HPE FlexNetwork MSR Series Command Reference Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Network Router
  5. FlexNetwork MSR Series
  6. Command reference manual

HPE FlexNetwork MSR Series Command Reference Manual

Comware 7 wlan
Hide thumbs Also See for FlexNetwork MSR Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual
HPE FlexNetwork MSR Router Series
Comware 7 WLAN Command Reference
Part number: 5998-8773
Software version: CMW710-E0407
Document version: 6W100-20160526

Advertisement

Table of Contents
loading

Related Manuals for HPE FlexNetwork MSR Series

Summary of Contents for HPE FlexNetwork MSR Series

  • Page 1 HPE FlexNetwork MSR Router Series Comware 7 WLAN Command Reference Part number: 5998-8773 Software version: CMW710-E0407 Document version: 6W100-20160526...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Radio management commands ··························································· 1     a-mpdu ····························································································································· 1   a-msdu ······························································································································ 1   ani···································································································································· 2   antenna type ······················································································································ 2   beacon-interval ··················································································································· 3   channel ····························································································································· 4   channel band-width ·············································································································· 4   client dot11b-forbidden ········································································································· 5  ...
  • Page 4   display wlan statistics ········································································································· 48   display wlan whitelist ·········································································································· 50   quick-association enable ····································································································· 50   region-code ······················································································································ 51   region-code-lock ··············································································································· 53   reset wlan client ················································································································ 54   reset wlan dynamic-blacklist ································································································ 54   service-template ················································································································ 55  ...
  • Page 5 WLAN QoS commands ··································································· 94     bandwidth-guarantee ········································································································· 94   bandwidth-guarantee service-template ··················································································· 94   cac policy ························································································································ 95   client-rate-limit ·················································································································· 96   client-rate-limit enable ········································································································ 97   display wlan wmm ············································································································· 98   edca radio ······················································································································ 100  ...

  • Page 6: Radio Management Commands

    Radio management commands WLAN is supported only on the MSR954(JH297A/JH298A/JH299A). The term "AP" in this document refers to MSR routers that support WLAN. a-mpdu Use a-mpdu enable to enable the A-MPDU aggregation method. Use a-mpdu disable to disable the A-MPDU aggregation method. Use undo a-mpdu to restore the default.

  • Page 7: Ani

    Predefined user roles network-admin Usage guidelines This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command. The device can receive but cannot send A-MSDUs. Examples # Disable the A-MSDU aggregation method. <Sysname>...

  • Page 8: Beacon-Interval

    undo antenna type Default The antenna type is external. Views Radio interface view Predefined user roles network-admin Parameters antenna-type: Specifies an antenna type, a string of 1 to 10 characters. Usage guidelines Perform this task to set the antenna type for the AP. The antenna type setting for the AP must be consistent with the type of the antenna used on the AP.

  • Page 9: Channel

    channel Use channel to specify a working channel for a radio interface. Use undo channel to restore the default. Syntax channel { channel-number | auto } undo channel Default The auto mode is used. Views Radio interface view Predefined user roles network-admin Parameters channel-number: Specifies a channel by its number.

  • Page 10: Client Dot11B-Forbidden

    Parameters 20: Sets the bandwidth mode to 20 MHz. 40: Sets the bandwidth mode to 40 MHz. Usage guidelines This command is applicable only to 802.11n radios. When you change the mode of a radio, the default setting of this command for the new radio mode is restored. If the current channel of a radio does not support the specified bandwidth mode, the radio clears the channel configuration and selects another channel.

  • Page 11: Client Max-Count

    Use client dot11n-only disable to disable the client dot11n-only feature. Use undo client dot11n-only to restore the default. Syntax client dot11n-only { disable | enable } undo client dot11n-only Default The client dot11n-only feature is disabled. Views Radio interface view Predefined user roles network-admin Usage guidelines...

  • Page 12: Custom-Antenna Gain

    Examples # Set the maximum number of clients that can associate with the AP to 38. <Sysname> system-view [Sysname] interface wlan-radio 0/0 [Sysname-WLAN-Radio0/0] client max-count 38 custom-antenna gain Use custom-antenna gain to set the antenna gain. Use undo custom-antenna gain to restore the default. Syntax custom-antenna gain antenna-gain undo custom-antenna gain...

  • Page 13: Dot11G Protection

    Default The maximum transmission distance is 1 km (0.62 miles). Views Radio interface view Predefined user roles network-admin Parameters distance: Specifies the maximum transmission distance in the range of 1 to 40 km (0.62 to 24.86 miles). Examples # Set the maximum transmission distance to 5 km (3.11 miles). <Sysname>...

  • Page 14: Dot11N Mandatory Maximum-Mcs

    [Sysname-WLAN-Radio0/1] dot11g protection enable Related commands protection-mode dot11n mandatory maximum-mcs Use dot11n mandatory maximum-mcs to set the maximum mandatory MCS index. Use undo dot11n mandatory maximum-mcs to restore the default. Syntax dot11n mandatory maximum-mcs index undo dot11n mandatory maximum-mcs Default No maximum mandatory MCS index is set.

  • Page 15: Dot11N Protection

    Views Radio interface view Predefined user roles network-admin Parameters index: Specifies the multicast MCS index in the range of 0 to 76. Usage guidelines This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command.

