospfv3 timer hello
 ospfv3 timer retransmit
 ospfv3 area
 ospfv3 dr-priority
 ospfv3 trans-delay

19. Configure IPv6 RIPng.

 ripng default-route
 ripng enable
 ripng metricin
 ripng metricout
 ripng poison-reverse
 ripng split-horizon
 ripng summary-address

20. Configure basic MPLS capabilities.

 mpls
 mpls ldp
 mpls ldp timer hello-hold
 mpls ldp timer keepalive-hold
 mpls ldp transport-address

21. Configure BGP/MPLS VPN.

ip binding vpn-instance

22. Configure PPPoE.

 pppoe-server bind virtual-template
 pppoe-client dial-bundle-number

23. Configure bridge sets.

bridge-set

24. Configure

multicast.

Configure multicast routing and
forwarding.

 multicast minimum-ttl
 multicast ipv6 minimum-hoplimit
 multicast boundary
 multicast ipv6 boundary

Configure IPv6 multicast routing
and forwarding.

 multicast ipv6 minimum-hoplimit
 multicast ipv6 boundary

5

To do…

Use the command…

Configure IGMP.

 igmp enable
 igmp fast-leave
 igmp group-policy
 igmp last-member-query-interval
 igmp max-response-time
 igmp require-router-alert
 igmp robust-count
 igmp send-router-alert
 igmp static-group
 igmp timer other-querier-present
 igmp timer query
 igmp version

Configure MLD.

 mld enable
 mld last-listener-query-interval
 mld max-response-time
 mld require-router-alert
 mld send-router-alert
 mld robust-count
 mld timer other-querier-present
 mld timer query
 mld version
 mld static-group
 mld group-policy
 mld fast-leave

Configure PIM.

 pim bsr-boundary
 pim hello-option
 pim holdtime
 pim require-genid
 pim sm
 pim dm
 pim state-refresh-capable
 pim timer graft-retry
 pim timer hello
 pim timer join-prune
 pim triggered-hello-delay

6

To do…

Use the command…

Configure IPv6 PIM.

 pim ipv6 bsr-boundary
 pim ipv6 hello-option
 pim ipv6 holdtime
 pim ipv6 require-genid
 pim ipv6 sm
 pim ipv6 dm
 pim ipv6 state-refresh-capable
 pim ipv6 timer graft-retry
 pim ipv6 timer hello
 pim ipv6 timer join-prune
 pim ipv6 triggered-hello-delay

25. QoS

Configure traffic policing, traffic
shaping, and line rate.

 qos car
 qos gts any cir
 qos gts acl

Apply a QoS policy.

qos apply policy

Configure congestion
avoidance.

qos max-bandwidth

26. Configure firewall.

 firewall ethernet-frame-filter
 firewall packet-filter
 firewall packet-filter ipv6
 firewall aspf

27. Configure NAT.

 nat outbound
 nat outbound static
 nat server

28. Configure Portal.

 portal auth-network
 portal server

29. Configure IPsec.

ipsec policy

30. Configure the backup center.

 standby interface
 standby threshold
 standby timer delay
 standby timer flow-check
 standby bandwidth

31. Configure NetStream.

ip netstream

32. Configure NTP.

 ntp-service broadcast-client
 ntp-service broadcast-server
 ntp-service multicast-client
 ntp-service multicast-server
 ntp-service in-interface disable

33. Configure IPX.

ipx encapsulation

7

To do…

Use the command…

34. Configure port security.

 port-security authorization ignore
 port-security max-mac-count
 port-security port-mode { mac-and-psk |

mac-authentication | mac-else-userlogin-secure
| mac-else-userlogin-secure-ext | psk |

userlogin-secure | userlogin-secure-ext |
userlogin-secure-ext-or-psk |
userlogin-secure-or-mac |
userlogin-secure-or-mac-ext }

 port-security preshared-key { pass-phrase |

raw-key }

 port-security tx-key-type 11key

Displaying and maintaining a WLAN interface

To do…

Use the command…

Remarks

Display information about
WLAN-Radio interfaces.