  • Page 16: Dot11N Support Maximum-Mcs

    Examples # Enable 802.11n protection. <Sysname> system-view [Sysname] interface wlan-radio 0/1 [Sysname-WLAN-Radio0/1] dot11n protection enable Related commands protection-mode dot11n support maximum-mcs Use dot11n support maximum-mcs to set the maximum supported MCS index. Use undo dot11n support maximum-mcs to restore the default. Syntax dot11n support maximum-mcs index undo dot11n support maximum-mcs...

  • Page 17: Fragment-Threshold

    Default The DTIM interval is 1. The AP sends buffered broadcast and multicast frames after every beacon frame. Views Radio interface view Predefined user roles network-admin network-operator Parameters counter: Specifies the DTIM interval in the range of 1 to 31. Usage guidelines An AP periodically broadcasts a beacon compliant with the DTIM.

  • Page 18: Green-Energy-Management

    Examples # Set the fragmentation threshold to 2048 bytes. <Sysname> system-view [Sysname] interface wlan-radio 0/1 [Sysname-wlan-radio0/1] fragment-threshold 2048 green-energy-management Use green-energy-management enable to enable the energy-saving feature. Use green-energy-management disable to disable the energy-saving feature. Use undo green-energy-management to restore the default. Syntax green-energy-management { disable | enable } undo green-energy-management...

  • Page 19: Long-Retry Threshold

    Views Radio interface view Predefined user roles network-admin Usage guidelines This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command. The device can receive but cannot send LDPC packets. Examples # Disable LDPC.

  • Page 20: Max-Power

    Related commands short-retry threshold max-power Use max-power to set the maximum transmit power. Use undo max-power to restore the default. Syntax max-power radio-power undo max-power Default The AP uses the maximum supported transmit power. Views Radio interface view Predefined user roles network-admin Parameters radio-power: Specifies the maximum transmit power.

  • Page 21: Preamble

    Views Radio interface view Predefined user roles network-admin Parameters 1x1: Sends and receives signals through one spatial stream. 2x2: Sends and receives signals through two spatial streams. Usage guidelines MIMO enables a radio to send and receive wireless signals through multiple spatial streams. This improves system capacity and spectrum usage without requiring higher bandwidth.

  • Page 22: Protection-Mode

    [Sysname-WLAN-Radio0/1] type dot11g [Sysname-WLAN-Radio0/1] preamble long protection-mode Use protection-mode to specify a collision avoidance mode. Use undo protection-mode to restore the default. Syntax protection-mode { cts-to-self | rts-cts } undo protection-mode Default The CTS-to-self mode is used. Views Radio interface view Predefined user roles network-admin Parameters...

  • Page 23: Rate

    Syntax protection-threshold size undo protection-threshold Default The RTS threshold is 2346 bytes. Views Radio interface view Predefined user roles network-admin Parameters size: Specifies the RTS threshold in the range of 0 to 2346 bytes. Usage guidelines The system performs collision avoidance only for packets larger than the RTS threshold. Examples # Set the RTS threshold to 2048 bytes.

  • Page 24: Short-Gi

    Mandatory rates—1, 2, 5.5, and 11. Multicast rate—Selected from the mandatory rates. Supported rates—6, 9, 12, 18, 24, 36, 48, and 54. Views Radio interface view Predefined user roles network-admin Parameters disabled: Specifies rates that cannot be used by an AP. mandatory: Specifies rates that the clients must support to associate with an AP.

  • Page 25: Short-Retry Threshold

    Predefined user roles network-admin Usage guidelines This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command. Examples # Disable short GI. <Sysname> system-view [Sysname] interface wlan-radio 0/1 [Sysname-WLAN-Radio0/1] short-gi disable short-retry threshold Use short-retry threshold to set the maximum number of hardware retransmissions for small frames.

  • Page 26: Smart-Antenna Policy

    Use smart-antenna disable to disable the smart antenna feature. Use undo smart-antenna to restore the default. Syntax smart-antenna { disable | enable } undo smart-antenna Default The smart antenna feature is enabled. Views Radio interface view Predefined user roles network-admin Usage guidelines This command is applicable only to 802.11n radios.

  • Page 27: Stbc

    Usage guidelines This command is applicable only to 802.11n radios. Changing the radio mode to 802.11a, 802.11b, or 802.11g invalidates the command. The smart antenna mode configuration takes effect only after you enable the smart antenna feature. Examples # Set the smart antenna mode to high-availability. <Sysname>...
  • Page 28 Default Interface WLAN-radio 0/0 operates in dot11an mode and interface WLAN-radio 0/1 operates in dot11gn mode. Views Radio interface view Predefined user roles network-admin Parameters dot11a: Specifies the 802.11a radio mode. dot11an: Specifies the 802.11n (5 GHz) radio mode. dot11b: Specifies the 802.11b radio mode. dot11g: Specifies the 802.11g radio mode.

  • Page 29: Wlan Radio Resource Measurement Commands

    WLAN radio resource measurement commands WLAN is supported only on the MSR954(JH297A/JH298A/JH299A). The term "AP" in this document refers to MSR routers that support WLAN. display wlan measure-report Use display wlan measure-report to display measurement reports for clients. Syntax display wlan measure-report interface interface-type interface-number [ client mac-address mac-address ] Views Any view...
  • Page 30 Frame report entry: BSSID : a072-2351-e253 PHY type : fhss Average RCPI : -10 dBm Last RSNI : 2 dBm Last RCPI : -20 dBm Frames Dot11BSSAverageAccessDelay group: Average access delay : 32 ms BestEffort average access delay : 1 ms Background average access delay : 1 ms Video average access delay...

  • Page 31: Measure

    Field Description Transmit power Transmission power of the client. Whether the client has detected wireless packets from other BSSs. OFDM preamble Whether the client has detected OFDM preambles. Radar Whether the client has detected radar signals. Unidentified signal Whether the client has detected unknown signals. CCA utilization is expressed as a percentage of time that the CCA busy fraction channel is busy (during the measurement period).

  • Page 32: Measure-Duration

    Use undo measure to restore the default. Syntax measure { all | link | neighbor | radio | spectrum | tpc } { disable | enable } undo measure Default Measurement is disabled. Views Radio interface view Predefined user roles network-admin Parameters all: Specifies all measurement features.

  • Page 33: Measure-Interval

    Syntax measure-duration time undo measure-duration Default The measurement duration is 500 TUs. Views Radio interface view Predefined user roles network-admin Parameters time: Specifies the measurement duration in the range of 1 to 10000 TUs. One TU is equal to 1024 microseconds.

  • Page 34: Resource-Measure

    Examples # Set the measurement interval to 35 seconds. <Sysname> system-view [Sysname] interface wlan-radio 0/0 [Sysname-WLAN-Radio0/0] measure-interval 35 Related commands measure measure-duration resource-measure Use resource-measure enable to enable radio resource measurement. Use resource-measure disable to disable radio resource measurement. Use undo resource-measure to restore the default. Syntax resource-measure { disable | enable } undo resource-measure...

  • Page 35: Spectrum-Management

    Default The match mode is none for client radio resource measurement capabilities. Views Radio interface view Predefined user roles network-admin Parameters all: Specifies the all mode. A client is allowed to associate with the AP only when all its radio resource measurement capabilities match the AP's radio resource measurement capabilities.
  • Page 36 This feature is supported only on 5 GHz radio interfaces. Examples # Enable spectrum management. <Sysname> system-view [Sysname] interface wlan-radio 0/0 [Sysname-WLAN-Radio0/0] spectrum-management enable...

  • Page 37: Band Navigation Commands

    Band navigation commands WLAN is supported only on the MSR954(JH297A/JH298A/JH299A). The term "AP" in this document refers to MSR routers that support WLAN. wlan band-navigation aging-time Use wlan band-navigation aging-time to set the client information aging time. Use undo wlan band-navigation aging-time to restore the default. Syntax wlan band-navigation aging-time aging-time undo wlan band-navigation aging-time...

  • Page 38: Wlan Band-Navigation Balance Session

    Default An AP does not reject 5 GHz association requests. Views System view Predefined user roles network-admin Parameters access-denial: Specifies the maximum number of denials for 5 GHz association requests, in the range of 1 to 10. Usage guidelines If the number of times that a 5 GHz radio rejects a client reaches the specified maximum number, the radio accepts the association request of the client.

  • Page 39: Wlan Band-Navigation Enable

    Examples # Enable load balancing for band navigation, and set the client number threshold and session gap threshold to 10 and 5, respectively. <Sysname> system-view [Sysname] wlan band-navigation balance session 10 gap 5 wlan band-navigation enable Use wlan band-navigation enable to enable band navigation. Use undo wlan band-navigation enable to restore the default.
  • Page 40 Predefined user roles network-admin Parameters rssi-threshold: Specifies the RSSI threshold for band navigation, in the range of 5 to 100. Usage guidelines A client might be detected by multiple radios. A 5 GHz radio rejects the association request of a client if the client's RSSI is lower than the band navigation RSSI threshold.

  • Page 42: Wlan Access Commands

    WLAN access commands The term "AP" in this document refers to MSR routers that support WLAN. WLAN is supported only on the MSR954(JH297A/JH298A/JH299A). beacon ssid-hide Use beacon ssid-hide to disable advertising of the Service Set Identifier (SSID) in beacon frames. Use undo beacon ssid-hide to restore the default.