display interface [ wlan-radio ]
[ brief [ down ] ] [ | { begin |
exclude | include }
regular-expression ]

display interface wlan-radio
interface-number [ brief ] [ |

{ begin | exclude | include }
regular-expression ]

Available in any view

Display information about
WLAN-BSS interfaces.

display interface [ wlan-bss] [ brief
[ down ] ] [ | { begin | exclude |

include } regular-expression ]

display interface wlan-bss

interface-number [ brief ] [ |
{ begin | exclude | include }
regular-expression ]

Available in any view

Display information about
WLAN-Ethernet interfaces.

display interface [ wlan-ethernet ]
[ brief [ down ] ] [ | { begin |
exclude | include }
regular-expression ]

display interface wlan-ethernet
interface-number [ brief ] [ |

{ begin | exclude | include }
regular-expression ]

Available in any view

8

WLAN service configuration

The terms AP and fat AP in this document refer to A-MSR900 and A-MSR20-1X routers with IEEE 802.11b/g
and A-MSR series routers installed with a SIC WLAN module.

WLANs have become very popular because they are easy to set up and maintain. Generally, several APs
can cover a building or an area. Because the servers in the backbone are fixed, a WLAN is not a completely
wireless network.

The WLAN solution allows you to provide the following wireless LAN services to your customers:

 WLAN client connectivity to conventional 802.3 LANs
 Secured WLAN access with different authentication and encryption methods
 Seamless roaming of WLAN clients in the mobility domain

Basic concepts

Client

A handheld computer or laptop with a wireless NIC can be a WLAN client.

Access point

An AP bridges frames between wireless and wired networks.

Fat AP

A fat AP controls and manages all associated wireless stations and bridges frames between wired and
wireless networks.

SSID

Service set identifier. A client scans all networks at first, and then selects a specific SSID to connect to a
specific wireless network.

Wireless medium

A medium used for transmitting frames between wireless clients. Radio frequency is used as the wireless
medium in the WLAN system.

Wireless client access

A wireless client access process involves three steps: active/passive scanning surrounding wireless services,
authentication, and association, as shown in Figure 1.

9

AP

Client

Authentication request

Authentication response

Association request

Association response

Active/Passive scanning

AP 2

Client

AP 1

Probe request

(

with no SSID

)

Probe request

(

with no SSID

)

Probe Response

Probe Response

Scanning

Figure 1 Establish a client access

A wireless client can get the surrounding wireless network information in two ways: passive scanning or
active scanning. With passive scanning, a wireless client gets wireless network information through listening
to Beacon frames sent by surrounding APs. With active scanning, a wireless actively sends a probe request
frame during scanning, and gets network signals by received probe response frames.

Actually, when a wireless client operates, typically it uses both passive scanning and active scanning to get
information about surrounding wireless networks.

1. Active scanning

When a wireless client operates, it periodically searches for (scans) surrounding wireless networks. Active
scanning falls into two modes according to whether a specified SSID is carried in a probe request.

 A client sends a probe request (with the SSID null, or, the SSID IE length is 0): The client periodically

Figure 2 Active scanning (the SSID of the probe request is null, or, no SSID information is carried)

sends a probe request frame on each of its supported channels to scan wireless networks. APs that
receive the probe request send a probe response, which carries the available wireless network
information. The client associates with the AP with the strongest signal. This active scanning mode
enables a client to actively get acquainted with the available wireless services and select to access the
proper wireless network as needed. The active scanning process of a wireless client is as shown in

Figure 2.

10

Client

AP 1

(SSID=AP1)

Probe Request

(SSID=AP1)

Probe Response

AP

Client

Beacon

Client

Beacon

 A client sends a probe request (with a specified SSID): When the wireless client is configured to access

a specific wireless network or has already successfully accessed a wireless network, the client
periodically sends a probe request carrying the specified SSID of the configured or connected wireless
network. When an AP that can provide the wireless service with the specified SSID receives the probe
request, it sends a probe response. This active scanning mode enables a client to access a specified
wireless network. The active scanning process is as shown in Figure 3.