  • Page 43: Display Wlan Client

    Examples # Display static blacklist entries. <Sysname> display wlan blacklist static Total number of clients: 3 MAC addresses: 000e-35b2-000e 0019-5b8e-b709 001c-f0bf-9c92 # Display dynamic blacklist entries. <Sysname> display wlan blacklist dynamic Total number of clients: 3 MAC address APID Lifetime (s) Duration (hh:mm:ss) 000f-e2cc-0001 00:02:11...
  • Page 44 Examples # Display brief information about all clients. <Sysname> display wlan client Total number of clients: 3 MAC address Username APID/RID IP address IPv6 address VLAN 000f-e265-6400 N/A 1.1.1.1 000f-e265-6401 user 1024/1 3.0.0.3 84db-ac14-dd08 N/A 5.5.5.3 1::2:0:0:3 Table 3 Command output Field Description MAC address...
  • Page 45 SM power save mode : Dynamic Short GI for 20MHz : Supported Short GI for 40MHz : Supported Short GI for 80MHz : Supported Short GI for 160/80+80MHz : Not supported STBC RX capability : Not supported STBC TX capability : Not supported LDPC RX capability : Not supported...
  • Page 46 Field Description NOTE: If the client uses portal authentication, this field does not display the portal username of the client. Association ID. AP ID ID of the AP that the client is associated with. AP name Name of the AP that the client is associated with. Radio ID ID of the radio that the client is associated with.
  • Page 47 Field Description • Not supported. Client STBC receive capability; • STBC Rx Capability Not Supported. • Supported. Client STBC transmission capability: • Not Supported. STBC Tx Capability • Supported. Client LDPC receive capability; • LDPC Rx capability Not Supported. • Supported.
  • Page 48 Field Description • PRE-RSN—Beacons and probe responses do not carry RSN IE or WPA AKM mode: • 802.1X. AKM mode • PSK. Cipher suite: • N/A. • WEP40. • Cipher suite WEP104. • WEP128. • CCMP. • TKIP. User authentication mode: •...

  • Page 49: Display Wlan Service-Template

    Field Description • Policy-name. Online time Client online duration. Fast BSS transition (FT): • FT status Active—FT is enabled. • Inactive—FT is disabled. display wlan service-template Use display wlan service-template to display service template information. Syntax display wlan service-template [ service-template-name ] Views Any view Predefined user roles...
  • Page 50 Intrusion protection : Disabled Intrusion protection mode : Temporary-block Temporary block time : 180 sec Temporary service stop time : 20 sec Fail VLAN ID 802.1X handshake : Enabled 802.1X handshake secure : Disabled 802.1X domain : my-domain MAC-auth domain : Not configured Max 802.1X users per BSS : 4096...
  • Page 51 Field Description ID of the VLAN to which clients belong after coming online through the VLAN ID service template. AKM mode: • 802.1X. AKM mode • PSK. Security IE: • Security IE RSN. • WPA. Cipher suite: • WEP40. • WEP104.
  • Page 52 Field Description • Temporary-service-stop—Temporarily stops the access service provided by the BSS that receives illegal packets. Temporary block time Temporary block time in seconds. Temporary service stop time Temporary service stop time in seconds. ID of the VLAN to which clients are added if they cannot pass the Fail VLAN ID authentication when the authentication server can be reached.

  • Page 53: Display Wlan Statistics

    Field Description • Mandatory—Management frame protection in mandatory mode is enabled. WLAN forwarding policy status: • Disabled. Forward policy status • Enabled. FT status: • FT status Disabled. • Enabled. QoS priority trust mode: • QoS trust Port—Port priority trust mode. •...
  • Page 54 Best effort : 9/1230 (frames/bytes) Video : 0/0 (frames/bytes) Voice : 2/76 (frames/bytes) Received frames: Back ground : 0/0 (frames/bytes) Best effort : 18/2437 (frames/bytes) Video : 0/0 (frames/bytes) Voice : 7/468 (frames/bytes) Discarded frames: Back ground : 0/0 (frames/bytes) Best effort : 0/0 (frames/bytes) Video...

  • Page 55: Display Wlan Whitelist

    Reassociations : 30 Rejections : 12 Exceptional deassociations Current associations : 57 AP name : ap1 Radio ID Associations : 1004 Association failures : 35 Reassociations : 59 Rejections Exceptional deassociations : 22 Current associations : 300 display wlan whitelist Use display wlan whitelist to display whitelist entries.

  • Page 56: Region-Code

    Predefined user roles network-admin Usage guidelines This command disables APs from performing load balancing or band navigation on clients associated with the specified service template. Examples # Enable quick association for service template 1. <Sysname> system-view [Sysname] wlan service-template 1 [Sysname-wlan-st-1]quick-association enable region-code Use region-code to specify a region code.
  • Page 57 Country Code Country Code Brunei Darussalam Monaco Bolivia Moldova Brazil Macedonia Bahamas Macau Belarus Martinique Belize Malta Canada Mauritius Switzerland Mexico Cote d'ivoire Malay Archipelago Chile Namibia China Nigeria Colombia Nicaragua Costarica Netherlands Serbia Norway Cyprus New Zealand Czech Republic Oman Germany Panama...

  • Page 58: Region-Code-Lock

    Country Code Country Code Croatia Turkey Hungary Trinidad and Tobago Taiwan, Province of Iceland China India Ukraine Indonesia United States of America Ireland Uruguay Israel Uzbekistan Iraq The Vatican City State Italy Venezuela Iran Virgin Islands Jamaica Vietnam Jordan Yemen Japan South Africa Democratic People's...

  • Page 59: Reset Wlan Client

    Predefined user roles network-admin Parameters A locked region code cannot be changed. Examples # Lock the global region code. <Sysname> system-view [Sysname] wlan global-configuration [Sysname-wlan-global-configuration] region-code-lock enable Related commands region-code reset wlan client Use reset wlan client to log off a client or all clients. Syntax reset wlan client { all | mac-address mac-address } View...

  • Page 60: Service-Template

    Parameters mac-address mac-address: Specifies a client by its MAC address. If you do not specify this option, the command removes all clients from the dynamic blacklist. Examples # Remove all clients from the dynamic blacklist. <Sysname> reset wlan dynamic-blacklist # Remove the specified client from the dynamic blacklist. <Sysname>...