Figure 3 Active scanning (the probe request carries the specified SSID AP 1)

2. Passive scanning

Passive scanning is used by clients to discover surrounding wireless networks by listening to the beacon
frames periodically sent by an AP. All APs providing wireless services periodically send beacons frames, so
that wireless clients can listen to beacon frames periodically on the supported channels to get information
about surrounding wireless networks. Passive scanning is used by a client when it wants to save battery
power. Typically, VoIP clients adopt the passive scanning mode. The passive scanning process is as shown
in Figure 4.

Figure 4 Passive scanning

Authentication

To secure wireless links, the wireless clients must be authenticated before accessing the AP, and only wireless
clients passing the authentication can be associated with the AP. 802.11 links define two authentication
mechanisms: open system authentication and shared key authentication.

For more information about the two authentication mechanisms, see the chapter ―WLAN security
configuration."

Association

A client that wants to access a wireless network via an AP must be associated with that AP. Once the client
chooses a compatible network with a specified SSID and passes the link authentication to an AP, it sends an
association request frame to the AP. The AP detects the capability information carried in the association
request frame, determines the capability supported by the wireless client, and sends an association response

to the client to notify the client of the association result. Usually, a client can associate with only one AP at a
time, and an association process is always initiated by the client.

11

FAT AP

Gateway

Client1

Client 2

BSS

Internet

Other related procedures

1. De-authentication

A de-authentication frame can be sent by either an AP or wireless client to break an existing link. In a wireless
system, de-authentication can occur due to many reasons, such as:

 Receiving an association/disassociation frame from a client which is unauthenticated.
 Receiving a data frame from a client which is unauthenticated.
 Receiving a PS-poll frame from a client which is unauthenticated.

2. Dissociation

A dissociation frame can be sent by an AP or a wireless client to break the current wireless link. In the wireless
system, dissociation can occur due to many reasons, such as:

 Receiving a data frame from a client which is authenticated and unassociated.
 Receiving a PS-Poll frame from a client which is authenticated and unassociated.

WLAN topologies

WLAN topologies for fat APs consist of:

 Single BSS
 Multi-ESS
 Single ESS Multi-BSS

Single BSS

The coverage of an AP is a BSS. Each BSS is identified by a BSSID. The most basic WLAN network can be
established with only one BSS. All wireless clients associate with the same BSS. If these clients have the same
authorization, they can communicate with each other. Figure 5 shows a single BSS network.

Figure 5 Single BSS network

The clients can communicate with each other or reach a host in the Internet. Communications between clients
within the same BSS are carried out through the fat AP.

12

FAT AP

Gateway

Client1 Client 2

Internet

ESS 1

ESS 2

FAT AP

Gateway

Client 2

Internet

Radio 2

Radio 1

Client 1

ESS 1

ESS 1

BSS 2

BSS 1

Multi-ESS

This topology describes a scenario where more than one ESS exists. When a mobile client joins the fat AP,
it can join one of the available ESSs. Figure 6 shows a multi-ESS network.

Figure 6 Multi-ESS network

Generally a fat AP can provide more than one logical ESS at the same time. The fat AP can broadcast the
current information of ESS by beacon or probe response frames. Clients can select an ESS it is interested to
join.

Different ESS domains can be configured on the fat AP. The fat AP can be configured to accept clients in
these ESS domains once their credentials are acceptable.

Single ESS Multi-BSS (the multi-radio case)

This topology describes a scenario where a fat AP has two radios that are in the same ESS but belong to
different BSSs.

Figure 7 Single ESS multiple BSS network

Use this network scenario when both 802.11a and 802.11b/g need to be supported. Figure 7 shows two
clients connected to different radios belong to the same ESS but different BSSs.

13

Task

Description

Configuring global WLAN parameters

Optional

Specifying a country code

Required

Configuring a WLAN service template

Required

Configuring radio parameters

Required

Configuring the radio of the AP

Required

Configuring 802.11n

Optional

To do…

Use the command…

Remarks

1. Enter system view.

system-view

—

2. Configure the client idle

timeout interval.

wlan client idle-timeout interval

Optional.