  • Page 61: Snmp-Agent Trap Enable Wlan Client

    undo service-template enable Default A service template is disabled. Views Service template view Predefined user roles network-admin Usage guidelines If the number of BSSs on an AC exceeds the limit, you cannot enable a new service template. Examples # Enable service template service1. <Sysname>...

  • Page 62: Unknown-Client

    Syntax ssid ssid-name undo ssid Default No SSID is configured for a service template. Views Service template view Predefined user roles network-admin Parameters ssid-name: Specifies an SSID name, a case-sensitive string of 1 to 32 characters. Usage guidelines Disable the service template before you execute this command. Examples # Set the SSID to lynn for service template service1.

  • Page 63: Vlan

    vlan Use vlan to assign clients coming online through a service template to the specified VLAN. Use undo vlan to restore the default. Syntax vlan vlan-id undo vlan Default Clients join VLAN 1 after coming online through a service template. Views Service template view Predefined user roles...

  • Page 64: Wlan Client Idle-Timeout

    <Sysname> system-view [Sysname] undo wlan broadcast-probe reply wlan client idle-timeout Use wlan client idle-timeout to set the client idle timeout timer. Use undo wlan client idle-timeout to restore the default. Syntax wlan client idle-timeout timeout undo wlan client idle-timeout Default The client idle timeout timer is 3600 seconds.

  • Page 65: Wlan Gps-Report Enable

    AP that does not have any GPS antennas, the AP does not output or send GPS information. Examples # Enable GPS information reporting. <Sysname> system-view [Sysname] wlan gps-report enable [Sysname] %Jan 1 12:45:33:697 2014 HPE APMGR/6/APMGR_AP_GPSREPORT: SN=CN51GTG0GK, Lng=117.788887, Lat=30.822136, Velocity=25.445878, Orientation=8.054548, DayTime=2016-03-28 15:32:19, Elevation=156.655897. Table 8 Command output Field Description Serial number of the AP.

  • Page 66: Wlan Dynamic-Blacklist Lifetime

    wlan dynamic-blacklist lifetime Use wlan dynamic-blacklist lifetime to set the aging time for dynamic blacklist entries. Use undo wlan dynamic-blacklist lifetime to restore the default. Syntax wlan dynamic-blacklist lifetime lifetime undo wlan dynamic-blacklist lifetime Default The aging time is 300 seconds for dynamic blacklist entries. Views System view Predefined user roles...
  • Page 67 Examples # Test the quality of the wireless link to the client with MAC address 60a4-4cda-eff0. <Sysname> wlan link-test 60a4-4cda-eff0 Testing link to 60a4-4cda-eff0. Press CTRL + C to break. Link Status ----------------------------------------------------------------------- MAC address: 60a4-4cda-eff0 ----------------------------------------------------------------------- VHT-MCS Rate(Mbps) TxCnt RxCnt RSSI Retries...

  • Page 68: Wlan Service-Template

    Field Description Retries Number of wireless link quality retransmission frames sent by the AP. RTT(ms) Round trip time for link quality test frames from the AP to the client. Number of spatial streams for link quality test on 802.11n or 802.11ac clients.

  • Page 69: Wlan Whitelist Mac-Address

    Views System view Predefined user roles network-admin Parameters mac-address mac-address: Specifies a client by its MAC address. Usage guidelines If you add an online client to the static blacklist, the command logs off the client. You cannot add a client to both the whitelist and the static blacklist. The undo form of the command removes all clients from the static blacklist if you do not specify the mac-address mac-address option.

  • Page 70: Related Commands

    Examples # Add MAC address 001c-f0bf-9c92 to the whitelist. <Sysname> system-view [Sysname] wlan whitelist mac-address 001c-f0bf-9c92 This command will disconnect all clients. Continue? [Y/N]: Related commands display wlan whitelist...

  • Page 71: Wlan Security Commands

    WLAN security commands The term "AP" in this document refers to MSR routers that support WLAN. WLAN is supported only on the MSR954(JH297A/JH298A/JH299A). akm mode Use akm mode to set an authentication and key management (AKM) mode. Use undo akm mode to restore the default. Syntax akm mode { dot1x | private-psk | psk | anonymous-dot1x } undo akm mode...

  • Page 72: Cipher-Suite

    Related commands cipher-suite security-ie cipher-suite Use cipher-suite to specify the cipher suite used for frame encryption. Use undo cipher-suite to remove the cipher suite configuration. Syntax cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 } undo cipher-suite { ccmp | tkip | wep40 | wep104 | wep128 } Default No cipher suite is specified.

  • Page 73: Gtk-Rekey Client-Offline Enable

    gtk-rekey client-offline enable Use gtk-rekey client-offline enable to enable offline-triggered GTK update. Use undo gtk-rekey client-offline to restore the default. Syntax gtk-rekey client-offline enable undo gtk-rekey client-offline enable Default Offline-triggered GTK update is disabled. Views WLAN service template view Predefined user roles network-admin Usage guidelines Enable offline-triggered GTK update only when GTK update is enabled.