By default, the idle timeout interval
is 3600 seconds.

3. Configure the client keep alive

interval.

wlan client keep-alive interval

Optional.

By default, keep–alive function is
disabled.

4. Enable the fat AP to respond

to the probe requests with the
SSID null sent by the client.

wlan broadcast–probe reply

Optional.

Enabled by default.

Protocols and standards

 ANSI/IEEE Std 802.11, 1999 Edition
 IEEE Std 802.11a
 IEEE Std 802.11b
 IEEE Std 802.11g
 IEEE Std 802.11i
 IEEE Std 802.11-2004
 IEEE Std 802.11n

Configuring WLAN service

Configuration task list

Configuring global WLAN parameters

To configure global WLAN parameters:

Specifying a country code

A country code identifies the country in which you want to operate radios. It determines characteristics such
as operating power level and total number of channels available for the transmission of frames. You must set
the valid country code or area code before configuring an AP.

14

To do…

Use the command…

Remarks

1. Enter system view.

system-view

—

2. Specify the country code.

wlan country-code code

By default, the country code for
North American models is US, and
for other models is CN.

To do…

Use the command…

Remarks

1. Enter system view.

system-view

—

2. Create a WLAN service

template and enter WLAN
service template view.

wlan service-template
service-template-number { clear |
crypto }

Required.

3. Specify the service set

identifier.

ssid ssid-name

Required.

By default, no SSID is set.

4. Hide the SSID in beacon

frames.

beacon ssid-hide

Optional.

By default the SSID is not hidden
in beacon frames.

5. Specify an authentication

method.

authentication-method { open system
| shared key }

Required.

For related configuration about
the shared key, see the chapter
―WLAN security configuration."

6. Specify the maximum number

of clients allowed to associate
with the same radio.

client max-count max-number

Optional.

32 by default.

7. Enable the service template.

service-template enable

Required.

Disabled by default.

To do…

Use the command…

Remarks

1. Enter system view.

system-view

—

To specify the country code:

You cannot modify the country code for North American models. Country codes for other models can be
modified at the CLI.

For information about country codes, see WLAN Command Reference.

Configuring a WLAN service template

A WLAN service template includes attributes such as SSID and authentication method (open-system or
shared key) information. A service template can be of clear or crypto type. If a clear type service template
exists, you cannot change it to crypto. To do so, you must delete the clear type service template, and
configure a new service template with type as crypto.

To configure a service template:

Configuring radio parameters

To configure the radio of the AP:

15

To do…

Use the command…

Remarks

2. Enter radio interface view.

interface wlan-radio
interface-number

—

3. Specify a radio type for the

radio.

radio-type [ type { dot11b | dot11g |
dot11gn } ]

Required.

4. Bind a service template to a

WLAN-ESS interface for the
radio.

service-template
service-template-number interface
wlan-bss interface-number

Required.

5. Specify a working channel for

the radio.

channel { channel-number | auto }

Optional.

By default, auto mode is enabled.

The working channel of a radio
varies with country codes and
radio types. The channel list
depends on your device model.

6. Specify the maximum radio

power.

max-power radio-power

Optional.

By default, the maximum radio
power varies with country codes,
channels, AP models, radio types
and antenna types. If 802.11n is
adopted, the maximum radio
power also depends on the
bandwidth mode.

7. Specify the type of preamble.

preamble { long | short }

Optional.

By default, the short preamble is
supported.

This command does not apply to

802.11a radios.

To do…

Use the command…

Remarks

1. Enter system view.

system-view

—

2. Enter radio view.

interface wlan-radio radio-number

Required.

3. Set the interval for sending

beacon frames.

beacon-interval interval

Optional.

By default, the beacon interval is
100 TUs.

4. Set the DTIM counter for

beacon frames.

dtim counter

Optional.

By default, the DTIM counter is 1.

5. Set the fragment threshold.

fragment-threshold size

Optional.

By default, the fragment threshold
is 2346 bytes and must be an
even number.