  • Page 74: Gtk-Rekey Method

    gtk-rekey method Use gtk-rekey method to set a GTK update method. Use undo gtk-rekey method to restore the default. Syntax gtk-rekey method { packet-based [ packet ] | time-based [ time ] } undo gtk-rekey method Default The GTK is updated at an interval of 86400 seconds. Views WLAN service template view Predefined user roles...

  • Page 75: Key-Derivation

    key-derivation Use key-derivation to set the key derivation function (KDF). Use undo key-derivation to restore the default. Syntax key-derivation { sha1 | sha1-and-sha256 | sha256 } undo key-derivation Default The KDF is the HMAC-SHA1 algorithm. Views WLAN service template view Predefined user roles network-admin Parameters...

  • Page 76: Pmf Association-Comeback

    Views WLAN service template view Predefined user roles network-admin Parameters mandatory: Specifies the mandatory mode. Only clients that support management frame protection can access the WLAN. optional: Specifies the optional mode. All clients can access the WLAN. Usage guidelines Management frame protection takes effect only for a network that uses the RSNA mechanism and is configured with the CCMP cipher suite and RSN security information element.

  • Page 77: Pmf Saquery Retrycount

    <Sysname> system-view [Sysname] wlan service-template 1 [Sysname-wlan-st-1] pmf association-comeback 2 pmf saquery retrycount Use pmf saquery retrycount to maximum retransmission attempts for SA query requests. Use undo pmf saquery retrycount to restore the default. Syntax pmf saquery retrycount count undo pmf saquery retrycount Default The maximum retransmission attempt number is 4 for SA query requests.

  • Page 78: Preshared-Key

    Views WLAN service template view Predefined user roles network-admin Parameters timeout: Specifies the interval for the AP to send SA query requests, in the range of 100 to 500 milliseconds. Examples # Set the interval for sending SA query requests to 300 milliseconds. <Sysname>...

  • Page 79: Ptk-Lifetime

    Usage guidelines Set the PSK only when the WLAN service template is disabled and the AKM mode is PSK. If you set the PSK when the AKM mode is 802.1X, the WLAN service template can be enabled but the PSK configuration does not take effect.

  • Page 80: Snmp-Agent Trap Enable Wlan Usersec

    Syntax security-ie { osen | rsn | wpa } undo security-ie { osen | rsn | wpa } Default OSEN IE, RSN IE, and WPA IE are disabled. Views WLAN service template view Predefined user roles network-admin Parameters osen: Enables the OSEN IE in the beacon and probe response frames sent by the AP. The OSEN IE advertises the OSEN capabilities of the AP.

  • Page 81: Tkip-Cm-Time

    Predefined user roles network-admin Usage guidelines To report critical WLAN security events to an NMS, enable SNMP notifications for WLAN security. For WLAN security event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.

  • Page 82: Wep Key

    wep key Use wep key to set a WEP key. Use undo wep key to delete the configured WEP key. Syntax wep key key-id { wep40 | wep104 | wep128 } { pass-phrase | raw-key } { cipher | simple } string undo wep key key-id Default No WEP key is set.

  • Page 83: Wep Key-Id

    Related commands cipher-suite wep key-id wep key-id Use wep key-id to apply a WEP key. Use undo wep key-id to restore the default. Syntax wep key-id { 1 | 2 | 3 | 4 } undo wep key-id Default Key 1 is applied. Views WLAN service template view Predefined user roles...
  • Page 84 Syntax wep mode dynamic undo wep mode dynamic Default The dynamic WEP mechanism is disabled. Views WLAN service template view Predefined user roles network-admin Usage guidelines Enable the dynamic WEP mechanism only when the WLAN service template is disabled. The dynamic WEP mechanism requires 802.1X authentication for user access authentication. Do not apply WEP key 4 if the dynamic WEP mechanism is enabled.

  • Page 85: Wlan Authentication Commands

    WLAN authentication commands WLAN is supported only on the MSR954(JH297A/JH298A/JH299A). The term "AP" in this document refers to MSR routers that support WLAN. This chapter describes WLAN-specific authentication commands. For more information about 802.1X and MAC authentication commands, see Security Command Reference. client url-redirect enable Use client url-redirect enable to enable URL redirection for WLAN clients.

  • Page 86: Client-Security Authentication-Mode

    Use undo client-security authentication fail-vlan to restore the default. Syntax client-security authentication fail-vlan vlan-id undo client-security authentication fail-vlan Default No Auth-Fail VLAN exists. Views Service template view Predefined user roles network-admin Parameters vlan-id: Specifies the ID of the Auth-Fail VLAN, in the range of 1 to 4094. Make sure the VLAN has been created.

  • Page 87: Client-Security Authorization-Fail Offline

    Parameters dot1x: Performs 802.1X authentication only. dot1x-then-mac: Performs 802.1X authentication first, and then MAC authentication. If the client passes 802.1X authentication, MAC authentication is not performed. mac: Performs MAC authentication only. mac-then-dot1x: Performs MAC authentication first, and then 802.1X authentication. If the client passes MAC authentication, 802.1X authentication is not performed.

  • Page 88: Client-Security Ignore-Authorization

    Examples # Enable the authorization-fail-offline feature for service template service1. <Sysname> system-view [Sysname] wlan service-template service1 [Sysname-wlan-st-service1] client-security authorization-fail offline client-security ignore-authorization Use client-security ignore-authorization to configure the device to ignore the authorization information received from the authentication server (a RADIUS server or the local device). Use undo client-security ignore-authorization to restore the default.

  • Page 89: Client-Security Intrusion-Protection Enable

    Default The intrusion protection action is temporary-block. Views Service template view Predefined user roles network-admin Parameters service-stop: Stops the BSS where an illegal frame is received until the BSS is enabled manually on the radio interface. temporary-block: Adds the source MAC address of an illegal frame to the blocked MAC address list for a period.

  • Page 90: Client-Security Intrusion-Protection Timer Temporary-Block

    Predefined user roles network-admin Usage guidelines This command is configurable when the service template is disabled, and it takes effect after the service template is enabled. When the device receives an association request from an illegal client, the device takes the predefined protection action on the BSS where the request is received.

  • Page 91: Client-Security Intrusion-Protection Timer Temporary-Service-Stop

    [Sysname-wlan-st-service1] client-security intrusion-protection action temporary-block [Sysname-wlan-st-service1] client-security intrusion-protection timer temporary-block Related commands client-security intrusion-protection action client-security intrusion-protection enable client-security intrusion-protection timer temporary-service-stop Use client-security intrusion-protection timer temporary-service-stop to set the BSS silence period for intrusion protection. Use undo client-security intrusion-protection timer temporary-service-stop to restore the default.

  • Page 92: Display Wlan Client-Security Block-Mac

    display wlan client-security block-mac Use display wlan client-security block-mac to display blocked MAC address information for WLAN clients. Syntax display wlan client-security block-mac Views Any view Predefined user roles network-admin network-operator Usage guidelines A MAC address that fails authentication is added to the blocked MAC address list when the intrusion protection action is temporary-block.

  • Page 93: Dot1X Eap

    Default No authentication domain is specified for 802.1X clients on a service template. Views Service template view Predefined user roles network-admin Parameters domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters. Usage guidelines This command is configurable when the service template is disabled, and it takes effect after the service template is enabled.

  • Page 94: Dot1X Handshake Enable

    Usage guidelines This command is configurable when the service template is disabled, and it takes effect after the service template is enabled. When you configure this command, specify the extended keyword for Hewlett Packard Enterprise iNode clients and the standard keyword for other clients. This command is required only when an IMC server is used as the RADIUS server.

  • Page 95: Dot1X Handshake Secure Enable

    dot1x handshake secure enable Use dot1x handshake secure enable to enable the 802.1X online user handshake security feature. Use undo dot1x handshake secure enable to disable the 802.1X online user handshake security feature. Syntax dot1x handshake secure enable undo dot1x handshake secure enable Default The 802.1X online user handshake security feature is disabled.

  • Page 96: Dot1X Re-Authenticate Enable

    Predefined user roles network-admin Parameters count: Specifies the maximum number of concurrent 802.1X clients. The value range is 1 to 4096. Usage guidelines This command is configurable when the service template is disabled, and it takes effect after the service template is enabled. When the maximum number is reached, the service template denies subsequent 802.1X clients.

  • Page 97: Mac-Authentication Domain

    • If the termination action is Radius-request, the periodic online user reauthentication configuration on the template does not take effect. The device reauthenticates the online 802.1X clients after the session timeout timer expires. Examples # Enable the 802.1X periodic online user reauthentication feature on service template service1. <Sysname>...

  • Page 98: Mac-Authentication Max-User

    mac-authentication max-user Use mac-authentication max-user to set the maximum number of concurrent MAC authentication clients on a service template. Use undo mac-authentication max-user to restore the default. Syntax mac-authentication max-user count undo mac-authentication max-user Default A maximum of 4096 concurrent MAC authentication clients are allowed on a service template. Views Service template view Predefined user roles...

  • Page 99: Wlan Qos Commands

    WLAN QoS commands WLAN is supported only on the MSR954(JH297A/JH298A/JH299A). The term "AP" in this document refers to MSR routers that support WLAN. bandwidth-guarantee Use bandwidth-guarantee enable to enable bandwidth guaranteeing. Use bandwidth-guarantee disable to disable bandwidth guaranteeing. Use undo bandwidth-guarantee to restore the default. Syntax bandwidth-guarantee { disable | enable } undo bandwidth-guarantee...

  • Page 100: Cac Policy

    Default A service template does not have a guaranteed bandwidth. Views Radio interface view Predefined user roles network-admin Parameters service-template service-template-name: Specifies a service template by its name, a case-insensitive string of 1 to 63 characters. Make sure the specified service template has been bound to the radio.

  • Page 101: Client-Rate-Limit

    Predefined user roles network-admin Parameters channelutilization: Specifies the channel usage-based admission policy. channelutilization-value: Specifies the maximum channel usage in percentage, in the range of 0 to 100. The maximum channel usage refers to the medium time of the accepted AC-VO and AC-VI traffic to the valid time within a certain time.

  • Page 102: Client-Rate-Limit Enable

    Usage guidelines For this command to take effect, make sure service-template-based client rate limiting is enabled. You can repeat this command multiple times to limit the rates of both the incoming and outgoing traffic. Examples # Configure rate limiting for service template 1: set the CIR to 567 Kbps for each client's incoming traffic.