Configuring the radio of the AP

To configure the radio of the AP:

16

To do…

Use the command…

Remarks

6. Specify the RTS threshold

length.

rts-threshold size

Optional.

By default, the RTS threshold is
2346 bytes.

7. Set the maximum number of

retransmission attempts for
frames larger than the RTS
threshold.

long-retry threshold count

Optional.

By default, the long retry
threshold is 4.

8. Specify the maximum number

of attempts to transmit a frame
shorter than the RTS threshold.

short-retry threshold count

Optional.

By default, the short retry
threshold is 7.

9. Specify the interval for which

a frame received by an AP
can stay in the buffer memory.

max-rx-duration interval

Optional.

By default, the interval for which a
frame received by an AP can stay
in the buffer memory is 2000
milliseconds.

To do…

Use the command…

Remarks

1. Enter system view.

system-view

—

2. Enter radio interface view.

interface wlan-radio

interface-number

—

3. Enter radio view.

radio radio-number type dot11gn

—

4. Specify the bandwidth mode

for the radio.

channel band-width { 20 | 40 }

Optional.

By default, the 802.11gn radio
operates in 20 MHz mode.

Configuring 802.11n

As the next generation wireless LAN technology, 802.11n supports both 2.4GHz and 5GHz bands. It
provides higher-speed services to customers by using the following methods:

1. Increasing bandwidth: 802.11n can bond two adjacent 20-MHz channels together to form a 40-MHz

channel. During data forwarding, the two 20-MHz channels can either work separately with one
channel acting as the primary channel and the other acting as the secondary channel; or both can
work together as a 40-MHz channel. This provides a simple way of doubling the data rate.

2. Improving channel usage through these methods:

 802.11n introduces the A-MPDU frame format. By using only one PHY header, each A-MPDU can

accommodate multiple MPDUs which have their PHY headers removed. This reduces the overhead in
transmission and the number of ACK frames to be used, and improves network throughput.

 Similar with MPDU aggregation, multiple MSDU can be aggregated into a single A-MSDU. This

reduces the MAC header overhead and improves MAC layer forwarding efficiency.

 To improve physical layer performance, 802.11n introduces the short GI function, which shortens the GI

interval of 800 us in 802.11a/g to 400 us. This can increase the data rate by 10 percent.

To configure 802.11n:

17

To do…

Use the command…

Remarks

5. Enable access permission for

802.11n clients only.

client dot11n-only

Optional.

By default, an 802.11gn radio
permits both 802.11b/g and

802.11gn clients to access.

6. Enable the short GI function.

short-gi enable

Optional.

Enabled by default.

7. Enable the A-MSDU function.

a-msdu enable

Optional.

Enabled by default.

The device receives but does not
send A-MSDUs.

8. Enable the A-MPDU function.

a-mpdu enable

Optional.

Enabled by default.

Feature

A-MSR900

A-MSR20-1X

A-MSR20

A-MSR30

A-MSR50

802.11n

No

Available for
routers with a
SIC_WLAN
module that
supports

802.11n

Available for
routers with a
SIC_WLAN
module that
supports

802.11n

Available for
routers with a
SIC_WLAN
module that
supports

802.11n

Available for
routers with a
SIC_WLAN
module that
supports

802.11n

To do…

Use the command…

Remarks

Display WLAN client information.

display wlan client { interface
wlan-radio [ radio-number ] |
mac-address mac-address |
service-template

service-template-number }
[ verbose ] [ | { begin | exclude |
include } regular-expression ]

Available in any view
Display WLAN service template
information.

display wlan service-template
[ service-template-number ] [ |
{ begin | exclude | include }
regular-expression ]

Available in any view

Display WLAN client statistics.

display wlan statistics client { all |
mac-address mac-address } [ |
{ begin | exclude | include }

regular-expression ]

Available in any view
Cut off clients.

reset wlan client { all |
mac-address mac-address }

Available in user view

For information about MCS index and mandatory and supported 802.11n rates, see the chapter ―WLAN
RRM configuration."

The following matrix shows the feature and router compatibility:

Displaying and maintaining WLAN service

18