  • Page 103: Display Wlan Wmm

    display wlan wmm Use display wlan wmm radio to display WMM statistics for radios. Use display wlan wmm client to display WMM statistics for clients. Syntax display wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Views Any view...
  • Page 104 Radio max AIFSN : 15 Radio max ECWmin : 10 Radio max TXOPLimit : 32767 Radio max ECWmax : 10 CAC information Client accepted Voice Video Total request mediumtime(µs) Voice(µs) Video(µs) Calls rejected due to insufficient resources Calls rejected due to invalid parameters Calls rejected due to invalid mediumtime Calls rejected due to invalid delaybound Table 11 Command output...

  • Page 105: Edca Radio

    Medium time (µs) : 39 MSDU size (bytes) : 1500 Mean data rate (Kbps) : 10.000 Minimum PHY rate (Mbps) : 11.000 TS creation time : 0h:0m:5s TS updating time : 0h:0m:5s Uplink TS packets Downlink TS packets Uplink TS bytes Downlink TS bytes Table 12 Command output Field...
  • Page 106 Syntax edca radio { ac-be | ac-bk | ac-vi | ac-vo } { ack-policy { noack | normalack } | aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | noack | txoplimit txoplimit-value } * undo edca radio { ac-be | ac-bk | ac-vi | ac-vo } Default The default EDCA parameter values are shown in Table...

  • Page 107: Qos Priority

    [Sysname-WLAN-Radio0/1] edca radio ac-vo aifsn 2 qos priority Use qos priority to set the port priority. Use undo qos priority to restore the default. Syntax qos priority priority-value undo qos priority Default The port priority is 0. Views Service template view Predefined user roles network-admin Parameters...

  • Page 108: Reset Wlan Wmm

    Predefined user roles network-admin Usage guidelines Hewlett Packard Enterprise devices support the following trust modes: • Packet trust mode—Uses the 802.1e priority carried in packets for priority mapping. • Port trust mode—Uses the configured port priority for priority mapping. Both the port trust mode and the packet trust mode are applicable to uplink packets. Examples # Enable the packet trust mode for service template 1.

  • Page 109: Wlan Client-Rate-Limit

    Use svp map-ac disable to disable SVP mapping. Use undo svp map-ac to restore the default. Syntax svp map-ac { ac-vi | ac-vo } svp map-ac disable undo svp map-ac Default SVP mapping is disabled. Views Radio interface view Predefined user roles network-admin Parameters ac-vi: Specifies the AC-VI (video traffic) queue.

  • Page 110: Wlan Max-Bandwidth

    dot11an: Specifies 802.11an clients. dot11b: Specifies 802.11b clients. dot11g: Specifies 802.11g clients. dot11gn: Specifies 802.11gn clients. inbound: Limits the rate of incoming traffic. outbound: Limits the rate of outgoing traffic. cir cir: Specifies the CIR in Kbps for each client. The value range for the cir argument is 1 to 2097152.

  • Page 111: Wmm

    dot11b: Specifies the 802.11b radio mode. dot11g: Specifies the 802.11g radio mode. dot11gn: Specifies the 802.11gn radio mode. bandwidth: Specifies the maximum bandwidth in Kbps. The value range varies as follows depending on radio modes: • 16 to 30000 for dot11a and dot11g. •...

  • Page 112: Wmm Edca Client (Ac-Vi And Ac-Vo)

    Use undo wmm edca client to restore the default. Syntax wmm edca client { ac-be | ac-bk } { aifsn aifsn-value | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } * undo wmm edca client { ac-be | ac-bk } Default The default EDCA parameter values of AC-BE or AC-BK queues for clients are shown in Table...
  • Page 113 Syntax wmm edca client { ac-vi | ac-vo } { aifsn aifsn-value | cac { disable | enable } | ecw ecwmin ecwmin-value ecwmax ecwmax-value | txoplimit txoplimit-value } * undo wmm edca client { ac-vi | ac-vo } Default The default EDCA parameter values of AC-VI or AC-VO queues for clients are shown in Table Table 15 Default EDCA parameter values of AC-VI or AC-VO queues for clients...

  • Page 114: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 115: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 116: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 117: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 118 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 119: Index

    Index A B C D E F G K L M P Q R S T U V W distance,7 Documentation feedback,112 mode,66 dot11g protection,8 a-mpdu,1 dot11n mandatory maximum-mcs,9 a-msdu,1 dot11n multicast-mcs,9 ani,2 dot11n protection,10 antenna type,2 dot11n support maximum-mcs,11 dot1x domain,87 dot1x...
  • Page 120 preamble,16 preshared-key,73 tkip-cm-time,76 protection-mode,17 type,22 protection-threshold,17 ptk-lifetime,74 unknown-client,57 priority,102 vlan,58 qos trust dot11e,102 quick-association enable,50 Websites,112 key,77 rate,18 key-id,78 region-code,51 wep mode dynamic,78 region-code-lock,53 wlan band-navigation aging-time,32 Remote support,112 wlan band-navigation balance access-denial,32 reset wlan client,54 wlan band-navigation balance session,33 reset wlan dynamic-blacklist,54 wlan band-navigation...

Table of Contents